extproc: register filter and parse base and override config

internal/envconfig/xds.go

@@ -94,6 +94,7 @@ var (
 	// the client side. For more details, see:
 	// https://github.com/grpc/proposal/blob/master/A93-xds-ext-proc.md
 	XDSClientExtProcEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_EXT_PROC_ON_CLIENT", false)
+
 	// GCPAuthenticationFilterEnabled enables the xDS GCP Authentication
 	// filter. For more details, see:
 	// https://github.com/grpc/proposal/blob/master/A83-xds-gcp-authn-filter.md

internal/optional/optional.go

@@ -0,0 +1,54 @@
+/*
+ *
+ * Copyright 2026 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package optional implements a generic optional type.
+package optional
+
+// Optional represents an optional value of type T.
+// This type is not safe for concurrent access.
+type Optional[T any] struct {
+	val T
+	set bool
+}
+
+// New creates a new Optional type that does not have a value set. This can also
+// be done implicitly using a zero-value declaration: `var opt
+// optional.Optional[T]`
+func New[T any]() Optional[T] {
+	return Optional[T]{}
+}
+
+// NewValue creates a new Optional type with the provided value.
+func NewValue[T any](value T) Optional[T] {
+	return Optional[T]{
+		val: value,
+		set: true,
+	}
+}
+
+// Get returns the underlying value and a boolean indicating if the value is
+// set. If the value is not set, it returns the zero value of T and false.
+func (o *Optional[T]) Get() (T, bool) {
+	return o.val, o.set
+}
+
+// Set returns a new Option containing the provided value.
+func (o *Optional[T]) Set(v T) {
+	o.val = v
+	o.set = true
+}

internal/optional/optional_test.go

@@ -0,0 +1,141 @@
+/*
+ *
+ * Copyright 2026 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package optional_test
+
+import (
+	"slices"
+	"testing"
+
+	"google.golang.org/grpc/internal/grpctest"
+	"google.golang.org/grpc/internal/optional"
+)
+
+type s struct {
+	grpctest.Tester
+}
+
+func Test(t *testing.T) {
+	grpctest.RunSubTests(t, s{})
+}
+
+// TestOption_Int tests the scenario of using integer optional values and
+// verifies that default value, constructors, and mutation methods work as
+// expected for primitive integers.
+func (s) TestOption_Int(t *testing.T) {
+	var opt optional.Optional[int]
+	// Test unset value.
+	if v, set := opt.Get(); set || v != 0 {
+		t.Fatalf("Zero-value Option[int] = (%v, %v); want (0, false)", v, set)
+	}
+
+	// Test that New() function also returns an unset optional value.
+	optNew := optional.New[int]()
+	if v, set := optNew.Get(); set || v != 0 {
+		t.Fatalf("New[int]() = (%v, %v); want (0, false)", v, set)
+	}
+
+	optVal := optional.NewValue(42)
+	if v, set := optVal.Get(); !set || v != 42 {
+		t.Fatalf("NewValue(42) = (%v, %v); want (42, true)", v, set)
+	}
+
+	opt.Set(100)
+	if v, set := opt.Get(); !set || v != 100 {
+		t.Fatalf("Set(100) = (%v, %v); want (100, true)", v, set)
+	}
+}
+
+// TestOption_String tests the scenario of using string optional values and
+// verifies that default value, constructors, and mutation methods work as
+// expected for text strings.
+func (s) TestOption_String(t *testing.T) {
+	var opt optional.Optional[string]
+	// Test unset value.
+	if v, set := opt.Get(); set || v != "" {
+		t.Fatalf("Zero-value Option[string] = (%q, %v); want (%q, false)", v, set, "")
+	}
+
+	// Test that New() function also returns an unset optional value.
+	optNew := optional.New[string]()
+	if v, set := optNew.Get(); set || v != "" {
+		t.Fatalf("New Option[string] = (%q, %v); want (%q, false)", v, set, "")
+	}
+
+	wantString := "test-string"
+	optVal := optional.NewValue(wantString)
+	if v, set := optVal.Get(); !set || v != wantString {
+		t.Fatalf("NewValue(%q) = (%q, %v); want (%q, true)", wantString, v, set, wantString)
+	}
+
+	wantStringNew := "world"
+	opt.Set(wantStringNew)
+	if v, set := opt.Get(); !set || v != wantStringNew {
+		t.Fatalf("Set(%q) = (%q, %v); want (%q, true)", wantStringNew, v, set, wantStringNew)
+	}
+}
+
+// TestOption_Struct tests the scenario of using a custom struct type inside an
+// option type and verifies that custom struct field values are preserved,
+// modified, and cleared correctly.
+func (s) TestOption_Struct(t *testing.T) {
+	type testStruct struct {
+		name string
+		age  int
+	}
+	val1 := testStruct{name: "Alice", age: 30}
+	val2 := testStruct{name: "Bob", age: 40}
+
+	var opt optional.Optional[testStruct]
+	if v, set := opt.Get(); set || v != (testStruct{}) {
+		t.Fatalf("Zero-value Option[struct] = (%v, %v); want (empty, false)", v, set)
+	}
+
+	optVal := optional.NewValue(val1)
+	if v, set := optVal.Get(); !set || v != val1 {
+		t.Fatalf("NewValue(val1) = (%v, %v); want (%v, true)", v, set, val1)
+	}
+
+	opt.Set(val2)
+	if v, set := opt.Get(); !set || v != val2 {
+		t.Fatalf("Set(val2) = (%v, %v); want (%v, true)", v, set, val2)
+	}
+}
+
+// TestOption_Slice tests the scenario of using a pointer type inside an
+// option type and verifies that nil status, address preservation, and
+// underlying value dereferencing work as expected.
+func (s) TestOption_Slice(t *testing.T) {
+	val1 := []int{1, 2, 3}
+	val2 := []int{4, 5, 6}
+
+	var opt optional.Optional[[]int]
+	if v, set := opt.Get(); set || v != nil {
+		t.Fatalf("Zero-value Option[[]int] = (%v, %v); want (nil, false)", v, set)
+	}
+
+	optVal := optional.NewValue(val1)
+	if v, set := optVal.Get(); !set || !slices.Equal(v, val1) {
+		t.Fatalf("NewValue(%v) = (%v, %v); want (%v, true)", val1, v, set, val1)
+	}
+
+	opt.Set(val2)
+	if v, set := opt.Get(); !set || !slices.Equal(v, val2) {
+		t.Fatalf("Set(%v) = (%v, %v); want (%v, true)", &val2, v, set, &val2)
+	}
+}

internal/xds/httpfilter/extconfig.go

@@ -0,0 +1,115 @@
+/*
+ *
+ * Copyright 2026 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package httpfilter contains interface definitions for xDS-based HTTP filters
+// and a registry for filter builders.
+package httpfilter
+
+import (
+	"fmt"
+	"regexp"
+	"time"
+
+	"google.golang.org/grpc/internal/xds/matcher"
+	"google.golang.org/grpc/metadata"
+
+	v3mutationpb "github.com/envoyproxy/go-control-plane/envoy/config/common/mutation_rules/v3"
+	v3matcherpb "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
+)
+
+// HeaderMutationRules specifies the rules for what modifications an external
+// processing server may make to headers sent on the data plane RPC.
+type HeaderMutationRules struct {
+	// AllowExpr specifies a regular expression that matches the headers that can
+	// be mutated.
+	AllowExpr *regexp.Regexp
+	// DisallowExpr specifies a regular expression that matches the headers that
+	// cannot be mutated. This overrides the above allowExpr if a header matches
+	// both.
+	DisallowExpr *regexp.Regexp
+	// DisallowAll specifies that no header mutations are allowed. This overrides
+	// all other settings.
+	DisallowAll bool
+	// DisallowIsError specifies whether to return an error if a header mutation
+	// is disallowed. If true, the data plane RPC will be failed with a grpc
+	// status code of Unknown.
+	DisallowIsError bool
+}
+
+// ServerConfig contains the configuration for an external server.
+type ServerConfig struct {
+	// TargetURI is the name of the external server.
+	TargetURI string
+	// ChannelCredentials specifies the transport credentials to use to connect to
+	// the external server. Must not be nil.
+	ChannelCredentials string
+	// CallCredentials specifies the per-RPC credentials to use when making calls
+	// to the external server.
+	CallCredentials string
+	// Timeout is the RPC Timeout for the call to the external server. If unset,
+	// the timeout depends on the usage of this external server. For example,
+	// cases like ext_authz and ext_proc, where there is a 1:1 mapping between the
+	// data plane RPC and the external server call, the timeout will be capped by
+	// the timeout on the data plane RPC. For cases like RLQS where there is a
+	// side channel to the external server, an unset timeout will result in no
+	// timeout being applied to the external server call.
+	Timeout time.Duration
+	// InitialMetadata is the additional metadata to include in all RPCs sent to
+	// the external server.
+	InitialMetadata metadata.MD
+}
+
+// ConvertStringMatchers converts a slice of protobuf StringMatcher messages to
+// a slice of matcher.StringMatcher.
+func ConvertStringMatchers(patterns []*v3matcherpb.StringMatcher) ([]matcher.StringMatcher, error) {
+	matchers := make([]matcher.StringMatcher, 0, len(patterns))
+	for _, p := range patterns {
+		sm, err := matcher.StringMatcherFromProto(p)
+		if err != nil {
+			return nil, err
+		}
+		matchers = append(matchers, sm)
+	}
+	return matchers, nil
+}
+
+// HeaderMutationRulesFromProto converts a protobuf HeaderMutationRules message
+// to a headerMutationRules struct.
+func HeaderMutationRulesFromProto(mr *v3mutationpb.HeaderMutationRules) (HeaderMutationRules, error) {
+	var rules HeaderMutationRules
+	if mr == nil {
+		return rules, nil
+	}
+	if allowExpr := mr.GetAllowExpression(); allowExpr != nil {
+		re, err := regexp.Compile(allowExpr.GetRegex())
+		if err != nil {
+			return rules, fmt.Errorf("httpfilter: %v", err)
+		}
+		rules.AllowExpr = re
+	}
+	if disallowExpr := mr.GetDisallowExpression(); disallowExpr != nil {
+		re, err := regexp.Compile(disallowExpr.GetRegex())
+		if err != nil {
+			return rules, fmt.Errorf("httpfilter: %v", err)
+		}
+		rules.DisallowExpr = re
+	}
+	rules.DisallowAll = mr.GetDisallowAll().GetValue()
+	rules.DisallowIsError = mr.GetDisallowIsError().GetValue()
+	return rules, nil
+}