grpc
feat(xds): Implement CheckRequestBuilder for external authorization
This PR sits on top of #12492, so only the last commit + any fixups need to be reviewed.
This commit introduces the CheckRequestBuilder library, which is responsible for constructing the CheckRequest message sent to the external authorization service.
The CheckRequestBuilder gathers information from various sources, including:
ServerCallattributes (local and remote addresses, SSL session).MethodDescriptor(full method name).- Request headers.
It uses this information to populate the AttributeContext of the CheckRequest message, which provides the authorization service with the necessary context to make an authorization decision.
This commit also introduces the ExtAuthzCertificateProvider, a helper class for extracting certificate information, such as the principal and PEM-encoded certificate.
The relevant section of the spec is: https://github.com/grpc/proposal/pull/481/files#diff-6bb76a24aa142cc33db9218509688f01b30c8885d2fd8849f164244e68cd54eaR196-R250
Unit tests for the new components are also included.
- [] #12491 feat(xds): Update Envoy proto definitions and add ExtAuthz gRPC service
- [] #12492 feat(xds): Add configuration objects for ExtAuthz and GrpcService
- [x] #12493 feat(xds): Implement request builder for external authorization
- [] TBD: PR_LINK feat(xds): Add header mutations library
- [] TBD: PR_LINK feat(xds): Implement response handling for external authorization
- [] TBD: PR_LINK feat(xds): Add ExtAuthzClientInterceptor and related components
- [] TBD: PR_LINK feat(xds): Add ExtAuthzServerInterceptor and tests
- [] TBD: PR_LINK feat(xds): Add ExternalAuthorizationFilter
