Fixup 12492: Eliminate cyclic dependencies

- Move the parser objects up to `io.grpc.xds`
- Move some common objects to `io.grpc.xds.client`

Author: sauravzg

…ernal/extauthz/ExtAuthzConfigParser.java …va/io/grpc/xds/ExtAuthzConfigParser.javaxds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzConfigParser.java renamed to xds/src/main/java/io/grpc/xds/ExtAuthzConfigParser.java xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzConfigParser.java renamed to xds/src/main/java/io/grpc/xds/ExtAuthzConfigParser.java

@@ -14,16 +14,17 @@
  * limitations under the License.
  */
 
-package io.grpc.xds.internal.extauthz;
+package io.grpc.xds;
 
 import com.google.common.collect.ImmutableList;
 import io.envoyproxy.envoy.extensions.filters.http.ext_authz.v3.ExtAuthz;
 import io.grpc.internal.GrpcUtil;
 import io.grpc.xds.client.Bootstrapper.BootstrapInfo;
 import io.grpc.xds.client.Bootstrapper.ServerInfo;
 import io.grpc.xds.internal.MatcherParser;
+import io.grpc.xds.internal.extauthz.ExtAuthzConfig;
+import io.grpc.xds.internal.extauthz.ExtAuthzParseException;
 import io.grpc.xds.internal.grpcservice.GrpcServiceConfig;
-import io.grpc.xds.internal.grpcservice.GrpcServiceConfigParser;
 import io.grpc.xds.internal.grpcservice.GrpcServiceParseException;
 import io.grpc.xds.internal.headermutations.HeaderMutationRulesParseException;
 import io.grpc.xds.internal.headermutations.HeaderMutationRulesParser;

…rnal/grpcservice/ChannelCredsConfig.java …io/grpc/xds/GrpcBootstrapImplConfig.javaxds/src/main/java/io/grpc/xds/internal/grpcservice/ChannelCredsConfig.java renamed to xds/src/main/java/io/grpc/xds/GrpcBootstrapImplConfig.java xds/src/main/java/io/grpc/xds/internal/grpcservice/ChannelCredsConfig.java renamed to xds/src/main/java/io/grpc/xds/GrpcBootstrapImplConfig.java

@@ -14,14 +14,21 @@
  * limitations under the License.
  */
 
-package io.grpc.xds.internal.grpcservice;
+package io.grpc.xds;
+
+import com.google.auto.value.AutoValue;
+import io.grpc.Internal;
+import io.grpc.xds.client.AllowedGrpcServices;
 
 /**
- * Configuration for channel credentials.
+ * Custom configuration for gRPC xDS bootstrap implementation.
  */
-public interface ChannelCredsConfig {
-  /**
-   * Returns the type of the credentials.
-   */
-  String type();
+@Internal
+@AutoValue
+public abstract class GrpcBootstrapImplConfig {
+  public abstract AllowedGrpcServices allowedGrpcServices();
+
+  public static GrpcBootstrapImplConfig create(AllowedGrpcServices services) {
+    return new AutoValue_GrpcBootstrapImplConfig(services);
+  }
 }

xds/src/main/java/io/grpc/xds/GrpcBootstrapperImpl.java

@@ -22,13 +22,13 @@
 import io.grpc.CallCredentials;
 import io.grpc.ChannelCredentials;
 import io.grpc.internal.JsonUtil;
+import io.grpc.xds.client.AllowedGrpcServices;
+import io.grpc.xds.client.AllowedGrpcServices.AllowedGrpcService;
 import io.grpc.xds.client.BootstrapperImpl;
+import io.grpc.xds.client.ConfiguredChannelCredentials;
+import io.grpc.xds.client.ConfiguredChannelCredentials.ChannelCredsConfig;
 import io.grpc.xds.client.XdsInitializationException;
 import io.grpc.xds.client.XdsLogger;
-import io.grpc.xds.internal.grpcservice.AllowedGrpcService;
-import io.grpc.xds.internal.grpcservice.AllowedGrpcServices;
-import io.grpc.xds.internal.grpcservice.ChannelCredsConfig;
-import io.grpc.xds.internal.grpcservice.ConfiguredChannelCredentials;
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
@@ -173,11 +173,11 @@ private static ConfiguredChannelCredentials parseChannelCredentials(List<Map<Str
   }
 
