Fixup: 12494 address comments and bring back up to updated ext authz spec

Author: sauravzg

xds/src/main/java/io/grpc/xds/internal/headermutations/HeaderMutationFilter.java

@@ -17,8 +17,7 @@
 package io.grpc.xds.internal.headermutations;
 
 import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableSet;
-import io.envoyproxy.envoy.config.core.v3.HeaderValueOption;
+import io.grpc.xds.internal.grpcservice.HeaderValue;
 import io.grpc.xds.internal.headermutations.HeaderMutations.RequestHeaderMutations;
 import io.grpc.xds.internal.headermutations.HeaderMutations.ResponseHeaderMutations;
 import java.util.Collection;
@@ -30,28 +29,18 @@
  * The HeaderMutationFilter class is responsible for filtering header mutations based on a given set
  * of rules.
  */
-public interface HeaderMutationFilter {
+public class HeaderMutationFilter {
+  private final Optional<HeaderMutationRulesConfig> mutationRules;
 
   /**
-   * A factory for creating {@link HeaderMutationFilter} instances.
+   * Set of HTTP/2 pseudo-headers and the host header that are critical for routing and protocol
+   * correctness. These headers cannot be mutated by user configuration.
    */
-  @FunctionalInterface
-  interface Factory {
-    /**
-     * Creates a new instance of {@code HeaderMutationFilter}.
-     *
-     * @param mutationRules The rules for header mutations. If an empty {@code Optional} is
-     *        provided, all header mutations are allowed by default, except for certain system
-     *        headers. If a {@link HeaderMutationRulesConfig} is provided, mutations will be
-     *        filtered based on the specified rules.
-     */
-    HeaderMutationFilter create(Optional<HeaderMutationRulesConfig> mutationRules);
-  }
+  private static final int MAX_HEADER_LENGTH = 16384;
 
-  /**
-   * The default factory for creating {@link HeaderMutationFilter} instances.
-   */
-  Factory INSTANCE = HeaderMutationFilterImpl::new;
+  public HeaderMutationFilter(Optional<HeaderMutationRulesConfig> mutationRules) { // NOPMD
+    this.mutationRules = mutationRules;
+  }
 
   /**
    * Filters the given header mutations based on the configured rules and returns the allowed
@@ -62,111 +51,94 @@ interface Factory {
    * @throws HeaderMutationDisallowedException if a disallowed mutation is encountered and the rules
    *         specify that this should be an error.
    */
-  HeaderMutations filter(HeaderMutations mutations) throws HeaderMutationDisallowedException;
+  public HeaderMutations filter(HeaderMutations mutations)
+      throws HeaderMutationDisallowedException {
+    ImmutableList<HeaderValueOption> allowedRequestHeaders =
+        filterCollection(mutations.requestMutations().headers(),
+            this::isHeaderMutationIgnored,
+            header -> isHeaderMutationAllowed(header.header().key()));
+    ImmutableList<String> allowedRequestHeadersToRemove =
+        filterCollection(mutations.requestMutations().headersToRemove(),
+            header -> header.isEmpty() || header.length() > MAX_HEADER_LENGTH,
+            header -> isHeaderMutationAllowed(header) && isHeaderRemovalAllowed(header));
+    ImmutableList<HeaderValueOption> allowedResponseHeaders =
+        filterCollection(mutations.responseMutations().headers(),
+            this::isHeaderMutationIgnored,
+            header -> isHeaderMutationAllowed(header.header().key()));
+    return HeaderMutations.create(
+        RequestHeaderMutations.create(allowedRequestHeaders, allowedRequestHeadersToRemove),
+        ResponseHeaderMutations.create(allowedResponseHeaders));
+  }
 
