grpc · rockspore · May 17, 2023 · Apr 28, 2023 · Apr 28, 2023 · Apr 28, 2023
diff --git a/CMakeLists.txt b/CMakeLists.txt
diff --git a/Makefile b/Makefile
diff --git a/build_autogenerated.yaml b/build_autogenerated.yaml
diff --git a/config.m4 b/config.m4
diff --git a/config.w32 b/config.w32
diff --git a/gRPC-C++.podspec b/gRPC-C++.podspec
diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec
diff --git a/grpc.gemspec b/grpc.gemspec
diff --git a/grpc.gyp b/grpc.gyp
diff --git a/package.xml b/package.xml
diff --git a/src/core/BUILD b/src/core/BUILD
@@ -4004,6 +4004,7 @@ grpc_cc_library(
         "envoy_type_upb",
         "error",
         "google_rpc_status_upb",
+        "grpc_audit_logging",
         "grpc_fake_credentials",
         "grpc_fault_injection_filter",
         "grpc_lb_xds_channel_args",

diff --git a/src/core/ext/xds/xds_audit_logger_registry.cc b/src/core/ext/xds/xds_audit_logger_registry.cc
@@ -18,8 +18,11 @@
 
 #include "src/core/ext/xds/xds_audit_logger_registry.h"
 
+#include <string>
 #include <utility>
 
+#include "absl/status/status.h"
+#include "absl/status/statusor.h"
 #include "absl/strings/string_view.h"
 #include "absl/types/optional.h"
 #include "absl/types/variant.h"
@@ -29,17 +32,22 @@
 #include "src/core/ext/xds/xds_common_types.h"
 #include "src/core/lib/gprpp/validation_errors.h"
 #include "src/core/lib/json/json.h"
+#include "src/core/lib/security/authorization/audit_logging.h"
 
 namespace grpc_core {
 
 namespace {
 
+using experimental::AuditLoggerRegistry;
+
 class StdoutLoggerConfigFactory : public XdsAuditLoggerRegistry::ConfigFactory {
  public:
   Json::Object ConvertXdsAuditLoggerConfig(
       const XdsResourceType::DecodeContext& /*context*/,
       absl::string_view /*configuration*/,
       ValidationErrors* /*errors*/) override {
+    // Stdout logger has no configuration right now. So we don't need to invoke
+    // the gRPC audit logger registry to validate the config.
     return Json::Object{{"stdout_logger", Json::Object()}};
   }
 
@@ -84,16 +92,20 @@ Json XdsAuditLoggerRegistry::ConvertXdsAuditLoggerConfig(
       auto config_factory_it =
           audit_logger_config_factories_.find(extension->type);
       if (config_factory_it != audit_logger_config_factories_.end()) {
-        // TODO(lwge): Parse the config with the gRPC audit logger registry.
         return config_factory_it->second->ConvertXdsAuditLoggerConfig(
             context, *serialized_value, errors);
       }
     }
-    // TODO(lwge): Check for third-party audit logger type. For now, we disallow
-    // it by rejecting TypedStruct entries.
-    if (absl::get_if<Json>(&extension->value) != nullptr) {
-      errors->AddError("third-party audit logger is not supported");
-      return Json();
+    // Check for custom audit logger type.
+    Json* json = absl::get_if<Json>(&extension->value);
+    if (json != nullptr &&
+        AuditLoggerRegistry::FactoryExists(extension->type)) {
+      auto result = AuditLoggerRegistry::ParseConfig(extension->type, *json);
+      if (!result.ok()) {
+        errors->AddError(result.status().message());
+        return Json();
+      }
+      return Json::Object{{std::string(extension->type), std::move(*json)}};
     }
   }
   // Add validation error only if the config is not marked optional.

diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py
diff --git a/test/core/xds/BUILD b/test/core/xds/BUILD
@@ -136,6 +136,7 @@ grpc_cc_test(
     deps = [
         "//:gpr",
         "//:grpc",
+        "//src/core:grpc_audit_logging",
         "//src/proto/grpc/testing/xds/v3:audit_logger_stream_proto",
         "//src/proto/grpc/testing/xds/v3:rbac_proto",
         "//src/proto/grpc/testing/xds/v3:typed_struct_proto",