   @Override
-  protected Optional<Object> parseAllowedGrpcServices(
+  protected Optional<Object> parseImplSpecificObject(
       @Nullable Map<String, ?> rawAllowedGrpcServices)
       throws XdsInitializationException {
     if (rawAllowedGrpcServices == null || rawAllowedGrpcServices.isEmpty()) {
-      return Optional.of(AllowedGrpcServices.empty());
+      return Optional.of(GrpcBootstrapImplConfig.create(AllowedGrpcServices.empty()));
     }
 
     ImmutableMap.Builder<String, AllowedGrpcService> builder =
@@ -203,7 +203,9 @@ protected Optional<Object> parseAllowedGrpcServices(
       callCredentials.ifPresent(b::callCredentials);
       builder.put(targetUri, b.build());
     }
-    return Optional.of(AllowedGrpcServices.create(builder.build()));
+    GrpcBootstrapImplConfig customConfig =
+        GrpcBootstrapImplConfig.create(AllowedGrpcServices.create(builder.build()));
+    return Optional.of(customConfig);
   }
 
   @SuppressWarnings("unused")

…grpcservice/GrpcServiceConfigParser.java …io/grpc/xds/GrpcServiceConfigParser.javaxds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceConfigParser.java renamed to xds/src/main/java/io/grpc/xds/GrpcServiceConfigParser.java xds/src/main/java/io/grpc/xds/internal/grpcservice/GrpcServiceConfigParser.java renamed to xds/src/main/java/io/grpc/xds/GrpcServiceConfigParser.java

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package io.grpc.xds.internal.grpcservice;
+package io.grpc.xds;
 
 import com.google.auth.oauth2.AccessToken;
 import com.google.auth.oauth2.OAuth2Credentials;
@@ -33,8 +33,14 @@
 import io.grpc.SecurityLevel;
 import io.grpc.alts.GoogleDefaultChannelCredentials;
 import io.grpc.auth.MoreCallCredentials;
-import io.grpc.xds.XdsChannelCredentials;
+import io.grpc.xds.client.AllowedGrpcServices;
+import io.grpc.xds.client.AllowedGrpcServices.AllowedGrpcService;
 import io.grpc.xds.client.Bootstrapper;
+import io.grpc.xds.client.ConfiguredChannelCredentials;
+import io.grpc.xds.internal.grpcservice.GrpcServiceConfig;
+import io.grpc.xds.internal.grpcservice.GrpcServiceParseException;
+import io.grpc.xds.internal.grpcservice.HeaderValue;
+import io.grpc.xds.internal.grpcservice.HeaderValueValidationUtils;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.time.Duration;
@@ -65,7 +71,7 @@ public final class GrpcServiceConfigParser {
       "type.googleapis.com/envoy.extensions.grpc_service.channel_credentials."
           + "google_default.v3.GoogleDefaultCredentials";
 
-  private GrpcServiceConfigParser() {}
+
 
   /**
    * Parses the {@link io.envoyproxy.envoy.config.core.v3.GrpcService} proto to create a
@@ -75,9 +81,8 @@ private GrpcServiceConfigParser() {}
    * @return A {@link GrpcServiceConfig} instance.
    * @throws GrpcServiceParseException if the proto is invalid or uses unsupported features.
    */
-  public static GrpcServiceConfig parse(
-      GrpcService grpcServiceProto, Bootstrapper.BootstrapInfo bootstrapInfo,
-      Bootstrapper.ServerInfo serverInfo)
+  public static GrpcServiceConfig parse(GrpcService grpcServiceProto,
+      Bootstrapper.BootstrapInfo bootstrapInfo, Bootstrapper.ServerInfo serverInfo)
       throws GrpcServiceParseException {
     if (!grpcServiceProto.hasGoogleGrpc()) {
       throw new GrpcServiceParseException(
@@ -125,15 +130,16 @@ public static GrpcServiceConfig parse(
    */
   public static GrpcServiceConfig.GoogleGrpcConfig parseGoogleGrpcConfig(
       GrpcService.GoogleGrpc googleGrpcProto, Bootstrapper.BootstrapInfo bootstrapInfo,
-      Bootstrapper.ServerInfo serverInfo)
-      throws GrpcServiceParseException {
+      Bootstrapper.ServerInfo serverInfo) throws GrpcServiceParseException {
 
     String targetUri = googleGrpcProto.getTargetUri();
 
