Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #9194 from dgquintas/lb_secure_naming_3

Browse Source 
Secure naming support for gRPCLB.
pull/9636/head
David G. Quintas 8 years ago committed by GitHub
parent d92d8270e8 012915045f
commit 5ef95a96ab
40 changed files with 1098 additions and 210 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 62
      BUILD
  2. 4
      CMakeLists.txt
  3. 6
      Makefile
  4. 2
      binding.gyp
  5. 22
      build.yaml
  6. 2
      config.m4
  7. 6
      gRPC-Core.podspec
  8. 4
      grpc.gemspec
  9. 4
      package.xml
  10. 16
      src/core/ext/client_channel/subchannel.c
  11. 3
      src/core/ext/client_channel/subchannel.h
  12. 171
      src/core/ext/lb_policy/grpclb/grpclb.c
  13. 77
      src/core/ext/lb_policy/grpclb/grpclb_channel.c
  14. 56
      src/core/ext/lb_policy/grpclb/grpclb_channel.h
  15. 107
      src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c
  16. 7
      src/core/ext/lb_policy/round_robin/round_robin.c
  17. 171
      src/core/ext/transport/chttp2/client/secure/secure_channel_create.c
  18. 38
      src/core/lib/iomgr/sockaddr_utils.c
  19. 4
      src/core/lib/iomgr/sockaddr_utils.h
  20. 47
      src/core/lib/security/credentials/credentials.c
  21. 13
      src/core/lib/security/credentials/credentials.h
  22. 8
      src/core/lib/security/credentials/fake/fake_credentials.c
  23. 15
      src/core/lib/security/credentials/fake/fake_credentials.h
  24. 2
      src/core/lib/security/transport/client_auth_filter.c
  25. 70
      src/core/lib/security/transport/lb_targets_info.c
  26. 47
      src/core/lib/security/transport/lb_targets_info.h
  27. 141
      src/core/lib/security/transport/security_connector.c
  28. 7
      src/core/lib/security/transport/security_connector.h
  29. 4
      src/core/lib/security/transport/security_handshaker.c
  30. 2
      src/core/lib/surface/init_secure.c
  31. 2
      src/python/grpcio/grpc_core_dependencies.py
  32. 29
      test/core/end2end/fake_resolver.c
  33. 2
      test/core/surface/secure_channel_create_test.c
  34. 89
      test/cpp/grpclb/grpclb_test.cc
  35. 4
      tools/doxygen/Doxyfile.core.internal
  36. 37
      tools/run_tests/generated/sources_and_headers.json
  37. 6
      vsprojects/vcxproj/grpc/grpc.vcxproj
  38. 12
      vsprojects/vcxproj/grpc/grpc.vcxproj.filters
  39. 3
      vsprojects/vcxproj/grpc_unsecure/grpc_unsecure.vcxproj
  40. 6
      vsprojects/vcxproj/grpc_unsecure/grpc_unsecure.vcxproj.filters

62
BUILD
Unescape View File

@ -63,7 +63,7 @@ grpc_cc_library(
deps = [
"census",
"grpc_base",
"grpc_lb_policy_grpclb",
"grpc_lb_policy_grpclb_secure",
"grpc_lb_policy_pick_first",
"grpc_lb_policy_round_robin",
"grpc_load_reporting",
@ -624,9 +624,9 @@ grpc_cc_library(
"src/core/lib/surface/completion_queue.h",
"src/core/lib/surface/event_string.h",
"src/core/lib/surface/init.h",
"src/core/lib/surface/validate_metadata.h",
"src/core/lib/surface/lame_client.h",
"src/core/lib/surface/server.h",
"src/core/lib/surface/validate_metadata.h",
"src/core/lib/transport/byte_stream.h",
"src/core/lib/transport/connectivity_state.h",
"src/core/lib/transport/error_utils.h",
@ -665,7 +665,6 @@ grpc_cc_library(
grpc_cc_library(
name = "grpc_client_channel",
language = "c",
srcs = [
"src/core/ext/client_channel/channel_connectivity.c",
"src/core/ext/client_channel/client_channel.c",
@ -709,6 +708,7 @@ grpc_cc_library(
"src/core/ext/client_channel/subchannel_index.h",
"src/core/ext/client_channel/uri_parser.h",
],
language = "c",
deps = [
"grpc_base",
],
@ -735,11 +735,37 @@ grpc_cc_library(
name = "grpc_lb_policy_grpclb",
srcs = [
"src/core/ext/lb_policy/grpclb/grpclb.c",
"src/core/ext/lb_policy/grpclb/grpclb_channel.c",
"src/core/ext/lb_policy/grpclb/load_balancer_api.c",
"src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c",
],
hdrs = [
"src/core/ext/lb_policy/grpclb/grpclb.h",
"src/core/ext/lb_policy/grpclb/grpclb_channel.h",
"src/core/ext/lb_policy/grpclb/load_balancer_api.h",
"src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h",
],
external_deps = [
"nanopb",
],
language = "c",
deps = [
"grpc_base",
"grpc_client_channel",
],
)
grpc_cc_library(
name = "grpc_lb_policy_grpclb_secure",
srcs = [
"src/core/ext/lb_policy/grpclb/grpclb.c",
"src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c",
"src/core/ext/lb_policy/grpclb/load_balancer_api.c",
"src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c",
],
hdrs = [
"src/core/ext/lb_policy/grpclb/grpclb.h",
"src/core/ext/lb_policy/grpclb/grpclb_channel.h",
"src/core/ext/lb_policy/grpclb/load_balancer_api.h",
"src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h",
],
@ -750,6 +776,7 @@ grpc_cc_library(
deps = [
"grpc_base",
"grpc_client_channel",
"grpc_secure",
],
)
@ -837,6 +864,7 @@ grpc_cc_library(
"src/core/lib/security/credentials/ssl/ssl_credentials.c",
"src/core/lib/security/transport/client_auth_filter.c",
"src/core/lib/security/transport/secure_endpoint.c",
"src/core/lib/security/transport/lb_targets_info.c",
"src/core/lib/security/transport/security_connector.c",
"src/core/lib/security/transport/security_handshaker.c",
"src/core/lib/security/transport/server_auth_filter.c",
@ -860,6 +888,7 @@ grpc_cc_library(
"src/core/lib/security/credentials/ssl/ssl_credentials.h",
"src/core/lib/security/transport/auth_filters.h",
"src/core/lib/security/transport/secure_endpoint.h",
"src/core/lib/security/transport/lb_targets_info.h",
"src/core/lib/security/transport/security_connector.h",
"src/core/lib/security/transport/security_handshaker.h",
"src/core/lib/security/transport/tsi_error.h",
@ -943,22 +972,21 @@ grpc_cc_library(
)
grpc_cc_library(
name = "grpc_transport_chttp2_client_connector",
hdrs = [
"src/core/ext/transport/chttp2/client/chttp2_connector.h",
],
srcs = [
"src/core/ext/transport/chttp2/client/chttp2_connector.c",
],
language = "c",
deps = [
"grpc_transport_chttp2",
"grpc_base",
"grpc_client_channel",
],
name = "grpc_transport_chttp2_client_connector",
srcs = [
"src/core/ext/transport/chttp2/client/chttp2_connector.c",
],
hdrs = [
"src/core/ext/transport/chttp2/client/chttp2_connector.h",
],
language = "c",
deps = [
"grpc_base",
"grpc_client_channel",
"grpc_transport_chttp2",
],
)
grpc_cc_library(
name = "grpc_transport_chttp2_client_insecure",
srcs = [

