Skip to content

feat(xds): Add configuration objects for ExtAuthz and GrpcService #12492

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat(xds): Add configuration objects for ExtAuthz and GrpcService #12492

wants to merge 2 commits into from

Conversation

@sauravzg
Copy link

@sauravzg sauravzg commented Nov 11, 2025
edited
Loading

This PR sits on top of #12491 , so only the last commit + any fixups need to be reviewed.

This commit introduces configuration objects for the external authorization (ExtAuthz) filter and the gRPC service it uses. These classes provide a structured, immutable representation of the subset of the configuration defined in the xDS protobuf messages.

The main new classes are:

  • ExtAuthzConfig: Represents the configuration for the ExtAuthz filter, including settings for the gRPC service, header mutation rules, and other filter behaviors.
  • GrpcServiceConfig: Represents the configuration for a gRPC service, including the target URI, credentials, and other settings.
  • HeaderMutationRulesConfig: Represents the configuration for header mutation rules.

This commit only bothers to deal with creating config objects from grpc/proposal#510 and doesn't handle the rest of the parts about creating a secure channel. This instead opts to create an interface with an insecure implementation to unblock further development

The relevant sections of the spec are

This commit also includes parsers to create these configuration objects from the corresponding protobuf messages, as well as unit tests for the new classes.

Chain of dependent PRs

@sauravzg
feat(xds): Update Envoy proto definitions and add ExtAuthz gRPC service
8107c1b 
This commit updates the Envoy proto definitions to a newer version and adds the generated gRPC code for the `envoy.service.auth.v3.Authorization` service.

The updated proto definitions include changes to the `ext_authz` filter, `GrpcService` configuration, and other related components. This also includes new proto files for gRPC credentials and header mutation rules.

The generated `AuthorizationGrpc.java` file provides the gRPC stub that will be used to communicate with the external authorization service.
This was referenced Nov 11, 2025
Open
Open
Open
Open
Open
Open
@sauravzg sauravzg force-pushed the feat/authz-config branch 2 times, most recently from 474d601 to 0973c74 Compare November 11, 2025 14:29
@sauravzg
feat(xds): Add configuration objects for ExtAuthz and GrpcService
65f51c0 
This commit introduces configuration objects for the external authorization (ExtAuthz) filter and the gRPC service it uses. These classes provide a structured, immutable representation of the configuration defined in the xDS protobuf messages.

The main new classes are:
- `ExtAuthzConfig`: Represents the configuration for the `ExtAuthz` filter, including settings for the gRPC service, header mutation rules, and other filter behaviors.
- `GrpcServiceConfig`: Represents the configuration for a gRPC service, including the target URI, credentials, and other settings.
- `HeaderMutationRulesConfig`: Represents the configuration for header mutation rules.

This commit also includes parsers to create these configuration objects from the corresponding protobuf messages, as well as unit tests for the new classes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sauravzg