xds: Add configuration objects for ExtAuthz, GrpcService and Bootstrap changes for GrpcService#12492
Open
sauravzg wants to merge 6 commits intogrpc:masterfrom
Open
xds: Add configuration objects for ExtAuthz, GrpcService and Bootstrap changes for GrpcService#12492sauravzg wants to merge 6 commits intogrpc:masterfrom
sauravzg wants to merge 6 commits intogrpc:masterfrom
Conversation
This was referenced Nov 11, 2025
sauravzg
force-pushed
the
feat/authz-config
branch
6 times, most recently
from
6738492 to
a02a2a9
Compare
ejona86
reviewed
Dec 29, 2025
xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzConfig.java
Outdated
Show resolved
Hide resolved
xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzConfig.java
Outdated
Show resolved
Hide resolved
xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzConfig.java
Outdated
Show resolved
Hide resolved
xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzConfig.java
Outdated
Show resolved
Hide resolved
xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceConfig.java
Outdated
Show resolved
Hide resolved
xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceConfig.java
Outdated
Show resolved
Hide resolved
xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceConfig.java
Outdated
Show resolved
Hide resolved
xds/src/main/java/io/grpc/xds/internal/grpcservice/InsecureGrpcChannelFactory.java
Outdated
Show resolved
Hide resolved
xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceConfig.java
Outdated
Show resolved
Hide resolved
This commit introduces configuration objects for the external authorization (ExtAuthz) filter and the gRPC service it uses. These classes provide a structured, immutable representation of the configuration defined in the xDS protobuf messages. The main new classes are: - `ExtAuthzConfig`: Represents the configuration for the `ExtAuthz` filter, including settings for the gRPC service, header mutation rules, and other filter behaviors. - `GrpcServiceConfig`: Represents the configuration for a gRPC service, including the target URI, credentials, and other settings. - `HeaderMutationRulesConfig`: Represents the configuration for header mutation rules. This commit also includes parsers to create these configuration objects from the corresponding protobuf messages, as well as unit tests for the new classes.
sauravzg
added a commit
to sauravzg/grpc-java
that referenced
this pull request
Mar 10, 2026
Fixup: Address comments from grpc#12492 for non PR deps Fixup: CallCreds changes to use CompositeCreds Fixup: 12493 : Remove redundant CheckParamsBuilder Fixup: 12493 : Move the CertificateProvider to CheckRequestBuilder and create utils class Fixup: 12492 Separate out config parsing yolo
sauravzg
force-pushed
the
feat/authz-config
branch
from
a02a2a9 to
47f2a85
Compare
Contributor
Author
|
@ejona86 PTAL. I've addressed most of the comments and have updated the PR description. Apart from addresing the comments, this PR now also contains the remaining implementation of GrpcService which wasn't in scope last quarter (essentially bootstrap changes and some bootstrap abstractions). |
sauravzg
force-pushed
the
feat/authz-config
branch
from
47f2a85 to
5654c64
Compare
… the updated requirements
sauravzg
changed the title
kannanjgithub
previously approved these changes
Mar 17, 2026
Contributor
|
/gcbrun |
kannanjgithub
dismissed
their stale review
Will wait for the security level check to be implemented before applying token call cred.
… and add test coverage
sauravzg
force-pushed
the
feat/authz-config
branch
from
8e50ad9 to
c1b95f1
Compare
kannanjgithub
approved these changes
Mar 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit introduces configuration objects for the external authorization (ExtAuthz) filter and the gRPC service and corresponding translations from XDS proto and Bootstrap. These classes provide a structured, immutable representation of the subset of the configuration defined in the xDS protobuf messages.
This PR should mostly now (hopefully ) be compliant with grpc/proposal#510 but without
The main new classes are:
ExtAuthzConfig: Represents the configuration for theExtAuthzfilter, including settings for the gRPC service, header mutation rules, and other filter behaviors.GrpcServiceConfig: Represents the configuration for a gRPC service, including the target URI, credentials, and other settings.HeaderMutationRulesConfig: Represents the configuration for header mutation rules.ChannelCredsConfigand friends: To allow comparison between credential configuration , to allow caching based on creds which'll be needed in followup PRs for authz and proc.The relevant sections of the spec are
This commit also includes parsers to create these configuration objects from the corresponding protobuf messages, as well as unit tests for the new classes.