New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Audit Logging] Xds Audit Logger Registry. #32828
Conversation
src/core/ext/xds/xds_listener.cc
Outdated
@@ -60,6 +60,8 @@ | |||
#include "src/core/lib/gprpp/validation_errors.h" | |||
#include "src/core/lib/iomgr/sockaddr.h" | |||
|
|||
// IWYU pragma: no_include "envoy/config/rbac/v3/rbac.upb.h" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to understand why IWYU thinks that header is needed here. But ultimately, I don't think it does any harm to include it, so even if IWYU is wrong, I'd prefer to include it instead of having this pragma.
I can't comment on the IWYU so I'm responding here. I added the include of |
Local |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great!
Third-party loggers will be added in subsequent PRs once the logger factory APIs are available to validate the configs here. This registry is used in `xds_http_rbac_filter.cc` to generate service config json.
@@ -412,6 +438,32 @@ Json ParseHttpRbacToJson(const envoy_extensions_filters_http_rbac_v3_RBAC* rbac, | |||
} | |||
inner_rbac_json.emplace("policies", std::move(policies_object)); | |||
} | |||
// Flatten the nested messages defined in rbac.proto | |||
if (envoy_config_rbac_v3_RBAC_has_audit_logging_options(rules)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just realized that we need env var protection for this code that looks at the new xDS fields. Can you please put together a PR to add that ASAP? I want to make sure that this PR doesn't make its way into a release branch before we have the env var protection, or else we'll have to deal with broken releases in the wild, which is a major pain.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ack. Will work on it right now.
Third-party loggers will be added in subsequent PRs once the logger factory APIs are available to validate the configs here. This registry is used in `xds_http_rbac_filter.cc` to generate service config json.
Third-party loggers will be added in subsequent PRs once the logger factory APIs are available to validate the configs here. This registry is used in `xds_http_rbac_filter.cc` to generate service config json.
Third-party loggers will be added in subsequent PRs once the logger factory APIs are available to validate the configs here.
This registry is used in
xds_http_rbac_filter.cc
to generate service config json.