diff --git a/BUILD b/BUILD
index 2164228d744..e81a1e50b66 100644
--- a/BUILD
+++ b/BUILD
@@ -330,6 +330,7 @@ grpc_cc_library(
"grpc_lb_policy_lrs",
"grpc_lb_policy_xds_cluster_manager",
"grpc_resolver_xds",
+ "grpc_xds_credentials",
],
},
standalone = True,
@@ -1838,6 +1839,19 @@ grpc_cc_library(
],
)
+grpc_cc_library(
+ name = "grpc_xds_credentials",
+ srcs = [
+ "src/core/lib/security/credentials/xds/xds_credentials.cc",
+ ],
+ hdrs = [
+ "src/core/lib/security/credentials/xds/xds_credentials.h",
+ ],
+ deps = [
+ "grpc_secure",
+ ],
+)
+
grpc_cc_library(
name = "grpc_mock_cel",
hdrs = [
diff --git a/BUILD.gn b/BUILD.gn
index 88dd6433c63..194e492c283 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -872,6 +872,8 @@ config("grpc_config") {
"src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h",
"src/core/lib/security/credentials/tls/tls_credentials.cc",
"src/core/lib/security/credentials/tls/tls_credentials.h",
+ "src/core/lib/security/credentials/xds/xds_credentials.cc",
+ "src/core/lib/security/credentials/xds/xds_credentials.h",
"src/core/lib/security/security_connector/alts/alts_security_connector.cc",
"src/core/lib/security/security_connector/alts/alts_security_connector.h",
"src/core/lib/security/security_connector/fake/fake_security_connector.cc",
diff --git a/CMakeLists.txt b/CMakeLists.txt
index abb6abf1645..514f8092396 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1768,6 +1768,7 @@ add_library(grpc
src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc
src/core/lib/security/credentials/tls/tls_credentials.cc
+ src/core/lib/security/credentials/xds/xds_credentials.cc
src/core/lib/security/security_connector/alts/alts_security_connector.cc
src/core/lib/security/security_connector/fake/fake_security_connector.cc
src/core/lib/security/security_connector/load_system_roots_fallback.cc
diff --git a/Makefile b/Makefile
index 7849277f6b9..3e8d7859761 100644
--- a/Makefile
+++ b/Makefile
@@ -2171,6 +2171,7 @@ LIBGRPC_SRC = \
src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc \
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \
src/core/lib/security/credentials/tls/tls_credentials.cc \
+ src/core/lib/security/credentials/xds/xds_credentials.cc \
src/core/lib/security/security_connector/alts/alts_security_connector.cc \
src/core/lib/security/security_connector/fake/fake_security_connector.cc \
src/core/lib/security/security_connector/load_system_roots_fallback.cc \
@@ -4622,6 +4623,7 @@ src/core/lib/security/credentials/ssl/ssl_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/tls/tls_credentials.cc: $(OPENSSL_DEP)
+src/core/lib/security/credentials/xds/xds_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/alts/alts_security_connector.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/fake/fake_security_connector.cc: $(OPENSSL_DEP)
src/core/lib/security/security_connector/load_system_roots_fallback.cc: $(OPENSSL_DEP)
diff --git a/build_autogenerated.yaml b/build_autogenerated.yaml
index 0ff1bc8564d..6db92d7d610 100644
--- a/build_autogenerated.yaml
+++ b/build_autogenerated.yaml
@@ -695,6 +695,7 @@ libs:
- src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h
- src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h
- src/core/lib/security/credentials/tls/tls_credentials.h
+ - src/core/lib/security/credentials/xds/xds_credentials.h
- src/core/lib/security/security_connector/alts/alts_security_connector.h
- src/core/lib/security/security_connector/fake/fake_security_connector.h
- src/core/lib/security/security_connector/load_system_roots.h
@@ -1125,6 +1126,7 @@ libs:
- src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc
- src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc
- src/core/lib/security/credentials/tls/tls_credentials.cc
+ - src/core/lib/security/credentials/xds/xds_credentials.cc
- src/core/lib/security/security_connector/alts/alts_security_connector.cc
- src/core/lib/security/security_connector/fake/fake_security_connector.cc
- src/core/lib/security/security_connector/load_system_roots_fallback.cc