4
CMakeLists.txt
Unescape View File

@ -956,6 +956,7 @@ add_library(grpc
src/core/lib/security/credentials/plugin/plugin_credentials.c
src/core/lib/security/credentials/ssl/ssl_credentials.c
src/core/lib/security/transport/client_auth_filter.c
src/core/lib/security/transport/lb_targets_info.c
src/core/lib/security/transport/secure_endpoint.c
src/core/lib/security/transport/security_connector.c
src/core/lib/security/transport/security_handshaker.c
@ -996,6 +997,7 @@ add_library(grpc
src/core/ext/transport/chttp2/client/insecure/channel_create.c
src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c
src/core/ext/lb_policy/grpclb/grpclb.c
src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c
src/core/ext/lb_policy/grpclb/load_balancer_api.c
src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c
third_party/nanopb/pb_common.c
@ -1275,6 +1277,7 @@ add_library(grpc_cronet
src/core/lib/security/credentials/plugin/plugin_credentials.c
src/core/lib/security/credentials/ssl/ssl_credentials.c
src/core/lib/security/transport/client_auth_filter.c
src/core/lib/security/transport/lb_targets_info.c
src/core/lib/security/transport/secure_endpoint.c
src/core/lib/security/transport/security_connector.c
src/core/lib/security/transport/security_handshaker.c
@ -1776,6 +1779,7 @@ add_library(grpc_unsecure
src/core/ext/load_reporting/load_reporting.c
src/core/ext/load_reporting/load_reporting_filter.c
src/core/ext/lb_policy/grpclb/grpclb.c
src/core/ext/lb_policy/grpclb/grpclb_channel.c
src/core/ext/lb_policy/grpclb/load_balancer_api.c
src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c
third_party/nanopb/pb_common.c

6
Makefile
Unescape View File

@ -2806,6 +2806,7 @@ LIBGRPC_SRC = \
src/core/lib/security/credentials/plugin/plugin_credentials.c \
src/core/lib/security/credentials/ssl/ssl_credentials.c \
src/core/lib/security/transport/client_auth_filter.c \
src/core/lib/security/transport/lb_targets_info.c \
src/core/lib/security/transport/secure_endpoint.c \
src/core/lib/security/transport/security_connector.c \
src/core/lib/security/transport/security_handshaker.c \
@ -2846,6 +2847,7 @@ LIBGRPC_SRC = \
src/core/ext/transport/chttp2/client/insecure/channel_create.c \
src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c \
src/core/ext/lb_policy/grpclb/grpclb.c \
src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c \
src/core/ext/lb_policy/grpclb/load_balancer_api.c \
src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c \
third_party/nanopb/pb_common.c \
@ -3139,6 +3141,7 @@ LIBGRPC_CRONET_SRC = \
src/core/lib/security/credentials/plugin/plugin_credentials.c \
src/core/lib/security/credentials/ssl/ssl_credentials.c \
src/core/lib/security/transport/client_auth_filter.c \
src/core/lib/security/transport/lb_targets_info.c \
src/core/lib/security/transport/secure_endpoint.c \
src/core/lib/security/transport/security_connector.c \
src/core/lib/security/transport/security_handshaker.c \
@ -3656,6 +3659,7 @@ LIBGRPC_UNSECURE_SRC = \
src/core/ext/load_reporting/load_reporting.c \
src/core/ext/load_reporting/load_reporting_filter.c \
src/core/ext/lb_policy/grpclb/grpclb.c \
src/core/ext/lb_policy/grpclb/grpclb_channel.c \
src/core/ext/lb_policy/grpclb/load_balancer_api.c \
src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c \
third_party/nanopb/pb_common.c \
@ -17749,6 +17753,7 @@ ifneq ($(OPENSSL_DEP),)
# This is to ensure the embedded OpenSSL is built beforehand, properly
# installing headers to their final destination on the drive. We need this
# otherwise parallel compilation will fail if a source is compiled first.
src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c: $(OPENSSL_DEP)
src/core/ext/transport/chttp2/client/secure/secure_channel_create.c: $(OPENSSL_DEP)
src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.c: $(OPENSSL_DEP)
src/core/ext/transport/cronet/client/secure/cronet_channel_create.c: $(OPENSSL_DEP)
@ -17770,6 +17775,7 @@ src/core/lib/security/credentials/oauth2/oauth2_credentials.c: $(OPENSSL_DEP)
src/core/lib/security/credentials/plugin/plugin_credentials.c: $(OPENSSL_DEP)
src/core/lib/security/credentials/ssl/ssl_credentials.c: $(OPENSSL_DEP)
src/core/lib/security/transport/client_auth_filter.c: $(OPENSSL_DEP)
src/core/lib/security/transport/lb_targets_info.c: $(OPENSSL_DEP)
src/core/lib/security/transport/secure_endpoint.c: $(OPENSSL_DEP)
src/core/lib/security/transport/security_connector.c: $(OPENSSL_DEP)
src/core/lib/security/transport/security_handshaker.c: $(OPENSSL_DEP)

2
binding.gyp
Unescape View File

@ -758,6 +758,7 @@
'src/core/lib/security/credentials/plugin/plugin_credentials.c',
'src/core/lib/security/credentials/ssl/ssl_credentials.c',
'src/core/lib/security/transport/client_auth_filter.c',
'src/core/lib/security/transport/lb_targets_info.c',
'src/core/lib/security/transport/secure_endpoint.c',
'src/core/lib/security/transport/security_connector.c',
'src/core/lib/security/transport/security_handshaker.c',
@ -798,6 +799,7 @@
'src/core/ext/transport/chttp2/client/insecure/channel_create.c',
'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c',
'src/core/ext/lb_policy/grpclb/grpclb.c',
'src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c',
'src/core/ext/lb_policy/grpclb/load_balancer_api.c',
'src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c',
'third_party/nanopb/pb_common.c',