-    AllowedGrpcServices allowedGrpcServices = bootstrapInfo.allowedGrpcServices()
-        .filter(AllowedGrpcServices.class::isInstance)
-        .map(AllowedGrpcServices.class::cast)
-        .orElse(AllowedGrpcServices.empty());
+    AllowedGrpcServices allowedGrpcServices =
+        bootstrapInfo.implSpecificObject()
+            .filter(GrpcBootstrapImplConfig.class::isInstance)
+            .map(GrpcBootstrapImplConfig.class::cast)
+            .map(GrpcBootstrapImplConfig::allowedGrpcServices)
+            .orElse(AllowedGrpcServices.empty());
 
     boolean isTrustedControlPlane = serverInfo.isTrustedXdsServer();
     Optional<AllowedGrpcService> override =
@@ -165,8 +171,7 @@ public static GrpcServiceConfig.GoogleGrpcConfig parseGoogleGrpcConfig(
       }
 
       GrpcServiceConfig.GoogleGrpcConfig.Builder builder =
-          GrpcServiceConfig.GoogleGrpcConfig.builder()
-              .target(targetUri)
+          GrpcServiceConfig.GoogleGrpcConfig.builder().target(targetUri)
               .configuredChannelCredentials(override.get().configuredChannelCredentials());
       if (override.get().callCredentials().isPresent()) {
         builder.callCredentials(override.get().callCredentials().get());
@@ -189,19 +194,18 @@ public static GrpcServiceConfig.GoogleGrpcConfig parseGoogleGrpcConfig(
     return builder.build();
   }
 
-  private static Optional<ConfiguredChannelCredentials> channelCredsFromProto(
-      Any cred) throws GrpcServiceParseException {
+  private static Optional<ConfiguredChannelCredentials> channelCredsFromProto(Any cred)
+      throws GrpcServiceParseException {
     String typeUrl = cred.getTypeUrl();
     try {
       switch (typeUrl) {
         case GOOGLE_DEFAULT_CREDENTIALS_TYPE_URL:
-          return Optional.of(ConfiguredChannelCredentials.create(
-              GoogleDefaultChannelCredentials.create(),
-              new ProtoChannelCredsConfig(typeUrl, cred)));
+          return Optional
+              .of(ConfiguredChannelCredentials.create(GoogleDefaultChannelCredentials.create(),
+                  new ProtoChannelCredsConfig(typeUrl, cred)));
         case INSECURE_CREDENTIALS_TYPE_URL:
           return Optional.of(ConfiguredChannelCredentials.create(
-              InsecureChannelCredentials.create(),
-              new ProtoChannelCredsConfig(typeUrl, cred)));
+              InsecureChannelCredentials.create(), new ProtoChannelCredsConfig(typeUrl, cred)));
         case XDS_CREDENTIALS_TYPE_URL:
           XdsCredentials xdsConfig = cred.unpack(XdsCredentials.class);
           Optional<ConfiguredChannelCredentials> fallbackCreds =
@@ -292,7 +296,8 @@ public void applyRequestMetadata(RequestInfo requestInfo, Executor appExecutor,
     }
   }
 
-  static final class ProtoChannelCredsConfig implements ChannelCredsConfig {
+  static final class ProtoChannelCredsConfig
+      implements ConfiguredChannelCredentials.ChannelCredsConfig {
     private final String type;
     private final Any configProto;
 

…nal/grpcservice/AllowedGrpcServices.java …grpc/xds/client/AllowedGrpcServices.javaxds/src/main/java/io/grpc/xds/internal/grpcservice/AllowedGrpcServices.java renamed to xds/src/main/java/io/grpc/xds/client/AllowedGrpcServices.java xds/src/main/java/io/grpc/xds/internal/grpcservice/AllowedGrpcServices.java renamed to xds/src/main/java/io/grpc/xds/client/AllowedGrpcServices.java

@@ -14,15 +14,19 @@
  * limitations under the License.
  */
 
-package io.grpc.xds.internal.grpcservice;
+package io.grpc.xds.client;
 
 import com.google.auto.value.AutoValue;
 import com.google.common.collect.ImmutableMap;
+import io.grpc.CallCredentials;
+import io.grpc.Internal;
 import java.util.Map;
+import java.util.Optional;
 
