From b821ff99a80174d7e65f45caeea8de19aebff42e Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Sat, 13 Jun 2020 00:11:43 +0000 Subject: [PATCH 01/53] Initial working implementation --- src/python/grpcio/grpc/__init__.py | 7 +++++++ .../grpc/_cython/_cygrpc/credentials.pyx.pxi | 13 +++++++++++++ .../grpcio_tests/tests/interop/BUILD.bazel | 2 +- src/python/grpcio_tests/tests/interop/client.py | 17 +++++++++++++++-- .../grpcio_tests/tests_aio/interop/BUILD.bazel | 1 + 5 files changed, 37 insertions(+), 3 deletions(-) diff --git a/src/python/grpcio/grpc/__init__.py b/src/python/grpcio/grpc/__init__.py index 303d89c6263..8d5139dbb63 100644 --- a/src/python/grpcio/grpc/__init__.py +++ b/src/python/grpcio/grpc/__init__.py @@ -1868,6 +1868,13 @@ def alts_server_credentials(): return ServerCredentials(_cygrpc.server_credentials_alts()) +def google_default_channel_credentials(): + """ + TODO: Document. + """ + return ChannelCredentials(_cygrpc.channel_credentials_google_default()) + + def channel_ready_future(channel): """Creates a Future that tracks when a Channel is ready. diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi index 0ff3706d134..e8eace4e1e2 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi +++ b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi @@ -380,3 +380,16 @@ def server_credentials_alts(): # Options can be destroyed as deep copy was performed. grpc_alts_credentials_options_destroy(c_options) return credentials + +cdef class GoogleDefaultChannelCredentials(ChannelCredentials): + cdef grpc_channel_credentials* _c_creds + + def __cinit__(self): + self._c_creds = NULL + + cdef grpc_channel_credentials *c(self) except *: + self._c_creds = grpc_google_default_credentials_create() + return self._c_creds + +def channel_credentials_google_default(): + return GoogleDefaultChannelCredentials() diff --git a/src/python/grpcio_tests/tests/interop/BUILD.bazel b/src/python/grpcio_tests/tests/interop/BUILD.bazel index 4685852162b..3a3541c8dc9 100644 --- a/src/python/grpcio_tests/tests/interop/BUILD.bazel +++ b/src/python/grpcio_tests/tests/interop/BUILD.bazel @@ -12,7 +12,7 @@ py_library( ], ) -py_library( +py_binary( name = "client", srcs = ["client.py"], imports = ["../../"], diff --git a/src/python/grpcio_tests/tests/interop/client.py b/src/python/grpcio_tests/tests/interop/client.py index 04b82c0b401..a6c7c7f9df2 100644 --- a/src/python/grpcio_tests/tests/interop/client.py +++ b/src/python/grpcio_tests/tests/interop/client.py @@ -51,6 +51,10 @@ def parse_interop_client_args(): default=False, type=resources.parse_bool, help='replace platform root CAs with ca.pem') + parser.add_argument('--custom_credentials_type', + choices=["google_default_credentials"], + default=None, + help='use google default credentials') parser.add_argument('--server_host_override', type=str, help='the server host to which to claim to connect') @@ -90,7 +94,16 @@ def get_secure_channel_parameters(args): call_credentials = _create_call_credentials(args) channel_opts = None - if args.use_tls: + if args.custom_credentials_type is not None: + if args.custom_credentials_type == "google_default_credentials": + channel_credentials = grpc.google_default_channel_credentials() + if call_credentials is not None: + channel_credentials = grpc.composite_channel_credentials( + channel_credentials, call_credentials) + else: + raise ValueError("Unknown credentials type '{}'".format( + args.custom_credentials_type)) + elif args.use_tls: if args.use_test_ca: root_certificates = resources.test_root_certificates() else: @@ -115,7 +128,7 @@ def get_secure_channel_parameters(args): def _create_channel(args): target = '{}:{}'.format(args.server_host, args.server_port) - if args.use_tls or args.use_alts: + if args.use_tls or args.use_alts or args.custom_credentials_type is not None: channel_credentials, options = get_secure_channel_parameters(args) return grpc.secure_channel(target, channel_credentials, options) else: diff --git a/src/python/grpcio_tests/tests_aio/interop/BUILD.bazel b/src/python/grpcio_tests/tests_aio/interop/BUILD.bazel index f67ad35cca7..47f41dba44b 100644 --- a/src/python/grpcio_tests/tests_aio/interop/BUILD.bazel +++ b/src/python/grpcio_tests/tests_aio/interop/BUILD.bazel @@ -62,6 +62,7 @@ py_binary( ], ) +# TODO: Pull out library to fix aio interop client. py_binary( name = "client", srcs = ["client.py"], From 06eb0ac7bde7cbd33daa92e0c29d0f7bf65c1f1d Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Wed, 17 Jun 2020 18:39:34 +0000 Subject: [PATCH 02/53] Fix up aio interop client --- src/python/grpcio_tests/tests/interop/BUILD.bazel | 11 +++++++++-- src/python/grpcio_tests/tests_aio/interop/BUILD.bazel | 4 ++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/python/grpcio_tests/tests/interop/BUILD.bazel b/src/python/grpcio_tests/tests/interop/BUILD.bazel index 3a3541c8dc9..ca5e4748e7c 100644 --- a/src/python/grpcio_tests/tests/interop/BUILD.bazel +++ b/src/python/grpcio_tests/tests/interop/BUILD.bazel @@ -12,8 +12,8 @@ py_library( ], ) -py_binary( - name = "client", +py_library( + name = "client_lib", srcs = ["client.py"], imports = ["../../"], deps = [ @@ -25,6 +25,13 @@ py_binary( ], ) +py_binary( + name = "client", + srcs = ["client.py"], + deps = [":client_lib"], + python_version = "PY3", +) + py_library( name = "methods", srcs = ["methods.py"], diff --git a/src/python/grpcio_tests/tests_aio/interop/BUILD.bazel b/src/python/grpcio_tests/tests_aio/interop/BUILD.bazel index 47f41dba44b..5bc685765a4 100644 --- a/src/python/grpcio_tests/tests_aio/interop/BUILD.bazel +++ b/src/python/grpcio_tests/tests_aio/interop/BUILD.bazel @@ -62,7 +62,6 @@ py_binary( ], ) -# TODO: Pull out library to fix aio interop client. py_binary( name = "client", srcs = ["client.py"], @@ -71,7 +70,8 @@ py_binary( deps = [ ":methods", "//src/python/grpcio/grpc:grpcio", - "//src/python/grpcio_tests/tests/interop:client", + "//src/python/grpcio_tests/tests/interop:client_lib", "//src/python/grpcio_tests/tests/interop:resources", ], ) + From 71567b60966311fdf9c9dee272d5b5698c161c49 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Wed, 17 Jun 2020 19:49:16 +0000 Subject: [PATCH 03/53] Allow the user to specify grpclb config --- src/python/grpcio_tests/tests/interop/client.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/python/grpcio_tests/tests/interop/client.py b/src/python/grpcio_tests/tests/interop/client.py index a6c7c7f9df2..115d1be56b1 100644 --- a/src/python/grpcio_tests/tests/interop/client.py +++ b/src/python/grpcio_tests/tests/interop/client.py @@ -64,6 +64,12 @@ def parse_interop_client_args(): parser.add_argument('--default_service_account', type=str, help='email address of the default service account') + parser.add_argument("--grpc_test_use_grpclb_with_child_policy", + type=str, + help=("If non-empty, set a static service config on channels created by " + + "grpc::CreateTestChannel, that configures the grpclb LB policy " + + "with a child policy being the value of this flag (e.g. round_robin " + + "or pick_first).")) return parser.parse_args() @@ -93,7 +99,9 @@ def _create_call_credentials(args): def get_secure_channel_parameters(args): call_credentials = _create_call_credentials(args) - channel_opts = None + channel_opts = () + if args.grpc_test_use_grpclb_with_child_policy: + channel_opts += (("grpc.service_config", '{"loadBalancingConfig": [{"grpclb": {"childPolicy": [{"%s": {}}]}}]}' % args.grpc_test_use_grpclb_with_child_policy),) if args.custom_credentials_type is not None: if args.custom_credentials_type == "google_default_credentials": channel_credentials = grpc.google_default_channel_credentials() @@ -115,7 +123,7 @@ def get_secure_channel_parameters(args): channel_credentials, call_credentials) if args.server_host_override: - channel_opts = (( + channel_opts += (( 'grpc.ssl_target_name_override', args.server_host_override, ),) From 05ace24a7c2a6d9269a898f389a83d535a1eb9a9 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Thu, 25 Jun 2020 04:37:25 +0000 Subject: [PATCH 04/53] Implement gce_channel_credentials in core --- BUILD | 1 + include/grpc/grpc_security.h | 14 ++++ .../google_default/gce_channel_credentials.cc | 77 +++++++++++++++++++ 3 files changed, 92 insertions(+) create mode 100644 src/core/lib/security/credentials/google_default/gce_channel_credentials.cc diff --git a/BUILD b/BUILD index 0d2a7ca058c..a15f38343cd 100644 --- a/BUILD +++ b/BUILD @@ -1768,6 +1768,7 @@ grpc_cc_library( "src/core/lib/security/credentials/fake/fake_credentials.cc", "src/core/lib/security/credentials/google_default/credentials_generic.cc", "src/core/lib/security/credentials/google_default/google_default_credentials.cc", + "src/core/lib/security/credentials/google_default/gce_channel_credentials.cc", "src/core/lib/security/credentials/iam/iam_credentials.cc", "src/core/lib/security/credentials/jwt/json_token.cc", "src/core/lib/security/credentials/jwt/jwt_credentials.cc", diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index e910b86596b..60cb3797d03 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -301,6 +301,20 @@ GRPCAPI grpc_call_credentials* grpc_composite_call_credentials_create( GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create( void* reserved); +/** Creates GCE channel credentials to connect to a google gRPC service. + + call_credentials is expected to be a gce_call_credentials object. + + The grpc_call_credentials instance passed to this function is expected to + remain valid for the lifetime of the grpc_channel_credentials object returned. + + WARNING: Do NOT use this credentials to connect to a non-google service as + this could result in an oauth2 token leak. The security level of the + resulting connection is GRPC_PRIVACY_AND_INTEGRITY. */ +GRPCAPI grpc_channel_credentials* grpc_gce_channel_credentials_create(grpc_call_credentials* call_credentials, + void* reserved); + + GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void); /** Creates a JWT credentials object. May return NULL if the input is invalid. diff --git a/src/core/lib/security/credentials/google_default/gce_channel_credentials.cc b/src/core/lib/security/credentials/google_default/gce_channel_credentials.cc new file mode 100644 index 00000000000..72b3942f7b2 --- /dev/null +++ b/src/core/lib/security/credentials/google_default/gce_channel_credentials.cc @@ -0,0 +1,77 @@ +/* + * + * Copyright 2020 The gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include + +#include "src/core/lib/security/credentials/credentials.h" + +#include + +#include +#include +#include + +#include "src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h" +#include "src/core/lib/channel/channel_args.h" +#include "src/core/lib/gpr/env.h" +#include "src/core/lib/gpr/string.h" +#include "src/core/lib/gprpp/ref_counted_ptr.h" +#include "src/core/lib/http/httpcli.h" +#include "src/core/lib/http/parser.h" +#include "src/core/lib/iomgr/load_file.h" +#include "src/core/lib/iomgr/polling_entity.h" +#include "src/core/lib/security/credentials/alts/alts_credentials.h" +#include "src/core/lib/security/credentials/alts/check_gcp_environment.h" +#include "src/core/lib/security/credentials/google_default/google_default_credentials.h" +#include "src/core/lib/security/credentials/jwt/jwt_credentials.h" +#include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h" +#include "src/core/lib/slice/slice_internal.h" +#include "src/core/lib/slice/slice_string_helpers.h" +#include "src/core/lib/surface/api_trace.h" + +grpc_channel_credentials* +grpc_gce_channel_credentials_create(grpc_call_credentials* call_credentials, void* reserved) { + grpc_channel_credentials* result = nullptr; + grpc_error* error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( + "Failed to create GCE channel credentials"); + grpc_core::ExecCtx exec_ctx; + + GRPC_API_TRACE("grpc_gce_channel_credentials_create(%p, %p)", 2, (call_credentials, reserved)); + + // TODO: Should we cache this here? + grpc_channel_credentials* ssl_creds = + grpc_ssl_credentials_create(nullptr, nullptr, nullptr, nullptr); + GPR_ASSERT(ssl_creds != nullptr); + grpc_alts_credentials_options* options = + grpc_alts_credentials_client_options_create(); + grpc_channel_credentials* alts_creds = + grpc_alts_credentials_create(options); + grpc_alts_credentials_options_destroy(options); + + auto creds = + grpc_core::MakeRefCounted( + alts_creds != nullptr ? alts_creds->Ref() : nullptr, + ssl_creds != nullptr ? ssl_creds->Ref() : nullptr); + if (ssl_creds) ssl_creds->Unref(); + if (alts_creds) alts_creds->Unref(); + result = grpc_composite_channel_credentials_create( + creds.get(), call_credentials, nullptr); + GPR_ASSERT(result != nullptr); + GRPC_ERROR_UNREF(error); + return result; +} From 1aae547e2ccc4c8afe32ed85aa6ee1e7df2434ae Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Thu, 25 Jun 2020 04:48:28 +0000 Subject: [PATCH 05/53] Regenerate projects --- BUILD.gn | 1 + CMakeLists.txt | 1 + Makefile | 2 ++ build_autogenerated.yaml | 1 + config.m4 | 1 + config.w32 | 1 + gRPC-Core.podspec | 1 + grpc.def | 1 + grpc.gemspec | 1 + grpc.gyp | 1 + package.xml | 1 + src/python/grpcio/grpc_core_dependencies.py | 1 + src/ruby/ext/grpc/rb_grpc_imports.generated.c | 2 ++ src/ruby/ext/grpc/rb_grpc_imports.generated.h | 3 +++ test/core/surface/public_headers_must_be_c89.c | 1 + tools/doxygen/Doxyfile.c++.internal | 1 + tools/doxygen/Doxyfile.core.internal | 1 + 17 files changed, 21 insertions(+) diff --git a/BUILD.gn b/BUILD.gn index a16d298f1be..7d811a692af 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -794,6 +794,7 @@ config("grpc_config") { "src/core/lib/security/credentials/fake/fake_credentials.cc", "src/core/lib/security/credentials/fake/fake_credentials.h", "src/core/lib/security/credentials/google_default/credentials_generic.cc", + "src/core/lib/security/credentials/google_default/gce_channel_credentials.cc", "src/core/lib/security/credentials/google_default/google_default_credentials.cc", "src/core/lib/security/credentials/google_default/google_default_credentials.h", "src/core/lib/security/credentials/iam/iam_credentials.cc", diff --git a/CMakeLists.txt b/CMakeLists.txt index 323f7800627..b91b9883a72 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1640,6 +1640,7 @@ add_library(grpc src/core/lib/security/credentials/credentials_metadata.cc src/core/lib/security/credentials/fake/fake_credentials.cc src/core/lib/security/credentials/google_default/credentials_generic.cc + src/core/lib/security/credentials/google_default/gce_channel_credentials.cc src/core/lib/security/credentials/google_default/google_default_credentials.cc src/core/lib/security/credentials/iam/iam_credentials.cc src/core/lib/security/credentials/jwt/json_token.cc diff --git a/Makefile b/Makefile index bbaccc44513..e0ce6675fda 100644 --- a/Makefile +++ b/Makefile @@ -3942,6 +3942,7 @@ LIBGRPC_SRC = \ src/core/lib/security/credentials/credentials_metadata.cc \ src/core/lib/security/credentials/fake/fake_credentials.cc \ src/core/lib/security/credentials/google_default/credentials_generic.cc \ + src/core/lib/security/credentials/google_default/gce_channel_credentials.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.cc \ src/core/lib/security/credentials/iam/iam_credentials.cc \ src/core/lib/security/credentials/jwt/json_token.cc \ @@ -20033,6 +20034,7 @@ src/core/lib/security/credentials/credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/credentials_metadata.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/fake/fake_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/google_default/credentials_generic.cc: $(OPENSSL_DEP) +src/core/lib/security/credentials/google_default/gce_channel_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/google_default/google_default_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/iam/iam_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/jwt/json_token.cc: $(OPENSSL_DEP) diff --git a/build_autogenerated.yaml b/build_autogenerated.yaml index 9eb53b8e576..4ba94d0b12e 100644 --- a/build_autogenerated.yaml +++ b/build_autogenerated.yaml @@ -1058,6 +1058,7 @@ libs: - src/core/lib/security/credentials/credentials_metadata.cc - src/core/lib/security/credentials/fake/fake_credentials.cc - src/core/lib/security/credentials/google_default/credentials_generic.cc + - src/core/lib/security/credentials/google_default/gce_channel_credentials.cc - src/core/lib/security/credentials/google_default/google_default_credentials.cc - src/core/lib/security/credentials/iam/iam_credentials.cc - src/core/lib/security/credentials/jwt/json_token.cc diff --git a/config.m4 b/config.m4 index cd1019abcd9..25489f9fb62 100644 --- a/config.m4 +++ b/config.m4 @@ -398,6 +398,7 @@ if test "$PHP_GRPC" != "no"; then src/core/lib/security/credentials/credentials_metadata.cc \ src/core/lib/security/credentials/fake/fake_credentials.cc \ src/core/lib/security/credentials/google_default/credentials_generic.cc \ + src/core/lib/security/credentials/google_default/gce_channel_credentials.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.cc \ src/core/lib/security/credentials/iam/iam_credentials.cc \ src/core/lib/security/credentials/jwt/json_token.cc \ diff --git a/config.w32 b/config.w32 index 8109f9103af..5e7ba8c252a 100644 --- a/config.w32 +++ b/config.w32 @@ -367,6 +367,7 @@ if (PHP_GRPC != "no") { "src\\core\\lib\\security\\credentials\\credentials_metadata.cc " + "src\\core\\lib\\security\\credentials\\fake\\fake_credentials.cc " + "src\\core\\lib\\security\\credentials\\google_default\\credentials_generic.cc " + + "src\\core\\lib\\security\\credentials\\google_default\\gce_channel_credentials.cc " + "src\\core\\lib\\security\\credentials\\google_default\\google_default_credentials.cc " + "src\\core\\lib\\security\\credentials\\iam\\iam_credentials.cc " + "src\\core\\lib\\security\\credentials\\jwt\\json_token.cc " + diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec index 695768422c2..393072c6fc6 100644 --- a/gRPC-Core.podspec +++ b/gRPC-Core.podspec @@ -847,6 +847,7 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/fake/fake_credentials.cc', 'src/core/lib/security/credentials/fake/fake_credentials.h', 'src/core/lib/security/credentials/google_default/credentials_generic.cc', + 'src/core/lib/security/credentials/google_default/gce_channel_credentials.cc', 'src/core/lib/security/credentials/google_default/google_default_credentials.cc', 'src/core/lib/security/credentials/google_default/google_default_credentials.h', 'src/core/lib/security/credentials/iam/iam_credentials.cc', diff --git a/grpc.def b/grpc.def index 2f753b29939..c45eb9c29d9 100644 --- a/grpc.def +++ b/grpc.def @@ -106,6 +106,7 @@ EXPORTS grpc_composite_channel_credentials_create grpc_composite_call_credentials_create grpc_google_compute_engine_credentials_create + grpc_gce_channel_credentials_create grpc_max_auth_token_lifetime grpc_service_account_jwt_access_credentials_create grpc_google_refresh_token_credentials_create diff --git a/grpc.gemspec b/grpc.gemspec index af04b9d9de4..68160c44093 100644 --- a/grpc.gemspec +++ b/grpc.gemspec @@ -769,6 +769,7 @@ Gem::Specification.new do |s| s.files += %w( src/core/lib/security/credentials/fake/fake_credentials.cc ) s.files += %w( src/core/lib/security/credentials/fake/fake_credentials.h ) s.files += %w( src/core/lib/security/credentials/google_default/credentials_generic.cc ) + s.files += %w( src/core/lib/security/credentials/google_default/gce_channel_credentials.cc ) s.files += %w( src/core/lib/security/credentials/google_default/google_default_credentials.cc ) s.files += %w( src/core/lib/security/credentials/google_default/google_default_credentials.h ) s.files += %w( src/core/lib/security/credentials/iam/iam_credentials.cc ) diff --git a/grpc.gyp b/grpc.gyp index b80efd83534..379dc659e3a 100644 --- a/grpc.gyp +++ b/grpc.gyp @@ -752,6 +752,7 @@ 'src/core/lib/security/credentials/credentials_metadata.cc', 'src/core/lib/security/credentials/fake/fake_credentials.cc', 'src/core/lib/security/credentials/google_default/credentials_generic.cc', + 'src/core/lib/security/credentials/google_default/gce_channel_credentials.cc', 'src/core/lib/security/credentials/google_default/google_default_credentials.cc', 'src/core/lib/security/credentials/iam/iam_credentials.cc', 'src/core/lib/security/credentials/jwt/json_token.cc', diff --git a/package.xml b/package.xml index 0166a778789..da31ccf4bfd 100644 --- a/package.xml +++ b/package.xml @@ -749,6 +749,7 @@ + diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py index 37bed16955f..0fc2efb9485 100644 --- a/src/python/grpcio/grpc_core_dependencies.py +++ b/src/python/grpcio/grpc_core_dependencies.py @@ -376,6 +376,7 @@ CORE_SOURCE_FILES = [ 'src/core/lib/security/credentials/credentials_metadata.cc', 'src/core/lib/security/credentials/fake/fake_credentials.cc', 'src/core/lib/security/credentials/google_default/credentials_generic.cc', + 'src/core/lib/security/credentials/google_default/gce_channel_credentials.cc', 'src/core/lib/security/credentials/google_default/google_default_credentials.cc', 'src/core/lib/security/credentials/iam/iam_credentials.cc', 'src/core/lib/security/credentials/jwt/json_token.cc', diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.c b/src/ruby/ext/grpc/rb_grpc_imports.generated.c index 4e50a5c3ea7..151602e3fe4 100644 --- a/src/ruby/ext/grpc/rb_grpc_imports.generated.c +++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.c @@ -129,6 +129,7 @@ grpc_call_credentials_release_type grpc_call_credentials_release_import; grpc_composite_channel_credentials_create_type grpc_composite_channel_credentials_create_import; grpc_composite_call_credentials_create_type grpc_composite_call_credentials_create_import; grpc_google_compute_engine_credentials_create_type grpc_google_compute_engine_credentials_create_import; +grpc_gce_channel_credentials_create_type grpc_gce_channel_credentials_create_import; grpc_max_auth_token_lifetime_type grpc_max_auth_token_lifetime_import; grpc_service_account_jwt_access_credentials_create_type grpc_service_account_jwt_access_credentials_create_import; grpc_google_refresh_token_credentials_create_type grpc_google_refresh_token_credentials_create_import; @@ -401,6 +402,7 @@ void grpc_rb_load_imports(HMODULE library) { grpc_composite_channel_credentials_create_import = (grpc_composite_channel_credentials_create_type) GetProcAddress(library, "grpc_composite_channel_credentials_create"); grpc_composite_call_credentials_create_import = (grpc_composite_call_credentials_create_type) GetProcAddress(library, "grpc_composite_call_credentials_create"); grpc_google_compute_engine_credentials_create_import = (grpc_google_compute_engine_credentials_create_type) GetProcAddress(library, "grpc_google_compute_engine_credentials_create"); + grpc_gce_channel_credentials_create_import = (grpc_gce_channel_credentials_create_type) GetProcAddress(library, "grpc_gce_channel_credentials_create"); grpc_max_auth_token_lifetime_import = (grpc_max_auth_token_lifetime_type) GetProcAddress(library, "grpc_max_auth_token_lifetime"); grpc_service_account_jwt_access_credentials_create_import = (grpc_service_account_jwt_access_credentials_create_type) GetProcAddress(library, "grpc_service_account_jwt_access_credentials_create"); grpc_google_refresh_token_credentials_create_import = (grpc_google_refresh_token_credentials_create_type) GetProcAddress(library, "grpc_google_refresh_token_credentials_create"); diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.h b/src/ruby/ext/grpc/rb_grpc_imports.generated.h index cf351a50a19..3b72491e601 100644 --- a/src/ruby/ext/grpc/rb_grpc_imports.generated.h +++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.h @@ -362,6 +362,9 @@ extern grpc_composite_call_credentials_create_type grpc_composite_call_credentia typedef grpc_call_credentials*(*grpc_google_compute_engine_credentials_create_type)(void* reserved); extern grpc_google_compute_engine_credentials_create_type grpc_google_compute_engine_credentials_create_import; #define grpc_google_compute_engine_credentials_create grpc_google_compute_engine_credentials_create_import +typedef grpc_channel_credentials*(*grpc_gce_channel_credentials_create_type)(grpc_call_credentials* call_credentials, void* reserved); +extern grpc_gce_channel_credentials_create_type grpc_gce_channel_credentials_create_import; +#define grpc_gce_channel_credentials_create grpc_gce_channel_credentials_create_import typedef gpr_timespec(*grpc_max_auth_token_lifetime_type)(void); extern grpc_max_auth_token_lifetime_type grpc_max_auth_token_lifetime_import; #define grpc_max_auth_token_lifetime grpc_max_auth_token_lifetime_import diff --git a/test/core/surface/public_headers_must_be_c89.c b/test/core/surface/public_headers_must_be_c89.c index b6ba715e247..ff7a47f5dfa 100644 --- a/test/core/surface/public_headers_must_be_c89.c +++ b/test/core/surface/public_headers_must_be_c89.c @@ -173,6 +173,7 @@ int main(int argc, char **argv) { printf("%lx", (unsigned long) grpc_composite_channel_credentials_create); printf("%lx", (unsigned long) grpc_composite_call_credentials_create); printf("%lx", (unsigned long) grpc_google_compute_engine_credentials_create); + printf("%lx", (unsigned long) grpc_gce_channel_credentials_create); printf("%lx", (unsigned long) grpc_max_auth_token_lifetime); printf("%lx", (unsigned long) grpc_service_account_jwt_access_credentials_create); printf("%lx", (unsigned long) grpc_google_refresh_token_credentials_create); diff --git a/tools/doxygen/Doxyfile.c++.internal b/tools/doxygen/Doxyfile.c++.internal index 613e824f4d7..89b2a437379 100644 --- a/tools/doxygen/Doxyfile.c++.internal +++ b/tools/doxygen/Doxyfile.c++.internal @@ -1732,6 +1732,7 @@ src/core/lib/security/credentials/credentials_metadata.cc \ src/core/lib/security/credentials/fake/fake_credentials.cc \ src/core/lib/security/credentials/fake/fake_credentials.h \ src/core/lib/security/credentials/google_default/credentials_generic.cc \ +src/core/lib/security/credentials/google_default/gce_channel_credentials.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.h \ src/core/lib/security/credentials/iam/iam_credentials.cc \ diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal index b026c8b1f8a..8cce3e161d4 100644 --- a/tools/doxygen/Doxyfile.core.internal +++ b/tools/doxygen/Doxyfile.core.internal @@ -1544,6 +1544,7 @@ src/core/lib/security/credentials/credentials_metadata.cc \ src/core/lib/security/credentials/fake/fake_credentials.cc \ src/core/lib/security/credentials/fake/fake_credentials.h \ src/core/lib/security/credentials/google_default/credentials_generic.cc \ +src/core/lib/security/credentials/google_default/gce_channel_credentials.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.h \ src/core/lib/security/credentials/iam/iam_credentials.cc \ From 330eaea53dbf913215cc3be484a1695489a28f17 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Thu, 25 Jun 2020 06:00:39 +0000 Subject: [PATCH 06/53] Initial implementation of gce_channel_creds --- .../google_default/gce_channel_credentials.cc | 7 ++++ src/python/grpcio/grpc/__init__.py | 5 ++- .../grpc/_cython/_cygrpc/credentials.pyx.pxi | 16 +++++--- .../grpcio/grpc/_cython/_cygrpc/grpc.pxi | 1 + .../grpcio_tests/tests/interop/client.py | 40 +++++++++++++------ 5 files changed, 50 insertions(+), 19 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/gce_channel_credentials.cc b/src/core/lib/security/credentials/google_default/gce_channel_credentials.cc index 72b3942f7b2..f6965b84352 100644 --- a/src/core/lib/security/credentials/google_default/gce_channel_credentials.cc +++ b/src/core/lib/security/credentials/google_default/gce_channel_credentials.cc @@ -46,6 +46,11 @@ grpc_channel_credentials* grpc_gce_channel_credentials_create(grpc_call_credentials* call_credentials, void* reserved) { + // If we haven't initialized the google_default_credentials singleton, + // then we don't know whether or not we're on GCE and can't safely + // created an ALTS connection. + // TODO: Fix. + auto default_warmer = grpc_google_default_credentials_create(); grpc_channel_credentials* result = nullptr; grpc_error* error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( "Failed to create GCE channel credentials"); @@ -69,6 +74,8 @@ grpc_gce_channel_credentials_create(grpc_call_credentials* call_credentials, voi ssl_creds != nullptr ? ssl_creds->Ref() : nullptr); if (ssl_creds) ssl_creds->Unref(); if (alts_creds) alts_creds->Unref(); + + // TODO: Why not let the wrapped language do this? result = grpc_composite_channel_credentials_create( creds.get(), call_credentials, nullptr); GPR_ASSERT(result != nullptr); diff --git a/src/python/grpcio/grpc/__init__.py b/src/python/grpcio/grpc/__init__.py index 8d5139dbb63..71b65d31f4c 100644 --- a/src/python/grpcio/grpc/__init__.py +++ b/src/python/grpcio/grpc/__init__.py @@ -1868,11 +1868,12 @@ def alts_server_credentials(): return ServerCredentials(_cygrpc.server_credentials_alts()) -def google_default_channel_credentials(): +def gce_channel_credentials(call_creds): """ TODO: Document. """ - return ChannelCredentials(_cygrpc.channel_credentials_google_default()) + return ChannelCredentials( + _cygrpc.channel_credentials_gce(call_creds._credentials)) def channel_ready_future(channel): diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi index e8eace4e1e2..8b9f40671a7 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi +++ b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi @@ -381,15 +381,21 @@ def server_credentials_alts(): grpc_alts_credentials_options_destroy(c_options) return credentials -cdef class GoogleDefaultChannelCredentials(ChannelCredentials): +cdef class GCEChannelCredentials(ChannelCredentials): cdef grpc_channel_credentials* _c_creds + cdef grpc_call_credentials* _c_call_creds - def __cinit__(self): + def __cinit__(self, CallCredentials call_creds): self._c_creds = NULL + self._c_call_creds = call_creds.c() cdef grpc_channel_credentials *c(self) except *: - self._c_creds = grpc_google_default_credentials_create() + self._c_creds = grpc_gce_channel_credentials_create(self._c_call_creds, NULL) return self._c_creds -def channel_credentials_google_default(): - return GoogleDefaultChannelCredentials() + # TODO: Does this thing need to be deleted? + # I suppose the reason the google default one doesn't need to be is + # because there's one per process. We'll see. + +def channel_credentials_gce(call_creds): + return GCEChannelCredentials(call_creds) diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi index 98a71f92699..bdfdf4672f5 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi +++ b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi @@ -505,6 +505,7 @@ cdef extern from "grpc/grpc_security.h": grpc_ssl_roots_override_callback cb) nogil grpc_channel_credentials *grpc_google_default_credentials_create() nogil + grpc_channel_credentials *grpc_gce_channel_credentials_create(grpc_call_credentials* call_creds, void* reserved) nogil grpc_channel_credentials *grpc_ssl_credentials_create( const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, verify_peer_options *verify_options, void *reserved) nogil diff --git a/src/python/grpcio_tests/tests/interop/client.py b/src/python/grpcio_tests/tests/interop/client.py index 115d1be56b1..ca0b5a03c6c 100644 --- a/src/python/grpcio_tests/tests/interop/client.py +++ b/src/python/grpcio_tests/tests/interop/client.py @@ -52,7 +52,7 @@ def parse_interop_client_args(): type=resources.parse_bool, help='replace platform root CAs with ca.pem') parser.add_argument('--custom_credentials_type', - choices=["google_default_credentials"], + choices=["compute_engine_channel_creds"], default=None, help='use google default credentials') parser.add_argument('--server_host_override', @@ -64,12 +64,14 @@ def parse_interop_client_args(): parser.add_argument('--default_service_account', type=str, help='email address of the default service account') - parser.add_argument("--grpc_test_use_grpclb_with_child_policy", - type=str, - help=("If non-empty, set a static service config on channels created by " + - "grpc::CreateTestChannel, that configures the grpclb LB policy " + - "with a child policy being the value of this flag (e.g. round_robin " + - "or pick_first).")) + parser.add_argument( + "--grpc_test_use_grpclb_with_child_policy", + type=str, + help=( + "If non-empty, set a static service config on channels created by " + + "grpc::CreateTestChannel, that configures the grpclb LB policy " + + "with a child policy being the value of this flag (e.g. round_robin " + + "or pick_first).")) return parser.parse_args() @@ -101,13 +103,27 @@ def get_secure_channel_parameters(args): channel_opts = () if args.grpc_test_use_grpclb_with_child_policy: - channel_opts += (("grpc.service_config", '{"loadBalancingConfig": [{"grpclb": {"childPolicy": [{"%s": {}}]}}]}' % args.grpc_test_use_grpclb_with_child_policy),) + channel_opts += (( + "grpc.service_config", + '{"loadBalancingConfig": [{"grpclb": {"childPolicy": [{"%s": {}}]}}]}' + % args.grpc_test_use_grpclb_with_child_policy),) if args.custom_credentials_type is not None: - if args.custom_credentials_type == "google_default_credentials": - channel_credentials = grpc.google_default_channel_credentials() + if args.custom_credentials_type == "compute_engine_channel_creds": + # channel_credentials = grpc.google_default_channel_credentials() if call_credentials is not None: - channel_credentials = grpc.composite_channel_credentials( - channel_credentials, call_credentials) + raise ValueError("What? That's not true! That's impossible!") + google_credentials, unused_project_id = google_auth.default( + scopes=[args.oauth_scope]) + call_creds = grpc.metadata_call_credentials( + google_auth.transport.grpc.AuthMetadataPlugin( + credentials=google_credentials, + request=google_auth.transport.requests.Request())) + # TODO: Is there any reason why it actually had to take this argument? + # Couldn't we just as easily have created a composite channel credential? + channel_credentials = grpc.gce_channel_credentials(call_creds) + # channel_credentials = grpc.composite_channel_credentials(channel_credent) + # channel_credentials = grpc.composite_channel_credentials( + # channel_credentials, call_credentials) else: raise ValueError("Unknown credentials type '{}'".format( args.custom_credentials_type)) From 257fd6953ea0aa033a685a724e16283f4ddee7d7 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Thu, 25 Jun 2020 06:06:45 +0000 Subject: [PATCH 07/53] Format --- include/grpc/grpc_security.h | 8 ++++---- .../google_default/gce_channel_credentials.cc | 14 +++++++------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 60cb3797d03..7f3e6ae5741 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -306,14 +306,14 @@ GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create( call_credentials is expected to be a gce_call_credentials object. The grpc_call_credentials instance passed to this function is expected to - remain valid for the lifetime of the grpc_channel_credentials object returned. + remain valid for the lifetime of the grpc_channel_credentials object + returned. WARNING: Do NOT use this credentials to connect to a non-google service as this could result in an oauth2 token leak. The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY. */ -GRPCAPI grpc_channel_credentials* grpc_gce_channel_credentials_create(grpc_call_credentials* call_credentials, - void* reserved); - +GRPCAPI grpc_channel_credentials* grpc_gce_channel_credentials_create( + grpc_call_credentials* call_credentials, void* reserved); GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void); diff --git a/src/core/lib/security/credentials/google_default/gce_channel_credentials.cc b/src/core/lib/security/credentials/google_default/gce_channel_credentials.cc index f6965b84352..bae2b128747 100644 --- a/src/core/lib/security/credentials/google_default/gce_channel_credentials.cc +++ b/src/core/lib/security/credentials/google_default/gce_channel_credentials.cc @@ -44,8 +44,8 @@ #include "src/core/lib/slice/slice_string_helpers.h" #include "src/core/lib/surface/api_trace.h" -grpc_channel_credentials* -grpc_gce_channel_credentials_create(grpc_call_credentials* call_credentials, void* reserved) { +grpc_channel_credentials* grpc_gce_channel_credentials_create( + grpc_call_credentials* call_credentials, void* reserved) { // If we haven't initialized the google_default_credentials singleton, // then we don't know whether or not we're on GCE and can't safely // created an ALTS connection. @@ -56,7 +56,8 @@ grpc_gce_channel_credentials_create(grpc_call_credentials* call_credentials, voi "Failed to create GCE channel credentials"); grpc_core::ExecCtx exec_ctx; - GRPC_API_TRACE("grpc_gce_channel_credentials_create(%p, %p)", 2, (call_credentials, reserved)); + GRPC_API_TRACE("grpc_gce_channel_credentials_create(%p, %p)", 2, + (call_credentials, reserved)); // TODO: Should we cache this here? grpc_channel_credentials* ssl_creds = @@ -64,8 +65,7 @@ grpc_gce_channel_credentials_create(grpc_call_credentials* call_credentials, voi GPR_ASSERT(ssl_creds != nullptr); grpc_alts_credentials_options* options = grpc_alts_credentials_client_options_create(); - grpc_channel_credentials* alts_creds = - grpc_alts_credentials_create(options); + grpc_channel_credentials* alts_creds = grpc_alts_credentials_create(options); grpc_alts_credentials_options_destroy(options); auto creds = @@ -76,8 +76,8 @@ grpc_gce_channel_credentials_create(grpc_call_credentials* call_credentials, voi if (alts_creds) alts_creds->Unref(); // TODO: Why not let the wrapped language do this? - result = grpc_composite_channel_credentials_create( - creds.get(), call_credentials, nullptr); + result = grpc_composite_channel_credentials_create(creds.get(), + call_credentials, nullptr); GPR_ASSERT(result != nullptr); GRPC_ERROR_UNREF(error); return result; From 3bdc5bb4d1b342d1af48ed53a9bc26a34230d36e Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Thu, 25 Jun 2020 21:36:36 +0000 Subject: [PATCH 08/53] Change name to compute_engine_channel_credentials --- BUILD | 2 +- include/grpc/grpc_security.h | 4 ++-- ...edentials.cc => compute_engine_channel_credentials.cc} | 2 +- src/python/grpcio/grpc/__init__.py | 4 ++-- .../grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi | 8 ++++---- src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi | 2 +- src/python/grpcio_tests/tests/interop/client.py | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) rename src/core/lib/security/credentials/google_default/{gce_channel_credentials.cc => compute_engine_channel_credentials.cc} (97%) diff --git a/BUILD b/BUILD index a15f38343cd..bf0a9085a94 100644 --- a/BUILD +++ b/BUILD @@ -1768,7 +1768,7 @@ grpc_cc_library( "src/core/lib/security/credentials/fake/fake_credentials.cc", "src/core/lib/security/credentials/google_default/credentials_generic.cc", "src/core/lib/security/credentials/google_default/google_default_credentials.cc", - "src/core/lib/security/credentials/google_default/gce_channel_credentials.cc", + "src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc", "src/core/lib/security/credentials/iam/iam_credentials.cc", "src/core/lib/security/credentials/jwt/json_token.cc", "src/core/lib/security/credentials/jwt/jwt_credentials.cc", diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 7f3e6ae5741..823bddebb05 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -301,7 +301,7 @@ GRPCAPI grpc_call_credentials* grpc_composite_call_credentials_create( GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create( void* reserved); -/** Creates GCE channel credentials to connect to a google gRPC service. +/** Creates compute engine channel credentials to connect to a google gRPC service. call_credentials is expected to be a gce_call_credentials object. @@ -312,7 +312,7 @@ GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create( WARNING: Do NOT use this credentials to connect to a non-google service as this could result in an oauth2 token leak. The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY. */ -GRPCAPI grpc_channel_credentials* grpc_gce_channel_credentials_create( +GRPCAPI grpc_channel_credentials* grpc_compute_engine_channel_credentials_create( grpc_call_credentials* call_credentials, void* reserved); GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void); diff --git a/src/core/lib/security/credentials/google_default/gce_channel_credentials.cc b/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc similarity index 97% rename from src/core/lib/security/credentials/google_default/gce_channel_credentials.cc rename to src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc index bae2b128747..da1e6832d72 100644 --- a/src/core/lib/security/credentials/google_default/gce_channel_credentials.cc +++ b/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc @@ -44,7 +44,7 @@ #include "src/core/lib/slice/slice_string_helpers.h" #include "src/core/lib/surface/api_trace.h" -grpc_channel_credentials* grpc_gce_channel_credentials_create( +grpc_channel_credentials* grpc_compute_engine_channel_credentials_create( grpc_call_credentials* call_credentials, void* reserved) { // If we haven't initialized the google_default_credentials singleton, // then we don't know whether or not we're on GCE and can't safely diff --git a/src/python/grpcio/grpc/__init__.py b/src/python/grpcio/grpc/__init__.py index 71b65d31f4c..079d51431f7 100644 --- a/src/python/grpcio/grpc/__init__.py +++ b/src/python/grpcio/grpc/__init__.py @@ -1868,12 +1868,12 @@ def alts_server_credentials(): return ServerCredentials(_cygrpc.server_credentials_alts()) -def gce_channel_credentials(call_creds): +def compute_engine_channel_credentials(call_creds): """ TODO: Document. """ return ChannelCredentials( - _cygrpc.channel_credentials_gce(call_creds._credentials)) + _cygrpc.channel_credentials_compute_engine(call_creds._credentials)) def channel_ready_future(channel): diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi index 8b9f40671a7..e205f61f0dc 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi +++ b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi @@ -381,7 +381,7 @@ def server_credentials_alts(): grpc_alts_credentials_options_destroy(c_options) return credentials -cdef class GCEChannelCredentials(ChannelCredentials): +cdef class ComputeEngineChannelCredentials(ChannelCredentials): cdef grpc_channel_credentials* _c_creds cdef grpc_call_credentials* _c_call_creds @@ -390,12 +390,12 @@ cdef class GCEChannelCredentials(ChannelCredentials): self._c_call_creds = call_creds.c() cdef grpc_channel_credentials *c(self) except *: - self._c_creds = grpc_gce_channel_credentials_create(self._c_call_creds, NULL) + self._c_creds = grpc_compute_engine_channel_credentials_create(self._c_call_creds, NULL) return self._c_creds # TODO: Does this thing need to be deleted? # I suppose the reason the google default one doesn't need to be is # because there's one per process. We'll see. -def channel_credentials_gce(call_creds): - return GCEChannelCredentials(call_creds) +def channel_credentials_compute_engine(call_creds): + return ComputeEngineChannelCredentials(call_creds) diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi index bdfdf4672f5..d4f3716b78f 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi +++ b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi @@ -505,7 +505,7 @@ cdef extern from "grpc/grpc_security.h": grpc_ssl_roots_override_callback cb) nogil grpc_channel_credentials *grpc_google_default_credentials_create() nogil - grpc_channel_credentials *grpc_gce_channel_credentials_create(grpc_call_credentials* call_creds, void* reserved) nogil + grpc_channel_credentials *grpc_compute_engine_channel_credentials_create(grpc_call_credentials* call_creds, void* reserved) nogil grpc_channel_credentials *grpc_ssl_credentials_create( const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, verify_peer_options *verify_options, void *reserved) nogil diff --git a/src/python/grpcio_tests/tests/interop/client.py b/src/python/grpcio_tests/tests/interop/client.py index ca0b5a03c6c..b56880c5c07 100644 --- a/src/python/grpcio_tests/tests/interop/client.py +++ b/src/python/grpcio_tests/tests/interop/client.py @@ -120,7 +120,7 @@ def get_secure_channel_parameters(args): request=google_auth.transport.requests.Request())) # TODO: Is there any reason why it actually had to take this argument? # Couldn't we just as easily have created a composite channel credential? - channel_credentials = grpc.gce_channel_credentials(call_creds) + channel_credentials = grpc.compute_engine_channel_credentials(call_creds) # channel_credentials = grpc.composite_channel_credentials(channel_credent) # channel_credentials = grpc.composite_channel_credentials( # channel_credentials, call_credentials) From 4fefc6235f4eaa63b969e6215e4f30accac94da5 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Thu, 25 Jun 2020 23:39:27 +0000 Subject: [PATCH 09/53] Let the wrapped language create the composite credential --- include/grpc/grpc_security.h | 12 +++++------- .../compute_engine_channel_credentials.cc | 19 +++++-------------- src/python/grpcio/grpc/__init__.py | 17 +++++++++++++---- .../grpc/_cython/_cygrpc/credentials.pyx.pxi | 14 +++++--------- .../grpcio/grpc/_cython/_cygrpc/grpc.pxi | 2 +- .../grpcio_tests/tests/interop/client.py | 12 ++++-------- 6 files changed, 33 insertions(+), 43 deletions(-) diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 823bddebb05..4d7850fc438 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -303,17 +303,15 @@ GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create( /** Creates compute engine channel credentials to connect to a google gRPC service. - call_credentials is expected to be a gce_call_credentials object. - - The grpc_call_credentials instance passed to this function is expected to - remain valid for the lifetime of the grpc_channel_credentials object - returned. + This channel credential is expected to be used within a composite credential + alongside a compute_engine_credential. If used in conjunction with any call + credential besides a compute_engine_credential, the connection may suddenly + and unexpectedly begin to fail RPCs. WARNING: Do NOT use this credentials to connect to a non-google service as this could result in an oauth2 token leak. The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY. */ -GRPCAPI grpc_channel_credentials* grpc_compute_engine_channel_credentials_create( - grpc_call_credentials* call_credentials, void* reserved); +GRPCAPI grpc_channel_credentials* grpc_compute_engine_channel_credentials_create(void* reserved); GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void); diff --git a/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc b/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc index da1e6832d72..0a39102b18e 100644 --- a/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc +++ b/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc @@ -44,20 +44,16 @@ #include "src/core/lib/slice/slice_string_helpers.h" #include "src/core/lib/surface/api_trace.h" -grpc_channel_credentials* grpc_compute_engine_channel_credentials_create( - grpc_call_credentials* call_credentials, void* reserved) { +grpc_channel_credentials* grpc_compute_engine_channel_credentials_create(void* reserved) { // If we haven't initialized the google_default_credentials singleton, // then we don't know whether or not we're on GCE and can't safely // created an ALTS connection. // TODO: Fix. auto default_warmer = grpc_google_default_credentials_create(); - grpc_channel_credentials* result = nullptr; - grpc_error* error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( - "Failed to create GCE channel credentials"); grpc_core::ExecCtx exec_ctx; - GRPC_API_TRACE("grpc_gce_channel_credentials_create(%p, %p)", 2, - (call_credentials, reserved)); + GRPC_API_TRACE("grpc_gce_channel_credentials_create(%p)", 1, + (reserved)); // TODO: Should we cache this here? grpc_channel_credentials* ssl_creds = @@ -69,16 +65,11 @@ grpc_channel_credentials* grpc_compute_engine_channel_credentials_create( grpc_alts_credentials_options_destroy(options); auto creds = - grpc_core::MakeRefCounted( + new grpc_google_default_channel_credentials( alts_creds != nullptr ? alts_creds->Ref() : nullptr, ssl_creds != nullptr ? ssl_creds->Ref() : nullptr); if (ssl_creds) ssl_creds->Unref(); if (alts_creds) alts_creds->Unref(); - // TODO: Why not let the wrapped language do this? - result = grpc_composite_channel_credentials_create(creds.get(), - call_credentials, nullptr); - GPR_ASSERT(result != nullptr); - GRPC_ERROR_UNREF(error); - return result; + return creds; } diff --git a/src/python/grpcio/grpc/__init__.py b/src/python/grpcio/grpc/__init__.py index 079d51431f7..479bac295c3 100644 --- a/src/python/grpcio/grpc/__init__.py +++ b/src/python/grpcio/grpc/__init__.py @@ -1868,12 +1868,21 @@ def alts_server_credentials(): return ServerCredentials(_cygrpc.server_credentials_alts()) -def compute_engine_channel_credentials(call_creds): - """ - TODO: Document. +def compute_engine_channel_credentials(): + """Creates a compute engine channel credential. + + This is an EXPERIMENAL API. + This credential can only be used in a GCP environment as ir relies on + a handshaker service. For more infor about ALTS, see + https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security + + This channel credential is expected to be used as part of a composite + credential in conjunction with a compute_engine_call_credential. if used + with any other call credential, the connection may suddenly and unexpectedly + begin failing RPCs. """ return ChannelCredentials( - _cygrpc.channel_credentials_compute_engine(call_creds._credentials)) + _cygrpc.channel_credentials_compute_engine()) def channel_ready_future(channel): diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi index e205f61f0dc..950373f303f 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi +++ b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi @@ -381,21 +381,17 @@ def server_credentials_alts(): grpc_alts_credentials_options_destroy(c_options) return credentials + cdef class ComputeEngineChannelCredentials(ChannelCredentials): cdef grpc_channel_credentials* _c_creds - cdef grpc_call_credentials* _c_call_creds - def __cinit__(self, CallCredentials call_creds): + def __cinit__(self): self._c_creds = NULL - self._c_call_creds = call_creds.c() cdef grpc_channel_credentials *c(self) except *: - self._c_creds = grpc_compute_engine_channel_credentials_create(self._c_call_creds, NULL) + self._c_creds = grpc_compute_engine_channel_credentials_create(NULL) return self._c_creds - # TODO: Does this thing need to be deleted? - # I suppose the reason the google default one doesn't need to be is - # because there's one per process. We'll see. -def channel_credentials_compute_engine(call_creds): - return ComputeEngineChannelCredentials(call_creds) +def channel_credentials_compute_engine(): + return ComputeEngineChannelCredentials() diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi index d4f3716b78f..287817bd5ae 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi +++ b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi @@ -505,7 +505,7 @@ cdef extern from "grpc/grpc_security.h": grpc_ssl_roots_override_callback cb) nogil grpc_channel_credentials *grpc_google_default_credentials_create() nogil - grpc_channel_credentials *grpc_compute_engine_channel_credentials_create(grpc_call_credentials* call_creds, void* reserved) nogil + grpc_channel_credentials *grpc_compute_engine_channel_credentials_create(void* reserved) nogil grpc_channel_credentials *grpc_ssl_credentials_create( const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, verify_peer_options *verify_options, void *reserved) nogil diff --git a/src/python/grpcio_tests/tests/interop/client.py b/src/python/grpcio_tests/tests/interop/client.py index b56880c5c07..78974c75fda 100644 --- a/src/python/grpcio_tests/tests/interop/client.py +++ b/src/python/grpcio_tests/tests/interop/client.py @@ -109,21 +109,17 @@ def get_secure_channel_parameters(args): % args.grpc_test_use_grpclb_with_child_policy),) if args.custom_credentials_type is not None: if args.custom_credentials_type == "compute_engine_channel_creds": - # channel_credentials = grpc.google_default_channel_credentials() if call_credentials is not None: - raise ValueError("What? That's not true! That's impossible!") + raise ValueError("Cannot use both compute_engine_creds " + + "and {} as call creds.".format(call_credentials)) google_credentials, unused_project_id = google_auth.default( scopes=[args.oauth_scope]) call_creds = grpc.metadata_call_credentials( google_auth.transport.grpc.AuthMetadataPlugin( credentials=google_credentials, request=google_auth.transport.requests.Request())) - # TODO: Is there any reason why it actually had to take this argument? - # Couldn't we just as easily have created a composite channel credential? - channel_credentials = grpc.compute_engine_channel_credentials(call_creds) - # channel_credentials = grpc.composite_channel_credentials(channel_credent) - # channel_credentials = grpc.composite_channel_credentials( - # channel_credentials, call_credentials) + channel_credentials = grpc.compute_engine_channel_credentials() + channel_credentials = grpc.composite_channel_credentials(channel_credentials, call_creds) else: raise ValueError("Unknown credentials type '{}'".format( args.custom_credentials_type)) From 69aa887e4fef6ce6e1fba046f56a9a81a98e33f6 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 26 Jun 2020 02:09:46 +0000 Subject: [PATCH 10/53] Expose gce tenancy as a function --- include/grpc/grpc_security.h | 6 ++++-- .../compute_engine_channel_credentials.cc | 20 +++++++------------ .../google_default_credentials.cc | 18 +++++++++++++---- .../google_default_credentials.h | 2 ++ 4 files changed, 27 insertions(+), 19 deletions(-) diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 4d7850fc438..de78871e025 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -301,7 +301,8 @@ GRPCAPI grpc_call_credentials* grpc_composite_call_credentials_create( GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create( void* reserved); -/** Creates compute engine channel credentials to connect to a google gRPC service. +/** Creates compute engine channel credentials to connect to a google gRPC + service. This channel credential is expected to be used within a composite credential alongside a compute_engine_credential. If used in conjunction with any call @@ -311,7 +312,8 @@ GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create( WARNING: Do NOT use this credentials to connect to a non-google service as this could result in an oauth2 token leak. The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY. */ -GRPCAPI grpc_channel_credentials* grpc_compute_engine_channel_credentials_create(void* reserved); +GRPCAPI grpc_channel_credentials* +grpc_compute_engine_channel_credentials_create(void* reserved); GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void); diff --git a/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc b/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc index 0a39102b18e..b9607365ecb 100644 --- a/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc +++ b/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc @@ -44,18 +44,13 @@ #include "src/core/lib/slice/slice_string_helpers.h" #include "src/core/lib/surface/api_trace.h" -grpc_channel_credentials* grpc_compute_engine_channel_credentials_create(void* reserved) { - // If we haven't initialized the google_default_credentials singleton, - // then we don't know whether or not we're on GCE and can't safely - // created an ALTS connection. - // TODO: Fix. - auto default_warmer = grpc_google_default_credentials_create(); +grpc_channel_credentials* grpc_compute_engine_channel_credentials_create( + void* reserved) { grpc_core::ExecCtx exec_ctx; - GRPC_API_TRACE("grpc_gce_channel_credentials_create(%p)", 1, - (reserved)); + GRPC_API_TRACE("grpc_gce_channel_credentials_create(%p)", 1, (reserved)); - // TODO: Should we cache this here? + GPR_ASSERT(grpc_core::internal::is_on_gce()); grpc_channel_credentials* ssl_creds = grpc_ssl_credentials_create(nullptr, nullptr, nullptr, nullptr); GPR_ASSERT(ssl_creds != nullptr); @@ -64,10 +59,9 @@ grpc_channel_credentials* grpc_compute_engine_channel_credentials_create(void* r grpc_channel_credentials* alts_creds = grpc_alts_credentials_create(options); grpc_alts_credentials_options_destroy(options); - auto creds = - new grpc_google_default_channel_credentials( - alts_creds != nullptr ? alts_creds->Ref() : nullptr, - ssl_creds != nullptr ? ssl_creds->Ref() : nullptr); + auto creds = new grpc_google_default_channel_credentials( + alts_creds != nullptr ? alts_creds->Ref() : nullptr, + ssl_creds != nullptr ? ssl_creds->Ref() : nullptr); if (ssl_creds) ssl_creds->Unref(); if (alts_creds) alts_creds->Unref(); diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index f7dc85ec106..0476860b625 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -30,6 +30,7 @@ #include "src/core/lib/channel/channel_args.h" #include "src/core/lib/gpr/env.h" #include "src/core/lib/gpr/string.h" +#include "src/core/lib/gprpp/atomic.h" #include "src/core/lib/gprpp/ref_counted_ptr.h" #include "src/core/lib/http/httpcli.h" #include "src/core/lib/http/parser.h" @@ -57,7 +58,7 @@ using grpc_core::Json; * means the detection is done via network test that is unreliable and the * unreliable result should not be referred by successive calls. */ static int g_metadata_server_available = 0; -static int g_is_on_gce = 0; +static grpc_core::Atomic g_is_on_gce(false); static gpr_mu g_state_mu; /* Protect a metadata_server_detector instance that can be modified by more than * one gRPC threads */ @@ -89,7 +90,7 @@ grpc_google_default_channel_credentials::create_security_connector( bool use_alts = is_grpclb_load_balancer || is_backend_from_grpclb_load_balancer; /* Return failure if ALTS is selected but not running on GCE. */ - if (use_alts && !g_is_on_gce) { + if (use_alts && !grpc_core::internal::is_on_gce()) { gpr_log(GPR_ERROR, "ALTS is selected, but not running on GCE."); return nullptr; } @@ -301,8 +302,7 @@ grpc_channel_credentials* grpc_google_default_credentials_create() { /* Try a platform-provided hint for GCE. */ if (!g_metadata_server_available) { - g_is_on_gce = g_gce_tenancy_checker(); - g_metadata_server_available = g_is_on_gce; + g_metadata_server_available = grpc_core::internal::is_on_gce(); } /* TODO: Add a platform-provided hint for GAE. */ @@ -365,6 +365,16 @@ void grpc_flush_cached_google_default_credentials(void) { gpr_mu_unlock(&g_state_mu); } +bool is_on_gce(void) { + bool on_gce; + if (GPR_UNLIKELY( + !(on_gce = g_is_on_gce.Load(grpc_core::MemoryOrder::ACQUIRE)))) { + on_gce = g_gce_tenancy_checker(); + g_is_on_gce.Store(on_gce, grpc_core::MemoryOrder::RELEASE); + } + return on_gce; +} + } // namespace internal } // namespace grpc_core diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.h b/src/core/lib/security/credentials/google_default/google_default_credentials.h index 8a945da31e2..0be0fd3817e 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.h +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.h @@ -77,6 +77,8 @@ typedef bool (*grpc_gce_tenancy_checker)(void); void set_gce_tenancy_checker_for_testing(grpc_gce_tenancy_checker checker); +inline bool is_on_gce(void); + // TEST-ONLY. Reset the internal global state. void grpc_flush_cached_google_default_credentials(void); From 4de06d0e228a3c3d1dd19aaa1b24e7c58cb6a63d Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 26 Jun 2020 02:18:16 +0000 Subject: [PATCH 11/53] Regenerate projects --- BUILD.gn | 2 +- CMakeLists.txt | 2 +- Makefile | 4 ++-- build_autogenerated.yaml | 2 +- config.m4 | 2 +- config.w32 | 2 +- gRPC-Core.podspec | 2 +- grpc.def | 2 +- grpc.gemspec | 2 +- grpc.gyp | 2 +- package.xml | 2 +- src/python/grpcio/grpc_core_dependencies.py | 2 +- src/ruby/ext/grpc/rb_grpc_imports.generated.c | 4 ++-- src/ruby/ext/grpc/rb_grpc_imports.generated.h | 6 +++--- test/core/surface/public_headers_must_be_c89.c | 2 +- tools/doxygen/Doxyfile.c++.internal | 2 +- tools/doxygen/Doxyfile.core.internal | 2 +- 17 files changed, 21 insertions(+), 21 deletions(-) diff --git a/BUILD.gn b/BUILD.gn index 7d811a692af..d4a5fda2d56 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -793,8 +793,8 @@ config("grpc_config") { "src/core/lib/security/credentials/credentials_metadata.cc", "src/core/lib/security/credentials/fake/fake_credentials.cc", "src/core/lib/security/credentials/fake/fake_credentials.h", + "src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc", "src/core/lib/security/credentials/google_default/credentials_generic.cc", - "src/core/lib/security/credentials/google_default/gce_channel_credentials.cc", "src/core/lib/security/credentials/google_default/google_default_credentials.cc", "src/core/lib/security/credentials/google_default/google_default_credentials.h", "src/core/lib/security/credentials/iam/iam_credentials.cc", diff --git a/CMakeLists.txt b/CMakeLists.txt index b91b9883a72..ac4bb93a6df 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1639,8 +1639,8 @@ add_library(grpc src/core/lib/security/credentials/credentials.cc src/core/lib/security/credentials/credentials_metadata.cc src/core/lib/security/credentials/fake/fake_credentials.cc + src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc src/core/lib/security/credentials/google_default/credentials_generic.cc - src/core/lib/security/credentials/google_default/gce_channel_credentials.cc src/core/lib/security/credentials/google_default/google_default_credentials.cc src/core/lib/security/credentials/iam/iam_credentials.cc src/core/lib/security/credentials/jwt/json_token.cc diff --git a/Makefile b/Makefile index e0ce6675fda..575b676f834 100644 --- a/Makefile +++ b/Makefile @@ -3941,8 +3941,8 @@ LIBGRPC_SRC = \ src/core/lib/security/credentials/credentials.cc \ src/core/lib/security/credentials/credentials_metadata.cc \ src/core/lib/security/credentials/fake/fake_credentials.cc \ + src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc \ src/core/lib/security/credentials/google_default/credentials_generic.cc \ - src/core/lib/security/credentials/google_default/gce_channel_credentials.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.cc \ src/core/lib/security/credentials/iam/iam_credentials.cc \ src/core/lib/security/credentials/jwt/json_token.cc \ @@ -20033,8 +20033,8 @@ src/core/lib/security/credentials/composite/composite_credentials.cc: $(OPENSSL_ src/core/lib/security/credentials/credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/credentials_metadata.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/fake/fake_credentials.cc: $(OPENSSL_DEP) +src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/google_default/credentials_generic.cc: $(OPENSSL_DEP) -src/core/lib/security/credentials/google_default/gce_channel_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/google_default/google_default_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/iam/iam_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/jwt/json_token.cc: $(OPENSSL_DEP) diff --git a/build_autogenerated.yaml b/build_autogenerated.yaml index 4ba94d0b12e..079aed25c11 100644 --- a/build_autogenerated.yaml +++ b/build_autogenerated.yaml @@ -1057,8 +1057,8 @@ libs: - src/core/lib/security/credentials/credentials.cc - src/core/lib/security/credentials/credentials_metadata.cc - src/core/lib/security/credentials/fake/fake_credentials.cc + - src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc - src/core/lib/security/credentials/google_default/credentials_generic.cc - - src/core/lib/security/credentials/google_default/gce_channel_credentials.cc - src/core/lib/security/credentials/google_default/google_default_credentials.cc - src/core/lib/security/credentials/iam/iam_credentials.cc - src/core/lib/security/credentials/jwt/json_token.cc diff --git a/config.m4 b/config.m4 index 25489f9fb62..e1e39b23453 100644 --- a/config.m4 +++ b/config.m4 @@ -397,8 +397,8 @@ if test "$PHP_GRPC" != "no"; then src/core/lib/security/credentials/credentials.cc \ src/core/lib/security/credentials/credentials_metadata.cc \ src/core/lib/security/credentials/fake/fake_credentials.cc \ + src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc \ src/core/lib/security/credentials/google_default/credentials_generic.cc \ - src/core/lib/security/credentials/google_default/gce_channel_credentials.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.cc \ src/core/lib/security/credentials/iam/iam_credentials.cc \ src/core/lib/security/credentials/jwt/json_token.cc \ diff --git a/config.w32 b/config.w32 index 5e7ba8c252a..e6c10e3d46d 100644 --- a/config.w32 +++ b/config.w32 @@ -366,8 +366,8 @@ if (PHP_GRPC != "no") { "src\\core\\lib\\security\\credentials\\credentials.cc " + "src\\core\\lib\\security\\credentials\\credentials_metadata.cc " + "src\\core\\lib\\security\\credentials\\fake\\fake_credentials.cc " + + "src\\core\\lib\\security\\credentials\\google_default\\compute_engine_channel_credentials.cc " + "src\\core\\lib\\security\\credentials\\google_default\\credentials_generic.cc " + - "src\\core\\lib\\security\\credentials\\google_default\\gce_channel_credentials.cc " + "src\\core\\lib\\security\\credentials\\google_default\\google_default_credentials.cc " + "src\\core\\lib\\security\\credentials\\iam\\iam_credentials.cc " + "src\\core\\lib\\security\\credentials\\jwt\\json_token.cc " + diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec index 393072c6fc6..d33bbe6d040 100644 --- a/gRPC-Core.podspec +++ b/gRPC-Core.podspec @@ -846,8 +846,8 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/credentials_metadata.cc', 'src/core/lib/security/credentials/fake/fake_credentials.cc', 'src/core/lib/security/credentials/fake/fake_credentials.h', + 'src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc', 'src/core/lib/security/credentials/google_default/credentials_generic.cc', - 'src/core/lib/security/credentials/google_default/gce_channel_credentials.cc', 'src/core/lib/security/credentials/google_default/google_default_credentials.cc', 'src/core/lib/security/credentials/google_default/google_default_credentials.h', 'src/core/lib/security/credentials/iam/iam_credentials.cc', diff --git a/grpc.def b/grpc.def index c45eb9c29d9..797c1ae6ec3 100644 --- a/grpc.def +++ b/grpc.def @@ -106,7 +106,7 @@ EXPORTS grpc_composite_channel_credentials_create grpc_composite_call_credentials_create grpc_google_compute_engine_credentials_create - grpc_gce_channel_credentials_create + grpc_compute_engine_channel_credentials_create grpc_max_auth_token_lifetime grpc_service_account_jwt_access_credentials_create grpc_google_refresh_token_credentials_create diff --git a/grpc.gemspec b/grpc.gemspec index 68160c44093..c2681db3e87 100644 --- a/grpc.gemspec +++ b/grpc.gemspec @@ -768,8 +768,8 @@ Gem::Specification.new do |s| s.files += %w( src/core/lib/security/credentials/credentials_metadata.cc ) s.files += %w( src/core/lib/security/credentials/fake/fake_credentials.cc ) s.files += %w( src/core/lib/security/credentials/fake/fake_credentials.h ) + s.files += %w( src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc ) s.files += %w( src/core/lib/security/credentials/google_default/credentials_generic.cc ) - s.files += %w( src/core/lib/security/credentials/google_default/gce_channel_credentials.cc ) s.files += %w( src/core/lib/security/credentials/google_default/google_default_credentials.cc ) s.files += %w( src/core/lib/security/credentials/google_default/google_default_credentials.h ) s.files += %w( src/core/lib/security/credentials/iam/iam_credentials.cc ) diff --git a/grpc.gyp b/grpc.gyp index 379dc659e3a..554a6214721 100644 --- a/grpc.gyp +++ b/grpc.gyp @@ -751,8 +751,8 @@ 'src/core/lib/security/credentials/credentials.cc', 'src/core/lib/security/credentials/credentials_metadata.cc', 'src/core/lib/security/credentials/fake/fake_credentials.cc', + 'src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc', 'src/core/lib/security/credentials/google_default/credentials_generic.cc', - 'src/core/lib/security/credentials/google_default/gce_channel_credentials.cc', 'src/core/lib/security/credentials/google_default/google_default_credentials.cc', 'src/core/lib/security/credentials/iam/iam_credentials.cc', 'src/core/lib/security/credentials/jwt/json_token.cc', diff --git a/package.xml b/package.xml index da31ccf4bfd..6349909ff74 100644 --- a/package.xml +++ b/package.xml @@ -748,8 +748,8 @@ + - diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py index 0fc2efb9485..a39691002d2 100644 --- a/src/python/grpcio/grpc_core_dependencies.py +++ b/src/python/grpcio/grpc_core_dependencies.py @@ -375,8 +375,8 @@ CORE_SOURCE_FILES = [ 'src/core/lib/security/credentials/credentials.cc', 'src/core/lib/security/credentials/credentials_metadata.cc', 'src/core/lib/security/credentials/fake/fake_credentials.cc', + 'src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc', 'src/core/lib/security/credentials/google_default/credentials_generic.cc', - 'src/core/lib/security/credentials/google_default/gce_channel_credentials.cc', 'src/core/lib/security/credentials/google_default/google_default_credentials.cc', 'src/core/lib/security/credentials/iam/iam_credentials.cc', 'src/core/lib/security/credentials/jwt/json_token.cc', diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.c b/src/ruby/ext/grpc/rb_grpc_imports.generated.c index 151602e3fe4..c88b646d62c 100644 --- a/src/ruby/ext/grpc/rb_grpc_imports.generated.c +++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.c @@ -129,7 +129,7 @@ grpc_call_credentials_release_type grpc_call_credentials_release_import; grpc_composite_channel_credentials_create_type grpc_composite_channel_credentials_create_import; grpc_composite_call_credentials_create_type grpc_composite_call_credentials_create_import; grpc_google_compute_engine_credentials_create_type grpc_google_compute_engine_credentials_create_import; -grpc_gce_channel_credentials_create_type grpc_gce_channel_credentials_create_import; +grpc_compute_engine_channel_credentials_create_type grpc_compute_engine_channel_credentials_create_import; grpc_max_auth_token_lifetime_type grpc_max_auth_token_lifetime_import; grpc_service_account_jwt_access_credentials_create_type grpc_service_account_jwt_access_credentials_create_import; grpc_google_refresh_token_credentials_create_type grpc_google_refresh_token_credentials_create_import; @@ -402,7 +402,7 @@ void grpc_rb_load_imports(HMODULE library) { grpc_composite_channel_credentials_create_import = (grpc_composite_channel_credentials_create_type) GetProcAddress(library, "grpc_composite_channel_credentials_create"); grpc_composite_call_credentials_create_import = (grpc_composite_call_credentials_create_type) GetProcAddress(library, "grpc_composite_call_credentials_create"); grpc_google_compute_engine_credentials_create_import = (grpc_google_compute_engine_credentials_create_type) GetProcAddress(library, "grpc_google_compute_engine_credentials_create"); - grpc_gce_channel_credentials_create_import = (grpc_gce_channel_credentials_create_type) GetProcAddress(library, "grpc_gce_channel_credentials_create"); + grpc_compute_engine_channel_credentials_create_import = (grpc_compute_engine_channel_credentials_create_type) GetProcAddress(library, "grpc_compute_engine_channel_credentials_create"); grpc_max_auth_token_lifetime_import = (grpc_max_auth_token_lifetime_type) GetProcAddress(library, "grpc_max_auth_token_lifetime"); grpc_service_account_jwt_access_credentials_create_import = (grpc_service_account_jwt_access_credentials_create_type) GetProcAddress(library, "grpc_service_account_jwt_access_credentials_create"); grpc_google_refresh_token_credentials_create_import = (grpc_google_refresh_token_credentials_create_type) GetProcAddress(library, "grpc_google_refresh_token_credentials_create"); diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.h b/src/ruby/ext/grpc/rb_grpc_imports.generated.h index 3b72491e601..bcf6c6001f1 100644 --- a/src/ruby/ext/grpc/rb_grpc_imports.generated.h +++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.h @@ -362,9 +362,9 @@ extern grpc_composite_call_credentials_create_type grpc_composite_call_credentia typedef grpc_call_credentials*(*grpc_google_compute_engine_credentials_create_type)(void* reserved); extern grpc_google_compute_engine_credentials_create_type grpc_google_compute_engine_credentials_create_import; #define grpc_google_compute_engine_credentials_create grpc_google_compute_engine_credentials_create_import -typedef grpc_channel_credentials*(*grpc_gce_channel_credentials_create_type)(grpc_call_credentials* call_credentials, void* reserved); -extern grpc_gce_channel_credentials_create_type grpc_gce_channel_credentials_create_import; -#define grpc_gce_channel_credentials_create grpc_gce_channel_credentials_create_import +typedef grpc_channel_credentials*(*grpc_compute_engine_channel_credentials_create_type)(void* reserved); +extern grpc_compute_engine_channel_credentials_create_type grpc_compute_engine_channel_credentials_create_import; +#define grpc_compute_engine_channel_credentials_create grpc_compute_engine_channel_credentials_create_import typedef gpr_timespec(*grpc_max_auth_token_lifetime_type)(void); extern grpc_max_auth_token_lifetime_type grpc_max_auth_token_lifetime_import; #define grpc_max_auth_token_lifetime grpc_max_auth_token_lifetime_import diff --git a/test/core/surface/public_headers_must_be_c89.c b/test/core/surface/public_headers_must_be_c89.c index ff7a47f5dfa..b4e1166bd01 100644 --- a/test/core/surface/public_headers_must_be_c89.c +++ b/test/core/surface/public_headers_must_be_c89.c @@ -173,7 +173,7 @@ int main(int argc, char **argv) { printf("%lx", (unsigned long) grpc_composite_channel_credentials_create); printf("%lx", (unsigned long) grpc_composite_call_credentials_create); printf("%lx", (unsigned long) grpc_google_compute_engine_credentials_create); - printf("%lx", (unsigned long) grpc_gce_channel_credentials_create); + printf("%lx", (unsigned long) grpc_compute_engine_channel_credentials_create); printf("%lx", (unsigned long) grpc_max_auth_token_lifetime); printf("%lx", (unsigned long) grpc_service_account_jwt_access_credentials_create); printf("%lx", (unsigned long) grpc_google_refresh_token_credentials_create); diff --git a/tools/doxygen/Doxyfile.c++.internal b/tools/doxygen/Doxyfile.c++.internal index 89b2a437379..9a6df168bc0 100644 --- a/tools/doxygen/Doxyfile.c++.internal +++ b/tools/doxygen/Doxyfile.c++.internal @@ -1731,8 +1731,8 @@ src/core/lib/security/credentials/credentials.h \ src/core/lib/security/credentials/credentials_metadata.cc \ src/core/lib/security/credentials/fake/fake_credentials.cc \ src/core/lib/security/credentials/fake/fake_credentials.h \ +src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc \ src/core/lib/security/credentials/google_default/credentials_generic.cc \ -src/core/lib/security/credentials/google_default/gce_channel_credentials.