22
build.yaml
Unescape View File

@ -452,10 +452,28 @@ filegroups:
- name: grpc_lb_policy_grpclb
headers:
- src/core/ext/lb_policy/grpclb/grpclb.h
- src/core/ext/lb_policy/grpclb/grpclb_channel.h
- src/core/ext/lb_policy/grpclb/load_balancer_api.h
- src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h
src:
- src/core/ext/lb_policy/grpclb/grpclb.c
- src/core/ext/lb_policy/grpclb/grpclb_channel.c
- src/core/ext/lb_policy/grpclb/load_balancer_api.c
- src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c
plugin: grpc_lb_policy_grpclb
uses:
- grpc_base
- grpc_client_channel
- nanopb
- name: grpc_lb_policy_grpclb_secure
headers:
- src/core/ext/lb_policy/grpclb/grpclb.h
- src/core/ext/lb_policy/grpclb/grpclb_channel.h
- src/core/ext/lb_policy/grpclb/load_balancer_api.h
- src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h
src:
- src/core/ext/lb_policy/grpclb/grpclb.c
- src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c
- src/core/ext/lb_policy/grpclb/load_balancer_api.c
- src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c
plugin: grpc_lb_policy_grpclb
@ -518,6 +536,7 @@ filegroups:
- src/core/lib/security/credentials/plugin/plugin_credentials.h
- src/core/lib/security/credentials/ssl/ssl_credentials.h
- src/core/lib/security/transport/auth_filters.h
- src/core/lib/security/transport/lb_targets_info.h
- src/core/lib/security/transport/secure_endpoint.h
- src/core/lib/security/transport/security_connector.h
- src/core/lib/security/transport/security_handshaker.h
@ -541,6 +560,7 @@ filegroups:
- src/core/lib/security/credentials/plugin/plugin_credentials.c
- src/core/lib/security/credentials/ssl/ssl_credentials.c
- src/core/lib/security/transport/client_auth_filter.c
- src/core/lib/security/transport/lb_targets_info.c
- src/core/lib/security/transport/secure_endpoint.c
- src/core/lib/security/transport/security_connector.c
- src/core/lib/security/transport/security_handshaker.c
@ -909,7 +929,7 @@ libs:
- grpc_transport_chttp2_client_secure
- grpc_transport_chttp2_server_insecure
- grpc_transport_chttp2_client_insecure
- grpc_lb_policy_grpclb
- grpc_lb_policy_grpclb_secure
- grpc_lb_policy_pick_first
- grpc_lb_policy_round_robin
- grpc_resolver_dns_native

2
config.m4
Unescape View File

@ -237,6 +237,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/lib/security/credentials/plugin/plugin_credentials.c \
src/core/lib/security/credentials/ssl/ssl_credentials.c \
src/core/lib/security/transport/client_auth_filter.c \
src/core/lib/security/transport/lb_targets_info.c \
src/core/lib/security/transport/secure_endpoint.c \
src/core/lib/security/transport/security_connector.c \
src/core/lib/security/transport/security_handshaker.c \
@ -277,6 +278,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/transport/chttp2/client/insecure/channel_create.c \
src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c \
src/core/ext/lb_policy/grpclb/grpclb.c \
src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c \
src/core/ext/lb_policy/grpclb/load_balancer_api.c \
src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c \
third_party/nanopb/pb_common.c \

6
gRPC-Core.podspec
Unescape View File

@ -388,6 +388,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/plugin/plugin_credentials.h',
'src/core/lib/security/credentials/ssl/ssl_credentials.h',
'src/core/lib/security/transport/auth_filters.h',
'src/core/lib/security/transport/lb_targets_info.h',
'src/core/lib/security/transport/secure_endpoint.h',
'src/core/lib/security/transport/security_connector.h',
'src/core/lib/security/transport/security_handshaker.h',
@ -420,6 +421,7 @@ Pod::Spec.new do |s|
'src/core/ext/client_channel/uri_parser.h',
'src/core/ext/transport/chttp2/client/chttp2_connector.h',
'src/core/ext/lb_policy/grpclb/grpclb.h',
'src/core/ext/lb_policy/grpclb/grpclb_channel.h',
'src/core/ext/lb_policy/grpclb/load_balancer_api.h',
'src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h',
'third_party/nanopb/pb.h',
@ -596,6 +598,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/plugin/plugin_credentials.c',
'src/core/lib/security/credentials/ssl/ssl_credentials.c',
'src/core/lib/security/transport/client_auth_filter.c',
'src/core/lib/security/transport/lb_targets_info.c',
'src/core/lib/security/transport/secure_endpoint.c',
'src/core/lib/security/transport/security_connector.c',
'src/core/lib/security/transport/security_handshaker.c',
@ -636,6 +639,7 @@ Pod::Spec.new do |s|
'src/core/ext/transport/chttp2/client/insecure/channel_create.c',
'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c',
'src/core/ext/lb_policy/grpclb/grpclb.c',
'src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c',
'src/core/ext/lb_policy/grpclb/load_balancer_api.c',
'src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c',
'third_party/nanopb/pb_common.c',
@ -813,6 +817,7 @@ Pod::Spec.new do |s|
'src/core/lib/security/credentials/plugin/plugin_credentials.h',
'src/core/lib/security/credentials/ssl/ssl_credentials.h',
'src/core/lib/security/transport/auth_filters.h',
'src/core/lib/security/transport/lb_targets_info.h',
'src/core/lib/security/transport/secure_endpoint.h',
'src/core/lib/security/transport/security_connector.h',
'src/core/lib/security/transport/security_handshaker.h',
@ -845,6 +850,7 @@ Pod::Spec.new do |s|
'src/core/ext/client_channel/uri_parser.h',
'src/core/ext/transport/chttp2/client/chttp2_connector.h',
'src/core/ext/lb_policy/grpclb/grpclb.h',
'src/core/ext/lb_policy/grpclb/grpclb_channel.h',
'src/core/ext/lb_policy/grpclb/load_balancer_api.h',
'src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h',
'third_party/nanopb/pb.h',