 /**
  * Wrapper for allowed gRPC services keyed by target URI.
  */
+@Internal
 @AutoValue
 public abstract class AllowedGrpcServices {
   public abstract ImmutableMap<String, AllowedGrpcService> services();
@@ -34,4 +38,29 @@ public static AllowedGrpcServices create(Map<String, AllowedGrpcService> service
   public static AllowedGrpcServices empty() {
     return create(ImmutableMap.of());
   }
+
+  /**
+   * Represents an allowed gRPC service configuration with call credentials.
+   */
+  @Internal
+  @AutoValue
+  public abstract static class AllowedGrpcService {
+    public abstract ConfiguredChannelCredentials configuredChannelCredentials();
+
+    public abstract Optional<CallCredentials> callCredentials();
+
+    public static Builder builder() {
+      return new AutoValue_AllowedGrpcServices_AllowedGrpcService.Builder();
+    }
+
+    @AutoValue.Builder
+    public abstract static class Builder {
+      public abstract Builder configuredChannelCredentials(
+          ConfiguredChannelCredentials credentials);
+
+      public abstract Builder callCredentials(CallCredentials callCredentials);
+
+      public abstract AllowedGrpcService build();
+    }
+  }
 }

xds/src/main/java/io/grpc/xds/client/Bootstrapper.java

@@ -207,17 +207,17 @@ public abstract static class BootstrapInfo {
     public abstract ImmutableMap<String, AuthorityInfo> authorities();
 
     /**
-     * Parsed allowed_grpc_services configuration.
+     * Parsed configuration for implementation-specific extensions.
      * Returns an opaque object containing the parsed configuration.
      */
-    public abstract Optional<Object> allowedGrpcServices();
+    public abstract Optional<Object> implSpecificObject();
 
     @VisibleForTesting
     public static Builder builder() {
       return new AutoValue_Bootstrapper_BootstrapInfo.Builder()
           .clientDefaultListenerResourceNameTemplate("%s")
           .authorities(ImmutableMap.<String, AuthorityInfo>of())
-          .allowedGrpcServices(Optional.empty());
+          .implSpecificObject(Optional.empty());
     }
 
     @AutoValue.Builder
@@ -239,7 +239,7 @@ public abstract Builder clientDefaultListenerResourceNameTemplate(
 
       public abstract Builder authorities(Map<String, AuthorityInfo> authorities);
 
-      public abstract Builder allowedGrpcServices(Optional<Object> allowedGrpcServices);
+      public abstract Builder implSpecificObject(Optional<Object> implSpecificObject);
 
       public abstract BootstrapInfo build();
     }

xds/src/main/java/io/grpc/xds/client/BootstrapperImpl.java

@@ -242,12 +242,12 @@ protected BootstrapInfo.Builder bootstrapBuilder(Map<String, ?> rawData)
     }
 
     Map<String, ?> rawAllowedGrpcServices = JsonUtil.getObject(rawData, "allowed_grpc_services");
-    builder.allowedGrpcServices(parseAllowedGrpcServices(rawAllowedGrpcServices));
+    builder.implSpecificObject(parseImplSpecificObject(rawAllowedGrpcServices));
 
     return builder;
   }
 
-  protected Optional<Object> parseAllowedGrpcServices(
+  protected Optional<Object> parseImplSpecificObject(
       @Nullable Map<String, ?> rawAllowedGrpcServices)
       throws XdsInitializationException {
     return Optional.empty();

…ervice/ConfiguredChannelCredentials.java …client/ConfiguredChannelCredentials.javaxds/src/main/java/io/grpc/xds/internal/grpcservice/ConfiguredChannelCredentials.java renamed to xds/src/main/java/io/grpc/xds/client/ConfiguredChannelCredentials.java xds/src/main/java/io/grpc/xds/internal/grpcservice/ConfiguredChannelCredentials.java renamed to xds/src/main/java/io/grpc/xds/client/ConfiguredChannelCredentials.java

@@ -14,14 +14,16 @@
  * limitations under the License.
  */
 
-package io.grpc.xds.internal.grpcservice;
+package io.grpc.xds.client;
 
 import com.google.auto.value.AutoValue;
 import io.grpc.ChannelCredentials;
+import io.grpc.Internal;
 
 /**
  * Composition of {@link ChannelCredentials} and {@link ChannelCredsConfig}.
  */
+@Internal
 @AutoValue
 public abstract class ConfiguredChannelCredentials {
   public abstract ChannelCredentials channelCredentials();
@@ -32,4 +34,15 @@ public static ConfiguredChannelCredentials create(ChannelCredentials creds,
       ChannelCredsConfig config) {
     return new AutoValue_ConfiguredChannelCredentials(creds, config);
   }
+
+  /**
+   * Configuration for channel credentials.
+   */
+  @Internal
+  public interface ChannelCredsConfig {
+    /**
+     * Returns the type of the credentials.
+     */
+    String type();
+  }
 }