-  /** Default implementation of {@link HeaderMutationFilter}. */
-  final class HeaderMutationFilterImpl implements HeaderMutationFilter {
-    private final Optional<HeaderMutationRulesConfig> mutationRules;
+  /**
+   * A generic helper to filter a collection based on a predicate.
+   */
+  private <T> ImmutableList<T> filterCollection(Collection<T> items,
+      Predicate<T> isIgnoredPredicate, Predicate<T> isAllowedPredicate)
+      throws HeaderMutationDisallowedException {
+    ImmutableList.Builder<T> allowed = ImmutableList.builder();
+    for (T item : items) {
+      if (isIgnoredPredicate.test(item)) {
+        continue;
+      }
+      if (isAllowedPredicate.test(item)) {
+        allowed.add(item);
+      } else if (disallowIsError()) {
+        throw new HeaderMutationDisallowedException(
+            "Header mutation disallowed for header: " + item);
+      }
+    }
+    return allowed.build();
+  }
 
-    /**
-     * Set of HTTP/2 pseudo-headers and the host header that are critical for routing and protocol
-     * correctness. These headers cannot be mutated by user configuration.
-     */
-    private static final ImmutableSet<String> IMMUTABLE_HEADERS =
-        ImmutableSet.of("host", ":authority", ":scheme", ":method");
+  private boolean isHeaderRemovalAllowed(String headerKey) {
+    return !isSystemHeaderKey(headerKey);
+  }
 
-    private HeaderMutationFilterImpl(Optional<HeaderMutationRulesConfig> mutationRules) { // NOPMD
-      this.mutationRules = mutationRules;
-    }
+  private boolean isSystemHeaderKey(String key) {
+    return key.startsWith(":") || key.toLowerCase(Locale.ROOT).equals("host");
+  }
 
-    @Override
-    public HeaderMutations filter(HeaderMutations mutations)
-        throws HeaderMutationDisallowedException {
-      ImmutableList<HeaderValueOption> allowedRequestHeaders =
-          filterCollection(mutations.requestMutations().headers(),
-              header -> isHeaderMutationAllowed(header.getHeader().getKey())
-                  && !appendsSystemHeader(header));
-      ImmutableList<String> allowedRequestHeadersToRemove =
-          filterCollection(mutations.requestMutations().headersToRemove(),
-              header -> isHeaderMutationAllowed(header) && isHeaderRemovalAllowed(header));
-      ImmutableList<HeaderValueOption> allowedResponseHeaders =
-          filterCollection(mutations.responseMutations().headers(),
-              header -> isHeaderMutationAllowed(header.getHeader().getKey())
-                  && !appendsSystemHeader(header));
-      return HeaderMutations.create(
-          RequestHeaderMutations.create(allowedRequestHeaders, allowedRequestHeadersToRemove),
-          ResponseHeaderMutations.create(allowedResponseHeaders));
+  private boolean isHeaderMutationIgnored(HeaderValueOption option) {
+    HeaderValue header = option.header();
+    String key = header.key();
+    if (key.isEmpty() || key.length() > MAX_HEADER_LENGTH) {
+      return true;
     }
-
-    /**
-     * A generic helper to filter a collection based on a predicate.
-     *
-     * @param items The collection of items to filter.
-     * @param isAllowedPredicate The predicate to apply to each item.
-     * @param <T> The type of items in the collection.
-     * @return An immutable list of allowed items.
-     * @throws HeaderMutationDisallowedException if an item is disallowed and disallowIsError is
-     *         true.
-     */
-    private <T> ImmutableList<T> filterCollection(Collection<T> items,
-        Predicate<T> isAllowedPredicate) throws HeaderMutationDisallowedException {
-      ImmutableList.Builder<T> allowed = ImmutableList.builder();
-      for (T item : items) {
-        if (isAllowedPredicate.test(item)) {
-          allowed.add(item);
-        } else if (disallowIsError()) {
-          throw new HeaderMutationDisallowedException(
-              "Header mutation disallowed for header: " + item);
-        }
-      }
-      return allowed.build();
+    if (header.value().isPresent() && header.value().get().length() > MAX_HEADER_LENGTH) {
+      return true;
     }
-
-    private boolean isHeaderRemovalAllowed(String headerKey) {
-      return !isSystemHeaderKey(headerKey);
+    if (header.rawValue().isPresent() && header.rawValue().get().size() > MAX_HEADER_LENGTH) {
+      return true;
     }
-
-    private boolean appendsSystemHeader(HeaderValueOption headerValueOption) {
-      String key = headerValueOption.getHeader().getKey();
-      boolean isAppend = headerValueOption
-          .getAppendAction() == HeaderValueOption.HeaderAppendAction.APPEND_IF_EXISTS_OR_ADD;
-      return isAppend && isSystemHeaderKey(key);
+    if (key.toLowerCase(Locale.ROOT).startsWith("grpc-")) {
+      return true;
     }
+    return false;
+  }
 