4
grpc.gemspec
Unescape View File

@ -305,6 +305,7 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/security/credentials/plugin/plugin_credentials.h )
s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.h )
s.files += %w( src/core/lib/security/transport/auth_filters.h )
s.files += %w( src/core/lib/security/transport/lb_targets_info.h )
s.files += %w( src/core/lib/security/transport/secure_endpoint.h )
s.files += %w( src/core/lib/security/transport/security_connector.h )
s.files += %w( src/core/lib/security/transport/security_handshaker.h )
@ -337,6 +338,7 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/client_channel/uri_parser.h )
s.files += %w( src/core/ext/transport/chttp2/client/chttp2_connector.h )
s.files += %w( src/core/ext/lb_policy/grpclb/grpclb.h )
s.files += %w( src/core/ext/lb_policy/grpclb/grpclb_channel.h )
s.files += %w( src/core/ext/lb_policy/grpclb/load_balancer_api.h )
s.files += %w( src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h )
s.files += %w( third_party/nanopb/pb.h )
@ -513,6 +515,7 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/security/credentials/plugin/plugin_credentials.c )
s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.c )
s.files += %w( src/core/lib/security/transport/client_auth_filter.c )
s.files += %w( src/core/lib/security/transport/lb_targets_info.c )
s.files += %w( src/core/lib/security/transport/secure_endpoint.c )
s.files += %w( src/core/lib/security/transport/security_connector.c )
s.files += %w( src/core/lib/security/transport/security_handshaker.c )
@ -553,6 +556,7 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/transport/chttp2/client/insecure/channel_create.c )
s.files += %w( src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c )
s.files += %w( src/core/ext/lb_policy/grpclb/grpclb.c )
s.files += %w( src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c )
s.files += %w( src/core/ext/lb_policy/grpclb/load_balancer_api.c )
s.files += %w( src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c )
s.files += %w( third_party/nanopb/pb_common.c )

4
package.xml
Unescape View File

@ -314,6 +314,7 @@
<file baseinstalldir="/" name="src/core/lib/security/credentials/plugin/plugin_credentials.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/ssl/ssl_credentials.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/auth_filters.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/lb_targets_info.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/secure_endpoint.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/security_connector.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/security_handshaker.h" role="src" />
@ -346,6 +347,7 @@
<file baseinstalldir="/" name="src/core/ext/client_channel/uri_parser.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/chttp2_connector.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/lb_policy/grpclb/grpclb.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/lb_policy/grpclb/grpclb_channel.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/lb_policy/grpclb/load_balancer_api.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h" role="src" />
<file baseinstalldir="/" name="third_party/nanopb/pb.h" role="src" />
@ -522,6 +524,7 @@
<file baseinstalldir="/" name="src/core/lib/security/credentials/plugin/plugin_credentials.c" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/ssl/ssl_credentials.c" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/client_auth_filter.c" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/lb_targets_info.c" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/secure_endpoint.c" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/security_connector.c" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/transport/security_handshaker.c" role="src" />
@ -562,6 +565,7 @@
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/insecure/channel_create.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/lb_policy/grpclb/grpclb.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/lb_policy/grpclb/load_balancer_api.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c" role="src" />
<file baseinstalldir="/" name="third_party/nanopb/pb_common.c" role="src" />

16
src/core/ext/client_channel/subchannel.c
Unescape View File

@ -788,7 +788,8 @@ grpc_call_stack *grpc_subchannel_call_get_call_stack(
return SUBCHANNEL_CALL_TO_CALL_STACK(subchannel_call);
}
static void grpc_uri_to_sockaddr(char *uri_str, grpc_resolved_address *addr) {
static void grpc_uri_to_sockaddr(const char *uri_str,
grpc_resolved_address *addr) {
grpc_uri *uri = grpc_uri_parse(uri_str, 0 /* suppress_errors */);
GPR_ASSERT(uri != NULL);
if (strcmp(uri->scheme, "ipv4") == 0) {
@ -803,14 +804,19 @@ static void grpc_uri_to_sockaddr(char *uri_str, grpc_resolved_address *addr) {
void grpc_get_subchannel_address_arg(const grpc_channel_args *args,
grpc_resolved_address *addr) {
const char *addr_uri_str = grpc_get_subchannel_address_uri_arg(args);
memset(addr, 0, sizeof(*addr));
if (*addr_uri_str != '\0') {
grpc_uri_to_sockaddr(addr_uri_str, addr);
}
}
const char *grpc_get_subchannel_address_uri_arg(const grpc_channel_args *args) {
const grpc_arg *addr_arg =
grpc_channel_args_find(args, GRPC_ARG_SUBCHANNEL_ADDRESS);
GPR_ASSERT(addr_arg != NULL); // Should have been set by LB policy.
GPR_ASSERT(addr_arg->type == GRPC_ARG_STRING);
memset(addr, 0, sizeof(*addr));
if (*addr_arg->value.string != '\0') {
grpc_uri_to_sockaddr(addr_arg->value.string, addr);
}
return addr_arg->value.string;
}
grpc_arg grpc_create_subchannel_address_arg(const grpc_resolved_address *addr) {

3
src/core/ext/client_channel/subchannel.h
Unescape View File

@ -178,6 +178,9 @@ grpc_subchannel *grpc_subchannel_create(grpc_exec_ctx *exec_ctx,
void grpc_get_subchannel_address_arg(const grpc_channel_args *args,
grpc_resolved_address *addr);
/// Returns the URI string for the address to connect to.
const char *grpc_get_subchannel_address_uri_arg(const grpc_channel_args *args);
/// Returns a new channel arg encoding the subchannel address as a string.
/// Caller is responsible for freeing the string.
grpc_arg grpc_create_subchannel_address_arg(const grpc_resolved_address *addr);

