mirror of https://github.com/grpc/grpc-go.git
authz: Swap to using the correct TypedConfig in audit logger parsing (#6235)
Swap audit logger parsing to using the correct TypedConfig representation
This commit is contained in:
Gregory Cooke
GitHub
parent
df82147145
commit
cf89a0b931
|
|
@ -28,6 +28,7 @@ import (
|
|||
"fmt"
|
||||
"strings"
|
||||
|
||||
v1typepb "github.com/cncf/xds/go/udpa/type/v1"
|
||||
v3corepb "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
|
||||
v3rbacpb "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3"
|
||||
v3routepb "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
|
||||
|
|
@ -36,6 +37,10 @@ import (
|
|||
"google.golang.org/protobuf/types/known/structpb"
|
||||
)
|
||||
|
||||
// This is used when converting a custom config from raw JSON to a TypedStruct
|
||||
// The TypeURL of the TypeStruct will be "grpc.authz.audit_logging/<name>"
|
||||
const typedURLPrefix = "grpc.authz.audit_logging/"
|
||||
|
||||
type header struct {
|
||||
Key string
|
||||
Values []string
|
||||
|
|
@ -302,10 +307,15 @@ func (options *auditLoggingOptions) toProtos() (allow *v3rbacpb.RBAC_AuditLoggin
|
|||
if config.Config == nil {
|
||||
return nil, nil, fmt.Errorf("AuditLogger Config field cannot be nil")
|
||||
}
|
||||
customConfig, err := anypb.New(config.Config)
|
||||
typedStruct := &v1typepb.TypedStruct{
|
||||
TypeUrl: typedURLPrefix + config.Name,
|
||||
Value: config.Config,
|
||||
}
|
||||
customConfig, err := anypb.New(typedStruct)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("error parsing custom audit logger config: %v", err)
|
||||
}
|
||||
|
||||
logger := &v3corepb.TypedExtensionConfig{Name: config.Name, TypedConfig: customConfig}
|
||||
rbacConfig := v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{
|
||||
IsOptional: config.IsOptional,
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import (
|
|||
"strings"
|
||||
"testing"
|
||||
|
||||
v1typepb "github.com/cncf/xds/go/udpa/type/v1"
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"google.golang.org/protobuf/testing/protocmp"
|
||||
"google.golang.org/protobuf/types/known/anypb"
|
||||
|
|
@ -305,7 +306,7 @@ func TestTranslatePolicy(t *testing.T) {
|
|||
AuditLoggingOptions: &v3rbacpb.RBAC_AuditLoggingOptions{
|
||||
AuditCondition: v3rbacpb.RBAC_AuditLoggingOptions_NONE,
|
||||
LoggerConfigs: []*v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{})},
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{}, "stdout_logger")},
|
||||
IsOptional: false,
|
||||
},
|
||||
},
|
||||
|
|
@ -339,7 +340,7 @@ func TestTranslatePolicy(t *testing.T) {
|
|||
AuditLoggingOptions: &v3rbacpb.RBAC_AuditLoggingOptions{
|
||||
AuditCondition: v3rbacpb.RBAC_AuditLoggingOptions_ON_ALLOW,
|
||||
LoggerConfigs: []*v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{})},
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{}, "stdout_logger")},
|
||||
IsOptional: false,
|
||||
},
|
||||
},
|
||||
|
|
@ -401,7 +402,7 @@ func TestTranslatePolicy(t *testing.T) {
|
|||
AuditLoggingOptions: &v3rbacpb.RBAC_AuditLoggingOptions{
|
||||
AuditCondition: v3rbacpb.RBAC_AuditLoggingOptions_ON_DENY,
|
||||
LoggerConfigs: []*v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{})},
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{}, "stdout_logger")},
|
||||
IsOptional: false,
|
||||
},
|
||||
},
|
||||
|
|
@ -435,7 +436,7 @@ func TestTranslatePolicy(t *testing.T) {
|
|||
AuditLoggingOptions: &v3rbacpb.RBAC_AuditLoggingOptions{
|
||||
AuditCondition: v3rbacpb.RBAC_AuditLoggingOptions_ON_DENY_AND_ALLOW,
|
||||