diff --git a/config.m4 b/config.m4
index 3fa396803f3..7a241efc337 100644
--- a/config.m4
+++ b/config.m4
@@ -433,6 +433,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc \
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \
src/core/lib/security/credentials/tls/tls_credentials.cc \
+ src/core/lib/security/credentials/xds/xds_credentials.cc \
src/core/lib/security/security_connector/alts/alts_security_connector.cc \
src/core/lib/security/security_connector/fake/fake_security_connector.cc \
src/core/lib/security/security_connector/load_system_roots_fallback.cc \
@@ -999,6 +1000,7 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/plugin)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/ssl)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/tls)
+ PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/xds)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/security_connector)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/security_connector/alts)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/security_connector/fake)
diff --git a/config.w32 b/config.w32
index 5129d8e2e9d..804c0f3d377 100644
--- a/config.w32
+++ b/config.w32
@@ -400,6 +400,7 @@ if (PHP_GRPC != "no") {
"src\\core\\lib\\security\\credentials\\tls\\grpc_tls_certificate_distributor.cc " +
"src\\core\\lib\\security\\credentials\\tls\\grpc_tls_credentials_options.cc " +
"src\\core\\lib\\security\\credentials\\tls\\tls_credentials.cc " +
+ "src\\core\\lib\\security\\credentials\\xds\\xds_credentials.cc " +
"src\\core\\lib\\security\\security_connector\\alts\\alts_security_connector.cc " +
"src\\core\\lib\\security\\security_connector\\fake\\fake_security_connector.cc " +
"src\\core\\lib\\security\\security_connector\\load_system_roots_fallback.cc " +
@@ -1042,6 +1043,7 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\plugin");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\ssl");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\tls");
+ FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\xds");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\security_connector");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\security_connector\\alts");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\security_connector\\fake");
diff --git a/gRPC-C++.podspec b/gRPC-C++.podspec
index 477508f0740..6149d9b15d6 100644
--- a/gRPC-C++.podspec
+++ b/gRPC-C++.podspec
@@ -545,6 +545,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h',
'src/core/lib/security/credentials/tls/tls_credentials.h',
+ 'src/core/lib/security/credentials/xds/xds_credentials.h',
'src/core/lib/security/security_connector/alts/alts_security_connector.h',
'src/core/lib/security/security_connector/fake/fake_security_connector.h',
'src/core/lib/security/security_connector/load_system_roots.h',
@@ -1061,6 +1062,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h',
'src/core/lib/security/credentials/tls/tls_credentials.h',
+ 'src/core/lib/security/credentials/xds/xds_credentials.h',
'src/core/lib/security/security_connector/alts/alts_security_connector.h',
'src/core/lib/security/security_connector/fake/fake_security_connector.h',
'src/core/lib/security/security_connector/load_system_roots.h',
diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec
index 8a7822ee70f..05de671c5c2 100644
--- a/gRPC-Core.podspec
+++ b/gRPC-Core.podspec
@@ -927,6 +927,8 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h',
'src/core/lib/security/credentials/tls/tls_credentials.cc',
'src/core/lib/security/credentials/tls/tls_credentials.h',
+ 'src/core/lib/security/credentials/xds/xds_credentials.cc',
+ 'src/core/lib/security/credentials/xds/xds_credentials.h',
'src/core/lib/security/security_connector/alts/alts_security_connector.cc',
'src/core/lib/security/security_connector/alts/alts_security_connector.h',
'src/core/lib/security/security_connector/fake/fake_security_connector.cc',
@@ -1498,6 +1500,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h',
'src/core/lib/security/credentials/tls/tls_credentials.h',