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.h \ src/core/lib/security/credentials/iam/iam_credentials.cc \ diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal index 8cce3e161d4..a0826adc4ed 100644 --- a/tools/doxygen/Doxyfile.core.internal +++ b/tools/doxygen/Doxyfile.core.internal @@ -1543,8 +1543,8 @@ src/core/lib/security/credentials/credentials.h \ src/core/lib/security/credentials/credentials_metadata.cc \ src/core/lib/security/credentials/fake/fake_credentials.cc \ src/core/lib/security/credentials/fake/fake_credentials.h \ +src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc \ src/core/lib/security/credentials/google_default/credentials_generic.cc \ -src/core/lib/security/credentials/google_default/gce_channel_credentials.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.h \ src/core/lib/security/credentials/iam/iam_credentials.cc \ From 2b09327a6f520b119e4abe491c64e917398ea8ed Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 26 Jun 2020 02:25:38 +0000 Subject: [PATCH 12/53] Yapf :( --- src/python/grpcio/grpc/__init__.py | 3 +-- src/python/grpcio_tests/tests/interop/client.py | 8 +++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/python/grpcio/grpc/__init__.py b/src/python/grpcio/grpc/__init__.py index 479bac295c3..f1eba51f59a 100644 --- a/src/python/grpcio/grpc/__init__.py +++ b/src/python/grpcio/grpc/__init__.py @@ -1881,8 +1881,7 @@ def compute_engine_channel_credentials(): with any other call credential, the connection may suddenly and unexpectedly begin failing RPCs. """ - return ChannelCredentials( - _cygrpc.channel_credentials_compute_engine()) + return ChannelCredentials(_cygrpc.channel_credentials_compute_engine()) def channel_ready_future(channel): diff --git a/src/python/grpcio_tests/tests/interop/client.py b/src/python/grpcio_tests/tests/interop/client.py index 78974c75fda..b638ceeb727 100644 --- a/src/python/grpcio_tests/tests/interop/client.py +++ b/src/python/grpcio_tests/tests/interop/client.py @@ -110,8 +110,9 @@ def get_secure_channel_parameters(args): if args.custom_credentials_type is not None: if args.custom_credentials_type == "compute_engine_channel_creds": if call_credentials is not None: - raise ValueError("Cannot use both compute_engine_creds " + - "and {} as call creds.".format(call_credentials)) + raise ValueError( + "Cannot use both compute_engine_creds " + + "and {} as call creds.".format(call_credentials)) google_credentials, unused_project_id = google_auth.default( scopes=[args.oauth_scope]) call_creds = grpc.metadata_call_credentials( @@ -119,7 +120,8 @@ def get_secure_channel_parameters(args): credentials=google_credentials, request=google_auth.transport.requests.Request())) channel_credentials = grpc.compute_engine_channel_credentials() - channel_credentials = grpc.composite_channel_credentials(channel_credentials, call_creds) + channel_credentials = grpc.composite_channel_credentials( + channel_credentials, call_creds) else: raise ValueError("Unknown credentials type '{}'".format( args.custom_credentials_type)) From ae9ce800b177a1d23468916ffe1809deec691e4f Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 26 Jun 2020 02:34:54 +0000 Subject: [PATCH 13/53] Remove inline --- .../credentials/google_default/google_default_credentials.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.h b/src/core/lib/security/credentials/google_default/google_default_credentials.h index 0be0fd3817e..639b861da96 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.h +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.h @@ -77,7 +77,7 @@ typedef bool (*grpc_gce_tenancy_checker)(void); void set_gce_tenancy_checker_for_testing(grpc_gce_tenancy_checker checker); -inline bool is_on_gce(void); +bool is_on_gce(void); // TEST-ONLY. Reset the internal global state. void grpc_flush_cached_google_default_credentials(void); From b45acf15d16d47772f2b2aef49f14c394b42fdda Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 26 Jun 2020 05:06:39 +0000 Subject: [PATCH 14/53] Stop double caching --- .../google_default/google_default_credentials.cc | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 0476860b625..6b819bc3b04 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -366,12 +366,8 @@ void grpc_flush_cached_google_default_credentials(void) { } bool is_on_gce(void) { - bool on_gce; - if (GPR_UNLIKELY( - !(on_gce = g_is_on_gce.Load(grpc_core::MemoryOrder::ACQUIRE)))) { - on_gce = g_gce_tenancy_checker(); - g_is_on_gce.Store(on_gce, grpc_core::MemoryOrder::RELEASE); - } + bool on_gce = g_gce_tenancy_checker(); + g_is_on_gce.Store(on_gce, grpc_core::MemoryOrder::RELEASE); return on_gce; } From f2a0f47fbba2fd6f7bed169f207fc38fc4463a7a Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 26 Jun 2020 05:44:39 +0000 Subject: [PATCH 15/53] Add test --- .../credentials/alts/alts_credentials.cc | 1 - .../credentials/alts/alts_credentials.h | 2 ++ .../compute_engine_channel_credentials.cc | 1 + test/core/security/credentials_test.cc | 24 +++++++++++++++++++ 4 files changed, 27 insertions(+), 1 deletion(-) diff --git a/src/core/lib/security/credentials/alts/alts_credentials.cc b/src/core/lib/security/credentials/alts/alts_credentials.cc index 1bc76d9c0c6..daff5b65c55 100644 --- a/src/core/lib/security/credentials/alts/alts_credentials.cc +++ b/src/core/lib/security/credentials/alts/alts_credentials.cc @@ -30,7 +30,6 @@ #include "src/core/lib/security/credentials/alts/check_gcp_environment.h" #include "src/core/lib/security/security_connector/alts/alts_security_connector.h" -#define GRPC_CREDENTIALS_TYPE_ALTS "Alts" #define GRPC_ALTS_HANDSHAKER_SERVICE_URL "metadata.google.internal.:8080" grpc_alts_credentials::grpc_alts_credentials( diff --git a/src/core/lib/security/credentials/alts/alts_credentials.h b/src/core/lib/security/credentials/alts/alts_credentials.h index cc6d5222b16..cf4f7121d29 100644 --- a/src/core/lib/security/credentials/alts/alts_credentials.h +++ b/src/core/lib/security/credentials/alts/alts_credentials.h @@ -26,6 +26,8 @@ #include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h" #include "src/core/lib/security/credentials/credentials.h" +#define GRPC_CREDENTIALS_TYPE_ALTS "Alts" + /* Main struct for grpc ALTS channel credential. */ class grpc_alts_credentials final : public grpc_channel_credentials { public: diff --git a/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc b/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc index b9607365ecb..6ddc683e3ad 100644 --- a/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc +++ b/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc @@ -51,6 +51,7 @@ grpc_channel_credentials* grpc_compute_engine_channel_credentials_create( GRPC_API_TRACE("grpc_gce_channel_credentials_create(%p)", 1, (reserved)); GPR_ASSERT(grpc_core::internal::is_on_gce()); + grpc_channel_credentials* ssl_creds = grpc_ssl_credentials_create(nullptr, nullptr, nullptr, nullptr); GPR_ASSERT(ssl_creds != nullptr); diff --git a/test/core/security/credentials_test.cc b/test/core/security/credentials_test.cc index 75eb00ec83d..faa8739cf2a 100644 --- a/test/core/security/credentials_test.cc +++ b/test/core/security/credentials_test.cc @@ -37,6 +37,7 @@ #include "src/core/lib/gprpp/host_port.h" #include "src/core/lib/http/httpcli.h" #include "src/core/lib/iomgr/error.h" +#include "src/core/lib/security/credentials/alts/alts_credentials.h" #include "src/core/lib/security/credentials/composite/composite_credentials.h" #include "src/core/lib/security/credentials/fake/fake_credentials.h" #include "src/core/lib/security/credentials/google_default/google_default_credentials.h" @@ -1522,6 +1523,28 @@ static void test_no_google_default_creds(void) { grpc_httpcli_set_override(nullptr, nullptr); } +static void test_compute_engine_creds(void) { + set_gce_tenancy_checker_for_testing(test_gce_tenancy_checker); + g_test_gce_tenancy_checker_called = false; + g_test_is_on_gce = true; + + auto creds = reinterpret_cast( + grpc_compute_engine_channel_credentials_create(nullptr)); + + GPR_ASSERT(creds != nullptr); + GPR_ASSERT( + strcmp(creds->type(), GRPC_CHANNEL_CREDENTIALS_TYPE_GOOGLE_DEFAULT) == 0); + + auto* alts_creds = creds->alts_creds(); + GPR_ASSERT(alts_creds != nullptr); + GPR_ASSERT(strcmp(alts_creds->type(), GRPC_CREDENTIALS_TYPE_ALTS) == 0); + + auto* ssl_creds = creds->ssl_creds(); + GPR_ASSERT(ssl_creds != nullptr); + GPR_ASSERT(strcmp(ssl_creds->type(), GRPC_CHANNEL_CREDENTIALS_TYPE_SSL) == 0); + creds->Unref(); +} + typedef enum { PLUGIN_INITIAL_STATE, PLUGIN_GET_METADATA_CALLED_STATE, @@ -1831,6 +1854,7 @@ int main(int argc, char** argv) { test_google_default_creds_gce(); test_google_default_creds_non_gce(); test_no_google_default_creds(); + test_compute_engine_creds(); test_metadata_plugin_success(); test_metadata_plugin_failure(); test_get_well_known_google_credentials_file_path(); From fd33b5575fc977227cc6fecb948cae4341ccb50f Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 26 Jun 2020 05:49:54 +0000 Subject: [PATCH 16/53] Remove weird, seemingly pointless variable --- .../google_default/google_default_credentials.cc | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 6b819bc3b04..1d5769aa9e8 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -30,7 +30,6 @@ #include "src/core/lib/channel/channel_args.h" #include "src/core/lib/gpr/env.h" #include "src/core/lib/gpr/string.h" -#include "src/core/lib/gprpp/atomic.h" #include "src/core/lib/gprpp/ref_counted_ptr.h" #include "src/core/lib/http/httpcli.h" #include "src/core/lib/http/parser.h" @@ -58,7 +57,6 @@ using grpc_core::Json; * means the detection is done via network test that is unreliable and the * unreliable result should not be referred by successive calls. */ static int g_metadata_server_available = 0; -static grpc_core::Atomic g_is_on_gce(false); static gpr_mu g_state_mu; /* Protect a metadata_server_detector instance that can be modified by more than * one gRPC threads */ @@ -366,9 +364,7 @@ void grpc_flush_cached_google_default_credentials(void) { } bool is_on_gce(void) { - bool on_gce = g_gce_tenancy_checker(); - g_is_on_gce.Store(on_gce, grpc_core::MemoryOrder::RELEASE); - return on_gce; + return g_gce_tenancy_checker(); } } // namespace internal From 4aeab73f0afc25dfbb8c5aa82bbeb7fe7cc79119 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 26 Jun 2020 05:56:38 +0000 Subject: [PATCH 17/53] Clang format --- .../credentials/google_default/google_default_credentials.cc | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 1d5769aa9e8..263808e6dbf 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -363,9 +363,7 @@ void grpc_flush_cached_google_default_credentials(void) { gpr_mu_unlock(&g_state_mu); } -bool is_on_gce(void) { - return g_gce_tenancy_checker(); -} +bool is_on_gce(void) { return g_gce_tenancy_checker(); } } // namespace internal } // namespace grpc_core From c10cae4659b0feb109d2c742aa605e102856430c Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 26 Jun 2020 17:54:48 +0000 Subject: [PATCH 18/53] Remove platform-specific assertion --- .../lib/security/credentials/alts/alts_credentials.cc | 1 + .../lib/security/credentials/alts/alts_credentials.h | 2 -- test/core/security/credentials_test.cc | 9 ++------- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/src/core/lib/security/credentials/alts/alts_credentials.cc b/src/core/lib/security/credentials/alts/alts_credentials.cc index daff5b65c55..1bc76d9c0c6 100644 --- a/src/core/lib/security/credentials/alts/alts_credentials.cc +++ b/src/core/lib/security/credentials/alts/alts_credentials.cc @@ -30,6 +30,7 @@ #include "src/core/lib/security/credentials/alts/check_gcp_environment.h" #include "src/core/lib/security/security_connector/alts/alts_security_connector.h" +#define GRPC_CREDENTIALS_TYPE_ALTS "Alts" #define GRPC_ALTS_HANDSHAKER_SERVICE_URL "metadata.google.internal.:8080" grpc_alts_credentials::grpc_alts_credentials( diff --git a/src/core/lib/security/credentials/alts/alts_credentials.h b/src/core/lib/security/credentials/alts/alts_credentials.h index cf4f7121d29..cc6d5222b16 100644 --- a/src/core/lib/security/credentials/alts/alts_credentials.h +++ b/src/core/lib/security/credentials/alts/alts_credentials.h @@ -26,8 +26,6 @@ #include "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h" #include "src/core/lib/security/credentials/credentials.h" -#define GRPC_CREDENTIALS_TYPE_ALTS "Alts" - /* Main struct for grpc ALTS channel credential. */ class grpc_alts_credentials final : public grpc_channel_credentials { public: diff --git a/test/core/security/credentials_test.cc b/test/core/security/credentials_test.cc index faa8739cf2a..a0078d4bd54 100644 --- a/test/core/security/credentials_test.cc +++ b/test/core/security/credentials_test.cc @@ -37,7 +37,6 @@ #include "src/core/lib/gprpp/host_port.h" #include "src/core/lib/http/httpcli.h" #include "src/core/lib/iomgr/error.h" -#include "src/core/lib/security/credentials/alts/alts_credentials.h" #include "src/core/lib/security/credentials/composite/composite_credentials.h" #include "src/core/lib/security/credentials/fake/fake_credentials.h" #include "src/core/lib/security/credentials/google_default/google_default_credentials.h" @@ -1523,7 +1522,7 @@ static void test_no_google_default_creds(void) { grpc_httpcli_set_override(nullptr, nullptr); } -static void test_compute_engine_creds(void) { +static void test_compute_engine_channel_creds(void) { set_gce_tenancy_checker_for_testing(test_gce_tenancy_checker); g_test_gce_tenancy_checker_called = false; g_test_is_on_gce = true; @@ -1535,10 +1534,6 @@ static void test_compute_engine_creds(void) { GPR_ASSERT( strcmp(creds->type(), GRPC_CHANNEL_CREDENTIALS_TYPE_GOOGLE_DEFAULT) == 0); - auto* alts_creds = creds->alts_creds(); - GPR_ASSERT(alts_creds != nullptr); - GPR_ASSERT(strcmp(alts_creds->type(), GRPC_CREDENTIALS_TYPE_ALTS) == 0); - auto* ssl_creds = creds->ssl_creds(); GPR_ASSERT(ssl_creds != nullptr); GPR_ASSERT(strcmp(ssl_creds->type(), GRPC_CHANNEL_CREDENTIALS_TYPE_SSL) == 0); @@ -1854,7 +1849,7 @@ int main(int argc, char** argv) { test_google_default_creds_gce(); test_google_default_creds_non_gce(); test_no_google_default_creds(); - test_compute_engine_creds(); + test_compute_engine_channel_creds(); test_metadata_plugin_success(); test_metadata_plugin_failure(); test_get_well_known_google_credentials_file_path(); From 8459b49dd53dee5e2abb2b4181ae0ae80f34a66b Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 26 Jun 2020 17:55:51 +0000 Subject: [PATCH 19/53] Buildifier --- BUILD | 2 +- src/python/grpcio_tests/tests/interop/BUILD.bazel | 2 +- src/python/grpcio_tests/tests_aio/interop/BUILD.bazel | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/BUILD b/BUILD index bf0a9085a94..4d21daf5a73 100644 --- a/BUILD +++ b/BUILD @@ -1766,9 +1766,9 @@ grpc_cc_library( "src/core/lib/security/credentials/credentials.cc", "src/core/lib/security/credentials/credentials_metadata.cc", "src/core/lib/security/credentials/fake/fake_credentials.cc", + "src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc", "src/core/lib/security/credentials/google_default/credentials_generic.cc", "src/core/lib/security/credentials/google_default/google_default_credentials.cc", - "src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc", "src/core/lib/security/credentials/iam/iam_credentials.cc", "src/core/lib/security/credentials/jwt/json_token.cc", "src/core/lib/security/credentials/jwt/jwt_credentials.cc", diff --git a/src/python/grpcio_tests/tests/interop/BUILD.bazel b/src/python/grpcio_tests/tests/interop/BUILD.bazel index ca5e4748e7c..f38b82b030a 100644 --- a/src/python/grpcio_tests/tests/interop/BUILD.bazel +++ b/src/python/grpcio_tests/tests/interop/BUILD.bazel @@ -28,8 +28,8 @@ py_library( py_binary( name = "client", srcs = ["client.py"], - deps = [":client_lib"], python_version = "PY3", + deps = [":client_lib"], ) py_library( diff --git a/src/python/grpcio_tests/tests_aio/interop/BUILD.bazel b/src/python/grpcio_tests/tests_aio/interop/BUILD.bazel index 5bc685765a4..4b908ecd47f 100644 --- a/src/python/grpcio_tests/tests_aio/interop/BUILD.bazel +++ b/src/python/grpcio_tests/tests_aio/interop/BUILD.bazel @@ -74,4 +74,3 @@ py_binary( "//src/python/grpcio_tests/tests/interop:resources", ], ) - From 236a089ca6ee65b62711cb1bb54eff97df537020 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 26 Jun 2020 22:52:07 +0000 Subject: [PATCH 20/53] Mark core API as experimental --- include/grpc/grpc_security.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index de78871e025..d4eee04aa2d 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -311,7 +311,11 @@ GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create( WARNING: Do NOT use this credentials to connect to a non-google service as this could result in an oauth2 token leak. The security level of the - resulting connection is GRPC_PRIVACY_AND_INTEGRITY. */ + resulting connection is GRPC_PRIVACY_AND_INTEGRITY. + + This API is used for experimental purposes for now and may change in the + future. + */ GRPCAPI grpc_channel_credentials* grpc_compute_engine_channel_credentials_create(void* reserved); From ac08c9ba28de6aecc63d10c503ff9afc2590982d Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 26 Jun 2020 22:55:12 +0000 Subject: [PATCH 21/53] Use a gerund for a function name --- .../google_default/compute_engine_channel_credentials.cc | 2 +- .../google_default/google_default_credentials.cc | 6 +++--- .../credentials/google_default/google_default_credentials.h | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc b/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc index 6ddc683e3ad..17da00af02a 100644 --- a/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc +++ b/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc @@ -50,7 +50,7 @@ grpc_channel_credentials* grpc_compute_engine_channel_credentials_create( GRPC_API_TRACE("grpc_gce_channel_credentials_create(%p)", 1, (reserved)); - GPR_ASSERT(grpc_core::internal::is_on_gce()); + GPR_ASSERT(grpc_core::internal::running_on_gce()); grpc_channel_credentials* ssl_creds = grpc_ssl_credentials_create(nullptr, nullptr, nullptr, nullptr); diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 263808e6dbf..15419e09110 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -88,7 +88,7 @@ grpc_google_default_channel_credentials::create_security_connector( bool use_alts = is_grpclb_load_balancer || is_backend_from_grpclb_load_balancer; /* Return failure if ALTS is selected but not running on GCE. */ - if (use_alts && !grpc_core::internal::is_on_gce()) { + if (use_alts && !grpc_core::internal::running_on_gce()) { gpr_log(GPR_ERROR, "ALTS is selected, but not running on GCE."); return nullptr; } @@ -300,7 +300,7 @@ grpc_channel_credentials* grpc_google_default_credentials_create() { /* Try a platform-provided hint for GCE. */ if (!g_metadata_server_available) { - g_metadata_server_available = grpc_core::internal::is_on_gce(); + g_metadata_server_available = grpc_core::internal::running_on_gce(); } /* TODO: Add a platform-provided hint for GAE. */ @@ -363,7 +363,7 @@ void grpc_flush_cached_google_default_credentials(void) { gpr_mu_unlock(&g_state_mu); } -bool is_on_gce(void) { return g_gce_tenancy_checker(); } +bool running_on_gce(void) { return g_gce_tenancy_checker(); } } // namespace internal } // namespace grpc_core diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.h b/src/core/lib/security/credentials/google_default/google_default_credentials.h index 639b861da96..e37683577dd 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.h +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.h @@ -77,7 +77,7 @@ typedef bool (*grpc_gce_tenancy_checker)(void); void set_gce_tenancy_checker_for_testing(grpc_gce_tenancy_checker checker); -bool is_on_gce(void); +bool running_on_gce(void); // TEST-ONLY. Reset the internal global state. void grpc_flush_cached_google_default_credentials(void); From b61213c094f0d242cce69ca5e9106ba218da45cf Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 26 Jun 2020 23:04:00 +0000 Subject: [PATCH 22/53] Simplify reference count juggling --- .../google_default/compute_engine_channel_credentials.cc | 6 ++---- .../google_default/google_default_credentials.cc | 6 ++---- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc b/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc index 17da00af02a..f1dcab7da82 100644 --- a/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc +++ b/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc @@ -61,10 +61,8 @@ grpc_channel_credentials* grpc_compute_engine_channel_credentials_create( grpc_alts_credentials_options_destroy(options); auto creds = new grpc_google_default_channel_credentials( - alts_creds != nullptr ? alts_creds->Ref() : nullptr, - ssl_creds != nullptr ? ssl_creds->Ref() : nullptr); - if (ssl_creds) ssl_creds->Unref(); - if (alts_creds) alts_creds->Unref(); + grpc_core::RefCountedPtr(alts_creds), + grpc_core::RefCountedPtr(ssl_creds)); return creds; } diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 15419e09110..cbce9be145c 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -333,10 +333,8 @@ end: grpc_alts_credentials_options_destroy(options); auto creds = grpc_core::MakeRefCounted( - alts_creds != nullptr ? alts_creds->Ref() : nullptr, - ssl_creds != nullptr ? ssl_creds->Ref() : nullptr); - if (ssl_creds) ssl_creds->Unref(); - if (alts_creds) alts_creds->Unref(); + grpc_core::RefCountedPtr(alts_creds), + grpc_core::RefCountedPtr(ssl_creds)); result = grpc_composite_channel_credentials_create( creds.get(), call_creds.get(), nullptr); GPR_ASSERT(result != nullptr); From 98371380b7f261ef0f9249ab90ad818ac1747be9 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 26 Jun 2020 23:04:46 +0000 Subject: [PATCH 23/53] Clang format --- .../credentials/google_default/google_default_credentials.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index cbce9be145c..03224c6f7c2 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -333,8 +333,8 @@ end: grpc_alts_credentials_options_destroy(options); auto creds = grpc_core::MakeRefCounted( - grpc_core::RefCountedPtr(alts_creds), - grpc_core::RefCountedPtr(ssl_creds)); + grpc_core::RefCountedPtr(alts_creds), + grpc_core::RefCountedPtr(ssl_creds)); result = grpc_composite_channel_credentials_create( creds.get(), call_creds.get(), nullptr); GPR_ASSERT(result != nullptr); From c8a8a6aea41ad6799cab2549e884cc5bfed74cf3 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Tue, 7 Jul 2020 00:18:42 +0000 Subject: [PATCH 24/53] Get new core API design building --- BUILD | 1 - BUILD.gn | 1 - CMakeLists.txt | 1 - Makefile | 2 - build_autogenerated.yaml | 1 - config.m4 | 1 - config.w32 | 1 - gRPC-Core.podspec | 1 - grpc.def | 1 - grpc.gemspec | 1 - grpc.gyp | 1 - include/grpc/grpc_security.h | 46 +++++-------- package.xml | 1 - .../client_channel/xds/xds_channel_secure.cc | 2 +- .../compute_engine_channel_credentials.cc | 68 ------------------- .../google_default_credentials.cc | 47 +++++++------ .../google_default_credentials.h | 2 - src/python/grpcio/grpc_core_dependencies.py | 1 - src/ruby/ext/grpc/rb_grpc_imports.generated.c | 2 - src/ruby/ext/grpc/rb_grpc_imports.generated.h | 5 +- test/core/security/credentials_test.cc | 31 ++------- .../core/surface/public_headers_must_be_c89.c | 1 - tools/doxygen/Doxyfile.c++.internal | 1 - tools/doxygen/Doxyfile.core.internal | 1 - 24 files changed, 53 insertions(+), 167 deletions(-) delete mode 100644 src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc diff --git a/BUILD b/BUILD index 4d21daf5a73..0d2a7ca058c 100644 --- a/BUILD +++ b/BUILD @@ -1766,7 +1766,6 @@ grpc_cc_library( "src/core/lib/security/credentials/credentials.cc", "src/core/lib/security/credentials/credentials_metadata.cc", "src/core/lib/security/credentials/fake/fake_credentials.cc", - "src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc", "src/core/lib/security/credentials/google_default/credentials_generic.cc", "src/core/lib/security/credentials/google_default/google_default_credentials.cc", "src/core/lib/security/credentials/iam/iam_credentials.cc", diff --git a/BUILD.gn b/BUILD.gn index d4a5fda2d56..a16d298f1be 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -793,7 +793,6 @@ config("grpc_config") { "src/core/lib/security/credentials/credentials_metadata.cc", "src/core/lib/security/credentials/fake/fake_credentials.cc", "src/core/lib/security/credentials/fake/fake_credentials.h", - "src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc", "src/core/lib/security/credentials/google_default/credentials_generic.cc", "src/core/lib/security/credentials/google_default/google_default_credentials.cc", "src/core/lib/security/credentials/google_default/google_default_credentials.h", diff --git a/CMakeLists.txt b/CMakeLists.txt index ac4bb93a6df..323f7800627 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1639,7 +1639,6 @@ add_library(grpc src/core/lib/security/credentials/credentials.cc src/core/lib/security/credentials/credentials_metadata.cc src/core/lib/security/credentials/fake/fake_credentials.cc - src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc src/core/lib/security/credentials/google_default/credentials_generic.cc src/core/lib/security/credentials/google_default/google_default_credentials.cc src/core/lib/security/credentials/iam/iam_credentials.cc diff --git a/Makefile b/Makefile index 575b676f834..bbaccc44513 100644 --- a/Makefile +++ b/Makefile @@ -3941,7 +3941,6 @@ LIBGRPC_SRC = \ src/core/lib/security/credentials/credentials.cc \ src/core/lib/security/credentials/credentials_metadata.cc \ src/core/lib/security/credentials/fake/fake_credentials.cc \ - src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc \ src/core/lib/security/credentials/google_default/credentials_generic.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.cc \ src/core/lib/security/credentials/iam/iam_credentials.cc \ @@ -20033,7 +20032,6 @@ src/core/lib/security/credentials/composite/composite_credentials.cc: $(OPENSSL_ src/core/lib/security/credentials/credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/credentials_metadata.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/fake/fake_credentials.cc: $(OPENSSL_DEP) -src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/google_default/credentials_generic.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/google_default/google_default_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/iam/iam_credentials.cc: $(OPENSSL_DEP) diff --git a/build_autogenerated.yaml b/build_autogenerated.yaml index 079aed25c11..9eb53b8e576 100644 --- a/build_autogenerated.yaml +++ b/build_autogenerated.yaml @@ -1057,7 +1057,6 @@ libs: - src/core/lib/security/credentials/credentials.cc - src/core/lib/security/credentials/credentials_metadata.cc - src/core/lib/security/credentials/fake/fake_credentials.cc - - src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc - src/core/lib/security/credentials/google_default/credentials_generic.cc - src/core/lib/security/credentials/google_default/google_default_credentials.cc - src/core/lib/security/credentials/iam/iam_credentials.cc diff --git a/config.m4 b/config.m4 index e1e39b23453..cd1019abcd9 100644 --- a/config.m4 +++ b/config.m4 @@ -397,7 +397,6 @@ if test "$PHP_GRPC" != "no"; then src/core/lib/security/credentials/credentials.cc \ src/core/lib/security/credentials/credentials_metadata.cc \ src/core/lib/security/credentials/fake/fake_credentials.cc \ - src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc \ src/core/lib/security/credentials/google_default/credentials_generic.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.cc \ src/core/lib/security/credentials/iam/iam_credentials.cc \ diff --git a/config.w32 b/config.w32 index e6c10e3d46d..8109f9103af 100644 --- a/config.w32 +++ b/config.w32 @@ -366,7 +366,6 @@ if (PHP_GRPC != "no") { "src\\core\\lib\\security\\credentials\\credentials.cc " + "src\\core\\lib\\security\\credentials\\credentials_metadata.cc " + "src\\core\\lib\\security\\credentials\\fake\\fake_credentials.cc " + - "src\\core\\lib\\security\\credentials\\google_default\\compute_engine_channel_credentials.cc " + "src\\core\\lib\\security\\credentials\\google_default\\credentials_generic.cc " + "src\\core\\lib\\security\\credentials\\google_default\\google_default_credentials.cc " + "src\\core\\lib\\security\\credentials\\iam\\iam_credentials.cc " + diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec index d33bbe6d040..695768422c2 100644 --- a/gRPC-Core.podspec +++ b/gRPC-Core.podspec @@ -846,7 +846,6 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/credentials_metadata.cc', 'src/core/lib/security/credentials/fake/fake_credentials.cc', 'src/core/lib/security/credentials/fake/fake_credentials.h', - 'src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc', 'src/core/lib/security/credentials/google_default/credentials_generic.cc', 'src/core/lib/security/credentials/google_default/google_default_credentials.cc', 'src/core/lib/security/credentials/google_default/google_default_credentials.h', diff --git a/grpc.def b/grpc.def index 797c1ae6ec3..2f753b29939 100644 --- a/grpc.def +++ b/grpc.def @@ -106,7 +106,6 @@ EXPORTS grpc_composite_channel_credentials_create grpc_composite_call_credentials_create grpc_google_compute_engine_credentials_create - grpc_compute_engine_channel_credentials_create grpc_max_auth_token_lifetime grpc_service_account_jwt_access_credentials_create grpc_google_refresh_token_credentials_create diff --git a/grpc.gemspec b/grpc.gemspec index c2681db3e87..af04b9d9de4 100644 --- a/grpc.gemspec +++ b/grpc.gemspec @@ -768,7 +768,6 @@ Gem::Specification.new do |s| s.files += %w( src/core/lib/security/credentials/credentials_metadata.cc ) s.files += %w( src/core/lib/security/credentials/fake/fake_credentials.cc ) s.files += %w( src/core/lib/security/credentials/fake/fake_credentials.h ) - s.files += %w( src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc ) s.files += %w( src/core/lib/security/credentials/google_default/credentials_generic.cc ) s.files += %w( src/core/lib/security/credentials/google_default/google_default_credentials.cc ) s.files += %w( src/core/lib/security/credentials/google_default/google_default_credentials.h ) diff --git a/grpc.gyp b/grpc.gyp index 554a6214721..b80efd83534 100644 --- a/grpc.gyp +++ b/grpc.gyp @@ -751,7 +751,6 @@ 'src/core/lib/security/credentials/credentials.cc', 'src/core/lib/security/credentials/credentials_metadata.cc', 'src/core/lib/security/credentials/fake/fake_credentials.cc', - 'src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc', 'src/core/lib/security/credentials/google_default/credentials_generic.cc', 'src/core/lib/security/credentials/google_default/google_default_credentials.cc', 'src/core/lib/security/credentials/iam/iam_credentials.cc', diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index d4eee04aa2d..21f27c8e411 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -29,6 +29,14 @@ extern "C" { #endif +/** --- grpc_call_credentials object. + + A call credentials object represents a way to authenticate on a particular + call. These credentials can be composed with a channel credentials object + so that they are sent with every call on this channel. */ + +typedef struct grpc_call_credentials grpc_call_credentials; + /** --- Authentication Context. --- */ typedef struct grpc_auth_context grpc_auth_context; @@ -133,8 +141,16 @@ GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials* creds); /** Creates default credentials to connect to a google gRPC service. WARNING: Do NOT use this credentials to connect to a non-google service as this could result in an oauth2 token leak. The security level of the - resulting connection is GRPC_PRIVACY_AND_INTEGRITY. */ -GRPCAPI grpc_channel_credentials* grpc_google_default_credentials_create(void); + resulting connection is GRPC_PRIVACY_AND_INTEGRITY. + + If specified, the supplied call credentials object will be attached to the + returned channel credentials object. The call_credentials object must remain + valid throughout the lifetime of the returned grpc_channel_credentials object. + + If nullptr is supplied, the returned call credentials object will use a call + credentials object based on the default service account of the VM. +*/ +GRPCAPI grpc_channel_credentials* grpc_google_default_credentials_create(grpc_call_credentials* call_credentials); /** Callback for getting the SSL roots override from the application. In case of success, *pem_roots_certs must be set to a NULL terminated string @@ -272,14 +288,6 @@ GRPCAPI grpc_channel_credentials* grpc_ssl_credentials_create_ex( const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair, const grpc_ssl_verify_peer_options* verify_options, void* reserved); -/** --- grpc_call_credentials object. - - A call credentials object represents a way to authenticate on a particular - call. These credentials can be composed with a channel credentials object - so that they are sent with every call on this channel. */ - -typedef struct grpc_call_credentials