Question1: A work-around can be to update the authorization policy file contents to accept all rpcs when a disable is required. This will work but there is a performance cost of running rbac evaluation engine and FileWatcherAuthorizationPolicyProvider but at the least it doesn't require any service restarts.
Question2: I don't see a way to do that currently, am I understanding it correct ? Thanks Ramesh On Friday, October 18, 2024 at 11:23:27 AM UTC-7 Rameshreddy Mudhireddy wrote: > Hi gRPC C++ team, > > Couple of questions on AuthorizationPolicyProviderInterface in C++ and its > usage. I hope you can point me in the right direction. > > *Question1:* > dynamic control of the authz feature in C++ > > typical C++ authz flow includes: > provider = FileWatcherAuthorizationPolicyProvider::Create(<policy_file>, > ...) > builder.experimental().SetAuthorizationPolicyProvider(provider); > builder.BuildAndStart(); > > Given this is a startup config, Is there a way to enable/disable authz > without requiring a service restart in C++? I think > SetAuthorizationPolicyProvider ultimately setting a channel argument and > may be it could be modified at runtime to do what I am looking for? > > *Question2:* > how do I count the authz failures when using grpc c++ libs? lib version is > 1.60.0. I looked at the interceptors available in C++ but authz failures > are before any of the interceptors are invoked and there is no easy way to > do that. > > Looking at Go libs, authz failures could be counted since the authz code > is an interceptor itself. Is there anything similar in C++ that I could use > ? > > Thank you and any help is much appreciated. > > Regards > Ramesh > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/4af8808a-0bb2-45c8-be92-e3cf4aba845an%40googlegroups.com.