+ 'src/core/lib/security/credentials/xds/xds_credentials.h',
'src/core/lib/security/security_connector/alts/alts_security_connector.h',
'src/core/lib/security/security_connector/fake/fake_security_connector.h',
'src/core/lib/security/security_connector/load_system_roots.h',
diff --git a/grpc.def b/grpc.def
index 385947ab4a3..ed319097ec0 100644
--- a/grpc.def
+++ b/grpc.def
@@ -147,6 +147,7 @@ EXPORTS
grpc_tls_key_materials_config_get_version
grpc_tls_credential_reload_config_create
grpc_tls_server_authorization_check_config_create
+ grpc_xds_credentials_create
grpc_raw_byte_buffer_create
grpc_raw_compressed_byte_buffer_create
grpc_byte_buffer_copy
diff --git a/grpc.gemspec b/grpc.gemspec
index 2b84e0918a6..b59a8a4f437 100644
--- a/grpc.gemspec
+++ b/grpc.gemspec
@@ -845,6 +845,8 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h )
s.files += %w( src/core/lib/security/credentials/tls/tls_credentials.cc )
s.files += %w( src/core/lib/security/credentials/tls/tls_credentials.h )
+ s.files += %w( src/core/lib/security/credentials/xds/xds_credentials.cc )
+ s.files += %w( src/core/lib/security/credentials/xds/xds_credentials.h )
s.files += %w( src/core/lib/security/security_connector/alts/alts_security_connector.cc )
s.files += %w( src/core/lib/security/security_connector/alts/alts_security_connector.h )
s.files += %w( src/core/lib/security/security_connector/fake/fake_security_connector.cc )
diff --git a/grpc.gyp b/grpc.gyp
index 02574487daa..5af732b61a2 100644
--- a/grpc.gyp
+++ b/grpc.gyp
@@ -797,6 +797,7 @@
'src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc',
'src/core/lib/security/credentials/tls/tls_credentials.cc',
+ 'src/core/lib/security/credentials/xds/xds_credentials.cc',
'src/core/lib/security/security_connector/alts/alts_security_connector.cc',
'src/core/lib/security/security_connector/fake/fake_security_connector.cc',
'src/core/lib/security/security_connector/load_system_roots_fallback.cc',
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h
index 3ff2e8de2cd..e1dda08e3df 100644
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@@ -1029,6 +1029,22 @@ grpc_channel_credentials* grpc_tls_credentials_create(
grpc_server_credentials* grpc_tls_server_credentials_create(
grpc_tls_credentials_options* options);
+/**
+ * EXPERIMENTAL API - Subject to change
+ *
+ * This method creates an XDS channel credentials object.
+ *
+ * Creating a channel with credentials of this type indicates that an xDS
+ * channel should get credentials configuration from the xDS control plane.
+ *
+ * \a fallback_credentials are used if the channel target does not have the
+ * 'xds:///' scheme or if the xDS control plane does not provide information on
+ * how to fetch credentials dynamically. Does NOT take ownership of the \a
+ * fallback_credentials. (Internally takes a ref to the object.)
+ */
+GRPCAPI grpc_channel_credentials* grpc_xds_credentials_create(
+ grpc_channel_credentials* fallback_creds);
+
#ifdef __cplusplus
}
#endif
diff --git a/package.xml b/package.xml
index f21b7f4b5d1..a029a7f72f3 100644
--- a/package.xml
+++ b/package.xml
@@ -825,6 +825,8 @@
+
+
diff --git a/src/core/lib/security/credentials/xds/xds_credentials.cc b/src/core/lib/security/credentials/xds/xds_credentials.cc
new file mode 100644
index 00000000000..682d49badb0
--- /dev/null
+++ b/src/core/lib/security/credentials/xds/xds_credentials.cc
@@ -0,0 +1,45 @@
+//
+//
+// Copyright 2020 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+//
+
+#include
+
+#include "src/core/lib/security/credentials/xds/xds_credentials.h"
+
+namespace grpc_core {
+
+constexpr const char XdsCredentials::kCredentialsTypeXds[];
+
+grpc_core::RefCountedPtr
+XdsCredentials::create_security_connector(
+ grpc_core::RefCountedPtr call_creds,
+ const char* target_name, const grpc_channel_args* args,
+ grpc_channel_args** new_args) {
+ /* TODO(yashkt) : To be filled */
+ if (fallback_credentials_ != nullptr) {
+ return fallback_credentials_->create_security_connector(
+ std::move(call_creds), target_name, args, new_args);