grpc_call_credentials; - /** Releases a call credentials object. The creator of the credentials object is responsible for its release. */ GRPCAPI void grpc_call_credentials_release(grpc_call_credentials* creds); @@ -301,24 +309,6 @@ GRPCAPI grpc_call_credentials* grpc_composite_call_credentials_create( GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create( void* reserved); -/** Creates compute engine channel credentials to connect to a google gRPC - service. - - This channel credential is expected to be used within a composite credential - alongside a compute_engine_credential. If used in conjunction with any call - credential besides a compute_engine_credential, the connection may suddenly - and unexpectedly begin to fail RPCs. - - WARNING: Do NOT use this credentials to connect to a non-google service as - this could result in an oauth2 token leak. The security level of the - resulting connection is GRPC_PRIVACY_AND_INTEGRITY. - - This API is used for experimental purposes for now and may change in the - future. - */ -GRPCAPI grpc_channel_credentials* -grpc_compute_engine_channel_credentials_create(void* reserved); - GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void); /** Creates a JWT credentials object. May return NULL if the input is invalid. diff --git a/package.xml b/package.xml index 6349909ff74..0166a778789 100644 --- a/package.xml +++ b/package.xml @@ -748,7 +748,6 @@ - diff --git a/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc b/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc index c218db86a17..9252e553cee 100644 --- a/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +++ b/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc @@ -73,7 +73,7 @@ grpc_channel* CreateXdsChannel(const XdsBootstrap& bootstrap, if (!bootstrap.server().channel_creds.empty()) { for (size_t i = 0; i < bootstrap.server().channel_creds.size(); ++i) { if (bootstrap.server().channel_creds[i].type == "google_default") { - creds = grpc_google_default_credentials_create(); + creds = grpc_google_default_credentials_create(nullptr); break; } else if (bootstrap.server().channel_creds[i].type == "fake") { creds = grpc_fake_transport_security_credentials_create(); diff --git a/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc b/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc deleted file mode 100644 index f1dcab7da82..00000000000 --- a/src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc +++ /dev/null @@ -1,68 +0,0 @@ -/* - * - * Copyright 2020 The gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include - -#include "src/core/lib/security/credentials/credentials.h" - -#include - -#include -#include -#include - -#include "src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h" -#include "src/core/lib/channel/channel_args.h" -#include "src/core/lib/gpr/env.h" -#include "src/core/lib/gpr/string.h" -#include "src/core/lib/gprpp/ref_counted_ptr.h" -#include "src/core/lib/http/httpcli.h" -#include "src/core/lib/http/parser.h" -#include "src/core/lib/iomgr/load_file.h" -#include "src/core/lib/iomgr/polling_entity.h" -#include "src/core/lib/security/credentials/alts/alts_credentials.h" -#include "src/core/lib/security/credentials/alts/check_gcp_environment.h" -#include "src/core/lib/security/credentials/google_default/google_default_credentials.h" -#include "src/core/lib/security/credentials/jwt/jwt_credentials.h" -#include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h" -#include "src/core/lib/slice/slice_internal.h" -#include "src/core/lib/slice/slice_string_helpers.h" -#include "src/core/lib/surface/api_trace.h" - -grpc_channel_credentials* grpc_compute_engine_channel_credentials_create( - void* reserved) { - grpc_core::ExecCtx exec_ctx; - - GRPC_API_TRACE("grpc_gce_channel_credentials_create(%p)", 1, (reserved)); - - GPR_ASSERT(grpc_core::internal::running_on_gce()); - - grpc_channel_credentials* ssl_creds = - grpc_ssl_credentials_create(nullptr, nullptr, nullptr, nullptr); - GPR_ASSERT(ssl_creds != nullptr); - grpc_alts_credentials_options* options = - grpc_alts_credentials_client_options_create(); - grpc_channel_credentials* alts_creds = grpc_alts_credentials_create(options); - grpc_alts_credentials_options_destroy(options); - - auto creds = new grpc_google_default_channel_credentials( - grpc_core::RefCountedPtr(alts_creds), - grpc_core::RefCountedPtr(ssl_creds)); - - return creds; -} diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 03224c6f7c2..3b5530d2e1b 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -57,6 +57,7 @@ using grpc_core::Json; * means the detection is done via network test that is unreliable and the * unreliable result should not be referred by successive calls. */ static int g_metadata_server_available = 0; +static int g_is_on_gce = 0; static gpr_mu g_state_mu; /* Protect a metadata_server_detector instance that can be modified by more than * one gRPC threads */ @@ -88,7 +89,7 @@ grpc_google_default_channel_credentials::create_security_connector( bool use_alts = is_grpclb_load_balancer || is_backend_from_grpclb_load_balancer; /* Return failure if ALTS is selected but not running on GCE. */ - if (use_alts && !grpc_core::internal::running_on_gce()) { + if (use_alts && !g_is_on_gce) { gpr_log(GPR_ERROR, "ALTS is selected, but not running on GCE."); return nullptr; } @@ -272,35 +273,30 @@ end: return error; } -grpc_channel_credentials* grpc_google_default_credentials_create() { - grpc_channel_credentials* result = nullptr; - grpc_core::RefCountedPtr call_creds; - grpc_error* error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( - "Failed to create Google credentials"); +static void default_call_creds(grpc_core::RefCountedPtr* call_creds, + grpc_error* error) +{ grpc_error* err; - grpc_core::ExecCtx exec_ctx; - - GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ()); - gpr_once_init(&g_once, init_default_credentials); /* First, try the environment variable. */ err = create_default_creds_from_path( - gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR), &call_creds); - if (err == GRPC_ERROR_NONE) goto end; + gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR), call_creds); + if (err == GRPC_ERROR_NONE) return; error = grpc_error_add_child(error, err); /* Then the well-known file. */ err = create_default_creds_from_path( - grpc_get_well_known_google_credentials_file_path(), &call_creds); - if (err == GRPC_ERROR_NONE) goto end; + grpc_get_well_known_google_credentials_file_path(), call_creds); + if (err == GRPC_ERROR_NONE) return; error = grpc_error_add_child(error, err); gpr_mu_lock(&g_state_mu); /* Try a platform-provided hint for GCE. */ if (!g_metadata_server_available) { - g_metadata_server_available = grpc_core::internal::running_on_gce(); + g_is_on_gce = g_gce_tenancy_checker(); + g_metadata_server_available = g_is_on_gce; } /* TODO: Add a platform-provided hint for GAE. */ @@ -311,16 +307,29 @@ grpc_channel_credentials* grpc_google_default_credentials_create() { gpr_mu_unlock(&g_state_mu); if (g_metadata_server_available) { - call_creds = grpc_core::RefCountedPtr( + *call_creds = grpc_core::RefCountedPtr( grpc_google_compute_engine_credentials_create(nullptr)); - if (call_creds == nullptr) { + if (*call_creds == nullptr) { error = grpc_error_add_child( error, GRPC_ERROR_CREATE_FROM_STATIC_STRING( "Failed to get credentials from network")); } } +} + +grpc_channel_credentials* grpc_google_default_credentials_create(grpc_call_credentials* call_credentials) { + grpc_channel_credentials* result = nullptr; + grpc_core::RefCountedPtr call_creds(call_credentials); + grpc_error* error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( + "Failed to create Google credentials"); + grpc_core::ExecCtx exec_ctx; + + GRPC_API_TRACE("grpc_google_default_credentials_create(%p)", 1, (call_credentials)); + + if (call_credentials == nullptr) { + default_call_creds(&call_creds, error); + } -end: if (call_creds != nullptr) { /* Create google default credentials. */ grpc_channel_credentials* ssl_creds = @@ -361,8 +370,6 @@ void grpc_flush_cached_google_default_credentials(void) { gpr_mu_unlock(&g_state_mu); } -bool running_on_gce(void) { return g_gce_tenancy_checker(); } - } // namespace internal } // namespace grpc_core diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.h b/src/core/lib/security/credentials/google_default/google_default_credentials.h index e37683577dd..8a945da31e2 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.h +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.h @@ -77,8 +77,6 @@ typedef bool (*grpc_gce_tenancy_checker)(void); void set_gce_tenancy_checker_for_testing(grpc_gce_tenancy_checker checker); -bool running_on_gce(void); - // TEST-ONLY. Reset the internal global state. void grpc_flush_cached_google_default_credentials(void); diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py index a39691002d2..37bed16955f 100644 --- a/src/python/grpcio/grpc_core_dependencies.py +++ b/src/python/grpcio/grpc_core_dependencies.py @@ -375,7 +375,6 @@ CORE_SOURCE_FILES = [ 'src/core/lib/security/credentials/credentials.cc', 'src/core/lib/security/credentials/credentials_metadata.cc', 'src/core/lib/security/credentials/fake/fake_credentials.cc', - 'src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc', 'src/core/lib/security/credentials/google_default/credentials_generic.cc', 'src/core/lib/security/credentials/google_default/google_default_credentials.cc', 'src/core/lib/security/credentials/iam/iam_credentials.cc', diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.c b/src/ruby/ext/grpc/rb_grpc_imports.generated.c index c88b646d62c..4e50a5c3ea7 100644 --- a/src/ruby/ext/grpc/rb_grpc_imports.generated.c +++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.c @@ -129,7 +129,6 @@ grpc_call_credentials_release_type grpc_call_credentials_release_import; grpc_composite_channel_credentials_create_type grpc_composite_channel_credentials_create_import; grpc_composite_call_credentials_create_type grpc_composite_call_credentials_create_import; grpc_google_compute_engine_credentials_create_type grpc_google_compute_engine_credentials_create_import; -grpc_compute_engine_channel_credentials_create_type grpc_compute_engine_channel_credentials_create_import; grpc_max_auth_token_lifetime_type grpc_max_auth_token_lifetime_import; grpc_service_account_jwt_access_credentials_create_type grpc_service_account_jwt_access_credentials_create_import; grpc_google_refresh_token_credentials_create_type grpc_google_refresh_token_credentials_create_import; @@ -402,7 +401,6 @@ void grpc_rb_load_imports(HMODULE library) { grpc_composite_channel_credentials_create_import = (grpc_composite_channel_credentials_create_type) GetProcAddress(library, "grpc_composite_channel_credentials_create"); grpc_composite_call_credentials_create_import = (grpc_composite_call_credentials_create_type) GetProcAddress(library, "grpc_composite_call_credentials_create"); grpc_google_compute_engine_credentials_create_import = (grpc_google_compute_engine_credentials_create_type) GetProcAddress(library, "grpc_google_compute_engine_credentials_create"); - grpc_compute_engine_channel_credentials_create_import = (grpc_compute_engine_channel_credentials_create_type) GetProcAddress(library, "grpc_compute_engine_channel_credentials_create"); grpc_max_auth_token_lifetime_import = (grpc_max_auth_token_lifetime_type) GetProcAddress(library, "grpc_max_auth_token_lifetime"); grpc_service_account_jwt_access_credentials_create_import = (grpc_service_account_jwt_access_credentials_create_type) GetProcAddress(library, "grpc_service_account_jwt_access_credentials_create"); grpc_google_refresh_token_credentials_create_import = (grpc_google_refresh_token_credentials_create_type) GetProcAddress(library, "grpc_google_refresh_token_credentials_create"); diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.h b/src/ruby/ext/grpc/rb_grpc_imports.generated.h index bcf6c6001f1..5f102485f17 100644 --- a/src/ruby/ext/grpc/rb_grpc_imports.generated.h +++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.h @@ -338,7 +338,7 @@ extern grpc_ssl_session_cache_create_channel_arg_type grpc_ssl_session_cache_cre typedef void(*grpc_channel_credentials_release_type)(grpc_channel_credentials* creds); extern grpc_channel_credentials_release_type grpc_channel_credentials_release_import; #define grpc_channel_credentials_release grpc_channel_credentials_release_import -typedef grpc_channel_credentials*(*grpc_google_default_credentials_create_type)(void); +typedef grpc_channel_credentials*(*grpc_google_default_credentials_create_type)(grpc_call_credentials* call_credentials); extern grpc_google_default_credentials_create_type grpc_google_default_credentials_create_import; #define grpc_google_default_credentials_create grpc_google_default_credentials_create_import typedef void(*grpc_set_ssl_roots_override_callback_type)(grpc_ssl_roots_override_callback cb); @@ -362,9 +362,6 @@ extern grpc_composite_call_credentials_create_type grpc_composite_call_credentia typedef grpc_call_credentials*(*grpc_google_compute_engine_credentials_create_type)(void* reserved); extern grpc_google_compute_engine_credentials_create_type grpc_google_compute_engine_credentials_create_import; #define grpc_google_compute_engine_credentials_create grpc_google_compute_engine_credentials_create_import -typedef grpc_channel_credentials*(*grpc_compute_engine_channel_credentials_create_type)(void* reserved); -extern grpc_compute_engine_channel_credentials_create_type grpc_compute_engine_channel_credentials_create_import; -#define grpc_compute_engine_channel_credentials_create grpc_compute_engine_channel_credentials_create_import typedef gpr_timespec(*grpc_max_auth_token_lifetime_type)(void); extern grpc_max_auth_token_lifetime_type grpc_max_auth_token_lifetime_import; #define grpc_max_auth_token_lifetime grpc_max_auth_token_lifetime_import diff --git a/test/core/security/credentials_test.cc b/test/core/security/credentials_test.cc index a0078d4bd54..0c7a77e45d3 100644 --- a/test/core/security/credentials_test.cc +++ b/test/core/security/credentials_test.cc @@ -1356,7 +1356,7 @@ static void test_google_default_creds_auth_key(void) { "json_key_google_default_creds", json_key); gpr_free(json_key); creds = reinterpret_cast( - grpc_google_default_credentials_create()); + grpc_google_default_credentials_create(nullptr)); auto* default_creds = reinterpret_cast( creds->inner_creds()); @@ -1379,7 +1379,7 @@ static void test_google_default_creds_refresh_token(void) { set_google_default_creds_env_var_with_file_contents( "refresh_token_google_default_creds", test_refresh_token_str); creds = reinterpret_cast( - grpc_google_default_credentials_create()); + grpc_google_default_credentials_create(nullptr)); auto* default_creds = reinterpret_cast( creds->inner_creds()); @@ -1435,7 +1435,7 @@ static void test_google_default_creds_gce(void) { /* Simulate a successful detection of GCE. */ grpc_composite_channel_credentials* creds = reinterpret_cast( - grpc_google_default_credentials_create()); + grpc_google_default_credentials_create(nullptr)); /* Verify that the default creds actually embeds a GCE creds. */ GPR_ASSERT(creds != nullptr); @@ -1474,7 +1474,7 @@ static void test_google_default_creds_non_gce(void) { httpcli_post_should_not_be_called); grpc_composite_channel_credentials* creds = reinterpret_cast( - grpc_google_default_credentials_create()); + grpc_google_default_credentials_create(nullptr)); /* Verify that the default creds actually embeds a GCE creds. */ GPR_ASSERT(creds != nullptr); GPR_ASSERT(creds->call_creds() != nullptr); @@ -1512,34 +1512,16 @@ static void test_no_google_default_creds(void) { default_creds_gce_detection_httpcli_get_failure_override, httpcli_post_should_not_be_called); /* Simulate a successful detection of GCE. */ - GPR_ASSERT(grpc_google_default_credentials_create() == nullptr); + GPR_ASSERT(grpc_google_default_credentials_create(nullptr) == nullptr); /* Try a second one. GCE detection should occur again. */ g_test_gce_tenancy_checker_called = false; - GPR_ASSERT(grpc_google_default_credentials_create() == nullptr); + GPR_ASSERT(grpc_google_default_credentials_create(nullptr) == nullptr); GPR_ASSERT(g_test_gce_tenancy_checker_called == true); /* Cleanup. */ grpc_override_well_known_credentials_path_getter(nullptr); grpc_httpcli_set_override(nullptr, nullptr); } -static void test_compute_engine_channel_creds(void) { - set_gce_tenancy_checker_for_testing(test_gce_tenancy_checker); - g_test_gce_tenancy_checker_called = false; - g_test_is_on_gce = true; - - auto creds = reinterpret_cast( - grpc_compute_engine_channel_credentials_create(nullptr)); - - GPR_ASSERT(creds != nullptr); - GPR_ASSERT( - strcmp(creds->type(), GRPC_CHANNEL_CREDENTIALS_TYPE_GOOGLE_DEFAULT) == 0); - - auto* ssl_creds = creds->ssl_creds(); - GPR_ASSERT(ssl_creds != nullptr); - GPR_ASSERT(strcmp(ssl_creds->type(), GRPC_CHANNEL_CREDENTIALS_TYPE_SSL) == 0); - creds->Unref(); -} - typedef enum { PLUGIN_INITIAL_STATE, PLUGIN_GET_METADATA_CALLED_STATE, @@ -1849,7 +1831,6 @@ int main(int argc, char** argv) { test_google_default_creds_gce(); test_google_default_creds_non_gce(); test_no_google_default_creds(); - test_compute_engine_channel_creds(); test_metadata_plugin_success(); test_metadata_plugin_failure(); test_get_well_known_google_credentials_file_path(); diff --git a/test/core/surface/public_headers_must_be_c89.c b/test/core/surface/public_headers_must_be_c89.c index b4e1166bd01..b6ba715e247 100644 --- a/test/core/surface/public_headers_must_be_c89.c +++ b/test/core/surface/public_headers_must_be_c89.c @@ -173,7 +173,6 @@ int main(int argc, char **argv) { printf("%lx", (unsigned long) grpc_composite_channel_credentials_create); printf("%lx", (unsigned long) grpc_composite_call_credentials_create); printf("%lx", (unsigned long) grpc_google_compute_engine_credentials_create); - printf("%lx", (unsigned long) grpc_compute_engine_channel_credentials_create); printf("%lx", (unsigned long) grpc_max_auth_token_lifetime); printf("%lx", (unsigned long) grpc_service_account_jwt_access_credentials_create); printf("%lx", (unsigned long) grpc_google_refresh_token_credentials_create); diff --git a/tools/doxygen/Doxyfile.c++.internal b/tools/doxygen/Doxyfile.c++.internal index 9a6df168bc0..613e824f4d7 100644 --- a/tools/doxygen/Doxyfile.c++.internal +++ b/tools/doxygen/Doxyfile.c++.internal @@ -1731,7 +1731,6 @@ src/core/lib/security/credentials/credentials.h \ src/core/lib/security/credentials/credentials_metadata.cc \ src/core/lib/security/credentials/fake/fake_credentials.cc \ src/core/lib/security/credentials/fake/fake_credentials.h \ -src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc \ src/core/lib/security/credentials/google_default/credentials_generic.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.h \ diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal index a0826adc4ed..b026c8b1f8a 100644 --- a/tools/doxygen/Doxyfile.core.internal +++ b/tools/doxygen/Doxyfile.core.internal @@ -1543,7 +1543,6 @@ src/core/lib/security/credentials/credentials.h \ src/core/lib/security/credentials/credentials_metadata.cc \ src/core/lib/security/credentials/fake/fake_credentials.cc \ src/core/lib/security/credentials/fake/fake_credentials.h \ -src/core/lib/security/credentials/google_default/compute_engine_channel_credentials.cc \ src/core/lib/security/credentials/google_default/credentials_generic.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.cc \ src/core/lib/security/credentials/google_default/google_default_credentials.h \ From 23dacfc0b4150dc6e83db030f039f35ccff05dd5 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Tue, 7 Jul 2020 01:10:12 +0000 Subject: [PATCH 25/53] Add Python wrapper --- .../google_default_credentials.cc | 37 +++++++++++-------- src/python/grpcio/grpc/__init__.py | 5 +-- .../grpc/_cython/_cygrpc/credentials.pyx.pxi | 12 ++++-- .../grpcio/grpc/_cython/_cygrpc/grpc.pxi | 3 +- .../grpcio_tests/tests/interop/client.py | 14 ++++--- 5 files changed, 40 insertions(+), 31 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 3b5530d2e1b..16db70040bb 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -273,11 +273,29 @@ end: return error; } +static void update_tenancy() { + gpr_once_init(&g_once, init_default_credentials); + gpr_mu_lock(&g_state_mu); + + /* Try a platform-provided hint for GCE. */ + if (!g_metadata_server_available) { + g_is_on_gce = g_gce_tenancy_checker(); + g_metadata_server_available = g_is_on_gce; + } + /* TODO: Add a platform-provided hint for GAE. */ + + /* Do a network test for metadata server. */ + if (!g_metadata_server_available) { + g_metadata_server_available = is_metadata_server_reachable(); + } + gpr_mu_unlock(&g_state_mu); + +} + static void default_call_creds(grpc_core::RefCountedPtr* call_creds, grpc_error* error) { grpc_error* err; - gpr_once_init(&g_once, init_default_credentials); /* First, try the environment variable. */ err = create_default_creds_from_path( @@ -291,21 +309,6 @@ static void default_call_creds(grpc_core::RefCountedPtr* if (err == GRPC_ERROR_NONE) return; error = grpc_error_add_child(error, err); - gpr_mu_lock(&g_state_mu); - - /* Try a platform-provided hint for GCE. */ - if (!g_metadata_server_available) { - g_is_on_gce = g_gce_tenancy_checker(); - g_metadata_server_available = g_is_on_gce; - } - /* TODO: Add a platform-provided hint for GAE. */ - - /* Do a network test for metadata server. */ - if (!g_metadata_server_available) { - g_metadata_server_available = is_metadata_server_reachable(); - } - gpr_mu_unlock(&g_state_mu); - if (g_metadata_server_available) { *call_creds = grpc_core::RefCountedPtr( grpc_google_compute_engine_credentials_create(nullptr)); @@ -326,6 +329,8 @@ grpc_channel_credentials* grpc_google_default_credentials_create(grpc_call_crede GRPC_API_TRACE("grpc_google_default_credentials_create(%p)", 1, (call_credentials)); + update_tenancy(); + if (call_credentials == nullptr) { default_call_creds(&call_creds, error); } diff --git a/src/python/grpcio/grpc/__init__.py b/src/python/grpcio/grpc/__init__.py index f1eba51f59a..37ada3cb51c 100644 --- a/src/python/grpcio/grpc/__init__.py +++ b/src/python/grpcio/grpc/__init__.py @@ -1868,10 +1868,9 @@ def alts_server_credentials(): return ServerCredentials(_cygrpc.server_credentials_alts()) -def compute_engine_channel_credentials(): +def compute_engine_channel_credentials(call_credentials): """Creates a compute engine channel credential. - This is an EXPERIMENAL API. This credential can only be used in a GCP environment as ir relies on a handshaker service. For more infor about ALTS, see https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security @@ -1881,7 +1880,7 @@ def compute_engine_channel_credentials(): with any other call credential, the connection may suddenly and unexpectedly begin failing RPCs. """ - return ChannelCredentials(_cygrpc.channel_credentials_compute_engine()) + return ChannelCredentials(_cygrpc.channel_credentials_compute_engine(call_credentials._credentials)) def channel_ready_future(channel): diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi index 950373f303f..c75579cc04f 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi +++ b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi @@ -384,14 +384,18 @@ def server_credentials_alts(): cdef class ComputeEngineChannelCredentials(ChannelCredentials): cdef grpc_channel_credentials* _c_creds + cdef grpc_call_credentials* _call_creds - def __cinit__(self): + def __cinit__(self, CallCredentials call_creds): self._c_creds = NULL + self._call_creds = call_creds.c() + if self._call_creds == NULL: + raise ValueError("Call credentials may not be NULL.") cdef grpc_channel_credentials *c(self) except *: - self._c_creds = grpc_compute_engine_channel_credentials_create(NULL) + self._c_creds = grpc_google_default_credentials_create(self._call_creds) return self._c_creds -def channel_credentials_compute_engine(): - return ComputeEngineChannelCredentials() +def channel_credentials_compute_engine(call_creds): + return ComputeEngineChannelCredentials(call_creds) diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi index 287817bd5ae..a7131355a07 100644 --- a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi +++ b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi @@ -504,8 +504,7 @@ cdef extern from "grpc/grpc_security.h": void grpc_set_ssl_roots_override_callback( grpc_ssl_roots_override_callback cb) nogil - grpc_channel_credentials *grpc_google_default_credentials_create() nogil - grpc_channel_credentials *grpc_compute_engine_channel_credentials_create(void* reserved) nogil + grpc_channel_credentials *grpc_google_default_credentials_create(grpc_call_credentials* call_credentials) nogil grpc_channel_credentials *grpc_ssl_credentials_create( const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair, verify_peer_options *verify_options, void *reserved) nogil diff --git a/src/python/grpcio_tests/tests/interop/client.py b/src/python/grpcio_tests/tests/interop/client.py index b638ceeb727..b56880c5c07 100644 --- a/src/python/grpcio_tests/tests/interop/client.py +++ b/src/python/grpcio_tests/tests/interop/client.py @@ -109,19 +109,21 @@ def get_secure_channel_parameters(args): % args.grpc_test_use_grpclb_with_child_policy),) if args.custom_credentials_type is not None: if args.custom_credentials_type == "compute_engine_channel_creds": + # channel_credentials = grpc.google_default_channel_credentials() if call_credentials is not None: - raise ValueError( - "Cannot use both compute_engine_creds " + - "and {} as call creds.".format(call_credentials)) + raise ValueError("What? That's not true! That's impossible!") google_credentials, unused_project_id = google_auth.default( scopes=[args.oauth_scope]) call_creds = grpc.metadata_call_credentials( google_auth.transport.grpc.AuthMetadataPlugin( credentials=google_credentials, request=google_auth.transport.requests.Request())) - channel_credentials = grpc.compute_engine_channel_credentials() - channel_credentials = grpc.composite_channel_credentials( - channel_credentials, call_creds) + # TODO: Is there any reason why it actually had to take this argument? + # Couldn't we just as easily have created a composite channel credential? + channel_credentials = grpc.compute_engine_channel_credentials(call_creds) + # channel_credentials = grpc.composite_channel_credentials(channel_credent) + # channel_credentials = grpc.composite_channel_credentials( + # channel_credentials, call_credentials) else: raise ValueError("Unknown credentials type '{}'".format( args.custom_credentials_type)) From a03e8efdf51e6b7eab835f58971b83e2f39f210f Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Wed, 8 Jul 2020 19:41:38 +0000 Subject: [PATCH 26/53] Make warning more dire --- include/grpc/grpc_security.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 21f27c8e411..51696b53c38 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -146,6 +146,10 @@ GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials* creds); If specified, the supplied call credentials object will be attached to the returned channel credentials object. The call_credentials object must remain valid throughout the lifetime of the returned grpc_channel_credentials object. + It is expected that the call credentials object was generated according to + the Application Default Credentials mechanism and asserts the identity of + default service account of the machine. Supplying any other sort of call + credential may result in RPCs suddenly and unexpectedly failing. If nullptr is supplied, the returned call credentials object will use a call credentials object based on the default service account of the VM. From d067b63d48870e2fdad49a96bf72e57d1ae9cfea Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Wed, 8 Jul 2020 23:09:57 +0000 Subject: [PATCH 27/53] WIP --- .../credentials/google_default/google_default_credentials.cc | 1 - src/cpp/client/secure_credentials.cc | 2 +- test/core/security/credentials_test.cc | 5 +++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 16db70040bb..0c2887e09cf 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -289,7 +289,6 @@ static void update_tenancy() { g_metadata_server_available = is_metadata_server_reachable(); } gpr_mu_unlock(&g_state_mu); - } static void default_call_creds(grpc_core::RefCountedPtr* call_creds, diff --git a/src/cpp/client/secure_credentials.cc b/src/cpp/client/secure_credentials.cc index b21d5102e23..a07b8ad1d53 100644 --- a/src/cpp/client/secure_credentials.cc +++ b/src/cpp/client/secure_credentials.cc @@ -97,7 +97,7 @@ std::shared_ptr WrapCallCredentials( std::shared_ptr GoogleDefaultCredentials() { grpc::GrpcLibraryCodegen init; // To call grpc_init(). - return WrapChannelCredentials(grpc_google_default_credentials_create()); + return WrapChannelCredentials(grpc_google_default_credentials_create(nullptr)); } // Builds SSL Credentials given SSL specific options diff --git a/test/core/security/credentials_test.cc b/test/core/security/credentials_test.cc index 0c7a77e45d3..bef437735b9 100644 --- a/test/core/security/credentials_test.cc +++ b/test/core/security/credentials_test.cc @@ -1522,6 +1522,10 @@ static void test_no_google_default_creds(void) { grpc_httpcli_set_override(nullptr, nullptr); } +static void test_google_default_creds_call_creds_specified(void) { + +} + typedef enum { PLUGIN_INITIAL_STATE, PLUGIN_GET_METADATA_CALLED_STATE, @@ -1831,6 +1835,7 @@ int main(int argc, char** argv) { test_google_default_creds_gce(); test_google_default_creds_non_gce(); test_no_google_default_creds(); + test_google_default_creds_call_creds_specified(); test_metadata_plugin_success(); test_metadata_plugin_failure(); test_get_well_known_google_credentials_file_path(); From 8412476a9b936c89393130ab66599187617f1ec0 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Thu, 9 Jul 2020 21:49:06 +0000 Subject: [PATCH 28/53] Add sunny day core API path --- test/core/security/credentials_test.cc | 28 +++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/test/core/security/credentials_test.cc b/test/core/security/credentials_test.cc index bef437735b9..e8ce3cd4222 100644 --- a/test/core/security/credentials_test.cc +++ b/test/core/security/credentials_test.cc @@ -1523,9 +1523,35 @@ static void test_no_google_default_creds(void) { } static void test_google_default_creds_call_creds_specified(void) { - + expected_md emd[] = { + {"authorization", "Bearer ya29.AHES6ZRN3-HlhAPya30GnW_bHSb_"}}; + request_metadata_state* state = + make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd)); + grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method, + nullptr, nullptr}; + grpc_core::ExecCtx exec_ctx; + grpc_flush_cached_google_default_credentials(); + grpc_call_credentials* call_creds = grpc_google_compute_engine_credentials_create(nullptr); + set_gce_tenancy_checker_for_testing(test_gce_tenancy_checker); + grpc_httpcli_set_override( + default_creds_metadata_server_detection_httpcli_get_success_override, + httpcli_post_should_not_be_called); + g_test_gce_tenancy_checker_called = false; + g_test_is_on_gce = true; + grpc_composite_channel_credentials* channel_creds = reinterpret_cast(grpc_google_default_credentials_create(call_creds)); + GPR_ASSERT(g_test_gce_tenancy_checker_called == true); + GPR_ASSERT(channel_creds != nullptr); + GPR_ASSERT(channel_creds->call_creds() != nullptr); + grpc_httpcli_set_override(compute_engine_httpcli_get_success_override, + httpcli_post_should_not_be_called); + run_request_metadata_test(channel_creds->mutable_call_creds(), auth_md_ctx, state); + grpc_core::ExecCtx::Get()->Flush(); + channel_creds->Unref(); + grpc_httpcli_set_override(nullptr, nullptr); } +// TODO: Test that we don't go down the nullptr path regardless of env vars. + typedef enum { PLUGIN_INITIAL_STATE, PLUGIN_GET_METADATA_CALLED_STATE, From ff5f4bb6fc99acf07b413fc3949bcf636630dd5e Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 10 Jul 2020 00:31:23 +0000 Subject: [PATCH 29/53] Add test --- include/grpc/grpc_security.h | 15 ++-- .../google_default_credentials.cc | 12 ++-- src/cpp/client/secure_credentials.cc | 3 +- test/core/security/credentials_test.cc | 68 +++++++++++++++++-- 4 files changed, 79 insertions(+), 19 deletions(-) diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 51696b53c38..29dd1e6f1b0 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -142,19 +142,20 @@ GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials* creds); WARNING: Do NOT use this credentials to connect to a non-google service as this could result in an oauth2 token leak. The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY. - + If specified, the supplied call credentials object will be attached to the returned channel credentials object. The call_credentials object must remain - valid throughout the lifetime of the returned grpc_channel_credentials object. - It is expected that the call credentials object was generated according to - the Application Default Credentials mechanism and asserts the identity of - default service account of the machine. Supplying any other sort of call - credential may result in RPCs suddenly and unexpectedly failing. + valid throughout the lifetime of the returned grpc_channel_credentials + object. It is expected that the call credentials object was generated + according to the Application Default Credentials mechanism and asserts the + identity of default service account of the machine. Supplying any other sort + of call credential may result in RPCs suddenly and unexpectedly failing. If nullptr is supplied, the returned call credentials object will use a call credentials object based on the default service account of the VM. */ -GRPCAPI grpc_channel_credentials* grpc_google_default_credentials_create(grpc_call_credentials* call_credentials); +GRPCAPI grpc_channel_credentials* grpc_google_default_credentials_create( + grpc_call_credentials* call_credentials); /** Callback for getting the SSL roots override from the application. In case of success, *pem_roots_certs must be set to a NULL terminated string diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 0c2887e09cf..b0b61b55281 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -291,9 +291,9 @@ static void update_tenancy() { gpr_mu_unlock(&g_state_mu); } -static void default_call_creds(grpc_core::RefCountedPtr* call_creds, - grpc_error* error) -{ +static void default_call_creds( + grpc_core::RefCountedPtr* call_creds, + grpc_error* error) { grpc_error* err; /* First, try the environment variable. */ @@ -319,14 +319,16 @@ static void default_call_creds(grpc_core::RefCountedPtr* } } -grpc_channel_credentials* grpc_google_default_credentials_create(grpc_call_credentials* call_credentials) { +grpc_channel_credentials* grpc_google_default_credentials_create( + grpc_call_credentials* call_credentials) { grpc_channel_credentials* result = nullptr; grpc_core::RefCountedPtr call_creds(call_credentials); grpc_error* error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( "Failed to create Google credentials"); grpc_core::ExecCtx exec_ctx; - GRPC_API_TRACE("grpc_google_default_credentials_create(%p)", 1, (call_credentials)); + GRPC_API_TRACE("grpc_google_default_credentials_create(%p)", 1, + (call_credentials)); update_tenancy(); diff --git a/src/cpp/client/secure_credentials.cc b/src/cpp/client/secure_credentials.cc index a07b8ad1d53..3213cd43923 100644 --- a/src/cpp/client/secure_credentials.cc +++ b/src/cpp/client/secure_credentials.cc @@ -97,7 +97,8 @@ std::shared_ptr WrapCallCredentials( std::shared_ptr GoogleDefaultCredentials() { grpc::GrpcLibraryCodegen init; // To call grpc_init(). - return WrapChannelCredentials(grpc_google_default_credentials_create(nullptr)); + return WrapChannelCredentials( + grpc_google_default_credentials_create(nullptr)); } // Builds SSL Credentials given SSL specific options diff --git a/test/core/security/credentials_test.cc b/test/core/security/credentials_test.cc index e8ce3cd4222..c53d4d99e3e 100644 --- a/test/core/security/credentials_test.cc +++ b/test/core/security/credentials_test.cc @@ -1531,26 +1531,81 @@ static void test_google_default_creds_call_creds_specified(void) { nullptr, nullptr}; grpc_core::ExecCtx exec_ctx; grpc_flush_cached_google_default_credentials(); - grpc_call_credentials* call_creds = grpc_google_compute_engine_credentials_create(nullptr); + grpc_call_credentials* call_creds = + grpc_google_compute_engine_credentials_create(nullptr); set_gce_tenancy_checker_for_testing(test_gce_tenancy_checker); + g_test_gce_tenancy_checker_called = false; + g_test_is_on_gce = true; grpc_httpcli_set_override( default_creds_metadata_server_detection_httpcli_get_success_override, httpcli_post_should_not_be_called); - g_test_gce_tenancy_checker_called = false; - g_test_is_on_gce = true; - grpc_composite_channel_credentials* channel_creds = reinterpret_cast(grpc_google_default_credentials_create(call_creds)); + grpc_composite_channel_credentials* channel_creds = + reinterpret_cast( + grpc_google_default_credentials_create(call_creds)); GPR_ASSERT(g_test_gce_tenancy_checker_called == true); GPR_ASSERT(channel_creds != nullptr); GPR_ASSERT(channel_creds->call_creds() != nullptr); grpc_httpcli_set_override(compute_engine_httpcli_get_success_override, httpcli_post_should_not_be_called); - run_request_metadata_test(channel_creds->mutable_call_creds(), auth_md_ctx, state); + run_request_metadata_test(channel_creds->mutable_call_creds(), auth_md_ctx, + state); grpc_core::ExecCtx::Get()->Flush(); channel_creds->Unref(); grpc_httpcli_set_override(nullptr, nullptr); } -// TODO: Test that we don't go down the nullptr path regardless of env vars. +struct fake_call_creds : public grpc_call_credentials { + public: + // TODO: Keep a single md_elem? + explicit fake_call_creds() : grpc_call_credentials("fake") {} + + bool get_request_metadata(grpc_polling_entity* pollent, + grpc_auth_metadata_context context, + grpc_credentials_mdelem_array* md_array, + grpc_closure* on_request_metadata, + grpc_error** error) { + grpc_slice key = grpc_slice_from_static_string("foo"); + grpc_slice value = grpc_slice_from_static_string("oof"); + grpc_mdelem dummy_md = grpc_mdelem_from_slices(key, value); + grpc_slice_unref(key); + grpc_slice_unref(value); + grpc_credentials_mdelem_array_add(md_array, dummy_md); + GRPC_MDELEM_UNREF(dummy_md); + return false; + } + + void cancel_get_request_metadata(grpc_credentials_mdelem_array* md_array, + grpc_error* error) {} +}; + +static void test_google_default_creds_not_default(void) { + expected_md emd[] = {{"foo", "oof"}}; + request_metadata_state* state = + make_request_metadata_state(GRPC_ERROR_NONE, emd, GPR_ARRAY_SIZE(emd)); + grpc_auth_metadata_context auth_md_ctx = {test_service_url, test_method, + nullptr, nullptr}; + grpc_core::ExecCtx exec_ctx; + grpc_flush_cached_google_default_credentials(); + grpc_core::RefCountedPtr call_creds = + grpc_core::MakeRefCounted(); + set_gce_tenancy_checker_for_testing(test_gce_tenancy_checker); + g_test_gce_tenancy_checker_called = false; + g_test_is_on_gce = true; + grpc_httpcli_set_override( + default_creds_metadata_server_detection_httpcli_get_success_override, + httpcli_post_should_not_be_called); + grpc_composite_channel_credentials* channel_creds = + reinterpret_cast( + grpc_google_default_credentials_create(call_creds.release())); + GPR_ASSERT(g_test_gce_tenancy_checker_called == true); + GPR_ASSERT(channel_creds != nullptr); + GPR_ASSERT(channel_creds->call_creds() != nullptr); + run_request_metadata_test(channel_creds->mutable_call_creds(), auth_md_ctx, + state); + grpc_core::ExecCtx::Get()->Flush(); + channel_creds->Unref(); + grpc_httpcli_set_override(nullptr, nullptr); +} typedef enum { PLUGIN_INITIAL_STATE, @@ -1862,6 +1917,7 @@ int main(int argc, char** argv) { test_google_default_creds_non_gce(); test_no_google_default_creds(); test_google_default_creds_call_creds_specified(); + test_google_default_creds_not_default(); test_metadata_plugin_success(); test_metadata_plugin_failure(); test_get_well_known_google_credentials_file_path(); From e9a90ab30a4a0ee0e83380fddc70e7744c438a0b Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 10 Jul 2020 00:42:55 +0000 Subject: [PATCH 30/53] Clean up --- include/grpc/grpc_security.h | 6 +++--- src/python/grpcio/grpc/__init__.py | 4 +++- src/python/grpcio_tests/tests/interop/client.py | 12 +++--------- 3 files changed, 9 insertions(+), 13 deletions(-) diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 29dd1e6f1b0..be58e7f40bf 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -148,11 +148,11 @@ GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials* creds); valid throughout the lifetime of the returned grpc_channel_credentials object. It is expected that the call credentials object was generated according to the Application Default Credentials mechanism and asserts the - identity of default service account of the machine. Supplying any other sort - of call credential may result in RPCs suddenly and unexpectedly failing. + identity of the default service account of the machine. Supplying any other + sort of call credential may result in RPCs suddenly and unexpectedly failing. If nullptr is supplied, the returned call credentials object will use a call - credentials object based on the default service account of the VM. + credentials object based on the Application Default Credentials mechanism. */ GRPCAPI grpc_channel_credentials* grpc_google_default_credentials_create( grpc_call_credentials* call_credentials); diff --git a/src/python/grpcio/grpc/__init__.py b/src/python/grpcio/grpc/__init__.py index 37ada3cb51c..e7a8bff293f 100644 --- a/src/python/grpcio/grpc/__init__.py +++ b/src/python/grpcio/grpc/__init__.py @@ -1880,7 +1880,9 @@ def compute_engine_channel_credentials(call_credentials): with any other call credential, the connection may suddenly and unexpectedly begin failing RPCs. """ - return ChannelCredentials(_cygrpc.channel_credentials_compute_engine(call_credentials._credentials)) + return ChannelCredentials( + _cygrpc.channel_credentials_compute_engine( + call_credentials._credentials)) def channel_ready_future(channel): diff --git a/src/python/grpcio_tests/tests/interop/client.py b/src/python/grpcio_tests/tests/interop/client.py index b56880c5c07..4d35f7ca32a 100644 --- a/src/python/grpcio_tests/tests/interop/client.py +++ b/src/python/grpcio_tests/tests/interop/client.py @@ -109,21 +109,15 @@ def get_secure_channel_parameters(args): % args.grpc_test_use_grpclb_with_child_policy),) if args.custom_credentials_type is not None: if args.custom_credentials_type == "compute_engine_channel_creds": - # channel_credentials = grpc.google_default_channel_credentials() - if call_credentials is not None: - raise ValueError("What? That's not true! That's impossible!") + assert call_credentials is None google_credentials, unused_project_id = google_auth.default( scopes=[args.oauth_scope]) call_creds = grpc.metadata_call_credentials( google_auth.transport.grpc.AuthMetadataPlugin( credentials=google_credentials, request=google_auth.transport.requests.Request())) - # TODO: Is there any reason why it actually had to take this argument? - # Couldn't we just as easily have created a composite channel credential? - channel_credentials = grpc.compute_engine_channel_credentials(call_creds) - # channel_credentials = grpc.composite_channel_credentials(channel_credent) - # channel_credentials = grpc.composite_channel_credentials( - # channel_credentials, call_credentials) + channel_credentials = grpc.compute_engine_channel_credentials( + call_creds) else: raise ValueError("Unknown credentials type '{}'".format( args.custom_credentials_type)) From acbda9835ef44587c278101fc04fd508c641b83f Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 10 Jul 2020 00:50:23 +0000 Subject: [PATCH 31/53] Reuse mdelem --- test/core/security/credentials_test.cc | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/test/core/security/credentials_test.cc b/test/core/security/credentials_test.cc index c53d4d99e3e..29d3f49c7d0 100644 --- a/test/core/security/credentials_test.cc +++ b/test/core/security/credentials_test.cc @@ -1556,26 +1556,30 @@ static void test_google_default_creds_call_creds_specified(void) { struct fake_call_creds : public grpc_call_credentials { public: - // TODO: Keep a single md_elem? - explicit fake_call_creds() : grpc_call_credentials("fake") {} + explicit fake_call_creds() : grpc_call_credentials("fake") { + grpc_slice key = grpc_slice_from_static_string("foo"); + grpc_slice value = grpc_slice_from_static_string("oof"); + dummy_md_ = grpc_mdelem_from_slices(key, value); + grpc_slice_unref(key); + grpc_slice_unref(value); + } + + ~fake_call_creds() { GRPC_MDELEM_UNREF(dummy_md_); } bool get_request_metadata(grpc_polling_entity* pollent, grpc_auth_metadata_context context, grpc_credentials_mdelem_array* md_array, grpc_closure* on_request_metadata, grpc_error** error) { - grpc_slice key = grpc_slice_from_static_string("foo"); - grpc_slice value = grpc_slice_from_static_string("oof"); - grpc_mdelem dummy_md = grpc_mdelem_from_slices(key, value); - grpc_slice_unref(key); - grpc_slice_unref(value); - grpc_credentials_mdelem_array_add(md_array, dummy_md); - GRPC_MDELEM_UNREF(dummy_md); + grpc_credentials_mdelem_array_add(md_array, dummy_md_); return false; } void cancel_get_request_metadata(grpc_credentials_mdelem_array* md_array, grpc_error* error) {} + + private: + grpc_mdelem dummy_md_; }; static void test_google_default_creds_not_default(void) { From 535d0da0dd8fb11fb49e7f1ec0f4e03c4537811a Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 10 Jul 2020 19:05:56 +0000 Subject: [PATCH 32/53] Complete synchronously --- test/core/security/credentials_test.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/core/security/credentials_test.cc b/test/core/security/credentials_test.cc index 9e24f68bf6a..8029c023f35 100644 --- a/test/core/security/credentials_test.cc +++ b/test/core/security/credentials_test.cc @@ -1572,7 +1572,7 @@ struct fake_call_creds : public grpc_call_credentials { grpc_closure* on_request_metadata, grpc_error** error) { grpc_credentials_mdelem_array_add(md_array, dummy_md_); - return false; + return true; } void cancel_get_request_metadata(grpc_credentials_mdelem_array* md_array, From 519ecd4aa882517b0e15fc26203c9c1fda571a96 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Fri, 10 Jul 2020 19:06:17 +0000 Subject: [PATCH 33/53] Accomodate PHP --- src/php/ext/grpc/channel_credentials.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/php/ext/grpc/channel_credentials.c b/src/php/ext/grpc/channel_credentials.c index a1611d13518..ae9e469547d 100644 --- a/src/php/ext/grpc/channel_credentials.c +++ b/src/php/ext/grpc/channel_credentials.c @@ -131,7 +131,7 @@ PHP_METHOD(ChannelCredentials, invalidateDefaultRootsPem) { * @return ChannelCredentials The new default channel credentials object */ PHP_METHOD(ChannelCredentials, createDefault) { - grpc_channel_credentials *creds = grpc_google_default_credentials_create(); + grpc_channel_credentials *creds = grpc_google_default_credentials_create(NULL); zval *creds_object = grpc_php_wrap_channel_credentials(creds, NULL, false TSRMLS_CC); RETURN_DESTROY_ZVAL(creds_object); From 36a78115eac31cef2b2605e29e30451b94b186fe Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Mon, 13 Jul 2020 18:42:07 +0000 Subject: [PATCH 34/53] Reorganize header --- include/grpc/grpc_security.h | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 737a7633760..67661ee77e8 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -29,14 +29,6 @@ extern "C" { #endif -/** --- grpc_call_credentials object. - - A call credentials object represents a way to authenticate on a particular - call. These credentials can be composed with a channel credentials object - so that they are sent with every call on this channel. */ - -typedef struct grpc_call_credentials grpc_call_credentials; - /** --- Authentication Context. --- */ typedef struct grpc_auth_context grpc_auth_context; @@ -127,6 +119,18 @@ GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache* cache); GRPCAPI grpc_arg grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache* cache); +/** --- grpc_call_credentials object. + + A call credentials object represents a way to authenticate on a particular + call. These credentials can be composed with a channel credentials object + so that they are sent with every call on this channel. */ + +typedef struct grpc_call_credentials grpc_call_credentials; + +/** Releases a call credentials object. + The creator of the credentials object is responsible for its release. */ +GRPCAPI void grpc_call_credentials_release(grpc_call_credentials* creds); + /** --- grpc_channel_credentials object. --- A channel credentials object represents a way to authenticate a client on a @@ -293,16 +297,14 @@ GRPCAPI grpc_channel_credentials* grpc_ssl_credentials_create_ex( const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair, const grpc_ssl_verify_peer_options* verify_options, void* reserved); -/** Releases a call credentials object. - The creator of the credentials object is responsible for its release. */ -GRPCAPI void grpc_call_credentials_release(grpc_call_credentials* creds); - /** Creates a composite channel credentials object. The security level of * resulting connection is determined by channel_creds. */ GRPCAPI grpc_channel_credentials* grpc_composite_channel_credentials_create( grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds, void* reserved); +/** --- composite credentials. */ + /** Creates a composite call credentials object. */ GRPCAPI grpc_call_credentials* grpc_composite_call_credentials_create( grpc_call_credentials* creds1, grpc_call_credentials* creds2, From 702c154fe8a4b96142c9e9278e7c06442e352553 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Mon, 13 Jul 2020 18:52:05 +0000 Subject: [PATCH 35/53] Change signature --- .../google_default_credentials.cc | 30 ++++++++++--------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index df5989eae85..43dcceac90b 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -291,35 +291,37 @@ static void update_tenancy() { gpr_mu_unlock(&g_state_mu); } -static void default_call_creds( - grpc_core::RefCountedPtr* call_creds, - grpc_error* error) { +static grpc_core::RefCountedPtrdefault_call_creds( + grpc_error** error) { + grpc_core::RefCountedPtr call_creds; grpc_error* err; /* First, try the environment variable. */ char* path_from_env = gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR); if (path_from_env != nullptr) { - err = create_default_creds_from_path(path_from_env, call_creds); + err = create_default_creds_from_path(path_from_env, &call_creds); gpr_free(path_from_env); - if (err == GRPC_ERROR_NONE) return; - error = grpc_error_add_child(error, err); + if (err == GRPC_ERROR_NONE) return call_creds; + *error = grpc_error_add_child(*error, err); } /* Then the well-known file. */ err = create_default_creds_from_path( - grpc_get_well_known_google_credentials_file_path(), call_creds); - if (err == GRPC_ERROR_NONE) return; - error = grpc_error_add_child(error, err); + grpc_get_well_known_google_credentials_file_path(), &call_creds); + if (err == GRPC_ERROR_NONE) return call_creds; + *error = grpc_error_add_child(*error, err); if (g_metadata_server_available) { - *call_creds = grpc_core::RefCountedPtr( + call_creds = grpc_core::RefCountedPtr( grpc_google_compute_engine_credentials_create(nullptr)); - if (*call_creds == nullptr) { - error = grpc_error_add_child( - error, GRPC_ERROR_CREATE_FROM_STATIC_STRING( + if (call_creds == nullptr) { + *error = grpc_error_add_child( + *error, GRPC_ERROR_CREATE_FROM_STATIC_STRING( "Failed to get credentials from network")); } } + + return call_creds; } grpc_channel_credentials* grpc_google_default_credentials_create( @@ -336,7 +338,7 @@ grpc_channel_credentials* grpc_google_default_credentials_create( update_tenancy(); if (call_credentials == nullptr) { - default_call_creds(&call_creds, error); + call_creds = default_call_creds(&error); } if (call_creds != nullptr) { From 498a61ded592740f1b9e897498c46ff71f392ef2 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Mon, 13 Jul 2020 19:01:16 +0000 Subject: [PATCH 36/53] Clean up --- .../google_default/google_default_credentials.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 43dcceac90b..b6d15f139ba 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -291,7 +291,7 @@ static void update_tenancy() { gpr_mu_unlock(&g_state_mu); } -static grpc_core::RefCountedPtrdefault_call_creds( +static grpc_core::RefCountedPtrmake_default_call_creds( grpc_error** error) { grpc_core::RefCountedPtr call_creds; grpc_error* err; @@ -337,8 +337,8 @@ grpc_channel_credentials* grpc_google_default_credentials_create( update_tenancy(); - if (call_credentials == nullptr) { - call_creds = default_call_creds(&error); + if (call_creds == nullptr) { + call_creds = make_default_call_creds(&error); } if (call_creds != nullptr) { From 7e3f3d61a2ff5084595be5a7f68a7b66badc7c50 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Mon, 13 Jul 2020 19:09:33 +0000 Subject: [PATCH 37/53] Format --- .../google_default/google_default_credentials.cc | 4 ++-- src/python/grpcio/grpc/__init__.py | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index b6d15f139ba..c07ae68918f 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -291,7 +291,7 @@ static void update_tenancy() { gpr_mu_unlock(&g_state_mu); } -static grpc_core::RefCountedPtrmake_default_call_creds( +static grpc_core::RefCountedPtr make_default_call_creds( grpc_error** error) { grpc_core::RefCountedPtr call_creds; grpc_error* err; @@ -317,7 +317,7 @@ static grpc_core::RefCountedPtrmake_default_call_creds( if (call_creds == nullptr) { *error = grpc_error_add_child( *error, GRPC_ERROR_CREATE_FROM_STATIC_STRING( - "Failed to get credentials from network")); + "Failed to get credentials from network")); } } diff --git a/src/python/grpcio/grpc/__init__.py b/src/python/grpcio/grpc/__init__.py index 8f856af06df..def6a868d84 100644 --- a/src/python/grpcio/grpc/__init__.py +++ b/src/python/grpcio/grpc/__init__.py @@ -1871,14 +1871,14 @@ def alts_server_credentials(): def compute_engine_channel_credentials(call_credentials): """Creates a compute engine channel credential. - This credential can only be used in a GCP environment as ir relies on - a handshaker service. For more infor about ALTS, see + This credential can only be used in a GCP environment as it relies on + a handshaker service. For more info about ALTS, see https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security This channel credential is expected to be used as part of a composite - credential in conjunction with a compute_engine_call_credential. if used - with any other call credential, the connection may suddenly and unexpectedly - begin failing RPCs. + credential in conjunction with a call credential following the Application + Default Credentials strategy. If used with any other sort of call + credential, the connection may suddenly and unexpectedly begin failing RPCs. """ return ChannelCredentials( _cygrpc.channel_credentials_compute_engine( From 2b4b484e1f2055a3882897078791255b92e18b0a Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Mon, 13 Jul 2020 19:11:56 +0000 Subject: [PATCH 38/53] Typo --- include/grpc/grpc_security.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 67661ee77e8..12803548687 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -155,8 +155,9 @@ GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials* creds); identity of the default service account of the machine. Supplying any other sort of call credential may result in RPCs suddenly and unexpectedly failing. - If nullptr is supplied, the returned call credentials object will use a call - credentials object based on the Application Default Credentials mechanism. + If nullptr is supplied, the returned channel credentials object will use a + call credentials object based on the Application Default Credentials + mechanism. */ GRPCAPI grpc_channel_credentials* grpc_google_default_credentials_create( grpc_call_credentials* call_credentials); From 0ef84e430624782c53ff2da4d32016bb80e8258e Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Mon, 13 Jul 2020 19:36:54 +0000 Subject: [PATCH 39/53] Regenerate projects --- grpc.def | 2 +- src/ruby/ext/grpc/rb_grpc_imports.generated.c | 4 ++-- src/ruby/ext/grpc/rb_grpc_imports.generated.h | 6 +++--- test/core/surface/public_headers_must_be_c89.c | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/grpc.def b/grpc.def index ad0dca2f0d4..e451ad5bc1d 100644 --- a/grpc.def +++ b/grpc.def @@ -97,12 +97,12 @@ EXPORTS grpc_ssl_session_cache_create_lru grpc_ssl_session_cache_destroy grpc_ssl_session_cache_create_channel_arg + grpc_call_credentials_release grpc_channel_credentials_release grpc_google_default_credentials_create grpc_set_ssl_roots_override_callback grpc_ssl_credentials_create grpc_ssl_credentials_create_ex - grpc_call_credentials_release grpc_composite_channel_credentials_create grpc_composite_call_credentials_create grpc_google_compute_engine_credentials_create diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.c b/src/ruby/ext/grpc/rb_grpc_imports.generated.c index 37b864d5be4..ef9ee0fe6a7 100644 --- a/src/ruby/ext/grpc/rb_grpc_imports.generated.c +++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.c @@ -120,12 +120,12 @@ grpc_auth_context_set_peer_identity_property_name_type grpc_auth_context_set_pee grpc_ssl_session_cache_create_lru_type grpc_ssl_session_cache_create_lru_import; grpc_ssl_session_cache_destroy_type grpc_ssl_session_cache_destroy_import; grpc_ssl_session_cache_create_channel_arg_type grpc_ssl_session_cache_create_channel_arg_import; +grpc_call_credentials_release_type grpc_call_credentials_release_import; grpc_channel_credentials_release_type grpc_channel_credentials_release_import; grpc_google_default_credentials_create_type grpc_google_default_credentials_create_import; grpc_set_ssl_roots_override_callback_type grpc_set_ssl_roots_override_callback_import; grpc_ssl_credentials_create_type grpc_ssl_credentials_create_import; grpc_ssl_credentials_create_ex_type grpc_ssl_credentials_create_ex_import; -grpc_call_credentials_release_type grpc_call_credentials_release_import; grpc_composite_channel_credentials_create_type grpc_composite_channel_credentials_create_import; grpc_composite_call_credentials_create_type grpc_composite_call_credentials_create_import; grpc_google_compute_engine_credentials_create_type grpc_google_compute_engine_credentials_create_import; @@ -394,12 +394,12 @@ void grpc_rb_load_imports(HMODULE library) { grpc_ssl_session_cache_create_lru_import = (grpc_ssl_session_cache_create_lru_type) GetProcAddress(library, "grpc_ssl_session_cache_create_lru"); grpc_ssl_session_cache_destroy_import = (grpc_ssl_session_cache_destroy_type) GetProcAddress(library, "grpc_ssl_session_cache_destroy"); grpc_ssl_session_cache_create_channel_arg_import = (grpc_ssl_session_cache_create_channel_arg_type) GetProcAddress(library, "grpc_ssl_session_cache_create_channel_arg"); + grpc_call_credentials_release_import = (grpc_call_credentials_release_type) GetProcAddress(library, "grpc_call_credentials_release"); grpc_channel_credentials_release_import = (grpc_channel_credentials_release_type) GetProcAddress(library, "grpc_channel_credentials_release"); grpc_google_default_credentials_create_import = (grpc_google_default_credentials_create_type) GetProcAddress(library, "grpc_google_default_credentials_create"); grpc_set_ssl_roots_override_callback_import = (grpc_set_ssl_roots_override_callback_type) GetProcAddress(library, "grpc_set_ssl_roots_override_callback"); grpc_ssl_credentials_create_import = (grpc_ssl_credentials_create_type) GetProcAddress(library, "grpc_ssl_credentials_create"); grpc_ssl_credentials_create_ex_import = (grpc_ssl_credentials_create_ex_type) GetProcAddress(library, "grpc_ssl_credentials_create_ex"); - grpc_call_credentials_release_import = (grpc_call_credentials_release_type) GetProcAddress(library, "grpc_call_credentials_release"); grpc_composite_channel_credentials_create_import = (grpc_composite_channel_credentials_create_type) GetProcAddress(library, "grpc_composite_channel_credentials_create"); grpc_composite_call_credentials_create_import = (grpc_composite_call_credentials_create_type) GetProcAddress(library, "grpc_composite_call_credentials_create"); grpc_google_compute_engine_credentials_create_import = (grpc_google_compute_engine_credentials_create_type) GetProcAddress(library, "grpc_google_compute_engine_credentials_create"); diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.h b/src/ruby/ext/grpc/rb_grpc_imports.generated.h index 183f72ef557..b9bad36dd2d 100644 --- a/src/ruby/ext/grpc/rb_grpc_imports.generated.h +++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.h @@ -335,6 +335,9 @@ extern grpc_ssl_session_cache_destroy_type grpc_ssl_session_cache_destroy_import typedef grpc_arg(*grpc_ssl_session_cache_create_channel_arg_type)(grpc_ssl_session_cache* cache); extern grpc_ssl_session_cache_create_channel_arg_type grpc_ssl_session_cache_create_channel_arg_import; #define grpc_ssl_session_cache_create_channel_arg grpc_ssl_session_cache_create_channel_arg_import +typedef void(*grpc_call_credentials_release_type)(grpc_call_credentials* creds); +extern grpc_call_credentials_release_type grpc_call_credentials_release_import; +#define grpc_call_credentials_release grpc_call_credentials_release_import typedef void(*grpc_channel_credentials_release_type)(grpc_channel_credentials* creds); extern grpc_channel_credentials_release_type grpc_channel_credentials_release_import; #define grpc_channel_credentials_release grpc_channel_credentials_release_import @@ -350,9 +353,6 @@ extern grpc_ssl_credentials_create_type grpc_ssl_credentials_create_import; typedef grpc_channel_credentials*(*grpc_ssl_credentials_create_ex_type)(const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair, const grpc_ssl_verify_peer_options* verify_options, void* reserved); extern grpc_ssl_credentials_create_ex_type grpc_ssl_credentials_create_ex_import; #define grpc_ssl_credentials_create_ex grpc_ssl_credentials_create_ex_import -typedef void(*grpc_call_credentials_release_type)(grpc_call_credentials* creds); -extern grpc_call_credentials_release_type grpc_call_credentials_release_import; -#define grpc_call_credentials_release grpc_call_credentials_release_import typedef grpc_channel_credentials*(*grpc_composite_channel_credentials_create_type)(grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds, void* reserved); extern grpc_composite_channel_credentials_create_type grpc_composite_channel_credentials_create_import; #define grpc_composite_channel_credentials_create grpc_composite_channel_credentials_create_import diff --git a/test/core/surface/public_headers_must_be_c89.c b/test/core/surface/public_headers_must_be_c89.c index 1b119317969..67edc35f6b0 100644 --- a/test/core/surface/public_headers_must_be_c89.c +++ b/test/core/surface/public_headers_must_be_c89.c @@ -164,12 +164,12 @@ int main(int argc, char **argv) { printf("%lx", (unsigned long) grpc_ssl_session_cache_create_lru); printf("%lx", (unsigned long) grpc_ssl_session_cache_destroy); printf("%lx", (unsigned long) grpc_ssl_session_cache_create_channel_arg); + printf("%lx", (unsigned long) grpc_call_credentials_release); printf("%lx", (unsigned long) grpc_channel_credentials_release); printf("%lx", (unsigned long) grpc_google_default_credentials_create); printf("%lx", (unsigned long) grpc_set_ssl_roots_override_callback); printf("%lx", (unsigned long) grpc_ssl_credentials_create); printf("%lx", (unsigned long) grpc_ssl_credentials_create_ex); - printf("%lx", (unsigned long) grpc_call_credentials_release); printf("%lx", (unsigned long) grpc_composite_channel_credentials_create); printf("%lx", (unsigned long) grpc_composite_call_credentials_create); printf("%lx", (unsigned long) grpc_google_compute_engine_credentials_create); From a2e9b964b1cafbcf3ef4cc6bb716acf157973825 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Mon, 13 Jul 2020 23:10:22 +0000 Subject: [PATCH 40/53] Defer allocation of error object --- .../google_default/google_default_credentials.cc | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index c07ae68918f..36ccf66f30d 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -49,6 +49,8 @@ using grpc_core::Json; /* -- Constants. -- */ #define GRPC_COMPUTE_ENGINE_DETECTION_HOST "metadata.google.internal." +#define GRPC_GOOGLE_CREDENTIAL_CREATION_ERROR \ + "Failed to create Google credentials" /* -- Default credentials. -- */ @@ -315,6 +317,8 @@ static grpc_core::RefCountedPtr make_default_call_creds( call_creds = grpc_core::RefCountedPtr( grpc_google_compute_engine_credentials_create(nullptr)); if (call_creds == nullptr) { + *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( + GRPC_GOOGLE_CREDENTIAL_CREATION_ERROR); *error = grpc_error_add_child( *error, GRPC_ERROR_CREATE_FROM_STATIC_STRING( "Failed to get credentials from network")); @@ -328,8 +332,7 @@ grpc_channel_credentials* grpc_google_default_credentials_create( grpc_call_credentials* call_credentials) { grpc_channel_credentials* result = nullptr; grpc_core::RefCountedPtr call_creds(call_credentials); - grpc_error* error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( - "Failed to create Google credentials"); + grpc_error* error = nullptr; grpc_core::ExecCtx exec_ctx; GRPC_API_TRACE("grpc_google_default_credentials_create(%p)", 1, From 0eabc3ec7461827cda88b9364c0a5ffaec06b203 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Mon, 13 Jul 2020 23:12:39 +0000 Subject: [PATCH 41/53] Add to Python documentation --- doc/python/sphinx/grpc.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/python/sphinx/grpc.rst b/doc/python/sphinx/grpc.rst index 4717eb12332..819e2e2f9e4 100644 --- a/doc/python/sphinx/grpc.rst +++ b/doc/python/sphinx/grpc.rst @@ -41,6 +41,7 @@ Create Client Credentials .. autofunction:: composite_call_credentials .. autofunction:: composite_channel_credentials .. autofunction:: local_channel_credentials(local_connect_type=grpc.LocalConnectionType.LOCAL_TCP) +.. autofunction:: compute_engine_channel_credentials Create Server From 892cfd883e750e289f0c4a57f22938cf3328e487 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Mon, 13 Jul 2020 23:25:29 +0000 Subject: [PATCH 42/53] Support asyncio interop client --- src/python/grpcio_tests/tests_aio/interop/client.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/python/grpcio_tests/tests_aio/interop/client.py b/src/python/grpcio_tests/tests_aio/interop/client.py index 7731f3bd6eb..a4c5e12ceda 100644 --- a/src/python/grpcio_tests/tests_aio/interop/client.py +++ b/src/python/grpcio_tests/tests_aio/interop/client.py @@ -30,7 +30,7 @@ _LOGGER.setLevel(logging.DEBUG) def _create_channel(args): target = f'{args.server_host}:{args.server_port}' - if args.use_tls or args.use_alts: + if args.use_tls or args.use_alts or args.custom_credentials_type is not None: channel_credentials, options = interop_client_lib.get_secure_channel_parameters( args) return aio.secure_channel(target, channel_credentials, options) From 2953af1b7017ef01675603b1bb82b82220876472 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Tue, 14 Jul 2020 02:09:55 +0000 Subject: [PATCH 43/53] Call out unexpected behavior --- include/grpc/grpc_security.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 12803548687..3ff2e8de2cd 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -153,7 +153,8 @@ GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials* creds); object. It is expected that the call credentials object was generated according to the Application Default Credentials mechanism and asserts the identity of the default service account of the machine. Supplying any other - sort of call credential may result in RPCs suddenly and unexpectedly failing. + sort of call credential will result in undefined behavior, up to and + including the sudden and unexpected failure of RPCs. If nullptr is supplied, the returned channel credentials object will use a call credentials object based on the Application Default Credentials From b6297308099090e50db9e61e02aaed13fa60642d Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Mon, 20 Jul 2020 19:26:52 +0000 Subject: [PATCH 44/53] Protect access --- .../google_default/google_default_credentials.cc | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 36ccf66f30d..2c292e6a116 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -293,6 +293,14 @@ static void update_tenancy() { gpr_mu_unlock(&g_state_mu); } +static bool metadata_server_available() { + bool available = false; + gpr_mu_lock(&g_state_mu); + available = static_cast(g_metadata_server_available); + gpr_mu_unlock(&g_state_mu); + return available; +} + static grpc_core::RefCountedPtr make_default_call_creds( grpc_error** error) { grpc_core::RefCountedPtr call_creds; @@ -313,7 +321,7 @@ static grpc_core::RefCountedPtr make_default_call_creds( if (err == GRPC_ERROR_NONE) return call_creds; *error = grpc_error_add_child(*error, err); - if (g_metadata_server_available) { + if (metadata_server_available()) { call_creds = grpc_core::RefCountedPtr( grpc_google_compute_engine_credentials_create(nullptr)); if (call_creds == nullptr) { From f7d16b20a493ae5cc03ee47d8aca024c6d5fa57b Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Mon, 20 Jul 2020 19:28:18 +0000 Subject: [PATCH 45/53] Fix docstring --- src/python/grpcio/grpc/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/python/grpcio/grpc/__init__.py b/src/python/grpcio/grpc/__init__.py index def6a868d84..9d1f81348cb 100644 --- a/src/python/grpcio/grpc/__init__.py +++ b/src/python/grpcio/grpc/__init__.py @@ -1876,8 +1876,8 @@ def compute_engine_channel_credentials(call_credentials): https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security This channel credential is expected to be used as part of a composite - credential in conjunction with a call credential following the Application - Default Credentials strategy. If used with any other sort of call + credential in conjunction with a call credentials that authenticates the + VM's default service account. If used with any other sort of call credential, the connection may suddenly and unexpectedly begin failing RPCs. """ return ChannelCredentials( From b484e2e49b9f9d06a0313dd82936017d58f9c5d4 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Mon, 20 Jul 2020 19:56:38 +0000 Subject: [PATCH 46/53] Decouple checking tenancy from checking for metadata server --- .../credentials/google_default/google_default_credentials.