[Audit Logging] Audit logging config translation by rbac service config parser #33145
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Automated fix for refs/heads/service-config-parser
Automated fix for refs/heads/stdout-logger
Automated fix for refs/heads/service-config-parser
rockspore
added
the
release notes: no
grpc-checks
bot
added
per-call-memory/neutral
per-channel-memory/neutral
bloat/low
labels
Automated fix for refs/heads/service-config-parser
gtcooke94
reviewed
May 16, 2023
markdroth
reviewed
May 17, 2023
src/core/lib/security/authorization/grpc_authorization_engine.h
Outdated
Show resolved
Hide resolved
…o service-config-parser
markdroth
reviewed
May 17, 2023
src/core/lib/security/authorization/grpc_authorization_engine.h
Outdated
Show resolved
Hide resolved
markdroth
approved these changes
May 17, 2023
| @@ -200,7 +200,7 @@ struct RbacConfig { | |||
| int action; | |||
| std::map<std::string, Policy> policies; | |||
| // Defaults to 0 since its json field is optional. | |||
| EXPECT_EQ(logger_configs_.find("test_logger")->second, "{\"foo\":\"bar\"}"); | ||
| const auto& loggers = | ||
| parsed_rbac_config->authorization_engine(0)->audit_loggers(); | ||
| ASSERT_EQ(loggers.size(), 2); |
There was a problem hiding this comment.
Suggest writing this as:
EXPECT_THAT(
loggers
::testing::ElementsAre(
::testing::Property(&AuditLogger::name, "stdout_logger"),
::testing::Property(&AuditLogger::name, kLoggerName)));
There was a problem hiding this comment.
Done. I had to use
EXPECT_THAT(parsed_rbac_config->authorization_engine(0)->audit_loggers(),
::testing::ElementsAre(::testing::Pointee(::testing::Property(
&AuditLogger::name, "stdout_logger")),
::testing::Pointee(::testing::Property(
&AuditLogger::name, kLoggerName))));
because the vector stores unique pointers.
copybara-service
bot
added
the
imported
wanlin31
pushed a commit
that referenced
this pull request
May 18, 2023
…ig parser (#33145) This translates the service config from HTTP RBAC filter into the rbac policy, which is used to construct authorization engines.
eugeneo
pushed a commit
to eugeneo/grpc
that referenced
this pull request
May 19, 2023
…t logging (grpc#33183) This is basically the same as grpc#33145 except that the ctor `Rules()` cannot be default but have to explicitly set a default audit condition.
yijiem
added
release notes: yes
erm-g
removed
the
release notes: yes
yijiem
added
the
release notes: no
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This translates the service config from HTTP RBAC filter into the rbac policy, which is used to construct authorization engines.