-    private boolean isSystemHeaderKey(String key) {
-      return key.startsWith(":") || key.toLowerCase(Locale.ROOT).equals("host");
+  private boolean isHeaderMutationAllowed(String headerName) {
+    String lowerCaseHeaderName = headerName.toLowerCase(Locale.ROOT);
+    if (isSystemHeaderKey(lowerCaseHeaderName)) {
+      return false;
     }
+    return mutationRules.map(rules -> isHeaderMutationAllowed(lowerCaseHeaderName, rules))
+        .orElse(true);
+  }
 
-    private boolean isHeaderMutationAllowed(String headerName) {
-      String lowerCaseHeaderName = headerName.toLowerCase(Locale.ROOT);
-      if (IMMUTABLE_HEADERS.contains(lowerCaseHeaderName)) {
-        return false;
-      }
-      return mutationRules.map(rules -> isHeaderMutationAllowed(lowerCaseHeaderName, rules))
-          .orElse(true);
+  private boolean isHeaderMutationAllowed(String lowerCaseHeaderName,
+      HeaderMutationRulesConfig rules) {
+    if (rules.disallowExpression().isPresent()
+        && rules.disallowExpression().get().matcher(lowerCaseHeaderName).matches()) {
+      return false;
     }
-
-    private boolean isHeaderMutationAllowed(String lowerCaseHeaderName,
-        HeaderMutationRulesConfig rules) {
-      // TODO(sauravzg): The priority is slightly unclear in the spec.
-      // Both `disallowAll` and `disallow_expression` take precedence over `all other
-      // settings`.
-      // `allow_expression` takes precedence over everything except `disallow_expression`.
-      // This is a conflict between ordering for `allow_expression` and `disallowAll`.
-      // Choosing to proceed with current envoy implementation which favors `allow_expression` over
-      // `disallowAll`.
-      if (rules.disallowExpression().isPresent()
-          && rules.disallowExpression().get().matcher(lowerCaseHeaderName).matches()) {
-        return false;
-      }
-      if (rules.allowExpression().isPresent()) {
-        return rules.allowExpression().get().matcher(lowerCaseHeaderName).matches();
-      }
-      return !rules.disallowAll();
+    if (rules.allowExpression().isPresent()) {
+      return rules.allowExpression().get().matcher(lowerCaseHeaderName).matches();
     }
+    return !rules.disallowAll();
+  }
 
-    private boolean disallowIsError() {
-      return mutationRules.map(HeaderMutationRulesConfig::disallowIsError).orElse(false);
-    }
+  private boolean disallowIsError() {
+    return mutationRules.map(HeaderMutationRulesConfig::disallowIsError).orElse(false);
   }
 }

xds/src/main/java/io/grpc/xds/internal/headermutations/HeaderMutations.java

@@ -18,7 +18,6 @@
 
 import com.google.auto.value.AutoValue;
 import com.google.common.collect.ImmutableList;
-import io.envoyproxy.envoy.config.core.v3.HeaderValueOption;
 
 /** A collection of header mutations for both request and response headers. */
 @AutoValue