/proc/self/cwd/source/extensions/filters/common/ext_authz/ext_authz_grpc_impl.h
Line | Count | Source (jump to first uncovered line) |
1 | | #pragma once |
2 | | |
3 | | #include <chrono> |
4 | | #include <cstdint> |
5 | | #include <memory> |
6 | | #include <string> |
7 | | #include <vector> |
8 | | |
9 | | #include "envoy/config/core/v3/base.pb.h" |
10 | | #include "envoy/extensions/filters/http/ext_authz/v3/ext_authz.pb.h" |
11 | | #include "envoy/grpc/async_client.h" |
12 | | #include "envoy/grpc/async_client_manager.h" |
13 | | #include "envoy/http/filter.h" |
14 | | #include "envoy/http/header_map.h" |
15 | | #include "envoy/http/protocol.h" |
16 | | #include "envoy/network/address.h" |
17 | | #include "envoy/network/connection.h" |
18 | | #include "envoy/network/filter.h" |
19 | | #include "envoy/service/auth/v3/external_auth.pb.h" |
20 | | #include "envoy/tracing/tracer.h" |
21 | | #include "envoy/upstream/cluster_manager.h" |
22 | | |
23 | | #include "source/common/grpc/typed_async_client.h" |
24 | | #include "source/extensions/filters/common/ext_authz/check_request_utils.h" |
25 | | #include "source/extensions/filters/common/ext_authz/ext_authz.h" |
26 | | |
27 | | namespace Envoy { |
28 | | namespace Extensions { |
29 | | namespace Filters { |
30 | | namespace Common { |
31 | | namespace ExtAuthz { |
32 | | |
33 | | using ExtAuthzAsyncCallbacks = Grpc::AsyncRequestCallbacks<envoy::service::auth::v3::CheckResponse>; |
34 | | |
35 | | /* |
36 | | * This client implementation is used when the Ext_Authz filter needs to communicate with an gRPC |
37 | | * authorization server. Unlike the HTTP client, the gRPC allows the server to define response |
38 | | * objects which contain the HTTP attributes to be sent to the upstream or to the downstream client. |
39 | | * The gRPC client does not rewrite path. NOTE: We create gRPC client for each filter stack instead |
40 | | * of a client per thread. That is ok since this is unary RPC and the cost of doing this is minimal. |
41 | | */ |
42 | | class GrpcClientImpl : public Client, |
43 | | public ExtAuthzAsyncCallbacks, |
44 | | public Logger::Loggable<Logger::Id::ext_authz> { |
45 | | public: |
46 | | GrpcClientImpl(const Grpc::RawAsyncClientSharedPtr& async_client, |
47 | | const absl::optional<std::chrono::milliseconds>& timeout); |
48 | | ~GrpcClientImpl() override; |
49 | | |
50 | | // ExtAuthz::Client |
51 | | void cancel() override; |
52 | | void check(RequestCallbacks& callbacks, const envoy::service::auth::v3::CheckRequest& request, |
53 | | Tracing::Span& parent_span, const StreamInfo::StreamInfo& stream_info) override; |
54 | | |
55 | | // Grpc::AsyncRequestCallbacks |
56 | 0 | void onCreateInitialMetadata(Http::RequestHeaderMap&) override {} |
57 | | void onSuccess(std::unique_ptr<envoy::service::auth::v3::CheckResponse>&& response, |
58 | | Tracing::Span& span) override; |
59 | | void onFailure(Grpc::Status::GrpcStatus status, const std::string& message, |
60 | | Tracing::Span& span) override; |
61 | | |
62 | | private: |
63 | | void toAuthzResponseHeader( |
64 | | ResponsePtr& response, |
65 | | const Protobuf::RepeatedPtrField<envoy::config::core::v3::HeaderValueOption>& headers); |
66 | | Grpc::AsyncClient<envoy::service::auth::v3::CheckRequest, envoy::service::auth::v3::CheckResponse> |
67 | | async_client_; |
68 | | Grpc::AsyncRequest* request_{}; |
69 | | absl::optional<std::chrono::milliseconds> timeout_; |
70 | | RequestCallbacks* callbacks_{}; |
71 | | const Protobuf::MethodDescriptor& service_method_; |
72 | | }; |
73 | | |
74 | | using GrpcClientImplPtr = std::unique_ptr<GrpcClientImpl>; |
75 | | |
76 | | } // namespace ExtAuthz |
77 | | } // namespace Common |
78 | | } // namespace Filters |
79 | | } // namespace Extensions |
80 | | } // namespace Envoy |