171
src/core/ext/lb_policy/grpclb/grpclb.c
Unescape View File

@ -112,11 +112,13 @@
#include "src/core/ext/client_channel/lb_policy_registry.h"
#include "src/core/ext/client_channel/parse_address.h"
#include "src/core/ext/lb_policy/grpclb/grpclb.h"
#include "src/core/ext/lb_policy/grpclb/grpclb_channel.h"
#include "src/core/ext/lb_policy/grpclb/load_balancer_api.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/iomgr/sockaddr.h"
#include "src/core/lib/iomgr/sockaddr_utils.h"
#include "src/core/lib/iomgr/timer.h"
#include "src/core/lib/slice/slice_hash_table.h"
#include "src/core/lib/slice/slice_internal.h"
#include "src/core/lib/slice/slice_string_helpers.h"
#include "src/core/lib/support/backoff.h"
@ -751,6 +753,96 @@ static void glb_rr_connectivity_changed(grpc_exec_ctx *exec_ctx, void *arg,
GRPC_ERROR_UNREF(error);
}
static void destroy_balancer_name(grpc_exec_ctx *exec_ctx,
void *balancer_name) {
gpr_free(balancer_name);
}
static void *copy_balancer_name(void *balancer_name) {
return gpr_strdup(balancer_name);
}
static grpc_slice_hash_table_entry targets_info_entry_create(
const char *address, const char *balancer_name) {
static const grpc_slice_hash_table_vtable vtable = {destroy_balancer_name,
copy_balancer_name};
grpc_slice_hash_table_entry entry;
entry.key = grpc_slice_from_copied_string(address);
entry.value = (void *)balancer_name;
entry.vtable = &vtable;
return entry;
}
/* Returns the target URI for the LB service whose addresses are in \a
* addresses. Using this URI, a bidirectional streaming channel will be created
* for the reception of load balancing updates.
*
* The output argument \a targets_info will be updated to contain a mapping of
* "LB server address" to "balancer name", as reported by the naming system.
* This mapping will be propagated via the channel arguments of the
* aforementioned LB streaming channel, to be used by the security connector for
* secure naming checks. The user is responsible for freeing \a targets_info. */
static char *get_lb_uri_target_addresses(grpc_exec_ctx *exec_ctx,
const grpc_lb_addresses *addresses,
grpc_slice_hash_table **targets_info) {
size_t num_grpclb_addrs = 0;
for (size_t i = 0; i < addresses->num_addresses; ++i) {
if (addresses->addresses[i].is_balancer) ++num_grpclb_addrs;
}
/* All input addresses come from a resolver that claims they are LB services.
* It's the resolver's responsibility to make sure this policy is only
* instantiated and used in that case. Otherwise, something has gone wrong. */
GPR_ASSERT(num_grpclb_addrs > 0);
grpc_slice_hash_table_entry *targets_info_entries =
gpr_malloc(sizeof(*targets_info_entries) * num_grpclb_addrs);
/* construct a target ipvX://ip1:port1,ip2:port2,... from the addresses in \a
* addresses */
/* TODO(dgq): support mixed ip version */
char **addr_strs = gpr_malloc(sizeof(char *) * num_grpclb_addrs);
size_t addr_index = 0;
for (size_t i = 0; i < addresses->num_addresses; i++) {
if (addresses->addresses[i].user_data != NULL) {
gpr_log(GPR_ERROR,
"This LB policy doesn't support user data. It will be ignored");
}
if (addresses->addresses[i].is_balancer) {
char *addr_str;
GPR_ASSERT(grpc_sockaddr_to_string(
&addr_str, &addresses->addresses[i].address, true) > 0);
targets_info_entries[addr_index] = targets_info_entry_create(
addr_str, addresses->addresses[i].balancer_name);
addr_strs[addr_index++] = addr_str;
}
}
GPR_ASSERT(addr_index == num_grpclb_addrs);
size_t uri_path_len;
char *uri_path = gpr_strjoin_sep((const char **)addr_strs, num_grpclb_addrs,
",", &uri_path_len);
for (size_t i = 0; i < num_grpclb_addrs; i++) gpr_free(addr_strs[i]);
gpr_free(addr_strs);
char *target_uri_str = NULL;
/* TODO(dgq): Don't assume all addresses will share the scheme of the first
* one */
gpr_asprintf(&target_uri_str, "%s:%s",
grpc_sockaddr_get_uri_scheme(&addresses->addresses[0].address),
uri_path);
gpr_free(uri_path);
*targets_info =
grpc_slice_hash_table_create(num_grpclb_addrs, targets_info_entries);
for (size_t i = 0; i < num_grpclb_addrs; i++) {
grpc_slice_unref_internal(exec_ctx, targets_info_entries[i].key);
}
gpr_free(targets_info_entries);
return target_uri_str;
}
static grpc_lb_policy *glb_create(grpc_exec_ctx *exec_ctx,
grpc_lb_policy_factory *factory,
grpc_lb_policy_args *args) {
@ -788,85 +880,30 @@ static grpc_lb_policy *glb_create(grpc_exec_ctx *exec_ctx,
}
grpc_uri_destroy(uri);
/* All input addresses in addresses come from a resolver that claims
* they are LB services. It's the resolver's responsibility to make sure
* this policy is only instantiated and used in that case.
*
* Create a client channel over them to communicate with a LB service */
glb_policy->cc_factory = args->client_channel_factory;
glb_policy->args = grpc_channel_args_copy(args->args);
GPR_ASSERT(glb_policy->cc_factory != NULL);
/* construct a target from the addresses in args, given in the form
* ipvX://ip1:port1,ip2:port2,...
* TODO(dgq): support mixed ip version */
char **addr_strs = gpr_malloc(sizeof(char *) * num_grpclb_addrs);
size_t addr_index = 0;
for (size_t i = 0; i < addresses->num_addresses; i++) {
if (addresses->addresses[i].user_data != NULL) {
gpr_log(GPR_ERROR,
"This LB policy doesn't support user data. It will be ignored");
}
if (addresses->addresses[i].is_balancer) {
if (addr_index == 0) {
addr_strs[addr_index++] =
grpc_sockaddr_to_uri(&addresses->addresses[i].address);
} else {
GPR_ASSERT(grpc_sockaddr_to_string(&addr_strs[addr_index++],
&addresses->addresses[i].address,
true) > 0);
}
}
}
size_t uri_path_len;
char *target_uri_str = gpr_strjoin_sep((const char **)addr_strs,
num_grpclb_addrs, ",", &uri_path_len);
/* Create a channel to talk to the LBs.
*
* We strip out the channel arg for the LB policy name, since we want
* to use the default (pick_first) in this case.
*
* We also strip out the channel arg for the resolved addresses, since
* that will be generated by the name resolver used in the LB channel.
* Note that the LB channel will use the sockaddr resolver, so this
* won't actually generate a query to DNS (or some other name service).
* However, the addresses returned by the sockaddr resolver will have
* is_balancer=false, whereas our own addresses have is_balancer=true.
* We need the LB channel to return addresses with is_balancer=false
* so that it does not wind up recursively using the grpclb LB policy,
* as per the special case logic in client_channel.c.
*
* Finally, we also strip out the channel arg for the server URI,
* since that will be different for the LB channel than for the parent
* channel. (The client channel factory will re-add this arg with
* the right value.)
*/
static const char *keys_to_remove[] = {
GRPC_ARG_LB_POLICY_NAME, GRPC_ARG_LB_ADDRESSES, GRPC_ARG_SERVER_URI};
grpc_channel_args *new_args = grpc_channel_args_copy_and_remove(
args->args, keys_to_remove, GPR_ARRAY_SIZE(keys_to_remove));
glb_policy->lb_channel = grpc_client_channel_factory_create_channel(
exec_ctx, glb_policy->cc_factory, target_uri_str,
GRPC_CLIENT_CHANNEL_TYPE_LOAD_BALANCING, new_args);
grpc_channel_args_destroy(exec_ctx, new_args);
gpr_free(target_uri_str);
for (size_t i = 0; i < num_grpclb_addrs; i++) {
gpr_free(addr_strs[i]);
}
gpr_free(addr_strs);
grpc_slice_hash_table *targets_info = NULL;
/* Create a client channel over them to communicate with a LB service */
char *lb_service_target_addresses =
get_lb_uri_target_addresses(exec_ctx, addresses, &targets_info);
grpc_channel_args *lb_channel_args =
get_lb_channel_args(exec_ctx, targets_info, args->args);
glb_policy->lb_channel = grpc_lb_policy_grpclb_create_lb_channel(
exec_ctx, lb_service_target_addresses, args->client_channel_factory,
lb_channel_args);
grpc_slice_hash_table_unref(exec_ctx, targets_info);
grpc_channel_args_destroy(exec_ctx, lb_channel_args);
gpr_free(lb_service_target_addresses);
if (glb_policy->lb_channel == NULL) {
gpr_free(glb_policy);
return NULL;
}
grpc_lb_policy_init(&glb_policy->base, &glb_lb_policy_vtable);
gpr_mu_init(&glb_policy->mu);
grpc_connectivity_state_init(&glb_policy->state_tracker, GRPC_CHANNEL_IDLE,
"grpclb");
return &glb_policy->base;
}