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 2c292e6a116..4ed18a4c606 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -285,7 +285,11 @@ static void update_tenancy() { g_metadata_server_available = g_is_on_gce; } /* TODO: Add a platform-provided hint for GAE. */ + gpr_mu_unlock(&g_state_mu); +} +static void update_metadata_server_available() { + gpr_mu_lock(&g_state_mu); /* Do a network test for metadata server. */ if (!g_metadata_server_available) { g_metadata_server_available = is_metadata_server_reachable(); @@ -349,6 +353,7 @@ grpc_channel_credentials* grpc_google_default_credentials_create( update_tenancy(); if (call_creds == nullptr) { + update_metadata_server_available(); call_creds = make_default_call_creds(&error); } From c4491121c64e8131b598327e7ce56857e4e6d712 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Tue, 21 Jul 2020 00:17:34 +0000 Subject: [PATCH 47/53] Stop checking g_is_on_gce in security connector --- .../google_default_credentials.cc | 35 +++++++++---------- test/core/security/credentials_test.cc | 4 +-- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 4ed18a4c606..fa0a2206973 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -59,7 +59,6 @@ using grpc_core::Json; * means the detection is done via network test that is unreliable and the * unreliable result should not be referred by successive calls. */ static int g_metadata_server_available = 0; -static int g_is_on_gce = 0; static gpr_mu g_state_mu; /* Protect a metadata_server_detector instance that can be modified by more than * one gRPC threads */ @@ -91,7 +90,7 @@ grpc_google_default_channel_credentials::create_security_connector( bool use_alts = is_grpclb_load_balancer || is_backend_from_grpclb_load_balancer; /* Return failure if ALTS is selected but not running on GCE. */ - if (use_alts && !g_is_on_gce) { + if (use_alts && alts_creds_ == nullptr) { gpr_log(GPR_ERROR, "ALTS is selected, but not running on GCE."); return nullptr; } @@ -281,15 +280,10 @@ static void update_tenancy() { /* Try a platform-provided hint for GCE. */ if (!g_metadata_server_available) { - g_is_on_gce = g_gce_tenancy_checker(); - g_metadata_server_available = g_is_on_gce; + g_metadata_server_available = g_gce_tenancy_checker(); } /* TODO: Add a platform-provided hint for GAE. */ - gpr_mu_unlock(&g_state_mu); -} -static void update_metadata_server_available() { - gpr_mu_lock(&g_state_mu); /* Do a network test for metadata server. */ if (!g_metadata_server_available) { g_metadata_server_available = is_metadata_server_reachable(); @@ -310,6 +304,8 @@ static grpc_core::RefCountedPtr make_default_call_creds( grpc_core::RefCountedPtr call_creds; grpc_error* err; + update_tenancy(); + /* First, try the environment variable. */ char* path_from_env = gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR); if (path_from_env != nullptr) { @@ -350,10 +346,7 @@ grpc_channel_credentials* grpc_google_default_credentials_create( GRPC_API_TRACE("grpc_google_default_credentials_create(%p)", 1, (call_credentials)); - update_tenancy(); - if (call_creds == nullptr) { - update_metadata_server_available(); call_creds = make_default_call_creds(&error); } @@ -367,13 +360,19 @@ grpc_channel_credentials* grpc_google_default_credentials_create( grpc_channel_credentials* alts_creds = grpc_alts_credentials_create(options); grpc_alts_credentials_options_destroy(options); - auto creds = - grpc_core::MakeRefCounted( - grpc_core::RefCountedPtr(alts_creds), - grpc_core::RefCountedPtr(ssl_creds)); - result = grpc_composite_channel_credentials_create( - creds.get(), call_creds.get(), nullptr); - GPR_ASSERT(result != nullptr); + if (alts_creds == nullptr) { + gpr_log(GPR_ERROR, + "Could not create google default credentials. Are you running on " + "GCE?"); + } else { + auto creds = + grpc_core::MakeRefCounted( + grpc_core::RefCountedPtr(alts_creds), + grpc_core::RefCountedPtr(ssl_creds)); + result = grpc_composite_channel_credentials_create( + creds.get(), call_creds.get(), nullptr); + GPR_ASSERT(result != nullptr); + } } else { gpr_log(GPR_ERROR, "Could not create google default credentials: %s", grpc_error_string(error)); diff --git a/test/core/security/credentials_test.cc b/test/core/security/credentials_test.cc index 8029c023f35..c1a66e4bcc8 100644 --- a/test/core/security/credentials_test.cc +++ b/test/core/security/credentials_test.cc @@ -1542,7 +1542,7 @@ static void test_google_default_creds_call_creds_specified(void) { grpc_composite_channel_credentials* channel_creds = reinterpret_cast( grpc_google_default_credentials_create(call_creds)); - GPR_ASSERT(g_test_gce_tenancy_checker_called == true); + GPR_ASSERT(g_test_gce_tenancy_checker_called == false); GPR_ASSERT(channel_creds != nullptr); GPR_ASSERT(channel_creds->call_creds() != nullptr); grpc_httpcli_set_override(compute_engine_httpcli_get_success_override, @@ -1601,7 +1601,7 @@ static void test_google_default_creds_not_default(void) { grpc_composite_channel_credentials* channel_creds = reinterpret_cast( grpc_google_default_credentials_create(call_creds.release())); - GPR_ASSERT(g_test_gce_tenancy_checker_called == true); + GPR_ASSERT(g_test_gce_tenancy_checker_called == false); GPR_ASSERT(channel_creds != nullptr); GPR_ASSERT(channel_creds->call_creds() != nullptr); run_request_metadata_test(channel_creds->mutable_call_creds(), auth_md_ctx, From d40a91dde580afac9ea0bf8167af0c9451f873f4 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Tue, 21 Jul 2020 17:55:00 +0000 Subject: [PATCH 48/53] Don't check tenancy if credentials specified --- .../google_default/google_default_credentials.cc | 4 ++-- test/core/security/credentials_test.cc | 14 +++++++++----- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index fa0a2206973..1f73c66f43f 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -304,8 +304,6 @@ static grpc_core::RefCountedPtr make_default_call_creds( grpc_core::RefCountedPtr call_creds; grpc_error* err; - update_tenancy(); - /* First, try the environment variable. */ char* path_from_env = gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR); if (path_from_env != nullptr) { @@ -321,6 +319,8 @@ static grpc_core::RefCountedPtr make_default_call_creds( if (err == GRPC_ERROR_NONE) return call_creds; *error = grpc_error_add_child(*error, err); + update_tenancy(); + if (metadata_server_available()) { call_creds = grpc_core::RefCountedPtr( grpc_google_compute_engine_credentials_create(nullptr)); diff --git a/test/core/security/credentials_test.cc b/test/core/security/credentials_test.cc index c1a66e4bcc8..22f6cdb7573 100644 --- a/test/core/security/credentials_test.cc +++ b/test/core/security/credentials_test.cc @@ -1347,11 +1347,19 @@ static void set_google_default_creds_env_var_with_file_contents( gpr_free(creds_file_name); } +static bool test_gce_tenancy_checker(void) { + g_test_gce_tenancy_checker_called = true; + return g_test_is_on_gce; +} + static void test_google_default_creds_auth_key(void) { grpc_core::ExecCtx exec_ctx; grpc_composite_channel_credentials* creds; char* json_key = test_json_key_str(); grpc_flush_cached_google_default_credentials(); + set_gce_tenancy_checker_for_testing(test_gce_tenancy_checker); + g_test_gce_tenancy_checker_called = false; + g_test_is_on_gce = true; set_google_default_creds_env_var_with_file_contents( "json_key_google_default_creds", json_key); gpr_free(json_key); @@ -1368,6 +1376,7 @@ static void test_google_default_creds_auth_key(void) { strcmp(jwt->key().client_id, "777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent.com") == 0); + GPR_ASSERT(g_test_gce_tenancy_checker_called == false); creds->Unref(); gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */ } @@ -1411,11 +1420,6 @@ static int default_creds_metadata_server_detection_httpcli_get_success_override( static std::string null_well_known_creds_path_getter(void) { return ""; } -static bool test_gce_tenancy_checker(void) { - g_test_gce_tenancy_checker_called = true; - return g_test_is_on_gce; -} - static void test_google_default_creds_gce(void) { grpc_core::ExecCtx exec_ctx; expected_md emd[] = { From 8bd1836a43ce8daef106f498f7928feb59b564c2 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Tue, 21 Jul 2020 17:57:12 +0000 Subject: [PATCH 49/53] Use RAII lock guard --- .../google_default/google_default_credentials.cc | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 1f73c66f43f..81cbfc6bd40 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -276,7 +276,7 @@ end: static void update_tenancy() { gpr_once_init(&g_once, init_default_credentials); - gpr_mu_lock(&g_state_mu); + grpc_core::MutexLock lock(&g_state_mu); /* Try a platform-provided hint for GCE. */ if (!g_metadata_server_available) { @@ -288,15 +288,12 @@ static void update_tenancy() { if (!g_metadata_server_available) { g_metadata_server_available = is_metadata_server_reachable(); } - gpr_mu_unlock(&g_state_mu); } static bool metadata_server_available() { bool available = false; - gpr_mu_lock(&g_state_mu); - available = static_cast(g_metadata_server_available); - gpr_mu_unlock(&g_state_mu); - return available; + grpc_core::MutexLock lock(&g_state_mu); + return static_cast(g_metadata_server_available); } static grpc_core::RefCountedPtr make_default_call_creds( From 18aa32b7db95e2d874f42ea3b78570537c25ab19 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Tue, 21 Jul 2020 18:22:32 +0000 Subject: [PATCH 50/53] Remove unused variable --- .../credentials/google_default/google_default_credentials.cc | 1 - 1 file changed, 1 deletion(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 81cbfc6bd40..31cfb68c294 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -291,7 +291,6 @@ static void update_tenancy() { } static bool metadata_server_available() { - bool available = false; grpc_core::MutexLock lock(&g_state_mu); return static_cast(g_metadata_server_available); } From 21e855592a4c6caf47f01f95f83f5054145a375c Mon Sep 17 00:00:00 2001 From: James Newton-King Date: Fri, 17 Jul 2020 23:03:49 +1200 Subject: [PATCH 51/53] Output grpc-dotnet interop apps to specific directories --- .../grpc_interop_aspnetcore/build_interop.sh.template | 3 ++- .../interoptest/grpc_interop_aspnetcore/build_interop.sh | 3 ++- tools/run_tests/run_interop_tests.py | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/templates/tools/dockerfile/interoptest/grpc_interop_aspnetcore/build_interop.sh.template b/templates/tools/dockerfile/interoptest/grpc_interop_aspnetcore/build_interop.sh.template index 79a6262beb5..fb0f2d2e5ad 100644 --- a/templates/tools/dockerfile/interoptest/grpc_interop_aspnetcore/build_interop.sh.template +++ b/templates/tools/dockerfile/interoptest/grpc_interop_aspnetcore/build_interop.sh.template @@ -41,4 +41,5 @@ # Cloning from a local path sets RepositoryUrl to a path and breaks Source Link. # Override RepositoryUrl to a URL to fix Source Link. The value doesn't matter. - dotnet build --configuration Debug Grpc.DotNet.sln -p:RepositoryUrl=https://github.com/grpc/grpc-dotnet.git + dotnet build --configuration Debug --output ./output/InteropTestsWebsite testassets/InteropTestsWebsite/InteropTestsWebsite.csproj -p:RepositoryUrl=https://github.com/grpc/grpc-dotnet.git + dotnet build --configuration Debug --output ./output/InteropTestsClient testassets/InteropTestsClient/InteropTestsClient.csproj -p:RepositoryUrl=https://github.com/grpc/grpc-dotnet.git diff --git a/tools/dockerfile/interoptest/grpc_interop_aspnetcore/build_interop.sh b/tools/dockerfile/interoptest/grpc_interop_aspnetcore/build_interop.sh index 31f21ce7839..20a61c07eae 100644 --- a/tools/dockerfile/interoptest/grpc_interop_aspnetcore/build_interop.sh +++ b/tools/dockerfile/interoptest/grpc_interop_aspnetcore/build_interop.sh @@ -39,4 +39,5 @@ fi # Cloning from a local path sets RepositoryUrl to a path and breaks Source Link. # Override RepositoryUrl to a URL to fix Source Link. The value doesn't matter. -dotnet build --configuration Debug Grpc.DotNet.sln -p:RepositoryUrl=https://github.com/grpc/grpc-dotnet.git +dotnet build --configuration Debug --output ./output/InteropTestsWebsite testassets/InteropTestsWebsite/InteropTestsWebsite.csproj -p:RepositoryUrl=https://github.com/grpc/grpc-dotnet.git +dotnet build --configuration Debug --output ./output/InteropTestsClient testassets/InteropTestsClient/InteropTestsClient.csproj -p:RepositoryUrl=https://github.com/grpc/grpc-dotnet.git diff --git a/tools/run_tests/run_interop_tests.py b/tools/run_tests/run_interop_tests.py index eff5288b205..32e247553b0 100755 --- a/tools/run_tests/run_interop_tests.py +++ b/tools/run_tests/run_interop_tests.py @@ -190,8 +190,8 @@ class CSharpCoreCLRLanguage: class AspNetCoreLanguage: def __init__(self): - self.client_cwd = '../grpc-dotnet/testassets/InteropTestsClient/bin/Debug/netcoreapp3.0' - self.server_cwd = '../grpc-dotnet/testassets/InteropTestsWebsite/bin/Debug/netcoreapp3.0' + self.client_cwd = '../grpc-dotnet/output/InteropTestsClient' + self.server_cwd = '../grpc-dotnet/output/InteropTestsWebsite' self.safename = str(self) def cloud_to_prod_env(self): From dcb5840cee0e7143aa06c6f708d7dfb1b4692eb5 Mon Sep 17 00:00:00 2001 From: Richard Belleville Date: Tue, 21 Jul 2020 23:36:13 +0000 Subject: [PATCH 52/53] Fix Mac and Windows --- .../google_default_credentials.cc | 20 +++++++------------ 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index 31cfb68c294..9162bad47bc 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -356,19 +356,13 @@ grpc_channel_credentials* grpc_google_default_credentials_create( grpc_channel_credentials* alts_creds = grpc_alts_credentials_create(options); grpc_alts_credentials_options_destroy(options); - if (alts_creds == nullptr) { - gpr_log(GPR_ERROR, - "Could not create google default credentials. Are you running on " - "GCE?"); - } else { - auto creds = - grpc_core::MakeRefCounted( - grpc_core::RefCountedPtr(alts_creds), - grpc_core::RefCountedPtr(ssl_creds)); - result = grpc_composite_channel_credentials_create( - creds.get(), call_creds.get(), nullptr); - GPR_ASSERT(result != nullptr); - } + auto creds = + grpc_core::MakeRefCounted( + grpc_core::RefCountedPtr(alts_creds), + grpc_core::RefCountedPtr(ssl_creds)); + result = grpc_composite_channel_credentials_create( + creds.get(), call_creds.get(), nullptr); + GPR_ASSERT(result != nullptr); } else { gpr_log(GPR_ERROR, "Could not create google default credentials: %s", grpc_error_string(error)); From 2c5291ff716e37e4ff4bb080b5dea9ac37da9199 Mon Sep 17 00:00:00 2001 From: Yash Tibrewal Date: Wed, 22 Jul 2020 15:56:24 -0700 Subject: [PATCH 53/53] Plumb absl::Status through connectivity state notifiers --- BUILD | 1 + BUILD.gn | 1 + CMakeLists.txt | 19 ++++- Makefile | 10 +++ build_autogenerated.yaml | 2 + config.m4 | 13 +++ config.w32 | 13 +++ gRPC-C++.podspec | 1 + gRPC-Core.podspec | 1 + grpc.gemspec | 37 +++++++++ grpc.gyp | 2 + package.xml | 37 +++++++++ .../filters/client_channel/client_channel.cc | 29 ++++--- .../health/health_check_client.cc | 6 +- .../ext/filters/client_channel/lb_policy.h | 2 + .../lb_policy/child_policy_handler.cc | 10 ++- .../client_channel/lb_policy/grpclb/grpclb.cc | 28 ++++--- .../lb_policy/pick_first/pick_first.cc | 32 +++++--- .../lb_policy/priority/priority.cc | 39 ++++++--- .../lb_policy/round_robin/round_robin.cc | 9 ++- .../weighted_target/weighted_target.cc | 29 ++++--- .../client_channel/lb_policy/xds/cds.cc | 28 ++++--- .../client_channel/lb_policy/xds/eds.cc | 30 ++++--- .../client_channel/lb_policy/xds/lrs.cc | 23 ++++-- .../lb_policy/xds/xds_routing.cc | 20 +++-- .../client_channel/resolving_lb_policy.cc | 9 ++- .../ext/filters/client_channel/subchannel.cc | 66 ++++++++++----- .../ext/filters/client_channel/subchannel.h | 11 ++- .../filters/client_channel/xds/xds_client.cc | 8 +- .../ext/filters/max_age/max_age_filter.cc | 3 +- .../chttp2/transport/chttp2_transport.cc | 16 +++- .../ext/transport/inproc/inproc_transport.cc | 3 +- src/core/lib/surface/server.cc | 3 +- src/core/lib/transport/connectivity_state.cc | 31 ++++--- src/core/lib/transport/connectivity_state.h | 24 ++++-- src/core/lib/transport/error_utils.cc | 13 +++ src/core/lib/transport/error_utils.h | 6 ++ src/python/grpcio/grpc_core_dependencies.py | 10 +++ test/core/surface/lame_client_test.cc | 3 +- .../transport/chttp2/too_many_pings_test.cc | 3 - .../core/transport/connectivity_state_test.cc | 81 +++++++++++++++---- test/core/util/test_lb_policies.cc | 8 +- 42 files changed, 536 insertions(+), 184 deletions(-) diff --git a/BUILD b/BUILD index b3c97ca5e2a..4fc1091b635 100644 --- a/BUILD +++ b/BUILD @@ -956,6 +956,7 @@ grpc_cc_library( external_deps = [ "madler_zlib", "absl/container:inlined_vector", + "absl/status", "absl/types:optional", ], language = "c++", diff --git a/BUILD.gn b/BUILD.gn index 035d6bddde6..b38ffc2301b 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -991,6 +991,7 @@ config("grpc_config") { ":upb", ":absl/types:optional", ":absl/strings:strings", + ":absl/status:status", ":absl/container:inlined_vector", "//third_party/cares", ":address_sorting", diff --git a/CMakeLists.txt b/CMakeLists.txt index ce8a7e338c0..d7fb543e242 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -111,23 +111,32 @@ set(gRPC_ABSL_USED_TARGETS absl_civil_time absl_compressed_tuple absl_config + absl_cord absl_core_headers + absl_debugging_internal + absl_demangle_internal absl_dynamic_annotations absl_endian absl_errno_saver + absl_fixed_array + absl_function_ref absl_inlined_vector absl_inlined_vector_internal absl_int128 absl_log_severity + absl_malloc_internal absl_memory absl_optional absl_raw_logging_internal absl_span absl_spinlock_wait + absl_stacktrace + absl_status absl_str_format absl_str_format_internal absl_strings absl_strings_internal + absl_symbolize absl_throw_delegate absl_time absl_time_zone @@ -1793,6 +1802,7 @@ target_link_libraries(grpc upb absl::optional absl::strings + absl::status absl::inlined_vector ) if(_gRPC_PLATFORM_IOS OR _gRPC_PLATFORM_MAC) @@ -2395,6 +2405,7 @@ target_link_libraries(grpc_unsecure upb absl::optional absl::strings + absl::status absl::inlined_vector ) if(_gRPC_PLATFORM_IOS OR _gRPC_PLATFORM_MAC) @@ -15546,7 +15557,7 @@ generate_pkgconfig( "high performance general RPC framework" "${gRPC_CORE_VERSION}" "gpr openssl" - "-lgrpc -laddress_sorting -lre2 -lupb -lcares -lz -labsl_bad_optional_access -labsl_str_format_internal -labsl_time -labsl_time_zone -labsl_civil_time -labsl_strings -labsl_strings_internal -labsl_throw_delegate -labsl_int128 -labsl_base -labsl_spinlock_wait -labsl_raw_logging_internal -labsl_log_severity -labsl_dynamic_annotations" + "-lgrpc -laddress_sorting -lre2 -lupb -lcares -lz -labsl_status -labsl_cord -labsl_symbolize -labsl_demangle_internal -labsl_malloc_internal -labsl_stacktrace -labsl_debugging_internal -labsl_bad_optional_access -labsl_str_format_internal -labsl_time -labsl_time_zone -labsl_civil_time -labsl_strings -labsl_strings_internal -labsl_throw_delegate -labsl_int128 -labsl_base -labsl_spinlock_wait -labsl_raw_logging_internal -labsl_log_severity -labsl_dynamic_annotations" "" "grpc.pc") @@ -15556,7 +15567,7 @@ generate_pkgconfig( "high performance general RPC framework without SSL" "${gRPC_CORE_VERSION}" "gpr" - "-lgrpc_unsecure -labsl_bad_optional_access -labsl_str_format_internal -labsl_time -labsl_time_zone -labsl_civil_time -labsl_strings -labsl_strings_internal -labsl_throw_delegate -labsl_int128 -labsl_base -labsl_spinlock_wait -labsl_raw_logging_internal -labsl_log_severity -labsl_dynamic_annotations" + "-lgrpc_unsecure -labsl_status -labsl_cord -labsl_symbolize -labsl_demangle_internal -labsl_malloc_internal -labsl_stacktrace -labsl_debugging_internal -labsl_bad_optional_access -labsl_str_format_internal -labsl_time -labsl_time_zone -labsl_civil_time -labsl_strings -labsl_strings_internal -labsl_throw_delegate -labsl_int128 -labsl_base -labsl_spinlock_wait -labsl_raw_logging_internal -labsl_log_severity -labsl_dynamic_annotations" "" "grpc_unsecure.pc") @@ -15566,7 +15577,7 @@ generate_pkgconfig( "C++ wrapper for gRPC" "${gRPC_CPP_VERSION}" "grpc" - "-lgrpc++ -labsl_bad_optional_access -labsl_str_format_internal -labsl_time -labsl_time_zone -labsl_civil_time -labsl_strings -labsl_strings_internal -labsl_throw_delegate -labsl_int128 -labsl_base -labsl_spinlock_wait -labsl_raw_logging_internal -labsl_log_severity -labsl_dynamic_annotations" + "-lgrpc++ -labsl_status -labsl_cord -labsl_symbolize -labsl_demangle_internal -labsl_malloc_internal -labsl_stacktrace -labsl_debugging_internal -labsl_bad_optional_access -labsl_str_format_internal -labsl_time -labsl_time_zone -labsl_civil_time -labsl_strings -labsl_strings_internal -labsl_throw_delegate -labsl_int128 -labsl_base -labsl_spinlock_wait -labsl_raw_logging_internal -labsl_log_severity -labsl_dynamic_annotations" "" "grpc++.pc") @@ -15576,6 +15587,6 @@ generate_pkgconfig( "C++ wrapper for gRPC without SSL" "${gRPC_CPP_VERSION}" "grpc_unsecure" - "-lgrpc++_unsecure -labsl_bad_optional_access -labsl_str_format_internal -labsl_time -labsl_time_zone -labsl_civil_time -labsl_strings -labsl_strings_internal -labsl_throw_delegate -labsl_int128 -labsl_base -labsl_spinlock_wait -labsl_raw_logging_internal -labsl_log_severity -labsl_dynamic_annotations" + "-lgrpc++_unsecure -labsl_status -labsl_cord -labsl_symbolize -labsl_demangle_internal -labsl_malloc_internal -labsl_stacktrace -labsl_debugging_internal -labsl_bad_optional_access -labsl_str_format_internal -labsl_time -labsl_time_zone -labsl_civil_time -labsl_strings -labsl_strings_internal -labsl_throw_delegate -labsl_int128 -labsl_base -labsl_spinlock_wait -labsl_raw_logging_internal -labsl_log_severity -labsl_dynamic_annotations" "" "grpc++_unsecure.pc") diff --git a/Makefile b/Makefile index b86df824e22..fcb70c554dc 100644 --- a/Makefile +++ b/Makefile @@ -6236,6 +6236,7 @@ endif LIBGRPC_ABSEIL_SRC = \ third_party/abseil-cpp/absl/base/dynamic_annotations.cc \ third_party/abseil-cpp/absl/base/internal/cycleclock.cc \ + third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc \ third_party/abseil-cpp/absl/base/internal/raw_logging.cc \ third_party/abseil-cpp/absl/base/internal/spinlock.cc \ third_party/abseil-cpp/absl/base/internal/spinlock_wait.cc \ @@ -6244,9 +6245,18 @@ LIBGRPC_ABSEIL_SRC = \ third_party/abseil-cpp/absl/base/internal/throw_delegate.cc \ third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc \ third_party/abseil-cpp/absl/base/log_severity.cc \ + third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc \ + third_party/abseil-cpp/absl/debugging/internal/demangle.cc \ + third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc \ + third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc \ + third_party/abseil-cpp/absl/debugging/stacktrace.cc \ + third_party/abseil-cpp/absl/debugging/symbolize.cc \ third_party/abseil-cpp/absl/numeric/int128.cc \ + third_party/abseil-cpp/absl/status/status.cc \ + third_party/abseil-cpp/absl/status/status_payload_printer.cc \ third_party/abseil-cpp/absl/strings/ascii.cc \ third_party/abseil-cpp/absl/strings/charconv.cc \ + third_party/abseil-cpp/absl/strings/cord.cc \ third_party/abseil-cpp/absl/strings/escaping.cc \ third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc \ third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc \ diff --git a/build_autogenerated.yaml b/build_autogenerated.yaml index 23a3e3c0554..8720ff88b96 100644 --- a/build_autogenerated.yaml +++ b/build_autogenerated.yaml @@ -1163,6 +1163,7 @@ libs: - upb - absl/types:optional - absl/strings:strings + - absl/status:status - absl/container:inlined_vector baselib: true deps_linkage: static @@ -1952,6 +1953,7 @@ libs: - upb - absl/types:optional - absl/strings:strings + - absl/status:status - absl/container:inlined_vector baselib: true deps_linkage: static diff --git a/config.m4 b/config.m4 index 8cf43fc8a52..bc75131dc70 100644 --- a/config.m4 +++ b/config.m4 @@ -509,6 +509,7 @@ if test "$PHP_GRPC" != "no"; then src/php/ext/grpc/timeval.c \ third_party/abseil-cpp/absl/base/dynamic_annotations.cc \ third_party/abseil-cpp/absl/base/internal/cycleclock.cc \ + third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc \ third_party/abseil-cpp/absl/base/internal/raw_logging.cc \ third_party/abseil-cpp/absl/base/internal/spinlock.cc \ third_party/abseil-cpp/absl/base/internal/spinlock_wait.cc \ @@ -517,9 +518,18 @@ if test "$PHP_GRPC" != "no"; then third_party/abseil-cpp/absl/base/internal/throw_delegate.cc \ third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc \ third_party/abseil-cpp/absl/base/log_severity.cc \ + third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc \ + third_party/abseil-cpp/absl/debugging/internal/demangle.cc \ + third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc \ + third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc \ + third_party/abseil-cpp/absl/debugging/stacktrace.cc \ + third_party/abseil-cpp/absl/debugging/symbolize.cc \ third_party/abseil-cpp/absl/numeric/int128.cc \ + third_party/abseil-cpp/absl/status/status.cc \ + third_party/abseil-cpp/absl/status/status_payload_printer.cc \ third_party/abseil-cpp/absl/strings/ascii.cc \ third_party/abseil-cpp/absl/strings/charconv.cc \ + third_party/abseil-cpp/absl/strings/cord.cc \ third_party/abseil-cpp/absl/strings/escaping.cc \ third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc \ third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc \ @@ -971,7 +981,10 @@ if test "$PHP_GRPC" != "no"; then PHP_ADD_BUILD_DIR($ext_builddir/src/php/ext/grpc) PHP_ADD_BUILD_DIR($ext_builddir/third_party/abseil-cpp/absl/base) PHP_ADD_BUILD_DIR($ext_builddir/third_party/abseil-cpp/absl/base/internal) + PHP_ADD_BUILD_DIR($ext_builddir/third_party/abseil-cpp/absl/debugging) + PHP_ADD_BUILD_DIR($ext_builddir/third_party/abseil-cpp/absl/debugging/internal) PHP_ADD_BUILD_DIR($ext_builddir/third_party/abseil-cpp/absl/numeric) + PHP_ADD_BUILD_DIR($ext_builddir/third_party/abseil-cpp/absl/status) PHP_ADD_BUILD_DIR($ext_builddir/third_party/abseil-cpp/absl/strings) PHP_ADD_BUILD_DIR($ext_builddir/third_party/abseil-cpp/absl/strings/internal) PHP_ADD_BUILD_DIR($ext_builddir/third_party/abseil-cpp/absl/strings/internal/str_format) diff --git a/config.w32 b/config.w32 index 8f027adf682..de58a2c5bea 100644 --- a/config.w32 +++ b/config.w32 @@ -477,6 +477,7 @@ if (PHP_GRPC != "no") { "src\\php\\ext\\grpc\\timeval.c " + "third_party\\abseil-cpp\\absl\\base\\dynamic_annotations.cc " + "third_party\\abseil-cpp\\absl\\base\\internal\\cycleclock.cc " + + "third_party\\abseil-cpp\\absl\\base\\internal\\low_level_alloc.cc " + "third_party\\abseil-cpp\\absl\\base\\internal\\raw_logging.cc " + "third_party\\abseil-cpp\\absl\\base\\internal\\spinlock.cc " + "third_party\\abseil-cpp\\absl\\base\\internal\\spinlock_wait.cc " + @@ -485,9 +486,18 @@ if (PHP_GRPC != "no") { "third_party\\abseil-cpp\\absl\\base\\internal\\throw_delegate.cc " + "third_party\\abseil-cpp\\absl\\base\\internal\\unscaledcycleclock.cc " + "third_party\\abseil-cpp\\absl\\base\\log_severity.cc " + + "third_party\\abseil-cpp\\absl\\debugging\\internal\\address_is_readable.cc " + + "third_party\\abseil-cpp\\absl\\debugging\\internal\\demangle.cc " + + "third_party\\abseil-cpp\\absl\\debugging\\internal\\elf_mem_image.cc " + + "third_party\\abseil-cpp\\absl\\debugging\\internal\\vdso_support.cc " + + "third_party\\abseil-cpp\\absl\\debugging\\stacktrace.cc " + + "third_party\\abseil-cpp\\absl\\debugging\\symbolize.cc " + "third_party\\abseil-cpp\\absl\\numeric\\int128.cc " + + "third_party\\abseil-cpp\\absl\\status\\status.cc " + + "third_party\\abseil-cpp\\absl\\status\\status_payload_printer.cc " + "third_party\\abseil-cpp\\absl\\strings\\ascii.cc " + "third_party\\abseil-cpp\\absl\\strings\\charconv.cc " + + "third_party\\abseil-cpp\\absl\\strings\\cord.cc " + "third_party\\abseil-cpp\\absl\\strings\\escaping.cc " + "third_party\\abseil-cpp\\absl\\strings\\internal\\charconv_bigint.cc " + "third_party\\abseil-cpp\\absl\\strings\\internal\\charconv_parse.cc " + @@ -1007,7 +1017,10 @@ if (PHP_GRPC != "no") { FSO.CreateFolder(base_dir+"\\ext\\grpc\\third_party\\abseil-cpp\\absl"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\third_party\\abseil-cpp\\absl\\base"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\third_party\\abseil-cpp\\absl\\base\\internal"); + FSO.CreateFolder(base_dir+"\\ext\\grpc\\third_party\\abseil-cpp\\absl\\debugging"); + FSO.CreateFolder(base_dir+"\\ext\\grpc\\third_party\\abseil-cpp\\absl\\debugging\\internal"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\third_party\\abseil-cpp\\absl\\numeric"); + FSO.CreateFolder(base_dir+"\\ext\\grpc\\third_party\\abseil-cpp\\absl\\status"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\third_party\\abseil-cpp\\absl\\strings"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\third_party\\abseil-cpp\\absl\\strings\\internal"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\third_party\\abseil-cpp\\absl\\strings\\internal\\str_format"); diff --git a/gRPC-C++.podspec b/gRPC-C++.podspec index a0844acf9a9..c74f5fa8e95 100644 --- a/gRPC-C++.podspec +++ b/gRPC-C++.podspec @@ -210,6 +210,7 @@ Pod::Spec.new do |s| abseil_version = '1.20200225.0' ss.dependency 'abseil/container/inlined_vector', abseil_version ss.dependency 'abseil/memory/memory', abseil_version + ss.dependency 'abseil/status/status', abseil_version ss.dependency 'abseil/strings/str_format', abseil_version ss.dependency 'abseil/strings/strings', abseil_version ss.dependency 'abseil/time/time', abseil_version diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec index 9ac673e2c3d..869def405bb 100644 --- a/gRPC-Core.podspec +++ b/gRPC-Core.podspec @@ -176,6 +176,7 @@ Pod::Spec.new do |s| abseil_version = '1.20200225.0' ss.dependency 'abseil/container/inlined_vector', abseil_version ss.dependency 'abseil/memory/memory', abseil_version + ss.dependency 'abseil/status/status', abseil_version ss.dependency 'abseil/strings/str_format', abseil_version ss.dependency 'abseil/strings/strings', abseil_version ss.dependency 'abseil/time/time', abseil_version diff --git a/grpc.gemspec b/grpc.gemspec index 5b84d4ecf26..157b8dc766c 100644 --- a/grpc.gemspec +++ b/grpc.gemspec @@ -969,12 +969,15 @@ Gem::Specification.new do |s| s.files += %w( third_party/abseil-cpp/absl/base/internal/bits.h ) s.files += %w( third_party/abseil-cpp/absl/base/internal/cycleclock.cc ) s.files += %w( third_party/abseil-cpp/absl/base/internal/cycleclock.h ) + s.files += %w( third_party/abseil-cpp/absl/base/internal/direct_mmap.h ) s.files += %w( third_party/abseil-cpp/absl/base/internal/endian.h ) s.files += %w( third_party/abseil-cpp/absl/base/internal/errno_saver.h ) s.files += %w( third_party/abseil-cpp/absl/base/internal/hide_ptr.h ) s.files += %w( third_party/abseil-cpp/absl/base/internal/identity.h ) s.files += %w( third_party/abseil-cpp/absl/base/internal/inline_variable.h ) s.files += %w( third_party/abseil-cpp/absl/base/internal/invoke.h ) + s.files += %w( third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc ) + s.files += %w( third_party/abseil-cpp/absl/base/internal/low_level_alloc.h ) s.files += %w( third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h ) s.files += %w( third_party/abseil-cpp/absl/base/internal/per_thread_tls.h ) s.files += %w( third_party/abseil-cpp/absl/base/internal/raw_logging.cc ) @@ -1007,19 +1010,52 @@ Gem::Specification.new do |s| s.files += %w( third_party/abseil-cpp/absl/base/policy_checks.h ) s.files += %w( third_party/abseil-cpp/absl/base/port.h ) s.files += %w( third_party/abseil-cpp/absl/base/thread_annotations.h ) + s.files += %w( third_party/abseil-cpp/absl/container/fixed_array.h ) s.files += %w( third_party/abseil-cpp/absl/container/inlined_vector.h ) s.files += %w( third_party/abseil-cpp/absl/container/internal/compressed_tuple.h ) s.files += %w( third_party/abseil-cpp/absl/container/internal/inlined_vector.h ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/address_is_readable.h ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/demangle.cc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/demangle.h ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/symbolize.h ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/internal/vdso_support.h ) + s.files += %w( third_party/abseil-cpp/absl/debugging/stacktrace.cc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/stacktrace.h ) + s.files += %w( third_party/abseil-cpp/absl/debugging/symbolize.cc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/symbolize.h ) + s.files += %w( third_party/abseil-cpp/absl/debugging/symbolize_elf.inc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/symbolize_unimplemented.inc ) + s.files += %w( third_party/abseil-cpp/absl/debugging/symbolize_win32.inc ) + s.files += %w( third_party/abseil-cpp/absl/functional/function_ref.h ) + s.files += %w( third_party/abseil-cpp/absl/functional/internal/function_ref.h ) s.files += %w( third_party/abseil-cpp/absl/memory/memory.h ) s.files += %w( third_party/abseil-cpp/absl/meta/type_traits.h ) s.files += %w( third_party/abseil-cpp/absl/numeric/int128.cc ) s.files += %w( third_party/abseil-cpp/absl/numeric/int128.h ) s.files += %w( third_party/abseil-cpp/absl/numeric/int128_have_intrinsic.inc ) s.files += %w( third_party/abseil-cpp/absl/numeric/int128_no_intrinsic.inc ) + s.files += %w( third_party/abseil-cpp/absl/status/status.cc ) + s.files += %w( third_party/abseil-cpp/absl/status/status.h ) + s.files += %w( third_party/abseil-cpp/absl/status/status_payload_printer.cc ) + s.files += %w( third_party/abseil-cpp/absl/status/status_payload_printer.h ) s.files += %w( third_party/abseil-cpp/absl/strings/ascii.cc ) s.files += %w( third_party/abseil-cpp/absl/strings/ascii.h ) s.files += %w( third_party/abseil-cpp/absl/strings/charconv.cc ) s.files += %w( third_party/abseil-cpp/absl/strings/charconv.h ) + s.files += %w( third_party/abseil-cpp/absl/strings/cord.cc ) + s.files += %w( third_party/abseil-cpp/absl/strings/cord.h ) s.files += %w( third_party/abseil-cpp/absl/strings/escaping.cc ) s.files += %w( third_party/abseil-cpp/absl/strings/escaping.h ) s.files += %w( third_party/abseil-cpp/absl/strings/internal/char_map.h ) @@ -1027,6 +1063,7 @@ Gem::Specification.new do |s| s.files += %w( third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h ) s.files += %w( third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc ) s.files += %w( third_party/abseil-cpp/absl/strings/internal/charconv_parse.h ) + s.files += %w( third_party/abseil-cpp/absl/strings/internal/cord_internal.h ) s.files += %w( third_party/abseil-cpp/absl/strings/internal/escaping.cc ) s.files += %w( third_party/abseil-cpp/absl/strings/internal/escaping.h ) s.files += %w( third_party/abseil-cpp/absl/strings/internal/memutil.cc ) diff --git a/grpc.gyp b/grpc.gyp index a7cae5e3f8b..f0ff7c76d25 100644 --- a/grpc.gyp +++ b/grpc.gyp @@ -432,6 +432,7 @@ 'upb', 'absl/types:optional', 'absl/strings:strings', + 'absl/status:status', 'absl/container:inlined_vector', ], 'sources': [ @@ -941,6 +942,7 @@ 'upb', 'absl/types:optional', 'absl/strings:strings', + 'absl/status:status', 'absl/container:inlined_vector', ], 'sources': [ diff --git a/package.xml b/package.xml index 36399edc3e1..2d755e4d7dc 100644 --- a/package.xml +++ b/package.xml @@ -971,12 +971,15 @@ + + + @@ -1009,19 +1012,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -1029,6 +1065,7 @@ + diff --git a/src/core/ext/filters/client_channel/client_channel.cc b/src/core/ext/filters/client_channel/client_channel.cc index 2028c8ebb99..1b48d6a4d37 100644 --- a/src/core/ext/filters/client_channel/client_channel.cc +++ b/src/core/ext/filters/client_channel/client_channel.cc @@ -214,7 +214,8 @@ class ChannelData { grpc_closure* on_complete, bool cancel); - void Notify(grpc_connectivity_state state) override; + void Notify(grpc_connectivity_state state, + const absl::Status& /* status */) override; void Cancel(); @@ -260,7 +261,8 @@ class ChannelData { ~ChannelData(); void UpdateStateAndPickerLocked( - grpc_connectivity_state state, const char* reason, + grpc_connectivity_state state, const absl::Status& status, + const char* reason, std::unique_ptr picker); void UpdateServiceConfigInDataPlaneLocked( @@ -1212,7 +1214,7 @@ void ChannelData::ExternalConnectivityWatcher:: } void ChannelData::ExternalConnectivityWatcher::Notify( - grpc_connectivity_state state) { + grpc_connectivity_state state, const absl::Status& /* status */) { bool done = false; if (!done_.CompareExchangeStrong(&done, true, MemoryOrder::RELAXED, MemoryOrder::RELAXED)) { @@ -1352,19 +1354,21 @@ class ChannelData::ClientChannelControlHelper } void UpdateState( - grpc_connectivity_state state, + grpc_connectivity_state state, const absl::Status& status, std::unique_ptr picker) override { grpc_error* disconnect_error = chand_->disconnect_error(); if (GRPC_TRACE_FLAG_ENABLED(grpc_client_channel_routing_trace)) { const char* extra = disconnect_error == GRPC_ERROR_NONE ? "" : " (ignoring -- channel shutting down)"; - gpr_log(GPR_INFO, "chand=%p: update: state=%s picker=%p%s", chand_, - ConnectivityStateName(state), picker.get(), extra); + gpr_log(GPR_INFO, "chand=%p: update: state=%s status=(%s) picker=%p%s", + chand_, ConnectivityStateName(state), status.ToString().c_str(), + picker.get(), extra); } // Do update only if not shutting down. if (disconnect_error == GRPC_ERROR_NONE) { - chand_->UpdateStateAndPickerLocked(state, "helper", std::move(picker)); + chand_->UpdateStateAndPickerLocked(state, status, "helper", + std::move(picker)); } } @@ -1701,7 +1705,8 @@ ChannelData::~ChannelData() { } void ChannelData::UpdateStateAndPickerLocked( - grpc_connectivity_state state, const char* reason, + grpc_connectivity_state state, const absl::Status& status, + const char* reason, std::unique_ptr picker) { // Clean the control plane when entering IDLE. if (picker_ == nullptr) { @@ -1711,7 +1716,7 @@ void ChannelData::UpdateStateAndPickerLocked( received_first_resolver_result_ = false; } // Update connectivity state. - state_tracker_.SetState(state, reason); + state_tracker_.SetState(state, status, reason); if (channelz_node_ != nullptr) { channelz_node_->SetConnectivityState(state); channelz_node_->AddTraceEvent( @@ -1938,8 +1943,8 @@ void ChannelData::StartTransportOpLocked(grpc_transport_op* op) { static_cast(value) == GRPC_CHANNEL_IDLE) { if (disconnect_error() == GRPC_ERROR_NONE) { // Enter IDLE state. - UpdateStateAndPickerLocked(GRPC_CHANNEL_IDLE, "channel entering IDLE", - nullptr); + UpdateStateAndPickerLocked(GRPC_CHANNEL_IDLE, absl::Status(), + "channel entering IDLE", nullptr); } GRPC_ERROR_UNREF(op->disconnect_with_error); } else { @@ -1948,7 +1953,7 @@ void ChannelData::StartTransportOpLocked(grpc_transport_op* op) { GRPC_ERROR_NONE); disconnect_error_.Store(op->disconnect_with_error, MemoryOrder::RELEASE); UpdateStateAndPickerLocked( - GRPC_CHANNEL_SHUTDOWN, "shutdown from API", + GRPC_CHANNEL_SHUTDOWN, absl::Status(), "shutdown from API", absl::make_unique( GRPC_ERROR_REF(op->disconnect_with_error))); } diff --git a/src/core/ext/filters/client_channel/health/health_check_client.cc b/src/core/ext/filters/client_channel/health/health_check_client.cc index e708a59c571..5d65293af29 100644 --- a/src/core/ext/filters/client_channel/health/health_check_client.cc +++ b/src/core/ext/filters/client_channel/health/health_check_client.cc @@ -91,7 +91,11 @@ void HealthCheckClient::SetHealthStatusLocked(grpc_connectivity_state state, gpr_log(GPR_INFO, "HealthCheckClient %p: setting state=%s reason=%s", this, ConnectivityStateName(state), reason); } - if (watcher_ != nullptr) watcher_->Notify(state); + if (watcher_ != nullptr) + watcher_->Notify(state, + state == GRPC_CHANNEL_TRANSIENT_FAILURE + ? absl::Status(absl::StatusCode::kUnavailable, reason) + : absl::Status()); } void HealthCheckClient::Orphan() { diff --git a/src/core/ext/filters/client_channel/lb_policy.h b/src/core/ext/filters/client_channel/lb_policy.h index 6a290a3f51b..81f5bb33b20 100644 --- a/src/core/ext/filters/client_channel/lb_policy.h +++ b/src/core/ext/filters/client_channel/lb_policy.h @@ -24,6 +24,7 @@ #include #include +#include "absl/status/status.h" #include "absl/strings/string_view.h" #include "src/core/ext/filters/client_channel/server_address.h" @@ -283,6 +284,7 @@ class LoadBalancingPolicy : public InternallyRefCounted { /// Sets the connectivity state and returns a new picker to be used /// by the client channel. virtual void UpdateState(grpc_connectivity_state state, + const absl::Status& status, std::unique_ptr) = 0; /// Requests that the resolver re-resolve. diff --git a/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc b/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc index 8d8003d185a..1464c718602 100644 --- a/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +++ b/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc @@ -45,7 +45,7 @@ class ChildPolicyHandler::Helper return parent_->channel_control_helper()->CreateSubchannel(args); } - void UpdateState(grpc_connectivity_state state, + void UpdateState(grpc_connectivity_state state, const absl::Status& status, std::unique_ptr picker) override { if (parent_->shutting_down_) return; // If this request is from the pending child policy, ignore it until @@ -55,8 +55,9 @@ class ChildPolicyHandler::Helper if (GRPC_TRACE_FLAG_ENABLED(*(parent_->tracer_))) { gpr_log(GPR_INFO, "[child_policy_handler %p] helper %p: pending child policy %p " - "reports state=%s", - parent_.get(), this, child_, ConnectivityStateName(state)); + "reports state=%s (%s)", + parent_.get(), this, child_, ConnectivityStateName(state), + status.ToString().c_str()); } if (state == GRPC_CHANNEL_CONNECTING) return; grpc_pollset_set_del_pollset_set( @@ -67,7 +68,8 @@ class ChildPolicyHandler::Helper // This request is from an outdated child, so ignore it. return; } - parent_->channel_control_helper()->UpdateState(state, std::move(picker)); + parent_->channel_control_helper()->UpdateState(state, status, + std::move(picker)); } void RequestReresolution() override { diff --git a/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc b/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc index e4248a6f556..878951866ee 100644 --- a/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +++ b/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc @@ -304,7 +304,7 @@ class GrpcLb : public LoadBalancingPolicy { RefCountedPtr CreateSubchannel( const grpc_channel_args& args) override; - void UpdateState(grpc_connectivity_state state, + void UpdateState(grpc_connectivity_state state, const absl::Status& status, std::unique_ptr picker) override; void RequestReresolution() override; void AddTraceEvent(TraceSeverity severity, @@ -323,15 +323,16 @@ class GrpcLb : public LoadBalancingPolicy { ~StateWatcher() { parent_.reset(DEBUG_LOCATION, "StateWatcher"); } private: - void OnConnectivityStateChange(grpc_connectivity_state new_state) override { + void OnConnectivityStateChange(grpc_connectivity_state new_state, + const absl::Status& status) override { if (parent_->fallback_at_startup_checks_pending_ && new_state == GRPC_CHANNEL_TRANSIENT_FAILURE) { // In TRANSIENT_FAILURE. Cancel the fallback timer and go into // fallback mode immediately. gpr_log(GPR_INFO, - "[grpclb %p] balancer channel in state TRANSIENT_FAILURE; " + "[grpclb %p] balancer channel in state:TRANSIENT_FAILURE (%s); " "entering fallback mode", - parent_.get()); + parent_.get(), status.ToString().c_str()); parent_->fallback_at_startup_checks_pending_ = false; grpc_timer_cancel(&parent_->lb_fallback_timer_); parent_->fallback_mode_ = true; @@ -660,6 +661,7 @@ RefCountedPtr GrpcLb::Helper::CreateSubchannel( } void GrpcLb::Helper::UpdateState(grpc_connectivity_state state, + const absl::Status& status, std::unique_ptr picker) { if (parent_->shutting_down_) return; // Record whether child policy reports READY. @@ -690,16 +692,22 @@ void GrpcLb::Helper::UpdateState(grpc_connectivity_state state, state != GRPC_CHANNEL_READY)) { if (GRPC_TRACE_FLAG_ENABLED(grpc_lb_glb_trace)) { gpr_log(GPR_INFO, - "[grpclb %p helper %p] state=%s passing child picker %p as-is", - parent_.get(), this, ConnectivityStateName(state), picker.get()); + "[grpclb %p helper %p] state=%s (%s) passing " + "child picker %p as-is", + parent_.get(), this, ConnectivityStateName(state), + status.ToString().c_str(), picker.get()); } - parent_->channel_control_helper()->UpdateState(state, std::move(picker)); + parent_->channel_control_helper()->UpdateState(state, status, + std::move(picker)); return; } // Cases 2 and 3a: wrap picker from the child in our own picker. if (GRPC_TRACE_FLAG_ENABLED(grpc_lb_glb_trace)) { - gpr_log(GPR_INFO, "[grpclb %p helper %p] state=%s wrapping child picker %p", - parent_.get(), this, ConnectivityStateName(state), picker.get()); + gpr_log(GPR_INFO, + "[grpclb %p helper %p] state=%s (%s) wrapping child " + "picker %p", + parent_.get(), this, ConnectivityStateName(state), + status.ToString().c_str(), picker.get()); } RefCountedPtr client_stats; if (parent_->lb_calld_ != nullptr && @@ -707,7 +715,7 @@ void GrpcLb::Helper::UpdateState(grpc_connectivity_state state, client_stats = parent_->lb_calld_->client_stats()->Ref(); } parent_->channel_control_helper()->UpdateState( - state, + state, status, absl::make_unique(parent_.get(), parent_->serverlist_, std::move(picker), std::move(client_stats))); } diff --git a/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc b/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc index 246b15a3549..4a1f006cf64 100644 --- a/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +++ b/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc @@ -30,6 +30,7 @@ #include "src/core/lib/gprpp/sync.h" #include "src/core/lib/iomgr/sockaddr_utils.h" #include "src/core/lib/transport/connectivity_state.h" +#include "src/core/lib/transport/error_utils.h" namespace grpc_core { @@ -200,7 +201,7 @@ void PickFirst::AttemptToConnectUsingLatestUpdateArgsLocked() { grpc_error_set_int(GRPC_ERROR_CREATE_FROM_STATIC_STRING("Empty update"), GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_UNAVAILABLE); channel_control_helper()->UpdateState( - GRPC_CHANNEL_TRANSIENT_FAILURE, + GRPC_CHANNEL_TRANSIENT_FAILURE, grpc_error_to_absl_status(error), absl::make_unique(error)); return; } @@ -318,12 +319,13 @@ void PickFirst::PickFirstSubchannelData::ProcessConnectivityChangeLocked( "selected subchannel failed; switching to pending update"), GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_UNAVAILABLE); p->channel_control_helper()->UpdateState( - GRPC_CHANNEL_TRANSIENT_FAILURE, + GRPC_CHANNEL_TRANSIENT_FAILURE, grpc_error_to_absl_status(error), absl::make_unique(error)); } else { p->channel_control_helper()->UpdateState( - GRPC_CHANNEL_CONNECTING, absl::make_unique(p->Ref( - DEBUG_LOCATION, "QueuePicker"))); + GRPC_CHANNEL_CONNECTING, absl::Status(), + absl::make_unique( + p->Ref(DEBUG_LOCATION, "QueuePicker"))); } } else { if (connectivity_state == GRPC_CHANNEL_TRANSIENT_FAILURE) { @@ -338,20 +340,22 @@ void PickFirst::PickFirstSubchannelData::ProcessConnectivityChangeLocked( p->selected_ = nullptr; p->subchannel_list_.reset(); p->channel_control_helper()->UpdateState( - GRPC_CHANNEL_IDLE, absl::make_unique( - p->Ref(DEBUG_LOCATION, "QueuePicker"))); + GRPC_CHANNEL_IDLE, absl::Status(), + absl::make_unique( + p->Ref(DEBUG_LOCATION, "QueuePicker"))); } else { // This is unlikely but can happen when a subchannel has been asked // to reconnect by a different channel and this channel has dropped // some connectivity state notifications. if (connectivity_state == GRPC_CHANNEL_READY) { p->channel_control_helper()->UpdateState( - GRPC_CHANNEL_READY, + GRPC_CHANNEL_READY, absl::Status(), absl::make_unique(subchannel()->Ref())); } else { // CONNECTING p->channel_control_helper()->UpdateState( - connectivity_state, absl::make_unique( - p->Ref(DEBUG_LOCATION, "QueuePicker"))); + connectivity_state, absl::Status(), + absl::make_unique( + p->Ref(DEBUG_LOCATION, "QueuePicker"))); } } } @@ -394,7 +398,7 @@ void PickFirst::PickFirstSubchannelData::ProcessConnectivityChangeLocked( "failed to connect to all addresses"), GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_UNAVAILABLE); p->channel_control_helper()->UpdateState( - GRPC_CHANNEL_TRANSIENT_FAILURE, + GRPC_CHANNEL_TRANSIENT_FAILURE, grpc_error_to_absl_status(error), absl::make_unique(error)); } } @@ -406,8 +410,9 @@ void PickFirst::PickFirstSubchannelData::ProcessConnectivityChangeLocked( // Only update connectivity state in case 1. if (subchannel_list() == p->subchannel_list_.get()) { p->channel_control_helper()->UpdateState( - GRPC_CHANNEL_CONNECTING, absl::make_unique(p->Ref( - DEBUG_LOCATION, "QueuePicker"))); + GRPC_CHANNEL_CONNECTING, absl::Status(), + absl::make_unique( + p->Ref(DEBUG_LOCATION, "QueuePicker"))); } break; } @@ -446,7 +451,8 @@ void PickFirst::PickFirstSubchannelData::ProcessUnselectedReadyLocked() { } p->selected_ = this; p->channel_control_helper()->UpdateState( - GRPC_CHANNEL_READY, absl::make_unique(subchannel()->Ref())); + GRPC_CHANNEL_READY, absl::Status(), + absl::make_unique(subchannel()->Ref())); for (size_t i = 0; i < subchannel_list()->num_subchannels(); ++i) { if (i != Index()) { subchannel_list()->subchannel(i)->ShutdownLocked(); diff --git a/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc b/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc index 19fc45f4f87..6b0489ceb16 100644 --- a/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +++ b/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc @@ -20,6 +20,7 @@ #include #include "absl/strings/str_cat.h" +#include "absl/strings/str_format.h" #include @@ -33,6 +34,7 @@ #include "src/core/lib/gprpp/ref_counted_ptr.h" #include "src/core/lib/iomgr/timer.h" #include "src/core/lib/iomgr/work_serializer.h" +#include "src/core/lib/transport/error_utils.h" namespace grpc_core { @@ -113,6 +115,11 @@ class PriorityLb : public LoadBalancingPolicy { grpc_connectivity_state connectivity_state() const { return connectivity_state_; } + + const absl::Status& connectivity_status() const { + return connectivity_status_; + } + bool failover_timer_callback_pending() const { return failover_timer_callback_pending_; } @@ -150,6 +157,7 @@ class PriorityLb : public LoadBalancingPolicy { RefCountedPtr CreateSubchannel( const grpc_channel_args& args) override; void UpdateState(grpc_connectivity_state state, + const absl::Status& status, std::unique_ptr picker) override; void RequestReresolution() override; void AddTraceEvent(TraceSeverity severity, @@ -164,7 +172,7 @@ class PriorityLb : public LoadBalancingPolicy { const grpc_channel_args* args); void OnConnectivityStateUpdateLocked( - grpc_connectivity_state state, + grpc_connectivity_state state, const absl::Status& status, std::unique_ptr picker); void StartFailoverTimerLocked(); @@ -180,6 +188,7 @@ class PriorityLb : public LoadBalancingPolicy { OrphanablePtr child_policy_; grpc_connectivity_state connectivity_state_ = GRPC_CHANNEL_CONNECTING; + absl::Status connectivity_status_; RefCountedPtr picker_wrapper_; // States for delayed removal. @@ -334,6 +343,7 @@ void PriorityLb::HandleChildConnectivityStateChangeLocked( // If it's still READY or IDLE, we stick with this child, so pass // the new picker up to our parent. channel_control_helper()->UpdateState(child->connectivity_state(), + child->connectivity_status(), child->GetPicker()); } else { // If it's no longer READY or IDLE, we should stop using it. @@ -380,6 +390,7 @@ void PriorityLb::HandleChildConnectivityStateChangeLocked( // The current priority has returned a new picker, so pass it up to // our parent. channel_control_helper()->UpdateState(child->connectivity_state(), + child->connectivity_status(), child->GetPicker()); } @@ -409,7 +420,7 @@ void PriorityLb::TryNextPriorityLocked(bool report_connecting) { if (child == nullptr) { if (report_connecting) { channel_control_helper()->UpdateState( - GRPC_CHANNEL_CONNECTING, + GRPC_CHANNEL_CONNECTING, absl::Status(), absl::make_unique(Ref(DEBUG_LOCATION, "QueuePicker"))); } child = MakeOrphanable( @@ -436,7 +447,7 @@ void PriorityLb::TryNextPriorityLocked(bool report_connecting) { } if (report_connecting) { channel_control_helper()->UpdateState( - GRPC_CHANNEL_CONNECTING, + GRPC_CHANNEL_CONNECTING, absl::Status(), absl::make_unique(Ref(DEBUG_LOCATION, "QueuePicker"))); } return; @@ -456,7 +467,7 @@ void PriorityLb::TryNextPriorityLocked(bool report_connecting) { GRPC_ERROR_CREATE_FROM_STATIC_STRING("no ready priority"), GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_UNAVAILABLE); channel_control_helper()->UpdateState( - GRPC_CHANNEL_TRANSIENT_FAILURE, + GRPC_CHANNEL_TRANSIENT_FAILURE, grpc_error_to_absl_status(error), absl::make_unique(error)); } @@ -476,6 +487,7 @@ void PriorityLb::SelectPriorityLocked(uint32_t priority) { // Update picker. auto& child = children_[config_->priorities()[priority]]; channel_control_helper()->UpdateState(child->connectivity_state(), + child->connectivity_status(), child->GetPicker()); } @@ -584,15 +596,18 @@ void PriorityLb::ChildPriority::ResetBackoffLocked() { } void PriorityLb::ChildPriority::OnConnectivityStateUpdateLocked( - grpc_connectivity_state state, std::unique_ptr picker) { + grpc_connectivity_state state, const absl::Status& status, + std::unique_ptr picker) { if (GRPC_TRACE_FLAG_ENABLED(grpc_lb_priority_trace)) { gpr_log(GPR_INFO, - "[priority_lb %p] child %s (%p): state update: %s, picker %p", + "[priority_lb %p] child %s (%p): state update: %s (%s) picker %p", priority_policy_.get(), name_.c_str(), this, - ConnectivityStateName(state), picker.get()); + ConnectivityStateName(state), status.ToString().c_str(), + picker.get()); } // Store the state and picker. connectivity_state_ = state; + connectivity_status_ = status; picker_wrapper_ = MakeRefCounted(std::move(picker)); // If READY or TRANSIENT_FAILURE, cancel failover timer. if (state == GRPC_CHANNEL_READY || state == GRPC_CHANNEL_TRANSIENT_FAILURE) { @@ -646,7 +661,10 @@ void PriorityLb::ChildPriority::OnFailoverTimerLocked(grpc_error* error) { priority_policy_.get(), name_.c_str(), this); } failover_timer_callback_pending_ = false; - OnConnectivityStateUpdateLocked(GRPC_CHANNEL_TRANSIENT_FAILURE, nullptr); + OnConnectivityStateUpdateLocked( + GRPC_CHANNEL_TRANSIENT_FAILURE, + absl::Status(absl::StatusCode::kUnavailable, "failover timer fired"), + nullptr); } Unref(DEBUG_LOCATION, "ChildPriority+OnFailoverTimerLocked"); GRPC_ERROR_UNREF(error); @@ -725,10 +743,11 @@ PriorityLb::ChildPriority::Helper::CreateSubchannel( } void PriorityLb::ChildPriority::Helper::UpdateState( - grpc_connectivity_state state, std::unique_ptr picker) { + grpc_connectivity_state state, const absl::Status& status, + std::unique_ptr picker) { if (priority_->priority_policy_->shutting_down_) return; // Notify the priority. - priority_->OnConnectivityStateUpdateLocked(state, std::move(picker)); + priority_->OnConnectivityStateUpdateLocked(state, status, std::move(picker)); } void PriorityLb::ChildPriority::Helper::AddTraceEvent( diff --git a/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc b/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc index 56b71b69dfc..d1ad2ca35e7 100644 --- a/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +++ b/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc @@ -40,6 +40,7 @@ #include "src/core/lib/gprpp/sync.h" #include "src/core/lib/iomgr/sockaddr_utils.h" #include "src/core/lib/transport/connectivity_state.h" +#include "src/core/lib/transport/error_utils.h" #include "src/core/lib/transport/static_metadata.h" namespace grpc_core { @@ -322,11 +323,11 @@ void RoundRobin::RoundRobinSubchannelList:: if (num_ready_ > 0) { /* 1) READY */ p->channel_control_helper()->UpdateState( - GRPC_CHANNEL_READY, absl::make_unique(p, this)); + GRPC_CHANNEL_READY, absl::Status(), absl::make_unique(p, this)); } else if (num_connecting_ > 0) { /* 2) CONNECTING */ p->channel_control_helper()->UpdateState( - GRPC_CHANNEL_CONNECTING, + GRPC_CHANNEL_CONNECTING, absl::Status(), absl::make_unique(p->Ref(DEBUG_LOCATION, "QueuePicker"))); } else if (num_transient_failure_ == num_subchannels()) { /* 3) TRANSIENT_FAILURE */ @@ -335,7 +336,7 @@ void RoundRobin::RoundRobinSubchannelList:: "connections to all backends failing"), GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_UNAVAILABLE); p->channel_control_helper()->UpdateState( - GRPC_CHANNEL_TRANSIENT_FAILURE, + GRPC_CHANNEL_TRANSIENT_FAILURE, grpc_error_to_absl_status(error), absl::make_unique(error)); } } @@ -452,7 +453,7 @@ void RoundRobin::UpdateLocked(UpdateArgs args) { grpc_error_set_int(GRPC_ERROR_CREATE_FROM_STATIC_STRING("Empty update"), GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_UNAVAILABLE); channel_control_helper()->UpdateState( - GRPC_CHANNEL_TRANSIENT_FAILURE, + GRPC_CHANNEL_TRANSIENT_FAILURE, grpc_error_to_absl_status(error), absl::make_unique(error)); subchannel_list_ = std::move(latest_pending_subchannel_list_); } else if (subchannel_list_ == nullptr) { diff --git a/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc b/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc index 96491b68642..83bc6cc9a54 100644 --- a/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +++ b/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc @@ -36,6 +36,7 @@ #include "src/core/lib/gprpp/ref_counted_ptr.h" #include "src/core/lib/iomgr/timer.h" #include "src/core/lib/iomgr/work_serializer.h" +#include "src/core/lib/transport/error_utils.h" namespace grpc_core { @@ -146,6 +147,7 @@ class WeightedTargetLb : public LoadBalancingPolicy { RefCountedPtr CreateSubchannel( const grpc_channel_args& args) override; void UpdateState(grpc_connectivity_state state, + const absl::Status& status, std::unique_ptr picker) override; void RequestReresolution() override; void AddTraceEvent(TraceSeverity severity, @@ -160,7 +162,7 @@ class WeightedTargetLb : public LoadBalancingPolicy { const grpc_channel_args* args); void OnConnectivityStateUpdateLocked( - grpc_connectivity_state state, + grpc_connectivity_state state, const absl::Status& status, std::unique_ptr picker); static void OnDelayedRemovalTimer(void* arg, grpc_error* error); @@ -375,6 +377,7 @@ void WeightedTargetLb::UpdateStateLocked() { this, ConnectivityStateName(connectivity_state)); } std::unique_ptr picker; + absl::Status status; switch (connectivity_state) { case GRPC_CHANNEL_READY: picker = absl::make_unique(std::move(picker_list)); @@ -385,11 +388,15 @@ void WeightedTargetLb::UpdateStateLocked() { absl::make_unique(Ref(DEBUG_LOCATION, "QueuePicker")); break; default: - picker = absl::make_unique( + grpc_error* error = grpc_error_set_int( GRPC_ERROR_CREATE_FROM_STATIC_STRING( - "weighted_target: all children report state TRANSIENT_FAILURE")); + "weighted_target: all children report state TRANSIENT_FAILURE"), + GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_UNAVAILABLE); + status = grpc_error_to_absl_status(error); + picker = absl::make_unique(error); } - channel_control_helper()->UpdateState(connectivity_state, std::move(picker)); + channel_control_helper()->UpdateState(connectivity_state, status, + std::move(picker)); } // @@ -508,15 +515,17 @@ void WeightedTargetLb::WeightedChild::ResetBackoffLocked() { } void WeightedTargetLb::WeightedChild::OnConnectivityStateUpdateLocked( - grpc_connectivity_state state, std::unique_ptr picker) { + grpc_connectivity_state state, const absl::Status& status, + std::unique_ptr picker) { // Cache the picker in the WeightedChild. picker_wrapper_ = MakeRefCounted(std::move(picker)); if (GRPC_TRACE_FLAG_ENABLED(grpc_lb_weighted_target_trace)) { gpr_log(GPR_INFO, "[weighted_target_lb %p] WeightedChild %p %s: connectivity " - "state update: state=%s picker_wrapper=%p", + "state update: state=%s (%s) picker_wrapper=%p", weighted_target_policy_.get(), this, name_.c_str(), - ConnectivityStateName(state), picker_wrapper_.get()); + ConnectivityStateName(state), status.ToString().c_str(), + picker_wrapper_.get()); } // If the child reports IDLE, immediately tell it to exit idle. if (state == GRPC_CHANNEL_IDLE) child_policy_->ExitIdleLocked(); @@ -589,9 +598,11 @@ WeightedTargetLb::WeightedChild::Helper::CreateSubchannel( } void WeightedTargetLb::WeightedChild::Helper::UpdateState( - grpc_connectivity_state state, std::unique_ptr picker) { + grpc_connectivity_state state, const absl::Status& status, + std::unique_ptr picker) { if (weighted_child_->weighted_target_policy_->shutting_down_) return; - weighted_child_->OnConnectivityStateUpdateLocked(state, std::move(picker)); + weighted_child_->OnConnectivityStateUpdateLocked(state, status, + std::move(picker)); } void WeightedTargetLb::WeightedChild::Helper::RequestReresolution() { diff --git a/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc b/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc index 500f1ac056b..fb161fcb26c 100644 --- a/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +++ b/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc @@ -29,6 +29,7 @@ #include "src/core/lib/gprpp/memory.h" #include "src/core/lib/gprpp/orphanable.h" #include "src/core/lib/gprpp/ref_counted_ptr.h" +#include "src/core/lib/transport/error_utils.h" namespace grpc_core { @@ -79,7 +80,7 @@ class CdsLb : public LoadBalancingPolicy { explicit Helper(RefCountedPtr parent) : parent_(std::move(parent)) {} RefCountedPtr CreateSubchannel( const grpc_channel_args& args) override; - void UpdateState(grpc_connectivity_state state, + void UpdateState(grpc_connectivity_state state, const absl::Status& status, std::unique_ptr picker) override; void RequestReresolution() override; void AddTraceEvent(TraceSeverity severity, @@ -209,7 +210,7 @@ void CdsLb::ClusterWatcher::OnError(grpc_error* error) { // we keep running with the data we had previously. if (parent_->child_policy_ == nullptr) { parent_->channel_control_helper()->UpdateState( - GRPC_CHANNEL_TRANSIENT_FAILURE, + GRPC_CHANNEL_TRANSIENT_FAILURE, grpc_error_to_absl_status(error), absl::make_unique(error)); } else { GRPC_ERROR_UNREF(error); @@ -221,13 +222,15 @@ void CdsLb::ClusterWatcher::OnResourceDoesNotExist() { "[cdslb %p] CDS resource for %s does not exist -- reporting " "TRANSIENT_FAILURE", parent_.get(), parent_->config_->cluster().c_str()); + grpc_error* error = grpc_error_set_int( + GRPC_ERROR_CREATE_FROM_COPIED_STRING( + absl::StrCat("CDS resource \"", parent_->config_->cluster(), + "\" does not exist") + .c_str()), + GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_UNAVAILABLE); parent_->channel_control_helper()->UpdateState( - GRPC_CHANNEL_TRANSIENT_FAILURE, - absl::make_unique( - GRPC_ERROR_CREATE_FROM_COPIED_STRING( - absl::StrCat("CDS resource \"", parent_->config_->cluster(), - "\" does not exist") - .c_str()))); + GRPC_CHANNEL_TRANSIENT_FAILURE, grpc_error_to_absl_status(error), + absl::make_unique(error)); parent_->MaybeDestroyChildPolicyLocked(); } @@ -242,13 +245,16 @@ RefCountedPtr CdsLb::Helper::CreateSubchannel( } void CdsLb::Helper::UpdateState(grpc_connectivity_state state, + const absl::Status& status, std::unique_ptr picker) { if (parent_->shutting_down_ || parent_->child_policy_ == nullptr) return; if (GRPC_TRACE_FLAG_ENABLED(grpc_cds_lb_trace)) { - gpr_log(GPR_INFO, "[cdslb %p] state updated by child: %s", this, - ConnectivityStateName(state)); + gpr_log(GPR_INFO, + "[cdslb %p] state updated by child: %s message_state: (%s)", this, + ConnectivityStateName(state), status.ToString().c_str()); } - parent_->channel_control_helper()->UpdateState(state, std::move(picker)); + parent_->channel_control_helper()->UpdateState(state, status, + std::move(picker)); } void CdsLb::Helper::RequestReresolution() { diff --git a/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc b/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc index c1bbf742cee..da9d0aaff7d 100644 --- a/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +++ b/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc @@ -40,6 +40,7 @@ #include "src/core/lib/gprpp/ref_counted_ptr.h" #include "src/core/lib/iomgr/timer.h" #include "src/core/lib/iomgr/work_serializer.h" +#include "src/core/lib/transport/error_utils.h" #include "src/core/lib/uri/uri_parser.h" #define GRPC_EDS_DEFAULT_FALLBACK_TIMEOUT 10000 @@ -133,7 +134,7 @@ class EdsLb : public LoadBalancingPolicy { RefCountedPtr CreateSubchannel( const grpc_channel_args& args) override; - void UpdateState(grpc_connectivity_state state, + void UpdateState(grpc_connectivity_state state, const absl::Status& status, std::unique_ptr picker) override; // This is a no-op, because we get the addresses from the xds // client, which is a watch-based API. @@ -214,6 +215,7 @@ class EdsLb : public LoadBalancingPolicy { // The latest state and picker returned from the child policy. grpc_connectivity_state child_state_; + absl::Status child_status_; RefCountedPtr child_picker_; }; @@ -265,16 +267,21 @@ RefCountedPtr EdsLb::Helper::CreateSubchannel( } void EdsLb::Helper::UpdateState(grpc_connectivity_state state, + const absl::Status& status, std::unique_ptr picker) { if (eds_policy_->shutting_down_ || eds_policy_->child_policy_ == nullptr) { return; } if (GRPC_TRACE_FLAG_ENABLED(grpc_lb_eds_trace)) { - gpr_log(GPR_INFO, "[edslb %p] child policy updated state=%s picker=%p", - eds_policy_.get(), ConnectivityStateName(state), picker.get()); + gpr_log(GPR_INFO, + "[edslb %p] child policy updated state=%s (%s) " + "picker=%p", + eds_policy_.get(), ConnectivityStateName(state), + status.ToString().c_str(), picker.get()); } // Save the state and picker. eds_policy_->child_state_ = state; + eds_policy_->child_status_ = status; eds_policy_->child_picker_ = MakeRefCounted(std::move(picker)); // Wrap the picker in a DropPicker and pass it up. @@ -339,7 +346,7 @@ class EdsLb::EndpointWatcher : public XdsClient::EndpointWatcherInterface { // we keep running with the data we had previously. if (eds_policy_->child_policy_ == nullptr) { eds_policy_->channel_control_helper()->UpdateState( - GRPC_CHANNEL_TRANSIENT_FAILURE, + GRPC_CHANNEL_TRANSIENT_FAILURE, grpc_error_to_absl_status(error), absl::make_unique(error)); } else { GRPC_ERROR_UNREF(error); @@ -351,11 +358,12 @@ class EdsLb::EndpointWatcher : public XdsClient::EndpointWatcherInterface { GPR_ERROR, "[edslb %p] EDS resource does not exist -- reporting TRANSIENT_FAILURE", eds_policy_.get()); + grpc_error* error = grpc_error_set_int( + GRPC_ERROR_CREATE_FROM_STATIC_STRING("EDS resource does not exist"), + GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_UNAVAILABLE); eds_policy_->channel_control_helper()->UpdateState( - GRPC_CHANNEL_TRANSIENT_FAILURE, - absl::make_unique( - GRPC_ERROR_CREATE_FROM_STATIC_STRING( - "EDS resource does not exist"))); + GRPC_CHANNEL_TRANSIENT_FAILURE, grpc_error_to_absl_status(error), + absl::make_unique(error)); eds_policy_->MaybeDestroyChildPolicyLocked(); } @@ -688,7 +696,7 @@ EdsLb::CreateChildPolicyConfigLocked() { error), GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_INTERNAL); channel_control_helper()->UpdateState( - GRPC_CHANNEL_TRANSIENT_FAILURE, + GRPC_CHANNEL_TRANSIENT_FAILURE, grpc_error_to_absl_status(error), absl::make_unique(error)); return nullptr; } @@ -769,13 +777,13 @@ void EdsLb::MaybeUpdateDropPickerLocked() { // If we're dropping all calls, report READY, regardless of what (or // whether) the child has reported. if (drop_config_ != nullptr && drop_config_->drop_all()) { - channel_control_helper()->UpdateState(GRPC_CHANNEL_READY, + channel_control_helper()->UpdateState(GRPC_CHANNEL_READY, absl::Status(), absl::make_unique(this)); return; } // Update only if we have a child picker. if (child_picker_ != nullptr) { - channel_control_helper()->UpdateState(child_state_, + channel_control_helper()->UpdateState(child_state_, child_status_, absl::make_unique(this)); } } diff --git a/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc b/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc index 0aca12dfed2..51027574b32 100644 --- a/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +++ b/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc @@ -120,7 +120,7 @@ class LrsLb : public LoadBalancingPolicy { RefCountedPtr CreateSubchannel( const grpc_channel_args& args) override; - void UpdateState(grpc_connectivity_state state, + void UpdateState(grpc_connectivity_state state, const absl::Status& status, std::unique_ptr picker) override; void RequestReresolution() override; void AddTraceEvent(TraceSeverity severity, @@ -157,6 +157,7 @@ class LrsLb : public LoadBalancingPolicy { // Latest state and picker reported by the child policy. grpc_connectivity_state state_ = GRPC_CHANNEL_IDLE; + absl::Status status_; RefCountedPtr picker_; }; @@ -266,10 +267,14 @@ void LrsLb::MaybeUpdatePickerLocked() { auto lrs_picker = absl::make_unique(picker_, locality_stats_); if (GRPC_TRACE_FLAG_ENABLED(grpc_lb_lrs_trace)) { - gpr_log(GPR_INFO, "[lrs_lb %p] updating connectivity: state=%s picker=%p", - this, ConnectivityStateName(state_), lrs_picker.get()); + gpr_log( + GPR_INFO, + "[lrs_lb %p] updating connectivity: state=%s status=(%s) picker=%p", + this, ConnectivityStateName(state_), status_.ToString().c_str(), + lrs_picker.get()); } - channel_control_helper()->UpdateState(state_, std::move(lrs_picker)); + channel_control_helper()->UpdateState(state_, status_, + std::move(lrs_picker)); } } @@ -325,15 +330,19 @@ RefCountedPtr LrsLb::Helper::CreateSubchannel( } void LrsLb::Helper::UpdateState(grpc_connectivity_state state, + const absl::Status& status, std::unique_ptr picker) { if (lrs_policy_->shutting_down_) return; if (GRPC_TRACE_FLAG_ENABLED(grpc_lb_lrs_trace)) { - gpr_log(GPR_INFO, - "[lrs_lb %p] child connectivity state update: state=%s picker=%p", - lrs_policy_.get(), ConnectivityStateName(state), picker.get()); + gpr_log( + GPR_INFO, + "[lrs_lb %p] child connectivity state update: state=%s (%s) picker=%p", + lrs_policy_.get(), ConnectivityStateName(state), + status.ToString().c_str(), picker.get()); } // Save the state and picker. lrs_policy_->state_ = state; + lrs_policy_->status_ = status; lrs_policy_->picker_ = MakeRefCounted(std::move(picker)); // Wrap the picker and return it to the channel. lrs_policy_->MaybeUpdatePickerLocked(); diff --git a/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc b/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc index 2adc7cd9551..a3672e14bce 100644 --- a/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +++ b/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc @@ -42,6 +42,7 @@ #include "src/core/lib/gprpp/ref_counted_ptr.h" #include "src/core/lib/iomgr/timer.h" #include "src/core/lib/iomgr/work_serializer.h" +#include "src/core/lib/transport/error_utils.h" #define GRPC_XDS_ROUTING_CHILD_RETENTION_INTERVAL_MS (15 * 60 * 1000) @@ -165,6 +166,7 @@ class XdsRoutingLb : public LoadBalancingPolicy { RefCountedPtr CreateSubchannel( const grpc_channel_args& args) override; void UpdateState(grpc_connectivity_state state, + const absl::Status& status, std::unique_ptr picker) override; void RequestReresolution() override; void AddTraceEvent(TraceSeverity severity, @@ -464,6 +466,7 @@ void XdsRoutingLb::UpdateStateLocked() { ConnectivityStateName(connectivity_state)); } std::unique_ptr picker; + absl::Status status; switch (connectivity_state) { case GRPC_CHANNEL_READY: { RoutePicker::RouteTable route_table; @@ -493,12 +496,15 @@ void XdsRoutingLb::UpdateStateLocked() { absl::make_unique(Ref(DEBUG_LOCATION, "QueuePicker")); break; default: - picker = absl::make_unique(grpc_error_set_int( + grpc_error* error = grpc_error_set_int( GRPC_ERROR_CREATE_FROM_STATIC_STRING( "TRANSIENT_FAILURE from XdsRoutingLb"), - GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_UNAVAILABLE)); + GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_UNAVAILABLE); + status = grpc_error_to_absl_status(error); + picker = absl::make_unique(error); } - channel_control_helper()->UpdateState(connectivity_state, std::move(picker)); + channel_control_helper()->UpdateState(connectivity_state, status, + std::move(picker)); } // @@ -654,13 +660,15 @@ XdsRoutingLb::XdsRoutingChild::Helper::CreateSubchannel( } void XdsRoutingLb::XdsRoutingChild::Helper::UpdateState( - grpc_connectivity_state state, std::unique_ptr picker) { + grpc_connectivity_state state, const absl::Status& status, + std::unique_ptr picker) { if (GRPC_TRACE_FLAG_ENABLED(grpc_xds_routing_lb_trace)) { gpr_log(GPR_INFO, - "[xds_routing_lb %p] child %s: received update: state=%s picker=%p", + "[xds_routing_lb %p] child %s: received update: state=%s (%s) " + "picker=%p", xds_routing_child_->xds_routing_policy_.get(), xds_routing_child_->name_.c_str(), ConnectivityStateName(state), - picker.get()); + status.ToString().c_str(), picker.get()); } if (xds_routing_child_->xds_routing_policy_->shutting_down_) return; // Cache the picker in the XdsRoutingChild. diff --git a/src/core/ext/filters/client_channel/resolving_lb_policy.cc b/src/core/ext/filters/client_channel/resolving_lb_policy.cc index 356123c50ae..ce204f030e7 100644 --- a/src/core/ext/filters/client_channel/resolving_lb_policy.cc +++ b/src/core/ext/filters/client_channel/resolving_lb_policy.cc @@ -114,10 +114,11 @@ class ResolvingLoadBalancingPolicy::ResolvingControlHelper return parent_->channel_control_helper()->CreateSubchannel(args); } - void UpdateState(grpc_connectivity_state state, + void UpdateState(grpc_connectivity_state state, const absl::Status& status, std::unique_ptr picker) override { if (parent_->resolver_ == nullptr) return; // Shutting down. - parent_->channel_control_helper()->UpdateState(state, std::move(picker)); + parent_->channel_control_helper()->UpdateState(state, status, + std::move(picker)); } void RequestReresolution() override { @@ -160,7 +161,7 @@ ResolvingLoadBalancingPolicy::ResolvingLoadBalancingPolicy( if (GRPC_TRACE_FLAG_ENABLED(*tracer_)) { gpr_log(GPR_INFO, "resolving_lb=%p: starting name resolution", this); } - channel_control_helper()->UpdateState(GRPC_CHANNEL_CONNECTING, + channel_control_helper()->UpdateState(GRPC_CHANNEL_CONNECTING, absl::Status(), absl::make_unique(Ref())); resolver_->StartLocked(); } @@ -214,7 +215,7 @@ void ResolvingLoadBalancingPolicy::OnResolverError(grpc_error* error) { "Resolver transient failure", &error, 1); helper_->ResolverTransientFailure(GRPC_ERROR_REF(state_error)); channel_control_helper()->UpdateState( - GRPC_CHANNEL_TRANSIENT_FAILURE, + GRPC_CHANNEL_TRANSIENT_FAILURE, grpc_error_to_absl_status(state_error), absl::make_unique(state_error)); } GRPC_ERROR_UNREF(error); diff --git a/src/core/ext/filters/client_channel/subchannel.cc b/src/core/ext/filters/client_channel/subchannel.cc index 89a13a3ef74..26bc7f8549f 100644 --- a/src/core/ext/filters/client_channel/subchannel.cc +++ b/src/core/ext/filters/client_channel/subchannel.cc @@ -26,6 +26,8 @@ #include #include +#include "absl/strings/str_format.h" + #include #include @@ -325,7 +327,8 @@ class Subchannel::ConnectedSubchannelStateWatcher } private: - void OnConnectivityStateChange(grpc_connectivity_state new_state) override { + void OnConnectivityStateChange(grpc_connectivity_state new_state, + const absl::Status& status) override { Subchannel* c = subchannel_; MutexLock lock(&c->mu_); switch (new_state) { @@ -343,7 +346,15 @@ class Subchannel::ConnectedSubchannelStateWatcher if (c->channelz_node() != nullptr) { c->channelz_node()->SetChildSocket(nullptr); } - c->SetConnectivityStateLocked(GRPC_CHANNEL_TRANSIENT_FAILURE); + // We need to construct our own status if the underlying state was + // shutdown since the accompanying status will be StatusCode::OK + // otherwise. + c->SetConnectivityStateLocked( + GRPC_CHANNEL_TRANSIENT_FAILURE, + new_state == GRPC_CHANNEL_SHUTDOWN + ? absl::Status(absl::StatusCode::kUnavailable, + "Subchannel has disconnected.") + : status); c->backoff_begun_ = false; c->backoff_.Reset(); } @@ -354,7 +365,7 @@ class Subchannel::ConnectedSubchannelStateWatcher // a callback for READY, because that was the state we started // this watch from. And a connected subchannel should never go // from READY to CONNECTING or IDLE. - c->SetConnectivityStateLocked(new_state); + c->SetConnectivityStateLocked(new_state, status); } } } @@ -368,14 +379,15 @@ class Subchannel::AsyncWatcherNotifierLocked { public: AsyncWatcherNotifierLocked( RefCountedPtr watcher, - Subchannel* subchannel, grpc_connectivity_state state) + Subchannel* subchannel, grpc_connectivity_state state, + const absl::Status& status) : watcher_(std::move(watcher)) { RefCountedPtr connected_subchannel; if (state == GRPC_CHANNEL_READY) { connected_subchannel = subchannel->connected_subchannel_; } watcher_->PushConnectivityStateChange( - {state, std::move(connected_subchannel)}); + {state, status, std::move(connected_subchannel)}); ExecCtx::Run( DEBUG_LOCATION, GRPC_CLOSURE_INIT(&closure_, @@ -409,9 +421,10 @@ void Subchannel::ConnectivityStateWatcherList::RemoveWatcherLocked( } void Subchannel::ConnectivityStateWatcherList::NotifyLocked( - Subchannel* subchannel, grpc_connectivity_state state) { + Subchannel* subchannel, grpc_connectivity_state state, + const absl::Status& status) { for (const auto& p : watchers_) { - new AsyncWatcherNotifierLocked(p.second, subchannel, state); + new AsyncWatcherNotifierLocked(p.second, subchannel, state, status); } } @@ -450,7 +463,7 @@ class Subchannel::HealthWatcherMap::HealthWatcher grpc_connectivity_state initial_state, RefCountedPtr watcher) { if (state_ != initial_state) { - new AsyncWatcherNotifierLocked(watcher, subchannel_, state_); + new AsyncWatcherNotifierLocked(watcher, subchannel_, state_, status_); } watcher_list_.AddWatcherLocked(std::move(watcher)); } @@ -462,7 +475,7 @@ class Subchannel::HealthWatcherMap::HealthWatcher bool HasWatchers() const { return !watcher_list_.empty(); } - void NotifyLocked(grpc_connectivity_state state) { + void NotifyLocked(grpc_connectivity_state state, const absl::Status& status) { if (state == GRPC_CHANNEL_READY) { // If we had not already notified for CONNECTING state, do so now. // (We may have missed this earlier, because if the transition @@ -470,13 +483,15 @@ class Subchannel::HealthWatcherMap::HealthWatcher // subchannel may not have sent us a notification for CONNECTING.) if (state_ != GRPC_CHANNEL_CONNECTING) { state_ = GRPC_CHANNEL_CONNECTING; - watcher_list_.NotifyLocked(subchannel_, state_); + status_ = status; + watcher_list_.NotifyLocked(subchannel_, state_, status); } // If we've become connected, start health checking. StartHealthCheckingLocked(); } else { state_ = state; - watcher_list_.NotifyLocked(subchannel_, state_); + status_ = status; + watcher_list_.NotifyLocked(subchannel_, state_, status); // We're not connected, so stop health checking. health_check_client_.reset(); } @@ -489,11 +504,13 @@ class Subchannel::HealthWatcherMap::HealthWatcher } private: - void OnConnectivityStateChange(grpc_connectivity_state new_state) override { + void OnConnectivityStateChange(grpc_connectivity_state new_state, + const absl::Status& status) override { MutexLock lock(&subchannel_->mu_); if (new_state != GRPC_CHANNEL_SHUTDOWN && health_check_client_ != nullptr) { state_ = new_state; - watcher_list_.NotifyLocked(subchannel_, new_state); + status_ = status; + watcher_list_.NotifyLocked(subchannel_, new_state, status); } } @@ -508,6 +525,7 @@ class Subchannel::HealthWatcherMap::HealthWatcher grpc_core::UniquePtr health_check_service_name_; OrphanablePtr health_check_client_; grpc_connectivity_state state_; + absl::Status status_; ConnectivityStateWatcherList watcher_list_; }; @@ -547,9 +565,10 @@ void Subchannel::HealthWatcherMap::RemoveWatcherLocked( if (!it->second->HasWatchers()) map_.erase(it); } -void Subchannel::HealthWatcherMap::NotifyLocked(grpc_connectivity_state state) { +void Subchannel::HealthWatcherMap::NotifyLocked(grpc_connectivity_state state, + const absl::Status& status) { for (const auto& p : map_) { - p.second->NotifyLocked(state); + p.second->NotifyLocked(state, status); } } @@ -826,7 +845,7 @@ void Subchannel::WatchConnectivityState( } if (health_check_service_name == nullptr) { if (state_ != initial_state) { - new AsyncWatcherNotifierLocked(watcher, this, state_); + new AsyncWatcherNotifierLocked(watcher, this, state_, status_); } watcher_list_.AddWatcherLocked(std::move(watcher)); } else { @@ -928,8 +947,10 @@ const char* SubchannelConnectivityStateChangeString( } // namespace // Note: Must be called with a state that is different from the current state. -void Subchannel::SetConnectivityStateLocked(grpc_connectivity_state state) { +void Subchannel::SetConnectivityStateLocked(grpc_connectivity_state state, + const absl::Status& status) { state_ = state; + status_ = status; if (channelz_node_ != nullptr) { channelz_node_->UpdateConnectivityState(state); channelz_node_->AddTraceEvent( @@ -938,9 +959,9 @@ void Subchannel::SetConnectivityStateLocked(grpc_connectivity_state state) { SubchannelConnectivityStateChangeString(state))); } // Notify non-health watchers. - watcher_list_.NotifyLocked(this, state); + watcher_list_.NotifyLocked(this, state, status); // Notify health watchers. - health_watcher_map_.NotifyLocked(state); + health_watcher_map_.NotifyLocked(state, status); } void Subchannel::MaybeStartConnectingLocked() { @@ -1012,7 +1033,7 @@ void Subchannel::ContinueConnectingLocked() { next_attempt_deadline_ = backoff_.NextAttemptTime(); args.deadline = std::max(next_attempt_deadline_, min_deadline); args.channel_args = args_; - SetConnectivityStateLocked(GRPC_CHANNEL_CONNECTING); + SetConnectivityStateLocked(GRPC_CHANNEL_CONNECTING, absl::Status()); connector_->Connect(args, &connecting_result_, &on_connecting_finished_); } @@ -1031,7 +1052,8 @@ void Subchannel::OnConnectingFinished(void* arg, grpc_error* error) { GRPC_SUBCHANNEL_WEAK_UNREF(c, "connecting"); } else { gpr_log(GPR_INFO, "Connect failed: %s", grpc_error_string(error)); - c->SetConnectivityStateLocked(GRPC_CHANNEL_TRANSIENT_FAILURE); + c->SetConnectivityStateLocked(GRPC_CHANNEL_TRANSIENT_FAILURE, + grpc_error_to_absl_status(error)); GRPC_SUBCHANNEL_WEAK_UNREF(c, "connecting"); } } @@ -1091,7 +1113,7 @@ bool Subchannel::PublishTransportLocked() { connected_subchannel_->StartWatch( pollset_set_, MakeOrphanable(this)); // Report initial state. - SetConnectivityStateLocked(GRPC_CHANNEL_READY); + SetConnectivityStateLocked(GRPC_CHANNEL_READY, absl::Status()); return true; } diff --git a/src/core/ext/filters/client_channel/subchannel.h b/src/core/ext/filters/client_channel/subchannel.h index 9478fa7340c..e615c18c944 100644 --- a/src/core/ext/filters/client_channel/subchannel.h +++ b/src/core/ext/filters/client_channel/subchannel.h @@ -182,6 +182,7 @@ class Subchannel { public: struct ConnectivityStateChange { grpc_connectivity_state state; + absl::Status status; RefCountedPtr connected_subchannel; }; @@ -306,7 +307,8 @@ class Subchannel { void RemoveWatcherLocked(ConnectivityStateWatcherInterface* watcher); // Notifies all watchers in the list about a change to state. - void NotifyLocked(Subchannel* subchannel, grpc_connectivity_state state); + void NotifyLocked(Subchannel* subchannel, grpc_connectivity_state state, + const absl::Status& status); void Clear() { watchers_.clear(); } @@ -339,7 +341,8 @@ class Subchannel { ConnectivityStateWatcherInterface* watcher); // Notifies the watcher when the subchannel's state changes. - void NotifyLocked(grpc_connectivity_state state); + void NotifyLocked(grpc_connectivity_state state, + const absl::Status& status); grpc_connectivity_state CheckConnectivityStateLocked( Subchannel* subchannel, const char* health_check_service_name); @@ -357,7 +360,8 @@ class Subchannel { class AsyncWatcherNotifierLocked; // Sets the subchannel's connectivity state to \a state. - void SetConnectivityStateLocked(grpc_connectivity_state state); + void SetConnectivityStateLocked(grpc_connectivity_state state, + const absl::Status& status); // Methods for connection. void MaybeStartConnectingLocked(); @@ -400,6 +404,7 @@ class Subchannel { // Connectivity state tracking. grpc_connectivity_state state_ = GRPC_CHANNEL_IDLE; + absl::Status status_; // The list of watchers without a health check service name. ConnectivityStateWatcherList watcher_list_; // The map of watchers with health check service names. diff --git a/src/core/ext/filters/client_channel/xds/xds_client.cc b/src/core/ext/filters/client_channel/xds/xds_client.cc index 3010c6b23d0..88e335087e1 100644 --- a/src/core/ext/filters/client_channel/xds/xds_client.cc +++ b/src/core/ext/filters/client_channel/xds/xds_client.cc @@ -398,13 +398,15 @@ class XdsClient::ChannelState::StateWatcher parent_(std::move(parent)) {} private: - void OnConnectivityStateChange(grpc_connectivity_state new_state) override { + void OnConnectivityStateChange(grpc_connectivity_state new_state, + const absl::Status& status) override { if (!parent_->shutting_down_ && new_state == GRPC_CHANNEL_TRANSIENT_FAILURE) { // In TRANSIENT_FAILURE. Notify all watchers of error. gpr_log(GPR_INFO, - "[xds_client %p] xds channel in state TRANSIENT_FAILURE", - parent_->xds_client()); + "[xds_client %p] xds channel in state:TRANSIENT_FAILURE " + "status_message:(%s)", + parent_->xds_client(), status.ToString().c_str()); parent_->xds_client()->NotifyOnError(GRPC_ERROR_CREATE_FROM_STATIC_STRING( "xds channel in TRANSIENT_FAILURE")); } diff --git a/src/core/ext/filters/max_age/max_age_filter.cc b/src/core/ext/filters/max_age/max_age_filter.cc index 0cf6f542414..ef59d675770 100644 --- a/src/core/ext/filters/max_age/max_age_filter.cc +++ b/src/core/ext/filters/max_age/max_age_filter.cc @@ -229,7 +229,8 @@ class ConnectivityWatcher : public AsyncConnectivityStateWatcherInterface { } private: - void OnConnectivityStateChange(grpc_connectivity_state new_state) override { + void OnConnectivityStateChange(grpc_connectivity_state new_state, + const absl::Status& /* status */) override { if (new_state != GRPC_CHANNEL_SHUTDOWN) return; { MutexLock lock(&chand_->max_age_timer_mu); diff --git a/src/core/ext/transport/chttp2/transport/chttp2_transport.cc b/src/core/ext/transport/chttp2/transport/chttp2_transport.cc index 87d0aacd159..bc45e4d69f6 100644 --- a/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +++ b/src/core/ext/transport/chttp2/transport/chttp2_transport.cc @@ -20,6 +20,8 @@ #include "src/core/ext/transport/chttp2/transport/chttp2_transport.h" +#include "absl/strings/str_format.h" + #include #include #include @@ -31,7 +33,6 @@ #include #include -#include "absl/strings/str_format.h" #include "src/core/ext/transport/chttp2/transport/context_list.h" #include "src/core/ext/transport/chttp2/transport/frame_data.h" #include "src/core/ext/transport/chttp2/transport/internal.h" @@ -127,6 +128,7 @@ static void maybe_start_some_streams(grpc_chttp2_transport* t); static void connectivity_state_set(grpc_chttp2_transport* t, grpc_connectivity_state state, + const absl::Status& status, const char* reason); static void benign_reclaimer(void* t, grpc_error* error); @@ -562,7 +564,8 @@ static void close_transport_locked(grpc_chttp2_transport* t, } GPR_ASSERT(error != GRPC_ERROR_NONE); t->closed_with_error = GRPC_ERROR_REF(error); - connectivity_state_set(t, GRPC_CHANNEL_SHUTDOWN, "close_transport"); + connectivity_state_set(t, GRPC_CHANNEL_SHUTDOWN, absl::Status(), + "close_transport"); if (t->ping_state.is_delayed_ping_timer_set) { grpc_timer_cancel(&t->ping_state.delayed_ping_timer); } @@ -1105,9 +1108,11 @@ void grpc_chttp2_add_incoming_goaway(grpc_chttp2_transport* t, : static_cast(current_keepalive_time_ms * KEEPALIVE_TIME_BACKOFF_MULTIPLIER); } + absl::Status status = grpc_error_to_absl_status(t->goaway_error); /* lie: use transient failure from the transport to indicate goaway has been * received */ - connectivity_state_set(t, GRPC_CHANNEL_TRANSIENT_FAILURE, "got_goaway"); + connectivity_state_set(t, GRPC_CHANNEL_TRANSIENT_FAILURE, status, + "got_goaway"); } static void maybe_start_some_streams(grpc_chttp2_transport* t) { @@ -1142,6 +1147,8 @@ static void maybe_start_some_streams(grpc_chttp2_transport* t) { if (t->next_stream_id >= MAX_CLIENT_STREAM_ID) { connectivity_state_set(t, GRPC_CHANNEL_TRANSIENT_FAILURE, + absl::Status(absl::StatusCode::kUnavailable, + "Transport Stream IDs exhausted"), "no_more_stream_ids"); } @@ -2919,10 +2926,11 @@ static void keepalive_watchdog_fired_locked(void* arg, grpc_error* error) { static void connectivity_state_set(grpc_chttp2_transport* t, grpc_connectivity_state state, + const absl::Status& status, const char* reason) { GRPC_CHTTP2_IF_TRACING( gpr_log(GPR_INFO, "transport %p set connectivity_state=%d", t, state)); - t->state_tracker.SetState(state, reason); + t->state_tracker.SetState(state, status, reason); } /******************************************************************************* diff --git a/src/core/ext/transport/inproc/inproc_transport.cc b/src/core/ext/transport/inproc/inproc_transport.cc index 49b9bf093ba..d40bffd6d09 100644 --- a/src/core/ext/transport/inproc/inproc_transport.cc +++ b/src/core/ext/transport/inproc/inproc_transport.cc @@ -1132,7 +1132,8 @@ void perform_stream_op(grpc_transport* gt, grpc_stream* gs, void close_transport_locked(inproc_transport* t) { INPROC_LOG(GPR_INFO, "close_transport %p %d", t, t->is_closed); - t->state_tracker.SetState(GRPC_CHANNEL_SHUTDOWN, "close transport"); + t->state_tracker.SetState(GRPC_CHANNEL_SHUTDOWN, absl::Status(), + "close transport"); if (!t->is_closed) { t->is_closed = true; /* Also end all streams on this transport */ diff --git a/src/core/lib/surface/server.cc b/src/core/lib/surface/server.cc index cab0cd56c40..9b7c2262137 100644 --- a/src/core/lib/surface/server.cc +++ b/src/core/lib/surface/server.cc @@ -1271,7 +1271,8 @@ class ConnectivityWatcher : public AsyncConnectivityStateWatcherInterface { } private: - void OnConnectivityStateChange(grpc_connectivity_state new_state) override { + void OnConnectivityStateChange(grpc_connectivity_state new_state, + const absl::Status& /* status */) override { // Don't do anything until we are being shut down. if (new_state != GRPC_CHANNEL_SHUTDOWN) return; // Shut down channel. diff --git a/src/core/lib/transport/connectivity_state.cc b/src/core/lib/transport/connectivity_state.cc index 2d34f52e635..c2008ab82b7 100644 --- a/src/core/lib/transport/connectivity_state.cc +++ b/src/core/lib/transport/connectivity_state.cc @@ -58,9 +58,9 @@ const char* ConnectivityStateName(grpc_connectivity_state state) { class AsyncConnectivityStateWatcherInterface::Notifier { public: Notifier(RefCountedPtr watcher, - grpc_connectivity_state state, + grpc_connectivity_state state, const absl::Status& status, const std::shared_ptr& work_serializer) - : watcher_(std::move(watcher)), state_(state) { + : watcher_(std::move(watcher)), state_(state), status_(status) { if (work_serializer != nullptr) { work_serializer->Run( [this]() { SendNotification(this, GRPC_ERROR_NONE); }, @@ -76,21 +76,24 @@ class AsyncConnectivityStateWatcherInterface::Notifier { static void SendNotification(void* arg, grpc_error* /*ignored*/) { Notifier* self = static_cast(arg); if (GRPC_TRACE_FLAG_ENABLED(grpc_connectivity_state_trace)) { - gpr_log(GPR_INFO, "watcher %p: delivering async notification for %s", - self->watcher_.get(), ConnectivityStateName(self->state_)); + gpr_log(GPR_INFO, "watcher %p: delivering async notification for %s (%s)", + self->watcher_.get(), ConnectivityStateName(self->state_), + self->status_.ToString().c_str()); } - self->watcher_->OnConnectivityStateChange(self->state_); + self->watcher_->OnConnectivityStateChange(self->state_, self->status_); delete self; } RefCountedPtr watcher_; const grpc_connectivity_state state_; + const absl::Status status_; grpc_closure closure_; }; void AsyncConnectivityStateWatcherInterface::Notify( - grpc_connectivity_state state) { - new Notifier(Ref(), state, work_serializer_); // Deletes itself when done. + grpc_connectivity_state state, const absl::Status& status) { + new Notifier(Ref(), state, status, + work_serializer_); // Deletes itself when done. } // @@ -107,7 +110,7 @@ ConnectivityStateTracker::~ConnectivityStateTracker() { name_, this, p.first, ConnectivityStateName(current_state), ConnectivityStateName(GRPC_CHANNEL_SHUTDOWN)); } - p.second->Notify(GRPC_CHANNEL_SHUTDOWN); + p.second->Notify(GRPC_CHANNEL_SHUTDOWN, absl::Status()); } } @@ -126,7 +129,7 @@ void ConnectivityStateTracker::AddWatcher( name_, this, watcher.get(), ConnectivityStateName(initial_state), ConnectivityStateName(current_state)); } - watcher->Notify(current_state); + watcher->Notify(current_state, status_); } // If we're in state SHUTDOWN, don't add the watcher, so that it will // be orphaned immediately. @@ -145,15 +148,17 @@ void ConnectivityStateTracker::RemoveWatcher( } void ConnectivityStateTracker::SetState(grpc_connectivity_state state, + const absl::Status& status, const char* reason) { grpc_connectivity_state current_state = state_.Load(MemoryOrder::RELAXED); if (state == current_state) return; if (GRPC_TRACE_FLAG_ENABLED(grpc_connectivity_state_trace)) { - gpr_log(GPR_INFO, "ConnectivityStateTracker %s[%p]: %s -> %s (%s)", name_, - this, ConnectivityStateName(current_state), - ConnectivityStateName(state), reason); + gpr_log(GPR_INFO, "ConnectivityStateTracker %s[%p]: %s -> %s (%s, %s)", + name_, this, ConnectivityStateName(current_state), + ConnectivityStateName(state), reason, status.ToString().c_str()); } state_.Store(state, MemoryOrder::RELAXED); + status_ = status; for (const auto& p : watchers_) { if (GRPC_TRACE_FLAG_ENABLED(grpc_connectivity_state_trace)) { gpr_log(GPR_INFO, @@ -161,7 +166,7 @@ void ConnectivityStateTracker::SetState(grpc_connectivity_state state, name_, this, p.first, ConnectivityStateName(current_state), ConnectivityStateName(state)); } - p.second->Notify(state); + p.second->Notify(state, status); } // If the new state is SHUTDOWN, orphan all of the watchers. This // avoids the need for the callers to explicitly cancel them. diff --git a/src/core/lib/transport/connectivity_state.h b/src/core/lib/transport/connectivity_state.h index 5ab62bed40c..f8a945eb035 100644 --- a/src/core/lib/transport/connectivity_state.h +++ b/src/core/lib/transport/connectivity_state.h @@ -21,6 +21,8 @@ #include +#include "absl/status/status.h" + #include #include "src/core/lib/debug/trace.h" @@ -49,7 +51,8 @@ class ConnectivityStateWatcherInterface virtual ~ConnectivityStateWatcherInterface() = default; // Notifies the watcher that the state has changed to new_state. - virtual void Notify(grpc_connectivity_state new_state) = 0; + virtual void Notify(grpc_connectivity_state new_state, + const absl::Status& status) = 0; void Orphan() override { Unref(); } }; @@ -64,7 +67,8 @@ class AsyncConnectivityStateWatcherInterface // Schedules a closure on the ExecCtx to invoke // OnConnectivityStateChange() asynchronously. - void Notify(grpc_connectivity_state new_state) override final; + void Notify(grpc_connectivity_state new_state, + const absl::Status& status) override final; protected: class Notifier; @@ -76,7 +80,8 @@ class AsyncConnectivityStateWatcherInterface : work_serializer_(std::move(work_serializer)) {} // Invoked asynchronously when Notify() is called. - virtual void OnConnectivityStateChange(grpc_connectivity_state new_state) = 0; + virtual void OnConnectivityStateChange(grpc_connectivity_state new_state, + const absl::Status& status) = 0; private: std::shared_ptr work_serializer_; @@ -91,8 +96,9 @@ class AsyncConnectivityStateWatcherInterface class ConnectivityStateTracker { public: ConnectivityStateTracker(const char* name, - grpc_connectivity_state state = GRPC_CHANNEL_IDLE) - : name_(name), state_(state) {} + grpc_connectivity_state state = GRPC_CHANNEL_IDLE, + const absl::Status& status = absl::Status()) + : name_(name), state_(state), status_(status) {} ~ConnectivityStateTracker(); @@ -110,15 +116,21 @@ class ConnectivityStateTracker { // Sets connectivity state. // Not thread safe; access must be serialized with an external lock. - void SetState(grpc_connectivity_state state, const char* reason); + void SetState(grpc_connectivity_state state, const absl::Status& status, + const char* reason); // Gets the current state. // Thread safe; no need to use an external lock. grpc_connectivity_state state() const; + // Get the current status. + // Not thread safe; access must be serialized with an external lock. + absl::Status status() const { return status_; } + private: const char* name_; Atomic state_; + absl::Status status_; // TODO(roth): Once we can use C++-14 heterogeneous lookups, this can // be a set instead of a map. std::map(status), + absl::string_view(reinterpret_cast( + GRPC_SLICE_START_PTR(message)), + GRPC_SLICE_LENGTH(message))); +} + bool grpc_error_has_clear_grpc_status(grpc_error* error) { intptr_t unused; if (grpc_error_get_int(error, GRPC_ERROR_INT_GRPC_STATUS, &unused)) { diff --git a/src/core/lib/transport/error_utils.h b/src/core/lib/transport/error_utils.h index 9a46267f38a..e9b1a8f1d2f 100644 --- a/src/core/lib/transport/error_utils.h +++ b/src/core/lib/transport/error_utils.h @@ -21,6 +21,8 @@ #include +#include "absl/status/status.h" + #include "src/core/lib/iomgr/error.h" #include "src/core/lib/iomgr/exec_ctx.h" #include "src/core/lib/transport/http2_errors.h" @@ -37,6 +39,10 @@ void grpc_error_get_status(grpc_error* error, grpc_millis deadline, grpc_http2_error_code* http_status, const char** error_string); +/// Utility Function to convert a grpc_error * \a error to an absl::Status. +/// Does NOT consume a ref to grpc_error. +absl::Status grpc_error_to_absl_status(grpc_error* error); + /// A utility function to check whether there is a clear status code that /// doesn't need to be guessed in \a error. This means that \a error or some /// child has GRPC_ERROR_INT_GRPC_STATUS set, or that it is GRPC_ERROR_NONE or diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py index 5b9dc43d30d..cb217c93534 100644 --- a/src/python/grpcio/grpc_core_dependencies.py +++ b/src/python/grpcio/grpc_core_dependencies.py @@ -476,6 +476,7 @@ CORE_SOURCE_FILES = [ 'src/core/tsi/transport_security_grpc.cc', 'third_party/abseil-cpp/absl/base/dynamic_annotations.cc', 'third_party/abseil-cpp/absl/base/internal/cycleclock.cc', + 'third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc', 'third_party/abseil-cpp/absl/base/internal/raw_logging.cc', 'third_party/abseil-cpp/absl/base/internal/spinlock.cc', 'third_party/abseil-cpp/absl/base/internal/spinlock_wait.cc', @@ -484,9 +485,18 @@ CORE_SOURCE_FILES = [ 'third_party/abseil-cpp/absl/base/internal/throw_delegate.cc', 'third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc', 'third_party/abseil-cpp/absl/base/log_severity.cc', + 'third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc', + 'third_party/abseil-cpp/absl/debugging/internal/demangle.cc', + 'third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc', + 'third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc', + 'third_party/abseil-cpp/absl/debugging/stacktrace.cc', + 'third_party/abseil-cpp/absl/debugging/symbolize.cc', 'third_party/abseil-cpp/absl/numeric/int128.cc', + 'third_party/abseil-cpp/absl/status/status.cc', + 'third_party/abseil-cpp/absl/status/status_payload_printer.cc', 'third_party/abseil-cpp/absl/strings/ascii.cc', 'third_party/abseil-cpp/absl/strings/charconv.cc', + 'third_party/abseil-cpp/absl/strings/cord.cc', 'third_party/abseil-cpp/absl/strings/escaping.cc', 'third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc', 'third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc', diff --git a/test/core/surface/lame_client_test.cc b/test/core/surface/lame_client_test.cc index 812b1455094..c63335445d7 100644 --- a/test/core/surface/lame_client_test.cc +++ b/test/core/surface/lame_client_test.cc @@ -30,7 +30,8 @@ class Watcher : public grpc_core::ConnectivityStateWatcherInterface { public: - void Notify(grpc_connectivity_state new_state) override { + void Notify(grpc_connectivity_state new_state, + const absl::Status& /* status */) override { GPR_ASSERT(new_state == GRPC_CHANNEL_SHUTDOWN); } }; diff --git a/test/core/transport/chttp2/too_many_pings_test.cc b/test/core/transport/chttp2/too_many_pings_test.cc index 708ddd1cfde..308b7216e12 100644 --- a/test/core/transport/chttp2/too_many_pings_test.cc +++ b/test/core/transport/chttp2/too_many_pings_test.cc @@ -65,7 +65,6 @@ grpc_status_code PerformCall(grpc_channel* channel, grpc_server* server, cq_verifier* cqv = cq_verifier_create(cq); grpc_op ops[6]; grpc_op* op; - grpc_metadata_array initial_metadata_recv; grpc_metadata_array trailing_metadata_recv; grpc_metadata_array request_metadata_recv; grpc_call_details call_details; @@ -78,7 +77,6 @@ grpc_status_code PerformCall(grpc_channel* channel, grpc_server* server, grpc_slice_from_static_string("/foo"), nullptr, deadline, nullptr); GPR_ASSERT(c); - grpc_metadata_array_init(&initial_metadata_recv); grpc_metadata_array_init(&trailing_metadata_recv); grpc_metadata_array_init(&request_metadata_recv); grpc_call_details_init(&call_details); @@ -111,7 +109,6 @@ grpc_status_code PerformCall(grpc_channel* channel, grpc_server* server, cq_verify(cqv); // cleanup grpc_slice_unref(details); - grpc_metadata_array_destroy(&initial_metadata_recv); grpc_metadata_array_destroy(&trailing_metadata_recv); grpc_metadata_array_destroy(&request_metadata_recv); grpc_call_details_destroy(&call_details); diff --git a/test/core/transport/connectivity_state_test.cc b/test/core/transport/connectivity_state_test.cc index 23bd100e686..e0bd8d02198 100644 --- a/test/core/transport/connectivity_state_test.cc +++ b/test/core/transport/connectivity_state_test.cc @@ -42,116 +42,164 @@ TEST(ConnectivityStateName, Basic) { class Watcher : public ConnectivityStateWatcherInterface { public: - Watcher(int* count, grpc_connectivity_state* output, + Watcher(int* count, grpc_connectivity_state* output, absl::Status* status, bool* destroyed = nullptr) - : count_(count), output_(output), destroyed_(destroyed) {} + : count_(count), + output_(output), + status_(status), + destroyed_(destroyed) {} ~Watcher() { if (destroyed_ != nullptr) *destroyed_ = true; } - void Notify(grpc_connectivity_state new_state) override { + void Notify(grpc_connectivity_state new_state, + const absl::Status& status) override { ++*count_; *output_ = new_state; + *status_ = status; } private: int* count_; grpc_connectivity_state* output_; + absl::Status* status_; bool* destroyed_; }; TEST(StateTracker, SetAndGetState) { - ConnectivityStateTracker tracker("xxx", GRPC_CHANNEL_CONNECTING); + ConnectivityStateTracker tracker("xxx", GRPC_CHANNEL_CONNECTING, + absl::Status()); EXPECT_EQ(tracker.state(), GRPC_CHANNEL_CONNECTING); - tracker.SetState(GRPC_CHANNEL_READY, "whee"); + EXPECT_TRUE(tracker.status().ok()); + tracker.SetState(GRPC_CHANNEL_READY, absl::Status(), "whee"); EXPECT_EQ(tracker.state(), GRPC_CHANNEL_READY); + EXPECT_TRUE(tracker.status().ok()); + absl::Status transient_failure_status(absl::StatusCode::kUnavailable, + "status for testing"); + tracker.SetState(GRPC_CHANNEL_TRANSIENT_FAILURE, transient_failure_status, + "reason"); + EXPECT_EQ(tracker.state(), GRPC_CHANNEL_TRANSIENT_FAILURE); + EXPECT_EQ(tracker.status(), transient_failure_status); } TEST(StateTracker, NotificationUponAddingWatcher) { int count = 0; grpc_connectivity_state state = GRPC_CHANNEL_IDLE; + absl::Status status; ConnectivityStateTracker tracker("xxx", GRPC_CHANNEL_CONNECTING); tracker.AddWatcher(GRPC_CHANNEL_IDLE, - MakeOrphanable(&count, &state)); + MakeOrphanable(&count, &state, &status)); EXPECT_EQ(count, 1); EXPECT_EQ(state, GRPC_CHANNEL_CONNECTING); + EXPECT_TRUE(status.ok()); +} + +TEST(StateTracker, NotificationUponAddingWatcherWithTransientFailure) { + int count = 0; + grpc_connectivity_state state = GRPC_CHANNEL_IDLE; + absl::Status status; + absl::Status transient_failure_status(absl::StatusCode::kUnavailable, + "status for testing"); + ConnectivityStateTracker tracker("xxx", GRPC_CHANNEL_TRANSIENT_FAILURE, + transient_failure_status); + tracker.AddWatcher(GRPC_CHANNEL_IDLE, + MakeOrphanable(&count, &state, &status)); + EXPECT_EQ(count, 1); + EXPECT_EQ(state, GRPC_CHANNEL_TRANSIENT_FAILURE); + EXPECT_EQ(status, transient_failure_status); } TEST(StateTracker, NotificationUponStateChange) { int count = 0; grpc_connectivity_state state = GRPC_CHANNEL_IDLE; + absl::Status status; ConnectivityStateTracker tracker("xxx", GRPC_CHANNEL_IDLE); tracker.AddWatcher(GRPC_CHANNEL_IDLE, - MakeOrphanable(&count, &state)); + MakeOrphanable(&count, &state, &status)); EXPECT_EQ(count, 0); EXPECT_EQ(state, GRPC_CHANNEL_IDLE); - tracker.SetState(GRPC_CHANNEL_CONNECTING, "whee"); + EXPECT_TRUE(status.ok()); + absl::Status transient_failure_status(absl::StatusCode::kUnavailable, + "status for testing"); + tracker.SetState(GRPC_CHANNEL_TRANSIENT_FAILURE, transient_failure_status, + "whee"); EXPECT_EQ(count, 1); - EXPECT_EQ(state, GRPC_CHANNEL_CONNECTING); + EXPECT_EQ(state, GRPC_CHANNEL_TRANSIENT_FAILURE); + EXPECT_EQ(status, transient_failure_status); } TEST(StateTracker, SubscribeThenUnsubscribe) { int count = 0; grpc_connectivity_state state = GRPC_CHANNEL_IDLE; + absl::Status status; bool destroyed = false; ConnectivityStateTracker tracker("xxx", GRPC_CHANNEL_IDLE); ConnectivityStateWatcherInterface* watcher = - new Watcher(&count, &state, &destroyed); + new Watcher(&count, &state, &status, &destroyed); tracker.AddWatcher(GRPC_CHANNEL_IDLE, OrphanablePtr(watcher)); // No initial notification, since we started the watch from the // current state. EXPECT_EQ(count, 0); EXPECT_EQ(state, GRPC_CHANNEL_IDLE); + EXPECT_TRUE(status.ok()); // Cancel watch. This should not generate another notification. tracker.RemoveWatcher(watcher); EXPECT_TRUE(destroyed); EXPECT_EQ(count, 0); EXPECT_EQ(state, GRPC_CHANNEL_IDLE); + EXPECT_TRUE(status.ok()); } TEST(StateTracker, OrphanUponShutdown) { int count = 0; grpc_connectivity_state state = GRPC_CHANNEL_IDLE; + absl::Status status; bool destroyed = false; ConnectivityStateTracker tracker("xxx", GRPC_CHANNEL_IDLE); ConnectivityStateWatcherInterface* watcher = - new Watcher(&count, &state, &destroyed); + new Watcher(&count, &state, &status, &destroyed); tracker.AddWatcher(GRPC_CHANNEL_IDLE, OrphanablePtr(watcher)); // No initial notification, since we started the watch from the // current state. EXPECT_EQ(count, 0); EXPECT_EQ(state, GRPC_CHANNEL_IDLE); + EXPECT_TRUE(status.ok()); // Set state to SHUTDOWN. - tracker.SetState(GRPC_CHANNEL_SHUTDOWN, "shutting down"); + tracker.SetState(GRPC_CHANNEL_SHUTDOWN, absl::Status(), "shutting down"); EXPECT_TRUE(destroyed); EXPECT_EQ(count, 1); EXPECT_EQ(state, GRPC_CHANNEL_SHUTDOWN); + EXPECT_TRUE(status.ok()); } TEST(StateTracker, AddWhenAlreadyShutdown) { int count = 0; grpc_connectivity_state state = GRPC_CHANNEL_IDLE; + absl::Status status; bool destroyed = false; - ConnectivityStateTracker tracker("xxx", GRPC_CHANNEL_SHUTDOWN); + ConnectivityStateTracker tracker("xxx", GRPC_CHANNEL_SHUTDOWN, + absl::Status()); ConnectivityStateWatcherInterface* watcher = - new Watcher(&count, &state, &destroyed); + new Watcher(&count, &state, &status, &destroyed); tracker.AddWatcher(GRPC_CHANNEL_IDLE, OrphanablePtr(watcher)); EXPECT_TRUE(destroyed); EXPECT_EQ(count, 1); EXPECT_EQ(state, GRPC_CHANNEL_SHUTDOWN); + EXPECT_TRUE(status.ok()); } TEST(StateTracker, NotifyShutdownAtDestruction) { int count = 0; grpc_connectivity_state state = GRPC_CHANNEL_IDLE; + absl::Status status; { ConnectivityStateTracker tracker("xxx", GRPC_CHANNEL_IDLE); tracker.AddWatcher(GRPC_CHANNEL_IDLE, - MakeOrphanable(&count, &state)); + MakeOrphanable(&count, &state, &status)); // No initial notification, since we started the watch from the // current state. EXPECT_EQ(count, 0); @@ -165,10 +213,11 @@ TEST(StateTracker, NotifyShutdownAtDestruction) { TEST(StateTracker, DoNotNotifyShutdownAtDestructionIfAlreadyInShutdown) { int count = 0; grpc_connectivity_state state = GRPC_CHANNEL_SHUTDOWN; + absl::Status status; { ConnectivityStateTracker tracker("xxx", GRPC_CHANNEL_SHUTDOWN); tracker.AddWatcher(GRPC_CHANNEL_SHUTDOWN, - MakeOrphanable(&count, &state)); + MakeOrphanable(&count, &state, &status)); // No initial notification, since we started the watch from the // current state. EXPECT_EQ(count, 0); diff --git a/test/core/util/test_lb_policies.cc b/test/core/util/test_lb_policies.cc index 56978b97949..5aa5dabafa0 100644 --- a/test/core/util/test_lb_policies.cc +++ b/test/core/util/test_lb_policies.cc @@ -142,10 +142,10 @@ class TestPickArgsLb : public ForwardingLoadBalancingPolicy { return parent_->channel_control_helper()->CreateSubchannel(args); } - void UpdateState(grpc_connectivity_state state, + void UpdateState(grpc_connectivity_state state, const absl::Status& status, std::unique_ptr picker) override { parent_->channel_control_helper()->UpdateState( - state, absl::make_unique(std::move(picker), cb_)); + state, status, absl::make_unique(std::move(picker), cb_)); } void RequestReresolution() override { @@ -252,10 +252,10 @@ class InterceptRecvTrailingMetadataLoadBalancingPolicy return parent_->channel_control_helper()->CreateSubchannel(args); } - void UpdateState(grpc_connectivity_state state, + void UpdateState(grpc_connectivity_state state, const absl::Status& status, std::unique_ptr picker) override { parent_->channel_control_helper()->UpdateState( - state, absl::make_unique(std::move(picker), cb_)); + state, status, absl::make_unique(std::move(picker), cb_)); } void RequestReresolution() override {