xds: Implement channel caching utility for GrpcService channels for ext_authz and ext_proc#12690
Open
sauravzg wants to merge 4 commits intogrpc:masterfrom
Open
xds: Implement channel caching utility for GrpcService channels for ext_authz and ext_proc#12690sauravzg wants to merge 4 commits intogrpc:masterfrom
sauravzg wants to merge 4 commits intogrpc:masterfrom
Conversation
This commit introduces configuration objects for the external authorization (ExtAuthz) filter and the gRPC service it uses. These classes provide a structured, immutable representation of the configuration defined in the xDS protobuf messages. The main new classes are: - `ExtAuthzConfig`: Represents the configuration for the `ExtAuthz` filter, including settings for the gRPC service, header mutation rules, and other filter behaviors. - `GrpcServiceConfig`: Represents the configuration for a gRPC service, including the target URI, credentials, and other settings. - `HeaderMutationRulesConfig`: Represents the configuration for header mutation rules. This commit also includes parsers to create these configuration objects from the corresponding protobuf messages, as well as unit tests for the new classes.
… the updated requirements
kannanjgithub
requested changes
Mar 13, 2026
Contributor
kannanjgithub
left a comment
kannanjgithub
left a comment
There was a problem hiding this comment.
Minor changes requested.
| delegate.applyRequestMetadata(requestInfo, appExecutor, applier); | ||
| } | ||
| } | ||
|
|
Contributor
There was a problem hiding this comment.
nit: Remove multiple blank lines here and below before the end of the file.
| try { | ||
| channelCreds = extractChannelCredentials(googleGrpcProto.getChannelCredentialsPluginList()); | ||
| } catch (GrpcServiceParseException e) { | ||
| // Fall back to channel_credentials if plugins are not supported |
Contributor
There was a problem hiding this comment.
It is going to fail at line 160 below because channelCreds is null. We are not using call_credentials field, as per the grfc.
|
|
||
| /** | ||
| * Constructor for testing to inject a channel creator. | ||
| */ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Child PR of #12492
Split this from some other PR way down the chain and modified it to be not ext authz specific.
This should probably be okay, since this happens in the control path changes but has the potential of hammering dataplane throughtput temporarily during updates due to channel creation within the lock.