[Audit Logging] Audit logging support in authorization engines. (#32995)

1. `GrpcAuthorizationEngine` creates the logger from the given config in its ctor. 2. `Evaluate()` invokes audit logging when needed. --------- Co-authored-by: rockspore <rockspore@users.noreply.github.com>
grpc · May 3, 2023 · abc82b9 · abc82b9
1 parent 18c1cc5
commit abc82b9
Show file tree

Hide file tree

Showing 18 changed files with 388 additions and 37 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
diff --git a/Makefile b/Makefile
diff --git a/build_autogenerated.yaml b/build_autogenerated.yaml
diff --git a/config.m4 b/config.m4
diff --git a/config.w32 b/config.w32
diff --git a/gRPC-C++.podspec b/gRPC-C++.podspec
diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec
diff --git a/grpc.gemspec b/grpc.gemspec
diff --git a/grpc.gyp b/grpc.gyp
diff --git a/package.xml b/package.xml
diff --git a/src/core/BUILD b/src/core/BUILD
@@ -3292,6 +3292,7 @@ grpc_cc_library(
     ],
     language = "c++",
     deps = [
+        "grpc_audit_logging",
         "grpc_authorization_base",
         "grpc_matchers",
         "resolved_address",

diff --git a/src/core/ext/filters/rbac/rbac_service_config_parser.cc b/src/core/ext/filters/rbac/rbac_service_config_parser.cc
@@ -722,6 +722,9 @@ const JsonLoaderInterface* RbacConfig::RbacPolicy::Rules::Policy::JsonLoader(
 
 Rbac RbacConfig::RbacPolicy::Rules::TakeAsRbac() {
   Rbac rbac;
+  // TODO(lwge): This is to fix msan failure for now. Add proper conversion once
+  // audit logging support is added.
+  rbac.audit_condition = Rbac::AuditCondition::kNone;
   rbac.action = static_cast<Rbac::Action>(action);
   for (auto& p : policies) {
     rbac.policies.emplace(p.first, p.second.TakeAsRbacPolicy());