+ }
+ return nullptr;
+}
+
+} // namespace grpc_core
+
+grpc_channel_credentials* grpc_xds_credentials_create(
+ grpc_channel_credentials* fallback_credentials) {
+ return new grpc_core::XdsCredentials(fallback_credentials->Ref());
+}
diff --git a/src/core/lib/security/credentials/xds/xds_credentials.h b/src/core/lib/security/credentials/xds/xds_credentials.h
new file mode 100644
index 00000000000..51576deebd8
--- /dev/null
+++ b/src/core/lib/security/credentials/xds/xds_credentials.h
@@ -0,0 +1,51 @@
+//
+//
+// Copyright 2020 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+//
+
+#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_XDS_XDS_CREDENTIALS_H
+#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_XDS_XDS_CREDENTIALS_H
+
+#include
+
+#include
+
+#include "src/core/lib/security/credentials/credentials.h"
+
+namespace grpc_core {
+
+class XdsCredentials final : public grpc_channel_credentials {
+ public:
+ static constexpr const char kCredentialsTypeXds[] = "Xds";
+
+ explicit XdsCredentials(
+ grpc_core::RefCountedPtr fallback_credentials)
+ : grpc_channel_credentials(kCredentialsTypeXds),
+ fallback_credentials_(std::move(fallback_credentials)) {}
+
+ grpc_core::RefCountedPtr
+ create_security_connector(
+ grpc_core::RefCountedPtr call_creds,
+ const char* target_name, const grpc_channel_args* args,
+ grpc_channel_args** new_args) override;
+
+ private:
+ grpc_core::RefCountedPtr fallback_credentials_;
+};
+
+} // namespace grpc_core
+
+#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_XDS_XDS_CREDENTIALS_H */
diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py
index 5f69672805f..0ca534d9fa6 100644
--- a/src/python/grpcio/grpc_core_dependencies.py
+++ b/src/python/grpcio/grpc_core_dependencies.py
@@ -409,6 +409,7 @@ CORE_SOURCE_FILES = [
'src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc',
'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc',
'src/core/lib/security/credentials/tls/tls_credentials.cc',
+ 'src/core/lib/security/credentials/xds/xds_credentials.cc',
'src/core/lib/security/security_connector/alts/alts_security_connector.cc',
'src/core/lib/security/security_connector/fake/fake_security_connector.cc',
'src/core/lib/security/security_connector/load_system_roots_fallback.cc',
diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.c b/src/ruby/ext/grpc/rb_grpc_imports.generated.c
index 00aab76c40f..78d57404480 100644
--- a/src/ruby/ext/grpc/rb_grpc_imports.generated.c
+++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.c
@@ -170,6 +170,7 @@ grpc_tls_key_materials_config_set_version_type grpc_tls_key_materials_config_set
grpc_tls_key_materials_config_get_version_type grpc_tls_key_materials_config_get_version_import;
grpc_tls_credential_reload_config_create_type grpc_tls_credential_reload_config_create_import;
grpc_tls_server_authorization_check_config_create_type grpc_tls_server_authorization_check_config_create_import;
+grpc_xds_credentials_create_type grpc_xds_credentials_create_import;
grpc_raw_byte_buffer_create_type grpc_raw_byte_buffer_create_import;
grpc_raw_compressed_byte_buffer_create_type grpc_raw_compressed_byte_buffer_create_import;
grpc_byte_buffer_copy_type grpc_byte_buffer_copy_import;
@@ -443,6 +444,7 @@ void grpc_rb_load_imports(HMODULE library) {
grpc_tls_key_materials_config_get_version_import = (grpc_tls_key_materials_config_get_version_type) GetProcAddress(library, "grpc_tls_key_materials_config_get_version");
grpc_tls_credential_reload_config_create_import = (grpc_tls_credential_reload_config_create_type) GetProcAddress(library, "grpc_tls_credential_reload_config_create");
grpc_tls_server_authorization_check_config_create_import = (grpc_tls_server_authorization_check_config_create_type) GetProcAddress(library, "grpc_tls_server_authorization_check_config_create");
+ grpc_xds_credentials_create_import = (grpc_xds_credentials_create_type) GetProcAddress(library, "grpc_xds_credentials_create");
grpc_raw_byte_buffer_create_import = (grpc_raw_byte_buffer_create_type) GetProcAddress(library, "grpc_raw_byte_buffer_create");