77
src/core/ext/lb_policy/grpclb/grpclb_channel.c
Unescape View File

@ -0,0 +1,77 @@
/*
*
* Copyright 2017, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <grpc/support/alloc.h>
#include <grpc/support/string_util.h>
#include "src/core/ext/client_channel/client_channel.h"
#include "src/core/ext/lb_policy/grpclb/grpclb_channel.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/iomgr/sockaddr_utils.h"
#include "src/core/lib/support/string.h"
grpc_channel *grpc_lb_policy_grpclb_create_lb_channel(
grpc_exec_ctx *exec_ctx, const char *lb_service_target_addresses,
grpc_client_channel_factory *client_channel_factory,
grpc_channel_args *args) {
grpc_channel *lb_channel = grpc_client_channel_factory_create_channel(
exec_ctx, client_channel_factory, lb_service_target_addresses,
GRPC_CLIENT_CHANNEL_TYPE_LOAD_BALANCING, args);
return lb_channel;
}
grpc_channel_args *get_lb_channel_args(grpc_exec_ctx *exec_ctx,
grpc_slice_hash_table *targets_info,
const grpc_channel_args *args) {
/* We strip out the channel arg for the LB policy name, since we want
* to use the default (pick_first) in this case.
*
* We also strip out the channel arg for the resolved addresses, since
* that will be generated by the name resolver used in the LB channel.
* Note that the LB channel will use the sockaddr resolver, so this
* won't actually generate a query to DNS (or some other name service).
* However, the addresses returned by the sockaddr resolver will have
* is_balancer=false, whereas our own addresses have is_balancer=true.
* We need the LB channel to return addresses with is_balancer=false
* so that it does not wind up recursively using the grpclb LB policy,
* as per the special case logic in client_channel.c.
*
* Lastly, we also strip out the channel arg for the server URI,
* since that will be different for the LB channel than for the parent
* channel (the client channel factory will re-add this arg with
* the right value). */
static const char *keys_to_remove[] = {
GRPC_ARG_LB_POLICY_NAME, GRPC_ARG_LB_ADDRESSES, GRPC_ARG_SERVER_URI};
return grpc_channel_args_copy_and_remove(args, keys_to_remove,
GPR_ARRAY_SIZE(keys_to_remove));
}

56
src/core/ext/lb_policy/grpclb/grpclb_channel.h
Unescape View File

@ -0,0 +1,56 @@
/*
*
* Copyright 2017, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef GRPC_CORE_EXT_LB_POLICY_GRPCLB_GRPCLB_CHANNEL_H
#define GRPC_CORE_EXT_LB_POLICY_GRPCLB_GRPCLB_CHANNEL_H
#include "src/core/ext/client_channel/lb_policy_factory.h"
#include "src/core/lib/slice/slice_hash_table.h"
/** Create the channel used for communicating with an LB service.
* Note that an LB *service* may be comprised of several LB *servers*.
*
* \a lb_service_target_addresses is the target URI containing the addresses
* from resolving the LB service's name (eg, ipv4:10.0.0.1:1234,10.2.3.4:9876).
* \a client_channel_factory will be used for the creation of the LB channel,
* alongside the channel args passed in \a args. */
grpc_channel *grpc_lb_policy_grpclb_create_lb_channel(
grpc_exec_ctx *exec_ctx, const char *lb_service_target_addresses,
grpc_client_channel_factory *client_channel_factory,
grpc_channel_args *args);
grpc_channel_args *get_lb_channel_args(grpc_exec_ctx *exec_ctx,
grpc_slice_hash_table *targets_info,
const grpc_channel_args *args);
#endif /* GRPC_CORE_EXT_LB_POLICY_GRPCLB_GRPCLB_CHANNEL_H */