LoggerConfigs: []*v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{})},
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{}, "stdout_logger")},
|
||||
IsOptional: false,
|
||||
},
|
||||
},
|
||||
|
|
@ -497,7 +498,7 @@ func TestTranslatePolicy(t *testing.T) {
|
|||
AuditLoggingOptions: &v3rbacpb.RBAC_AuditLoggingOptions{
|
||||
AuditCondition: v3rbacpb.RBAC_AuditLoggingOptions_NONE,
|
||||
LoggerConfigs: []*v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{})},
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{}, "stdout_logger")},
|
||||
IsOptional: false,
|
||||
},
|
||||
},
|
||||
|
|
@ -531,7 +532,7 @@ func TestTranslatePolicy(t *testing.T) {
|
|||
AuditLoggingOptions: &v3rbacpb.RBAC_AuditLoggingOptions{
|
||||
AuditCondition: v3rbacpb.RBAC_AuditLoggingOptions_NONE,
|
||||
LoggerConfigs: []*v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{})},
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{}, "stdout_logger")},
|
||||
IsOptional: false,
|
||||
},
|
||||
},
|
||||
|
|
@ -593,7 +594,7 @@ func TestTranslatePolicy(t *testing.T) {
|
|||
AuditLoggingOptions: &v3rbacpb.RBAC_AuditLoggingOptions{
|
||||
AuditCondition: v3rbacpb.RBAC_AuditLoggingOptions_NONE,
|
||||
LoggerConfigs: []*v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{"abc": 123, "xyz": "123"})},
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{"abc": 123, "xyz": "123"}, "stdout_logger")},
|
||||
IsOptional: false,
|
||||
},
|
||||
},
|
||||
|
|
@ -627,7 +628,7 @@ func TestTranslatePolicy(t *testing.T) {
|
|||
AuditLoggingOptions: &v3rbacpb.RBAC_AuditLoggingOptions{
|
||||
AuditCondition: v3rbacpb.RBAC_AuditLoggingOptions_NONE,
|
||||
LoggerConfigs: []*v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{"abc": 123, "xyz": "123"})},
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{"abc": 123, "xyz": "123"}, "stdout_logger")},
|
||||
IsOptional: false,
|
||||
},
|
||||
},
|
||||
|
|
@ -685,7 +686,7 @@ func TestTranslatePolicy(t *testing.T) {
|
|||
AuditLoggingOptions: &v3rbacpb.RBAC_AuditLoggingOptions{
|
||||
AuditCondition: v3rbacpb.RBAC_AuditLoggingOptions_NONE,
|
||||
LoggerConfigs: []*v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{"abc": 123, "xyz": map[string]interface{}{"abc": 123}})},
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{"abc": 123, "xyz": map[string]interface{}{"abc": 123}}, "stdout_logger")},
|
||||
IsOptional: false,
|
||||
},
|
||||
},
|
||||
|
|
@ -789,7 +790,7 @@ func TestTranslatePolicy(t *testing.T) {
|
|||
AuditLoggingOptions: &v3rbacpb.RBAC_AuditLoggingOptions{
|
||||
AuditCondition: v3rbacpb.RBAC_AuditLoggingOptions_NONE,
|
||||
LoggerConfigs: []*v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{})},
|
||||
{AuditLogger: &v3corepb.TypedExtensionConfig{Name: "stdout_logger", TypedConfig: anyPbHelper(t, map[string]interface{}{}, "stdout_logger")},
|
||||
IsOptional: false,
|
||||
},
|
||||
},
|
||||
|
|
@ -941,15 +942,19 @@ func TestTranslatePolicy(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func anyPbHelper(t *testing.T, in map[string]interface{}) *anypb.Any {
|
||||
func anyPbHelper(t *testing.T, in map[string]interface{}, name string) *anypb.Any {
|
||||
t.Helper()
|
||||
pb, err := structpb.NewStruct(in)
|
||||
typedStruct := &v1typepb.TypedStruct{
|
||||
TypeUrl: typedURLPrefix + name,
|
||||
Value: pb,
|
||||
}
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
ret, err := anypb.New(pb)
|
||||
customConfig, err := anypb.New(typedStruct)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
return ret
|
||||
return customConfig
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue