feat(xds): Allow injecting bootstrap info into xDS Filter API for config parsing

Extend the xDS Filter API to support injecting bootstrap information into
filters during configuration parsing. This allows filters to access context
information (e.g., allowed gRPC services) from the resource loading layer
during configuration validation and parsing.

- Update `Filter.Provider.parseFilterConfig` and `parseFilterConfigOverride`
  to accept a `FilterContext` parameter.
- Introduce `BootstrapInfoGrpcServiceContextProvider` to encapsulate
  bootstrap info for context resolution.
- Update `XdsListenerResource` and `XdsRouteConfigureResource` to
  construct and pass `FilterContext` during configuration parsing.
- Update sub-filters (`FaultFilter`, `RbacFilter`, `GcpAuthenticationFilter`,
  `RouterFilter`) to match the updated `FilterContext` signature.

Known Gaps & Limitations:
1. **MetricHolder**: Propagation of `MetricHolder` is not supported with
   this approach currently and is planned for support in a later phase.
2. **NameResolverRegistry**: Propagation is deferred for consistency. While
   it could be passed from `XdsNameResolver` on the client side, there is
   no equivalent mechanism on the server side. To ensure consistent behavior,
   `DefaultRegistry` is used when validating schemes and creating channels.

Author: sauravzg

xds/src/main/java/io/grpc/xds/BootstrapInfoGrpcServiceContextProvider.java

@@ -0,0 +1,73 @@
+/*
+ * Copyright 2026 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.xds;
+
+import io.grpc.NameResolverRegistry;
+import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
+import io.grpc.xds.client.Bootstrapper.ServerInfo;
+import io.grpc.xds.internal.grpcservice.AllowedGrpcService;
+import io.grpc.xds.internal.grpcservice.AllowedGrpcServices;
+import io.grpc.xds.internal.grpcservice.GrpcServiceXdsContext;
+import io.grpc.xds.internal.grpcservice.GrpcServiceXdsContextProvider;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Optional;
+
+/**
+ * Concrete implementation of {@link GrpcServiceXdsContextProvider} that uses
+ * {@link BootstrapInfo} data to resolve context.
+ */
+final class BootstrapInfoGrpcServiceContextProvider
+    implements GrpcServiceXdsContextProvider {
+
+  private final boolean isTrustedControlPlane;
+  private final AllowedGrpcServices allowedGrpcServices;
+  private final NameResolverRegistry nameResolverRegistry;
+
+  BootstrapInfoGrpcServiceContextProvider(BootstrapInfo bootstrapInfo, ServerInfo serverInfo) {
+    this.isTrustedControlPlane = serverInfo.isTrustedXdsServer();
+    this.allowedGrpcServices = bootstrapInfo.allowedGrpcServices()
+        .filter(AllowedGrpcServices.class::isInstance)
+        .map(AllowedGrpcServices.class::cast)
+        .orElse(AllowedGrpcServices.empty());
+    this.nameResolverRegistry = NameResolverRegistry.getDefaultRegistry();
+  }
+
+  @Override
+  public GrpcServiceXdsContext getContextForTarget(String targetUri) {
+    Optional<AllowedGrpcService> validAllowedGrpcService =
+        Optional.ofNullable(allowedGrpcServices.services().get(targetUri));
+
+    boolean isTargetUriSchemeSupported = false;
+    try {
+      URI uri = new URI(targetUri);
+      String scheme = uri.getScheme();
+      if (scheme != null) {
+        isTargetUriSchemeSupported =
+            nameResolverRegistry.getProviderForScheme(scheme) != null;
+      }
+    } catch (URISyntaxException e) {
+      // Fallback or ignore if not a valid URI
+    }
+
+    return GrpcServiceXdsContext.create(
+        isTrustedControlPlane,
+        validAllowedGrpcService,
+        isTargetUriSchemeSupported
+    );
+  }
+}

xds/src/main/java/io/grpc/xds/FaultFilter.java

@@ -104,7 +104,8 @@ public FaultFilter newInstance(String name) {
     }
 
     @Override
-    public ConfigOrError<FaultConfig> parseFilterConfig(Message rawProtoMessage) {
+    public ConfigOrError<FaultConfig> parseFilterConfig(
+        Message rawProtoMessage, FilterContext context) {
       HTTPFault httpFaultProto;
       if (!(rawProtoMessage instanceof Any)) {
         return ConfigOrError.fromError("Invalid config type: " + rawProtoMessage.getClass());
@@ -119,8 +120,9 @@ public ConfigOrError<FaultConfig> parseFilterConfig(Message rawProtoMessage) {
     }
 
     @Override
-    public ConfigOrError<FaultConfig> parseFilterConfigOverride(Message rawProtoMessage) {
-      return parseFilterConfig(rawProtoMessage);
+    public ConfigOrError<FaultConfig> parseFilterConfigOverride(
+        Message rawProtoMessage, FilterContext context) {
+      return parseFilterConfig(rawProtoMessage, context);
     }
 
     private static ConfigOrError<FaultConfig> parseHttpFault(HTTPFault httpFault) {

xds/src/main/java/io/grpc/xds/Filter.java

@@ -16,10 +16,12 @@
 
 package io.grpc.xds;
 
+
 import com.google.common.base.MoreObjects;
 import com.google.protobuf.Message;
 import io.grpc.ClientInterceptor;
 import io.grpc.ServerInterceptor;
+import io.grpc.xds.internal.grpcservice.GrpcServiceXdsContextProvider;
 import java.io.Closeable;
 import java.util.Objects;
 import java.util.concurrent.ScheduledExecutorService;
@@ -93,13 +95,15 @@ default boolean isServerFilter() {
      * Parses the top-level filter config from raw proto message. The message may be either a {@link
      * com.google.protobuf.Any} or a {@link com.google.protobuf.Struct}.
      */
-    ConfigOrError<? extends FilterConfig> parseFilterConfig(Message rawProtoMessage);
+    ConfigOrError<? extends FilterConfig> parseFilterConfig(
+        Message rawProtoMessage, FilterContext context);
 
     /**
      * Parses the per-filter override filter config from raw proto message. The message may be
      * either a {@link com.google.protobuf.Any} or a {@link com.google.protobuf.Struct}.
      */
-    ConfigOrError<? extends FilterConfig> parseFilterConfigOverride(Message rawProtoMessage);
+    ConfigOrError<? extends FilterConfig> parseFilterConfigOverride(
+        Message rawProtoMessage, FilterContext context);
   }
 
   /** Uses the FilterConfigs produced above to produce an HTTP filter interceptor for clients. */
@@ -125,6 +129,25 @@ default ServerInterceptor buildServerInterceptor(
   @Override
   default void close() {}
 
+  /** Context carrying dynamic metadata for a filter. */
+  @com.google.auto.value.AutoValue
+  abstract class FilterContext {
+    public abstract GrpcServiceXdsContextProvider grpcServiceContextProvider();
+
+    public static Builder builder() {
+      return new AutoValue_Filter_FilterContext.Builder();
+    }
+
+
+    @com.google.auto.value.AutoValue.Builder
+    public abstract static class Builder {
+      public abstract Builder grpcServiceContextProvider(
+          GrpcServiceXdsContextProvider provider);
+
+      public abstract FilterContext build();
+    }
+  }
+
   /** Filter config with instance name. */
   final class NamedFilterConfig {
     // filter instance name

xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java

@@ -86,7 +86,8 @@ public GcpAuthenticationFilter newInstance(String name) {
     }
 
     @Override
-    public ConfigOrError<GcpAuthenticationConfig> parseFilterConfig(Message rawProtoMessage) {
+    public ConfigOrError<GcpAuthenticationConfig> parseFilterConfig(
+        Message rawProtoMessage, FilterContext context) {
       GcpAuthnFilterConfig gcpAuthnProto;
       if (!(rawProtoMessage instanceof Any)) {
         return ConfigOrError.fromError("Invalid config type: " + rawProtoMessage.getClass());
@@ -121,8 +122,8 @@ public ConfigOrError<GcpAuthenticationConfig> parseFilterConfig(Message rawProto
 
     @Override
     public ConfigOrError<GcpAuthenticationConfig> parseFilterConfigOverride(
-        Message rawProtoMessage) {
-      return parseFilterConfig(rawProtoMessage);
+        Message rawProtoMessage, FilterContext context) {
+      return parseFilterConfig(rawProtoMessage, context);
     }
   }
 

xds/src/main/java/io/grpc/xds/RbacFilter.java

@@ -94,7 +94,8 @@ public RbacFilter newInstance(String name) {
     }
 
     @Override
-    public ConfigOrError<RbacConfig> parseFilterConfig(Message rawProtoMessage) {
+    public ConfigOrError<RbacConfig> parseFilterConfig(
+        Message rawProtoMessage, FilterContext context) {
       RBAC rbacProto;
       if (!(rawProtoMessage instanceof Any)) {
         return ConfigOrError.fromError("Invalid config type: " + rawProtoMessage.getClass());
@@ -109,7 +110,8 @@ public ConfigOrError<RbacConfig> parseFilterConfig(Message rawProtoMessage) {
     }
 
     @Override
-    public ConfigOrError<RbacConfig> parseFilterConfigOverride(Message rawProtoMessage) {
+    public ConfigOrError<RbacConfig> parseFilterConfigOverride(
+        Message rawProtoMessage, FilterContext context) {
       RBACPerRoute rbacPerRoute;
       if (!(rawProtoMessage instanceof Any)) {
         return ConfigOrError.fromError("Invalid config type: " + rawProtoMessage.getClass());

xds/src/main/java/io/grpc/xds/RouterFilter.java

@@ -61,13 +61,14 @@ public RouterFilter newInstance(String name) {
     }
 
     @Override
-    public ConfigOrError<? extends FilterConfig> parseFilterConfig(Message rawProtoMessage) {
+    public ConfigOrError<? extends FilterConfig> parseFilterConfig(
+        Message rawProtoMessage, FilterContext context) {
       return ConfigOrError.fromConfig(ROUTER_CONFIG);
     }
 
     @Override
     public ConfigOrError<? extends FilterConfig> parseFilterConfigOverride(
-        Message rawProtoMessage) {
+        Message rawProtoMessage, FilterContext context) {
       return ConfigOrError.fromError("Router Filter should not have override config");
     }
   }

xds/src/main/java/io/grpc/xds/XdsListenerResource.java

@@ -527,7 +527,7 @@ static io.grpc.xds.HttpConnectionManager parseHttpConnectionManager(
             "HttpConnectionManager contains duplicate HttpFilter: " + filterName);
       }
       StructOrError<Filter.FilterConfig> filterConfig =
-          parseHttpFilter(httpFilter, filterRegistry, isForClient);
+          parseHttpFilter(httpFilter, filterRegistry, isForClient, args);
       if ((i == proto.getHttpFiltersCount() - 1)
           && (filterConfig == null || !isTerminalFilter(filterConfig.getStruct()))) {
         throw new ResourceInvalidException("The last HttpFilter must be a terminal filter: "
@@ -581,7 +581,8 @@ private static boolean isTerminalFilter(Filter.FilterConfig filterConfig) {
   @Nullable // Returns null if the filter is optional but not supported.
   static StructOrError<Filter.FilterConfig> parseHttpFilter(
       io.envoyproxy.envoy.extensions.filters.network.http_connection_manager.v3.HttpFilter
-          httpFilter, FilterRegistry filterRegistry, boolean isForClient) {
+          httpFilter, FilterRegistry filterRegistry, boolean isForClient,
+      XdsResourceType.Args args) {
     String filterName = httpFilter.getName();
     boolean isOptional = httpFilter.getIsOptional();
     if (!httpFilter.hasTypedConfig()) {
@@ -616,7 +617,14 @@ static StructOrError<Filter.FilterConfig> parseHttpFilter(
           "HttpFilter [" + filterName + "](" + typeUrl + ") is required but unsupported for " + (
               isForClient ? "client" : "server"));
     }
-    ConfigOrError<? extends FilterConfig> filterConfig = provider.parseFilterConfig(rawConfig);
+
+    BootstrapInfoGrpcServiceContextProvider contextProvider =
+        new BootstrapInfoGrpcServiceContextProvider(args.getBootstrapInfo(), args.getServerInfo());
+    Filter.FilterContext filterContext = Filter.FilterContext.builder()
+        .grpcServiceContextProvider(contextProvider)
+        .build();
+    ConfigOrError<? extends FilterConfig> filterConfig =
+        provider.parseFilterConfig(rawConfig, filterContext);
     if (filterConfig.errorDetail != null) {
       return StructOrError.fromError(
           "Invalid filter config for HttpFilter [" + filterName + "]: " + filterConfig.errorDetail);

xds/src/main/java/io/grpc/xds/XdsRouteConfigureResource.java

@@ -198,7 +198,7 @@ private static StructOrError<VirtualHost> parseVirtualHost(
       routes.add(route.getStruct());
     }
     StructOrError<Map<String, Filter.FilterConfig>> overrideConfigs =
-        parseOverrideFilterConfigs(proto.getTypedPerFilterConfigMap(), filterRegistry);
+        parseOverrideFilterConfigs(proto.getTypedPerFilterConfigMap(), filterRegistry, args);
     if (overrideConfigs.getErrorDetail() != null) {
       return StructOrError.fromError(
           "VirtualHost [" + proto.getName() + "] contains invalid HttpFilter config: "
@@ -210,7 +210,13 @@ private static StructOrError<VirtualHost> parseVirtualHost(
 
   @VisibleForTesting
   static StructOrError<Map<String, FilterConfig>> parseOverrideFilterConfigs(
-      Map<String, Any> rawFilterConfigMap, FilterRegistry filterRegistry) {
+      Map<String, Any> rawFilterConfigMap, FilterRegistry filterRegistry,
+      XdsResourceType.Args args) {
+    BootstrapInfoGrpcServiceContextProvider grpcServiceContextProvider =
+        new BootstrapInfoGrpcServiceContextProvider(args.getBootstrapInfo(), args.getServerInfo());
+    Filter.FilterContext context = Filter.FilterContext.builder()
+        .grpcServiceContextProvider(grpcServiceContextProvider)
+        .build();
     Map<String, FilterConfig> overrideConfigs = new HashMap<>();
     for (String name : rawFilterConfigMap.keySet()) {
       Any anyConfig = rawFilterConfigMap.get(name);
@@ -254,7 +260,7 @@ static StructOrError<Map<String, FilterConfig>> parseOverrideFilterConfigs(
             "HttpFilter [" + name + "](" + typeUrl + ") is required but unsupported");
       }
       ConfigOrError<? extends Filter.FilterConfig> filterConfig =
-          provider.parseFilterConfigOverride(rawConfig);
+          provider.parseFilterConfigOverride(rawConfig, context);
       if (filterConfig.errorDetail != null) {
         return StructOrError.fromError(
             "Invalid filter config for HttpFilter [" + name + "]: " + filterConfig.errorDetail);
@@ -281,7 +287,7 @@ static StructOrError<Route> parseRoute(
     }
 
     StructOrError<Map<String, FilterConfig>> overrideConfigsOrError =
-        parseOverrideFilterConfigs(proto.getTypedPerFilterConfigMap(), filterRegistry);
+        parseOverrideFilterConfigs(proto.getTypedPerFilterConfigMap(), filterRegistry, args);
     if (overrideConfigsOrError.getErrorDetail() != null) {
       return StructOrError.fromError(
           "Route [" + proto.getName() + "] contains invalid HttpFilter config: "
@@ -490,7 +496,7 @@ static StructOrError<RouteAction> parseRouteAction(
         for (io.envoyproxy.envoy.config.route.v3.WeightedCluster.ClusterWeight clusterWeight
             : clusterWeights) {
           StructOrError<ClusterWeight> clusterWeightOrError =
-              parseClusterWeight(clusterWeight, filterRegistry);
+              parseClusterWeight(clusterWeight, filterRegistry, args);
           if (clusterWeightOrError.getErrorDetail() != null) {
             return StructOrError.fromError("RouteAction contains invalid ClusterWeight: "
                 + clusterWeightOrError.getErrorDetail());
@@ -599,9 +605,9 @@ private static StructOrError<VirtualHost.Route.RouteAction.RetryPolicy> parseRet
   @VisibleForTesting
   static StructOrError<VirtualHost.Route.RouteAction.ClusterWeight> parseClusterWeight(
       io.envoyproxy.envoy.config.route.v3.WeightedCluster.ClusterWeight proto,
-      FilterRegistry filterRegistry) {
+      FilterRegistry filterRegistry, XdsResourceType.Args args) {
     StructOrError<Map<String, Filter.FilterConfig>> overrideConfigs =
-        parseOverrideFilterConfigs(proto.getTypedPerFilterConfigMap(), filterRegistry);
+        parseOverrideFilterConfigs(proto.getTypedPerFilterConfigMap(), filterRegistry, args);
     if (overrideConfigs.getErrorDetail() != null) {
       return StructOrError.fromError(
           "ClusterWeight [" + proto.getName() + "] contains invalid HttpFilter config: "