grpc_raw_compressed_byte_buffer_create_import = (grpc_raw_compressed_byte_buffer_create_type) GetProcAddress(library, "grpc_raw_compressed_byte_buffer_create");
grpc_byte_buffer_copy_import = (grpc_byte_buffer_copy_type) GetProcAddress(library, "grpc_byte_buffer_copy");
diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.h b/src/ruby/ext/grpc/rb_grpc_imports.generated.h
index 3fdde75e15d..78c840844ec 100644
--- a/src/ruby/ext/grpc/rb_grpc_imports.generated.h
+++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.h
@@ -485,6 +485,9 @@ extern grpc_tls_credential_reload_config_create_type grpc_tls_credential_reload_
typedef grpc_tls_server_authorization_check_config*(*grpc_tls_server_authorization_check_config_create_type)(const void* config_user_data, int (*schedule)(void* config_user_data, grpc_tls_server_authorization_check_arg* arg), void (*cancel)(void* config_user_data, grpc_tls_server_authorization_check_arg* arg), void (*destruct)(void* config_user_data));
extern grpc_tls_server_authorization_check_config_create_type grpc_tls_server_authorization_check_config_create_import;
#define grpc_tls_server_authorization_check_config_create grpc_tls_server_authorization_check_config_create_import
+typedef grpc_channel_credentials*(*grpc_xds_credentials_create_type)(grpc_channel_credentials* fallback_creds);
+extern grpc_xds_credentials_create_type grpc_xds_credentials_create_import;
+#define grpc_xds_credentials_create grpc_xds_credentials_create_import
typedef grpc_byte_buffer*(*grpc_raw_byte_buffer_create_type)(grpc_slice* slices, size_t nslices);
extern grpc_raw_byte_buffer_create_type grpc_raw_byte_buffer_create_import;
#define grpc_raw_byte_buffer_create grpc_raw_byte_buffer_create_import
diff --git a/test/core/surface/public_headers_must_be_c89.c b/test/core/surface/public_headers_must_be_c89.c
index 6a1d6de2f76..11d3fdce2af 100644
--- a/test/core/surface/public_headers_must_be_c89.c
+++ b/test/core/surface/public_headers_must_be_c89.c
@@ -214,6 +214,7 @@ int main(int argc, char **argv) {
printf("%lx", (unsigned long) grpc_tls_key_materials_config_get_version);
printf("%lx", (unsigned long) grpc_tls_credential_reload_config_create);
printf("%lx", (unsigned long) grpc_tls_server_authorization_check_config_create);
+ printf("%lx", (unsigned long) grpc_xds_credentials_create);
printf("%lx", (unsigned long) grpc_raw_byte_buffer_create);
printf("%lx", (unsigned long) grpc_raw_compressed_byte_buffer_create);
printf("%lx", (unsigned long) grpc_byte_buffer_copy);
diff --git a/tools/doxygen/Doxyfile.c++.internal b/tools/doxygen/Doxyfile.c++.internal
index c3ed61a3081..1bd1615de9a 100644
--- a/tools/doxygen/Doxyfile.c++.internal
+++ b/tools/doxygen/Doxyfile.c++.internal
@@ -1781,6 +1781,8 @@ src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h \
src/core/lib/security/credentials/tls/tls_credentials.cc \
src/core/lib/security/credentials/tls/tls_credentials.h \
+src/core/lib/security/credentials/xds/xds_credentials.cc \
+src/core/lib/security/credentials/xds/xds_credentials.h \
src/core/lib/security/security_connector/alts/alts_security_connector.cc \
src/core/lib/security/security_connector/alts/alts_security_connector.h \
src/core/lib/security/security_connector/fake/fake_security_connector.cc \
diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal
index 1a073c89a09..bd3fc9fec0a 100644
--- a/tools/doxygen/Doxyfile.core.internal
+++ b/tools/doxygen/Doxyfile.core.internal
@@ -1621,6 +1621,8 @@ src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h \
src/core/lib/security/credentials/tls/tls_credentials.cc \
src/core/lib/security/credentials/tls/tls_credentials.h \
+src/core/lib/security/credentials/xds/xds_credentials.cc \
+src/core/lib/security/credentials/xds/xds_credentials.h \
src/core/lib/security/security_connector/alts/alts_security_connector.cc \
src/core/lib/security/security_connector/alts/alts_security_connector.h \
src/core/lib/security/security_connector/fake/fake_security_connector.cc \