107
src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c
Unescape View File

@ -0,0 +1,107 @@
/*
*
* Copyright 2017, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <grpc/support/alloc.h>
#include <grpc/support/string_util.h>
#include "src/core/ext/client_channel/client_channel.h"
#include "src/core/ext/lb_policy/grpclb/grpclb_channel.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/iomgr/sockaddr_utils.h"
#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/security/transport/lb_targets_info.h"
#include "src/core/lib/slice/slice_internal.h"
#include "src/core/lib/support/string.h"
grpc_channel *grpc_lb_policy_grpclb_create_lb_channel(
grpc_exec_ctx *exec_ctx, const char *lb_service_target_addresses,
grpc_client_channel_factory *client_channel_factory,
grpc_channel_args *args) {
grpc_channel_args *new_args = args;
grpc_channel_credentials *channel_credentials =
grpc_channel_credentials_find_in_args(args);
if (channel_credentials != NULL) {
/* Substitute the channel credentials with a version without call
* credentials: the load balancer is not necessarily trusted to handle
* bearer token credentials */
static const char *keys_to_remove[] = {GRPC_ARG_CHANNEL_CREDENTIALS};
grpc_channel_credentials *creds_sans_call_creds =
grpc_channel_credentials_duplicate_without_call_credentials(
channel_credentials);
GPR_ASSERT(creds_sans_call_creds != NULL);
grpc_arg args_to_add[] = {
grpc_channel_credentials_to_arg(creds_sans_call_creds)};
/* Create the new set of channel args */
new_args = grpc_channel_args_copy_and_add_and_remove(
args, keys_to_remove, GPR_ARRAY_SIZE(keys_to_remove), args_to_add,
GPR_ARRAY_SIZE(args_to_add));
grpc_channel_credentials_unref(exec_ctx, creds_sans_call_creds);
}
grpc_channel *lb_channel = grpc_client_channel_factory_create_channel(
exec_ctx, client_channel_factory, lb_service_target_addresses,
GRPC_CLIENT_CHANNEL_TYPE_LOAD_BALANCING, new_args);
if (channel_credentials != NULL) {
grpc_channel_args_destroy(exec_ctx, new_args);
}
return lb_channel;
}
grpc_channel_args *get_lb_channel_args(grpc_exec_ctx *exec_ctx,
grpc_slice_hash_table *targets_info,
const grpc_channel_args *args) {
const grpc_arg targets_info_arg =
grpc_lb_targets_info_create_channel_arg(targets_info);
/* We strip out the channel arg for the LB policy name, since we want
* to use the default (pick_first) in this case.
*
* We also strip out the channel arg for the resolved addresses, since
* that will be generated by the name resolver used in the LB channel.
* Note that the LB channel will use the sockaddr resolver, so this
* won't actually generate a query to DNS (or some other name service).
* However, the addresses returned by the sockaddr resolver will have
* is_balancer=false, whereas our own addresses have is_balancer=true.
* We need the LB channel to return addresses with is_balancer=false
* so that it does not wind up recursively using the grpclb LB policy,
* as per the special case logic in client_channel.c.
*
* Lastly, we also strip out the channel arg for the server URI,
* since that will be different for the LB channel than for the parent
* channel (the client channel factory will re-add this arg with
* the right value). */
static const char *keys_to_remove[] = {
GRPC_ARG_LB_POLICY_NAME, GRPC_ARG_LB_ADDRESSES, GRPC_ARG_SERVER_URI};
/* Add the targets info table to be used for secure naming */
return grpc_channel_args_copy_and_add_and_remove(
args, keys_to_remove, GPR_ARRAY_SIZE(keys_to_remove), &targets_info_arg,
1);
}

7
src/core/ext/lb_policy/round_robin/round_robin.c
Unescape View File

@ -739,6 +739,13 @@ static grpc_lb_policy *round_robin_create(grpc_exec_ctx *exec_ctx,
sc_args.args = new_args;
grpc_subchannel *subchannel = grpc_client_channel_factory_create_subchannel(
exec_ctx, args->client_channel_factory, &sc_args);
if (grpc_lb_round_robin_trace) {
char *address_uri =
grpc_sockaddr_to_uri(&addresses->addresses[i].address);
gpr_log(GPR_DEBUG, "Created subchannel %p for address uri %s",
(void *)subchannel, address_uri);
gpr_free(address_uri);
}
grpc_channel_args_destroy(exec_ctx, new_args);
if (subchannel != NULL) {

171
src/core/ext/transport/chttp2/client/secure/secure_channel_create.c
Unescape View File

@ -40,10 +40,15 @@
#include "src/core/ext/client_channel/client_channel.h"
#include "src/core/ext/client_channel/resolver_registry.h"
#include "src/core/ext/client_channel/uri_parser.h"
#include "src/core/ext/transport/chttp2/client/chttp2_connector.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/iomgr/sockaddr_utils.h"
#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/security/transport/lb_targets_info.h"
#include "src/core/lib/security/transport/security_connector.h"
#include "src/core/lib/slice/slice_hash_table.h"
#include "src/core/lib/slice/slice_internal.h"
#include "src/core/lib/surface/api_trace.h"
#include "src/core/lib/surface/channel.h"
@ -53,12 +58,114 @@ static void client_channel_factory_ref(
static void client_channel_factory_unref(
grpc_exec_ctx *exec_ctx, grpc_client_channel_factory *cc_factory) {}
static grpc_subchannel_args *get_secure_naming_subchannel_args(
grpc_exec_ctx *exec_ctx, const grpc_subchannel_args *args) {
grpc_channel_credentials *channel_credentials =
grpc_channel_credentials_find_in_args(args->args);
if (channel_credentials == NULL) {
gpr_log(GPR_ERROR,
"Can't create subchannel: channel credentials missing for secure "
"channel.");
return NULL;
}
// Make sure security connector does not already exist in args.
if (grpc_security_connector_find_in_args(args->args) != NULL) {
gpr_log(GPR_ERROR,
"Can't create subchannel: security connector already present in "
"channel args.");
return NULL;
}
// To which address are we connecting? By default, use the server URI.
const grpc_arg *server_uri_arg =
grpc_channel_args_find(args->args, GRPC_ARG_SERVER_URI);
GPR_ASSERT(server_uri_arg != NULL);
GPR_ASSERT(server_uri_arg->type == GRPC_ARG_STRING);
const char *server_uri_str = server_uri_arg->value.string;
GPR_ASSERT(server_uri_str != NULL);
grpc_uri *server_uri =
grpc_uri_parse(server_uri_str, true /* supress errors */);
GPR_ASSERT(server_uri != NULL);
const char *server_uri_path;
server_uri_path =
server_uri->path[0] == '/' ? server_uri->path + 1 : server_uri->path;
const grpc_slice_hash_table *targets_info =
grpc_lb_targets_info_find_in_args(args->args);
char *target_name_to_check = NULL;
if (targets_info != NULL) { // LB channel
// Find the balancer name for the target.
const char *target_uri_str =
grpc_get_subchannel_address_uri_arg(args->args);
grpc_uri *target_uri =
grpc_uri_parse(target_uri_str, false /* suppress errors */);
GPR_ASSERT(target_uri != NULL);
if (target_uri->path[0] != '\0') { // "path" may be empty
const grpc_slice key = grpc_slice_from_static_string(
target_uri->path[0] == '/' ? target_uri->path + 1 : target_uri->path);
const char *value = grpc_slice_hash_table_get(targets_info, key);
if (value != NULL) target_name_to_check = gpr_strdup(value);
grpc_slice_unref_internal(exec_ctx, key);
}
if (target_name_to_check == NULL) {
// If the target name to check hasn't already been set, fall back to using
// SERVER_URI
target_name_to_check = gpr_strdup(server_uri_path);
}
grpc_uri_destroy(target_uri);
} else { // regular channel: the secure name is the original server URI.
target_name_to_check = gpr_strdup(server_uri_path);
}
grpc_uri_destroy(server_uri);
GPR_ASSERT(target_name_to_check != NULL);
grpc_channel_security_connector *subchannel_security_connector = NULL;
// Create the security connector using the credentials and target name.
grpc_channel_args *new_args_from_connector = NULL;
const grpc_security_status security_status =
grpc_channel_credentials_create_security_connector(
exec_ctx, channel_credentials, target_name_to_check, args->args,
&subchannel_security_connector, &new_args_from_connector);
if (security_status != GRPC_SECURITY_OK) {
gpr_log(GPR_ERROR,
"Failed to create secure subchannel for secure name '%s'",
target_name_to_check);
gpr_free(target_name_to_check);
return NULL;
}
gpr_free(target_name_to_check);
grpc_arg new_security_connector_arg =
grpc_security_connector_to_arg(&subchannel_security_connector->base);
grpc_channel_args *new_args = grpc_channel_args_copy_and_add(
new_args_from_connector != NULL ? new_args_from_connector : args->args,
&new_security_connector_arg, 1);
GRPC_SECURITY_CONNECTOR_UNREF(exec_ctx, &subchannel_security_connector->base,
"lb_channel_create");
if (new_args_from_connector != NULL) {
grpc_channel_args_destroy(exec_ctx, new_args_from_connector);
}
grpc_subchannel_args *final_sc_args = gpr_malloc(sizeof(*final_sc_args));
memcpy(final_sc_args, args, sizeof(*args));
final_sc_args->args = new_args;
return final_sc_args;
}
static grpc_subchannel *client_channel_factory_create_subchannel(
grpc_exec_ctx *exec_ctx, grpc_client_channel_factory *cc_factory,
const grpc_subchannel_args *args) {
grpc_subchannel_args *subchannel_args =
get_secure_naming_subchannel_args(exec_ctx, args);
if (subchannel_args == NULL) {
gpr_log(
GPR_ERROR,
"Failed to create subchannel arguments during subchannel creation.");
return NULL;
}
grpc_connector *connector = grpc_chttp2_connector_create();
grpc_subchannel *s = grpc_subchannel_create(exec_ctx, connector, args);
grpc_subchannel *s =
grpc_subchannel_create(exec_ctx, connector, subchannel_args);
grpc_connector_unref(exec_ctx, connector);
grpc_channel_args_destroy(exec_ctx,
(grpc_channel_args *)subchannel_args->args);
gpr_free(subchannel_args);
return s;
}
@ -91,10 +198,10 @@ static const grpc_client_channel_factory_vtable client_channel_factory_vtable =
static grpc_client_channel_factory client_channel_factory = {
&client_channel_factory_vtable};
/* Create a secure client channel:
Asynchronously: - resolve target
- connect to it (trying alternatives as presented)
- perform handshakes */
// Create a secure client channel:
// Asynchronously: - resolve target
// - connect to it (trying alternatives as presented)
// - perform handshakes
grpc_channel *grpc_secure_channel_create(grpc_channel_credentials *creds,
const char *target,
const grpc_channel_args *args,
@ -103,47 +210,25 @@ grpc_channel *grpc_secure_channel_create(grpc_channel_credentials *creds,
GRPC_API_TRACE(
"grpc_secure_channel_create(creds=%p, target=%s, args=%p, "
"reserved=%p)",
4, (creds, target, args, reserved));
4, ((void *)creds, target, (void *)args, (void *)reserved));
GPR_ASSERT(reserved == NULL);
// Make sure security connector does not already exist in args.
if (grpc_find_security_connector_in_args(args) != NULL) {
gpr_log(GPR_ERROR, "Cannot set security context in channel args.");
grpc_channel *channel = NULL;
if (creds != NULL) {
// Add channel args containing the client channel factory and channel
// credentials.
grpc_arg args_to_add[] = {
grpc_client_channel_factory_create_channel_arg(&client_channel_factory),
grpc_channel_credentials_to_arg(creds)};
grpc_channel_args *new_args = grpc_channel_args_copy_and_add(
args, args_to_add, GPR_ARRAY_SIZE(args_to_add));
// Create channel.
channel = client_channel_factory_create_channel(
&exec_ctx, &client_channel_factory, target,
GRPC_CLIENT_CHANNEL_TYPE_REGULAR, new_args);
// Clean up.
grpc_channel_args_destroy(&exec_ctx, new_args);
grpc_exec_ctx_finish(&exec_ctx);
return grpc_lame_client_channel_create(
target, GRPC_STATUS_INTERNAL,
"Security connector exists in channel args.");
}
// Create security connector and construct new channel args.
grpc_channel_security_connector *security_connector;
grpc_channel_args *new_args_from_connector;
if (grpc_channel_credentials_create_security_connector(
&exec_ctx, creds, target, args, &security_connector,
&new_args_from_connector) != GRPC_SECURITY_OK) {
grpc_exec_ctx_finish(&exec_ctx);
return grpc_lame_client_channel_create(
target, GRPC_STATUS_INTERNAL, "Failed to create security connector.");
}
// Add channel args containing the client channel factory and security
// connector.
grpc_arg args_to_add[2];
args_to_add[0] =
grpc_client_channel_factory_create_channel_arg(&client_channel_factory);
args_to_add[1] = grpc_security_connector_to_arg(&security_connector->base);
grpc_channel_args *new_args = grpc_channel_args_copy_and_add(
new_args_from_connector != NULL ? new_args_from_connector : args,
args_to_add, GPR_ARRAY_SIZE(args_to_add));
if (new_args_from_connector != NULL) {
grpc_channel_args_destroy(&exec_ctx, new_args_from_connector);
}
// Create channel.
grpc_channel *channel = client_channel_factory_create_channel(
&exec_ctx, &client_channel_factory, target,
GRPC_CLIENT_CHANNEL_TYPE_REGULAR, new_args);
// Clean up.
GRPC_SECURITY_CONNECTOR_UNREF(&exec_ctx, &security_connector->base,
"secure_client_channel_factory_create_channel");
grpc_channel_args_destroy(&exec_ctx, new_args);
grpc_exec_ctx_finish(&exec_ctx);
return channel != NULL ? channel
: grpc_lame_client_channel_create(
target, GRPC_STATUS_INTERNAL,

38
src/core/lib/iomgr/sockaddr_utils.c
Unescape View File

@ -190,31 +190,37 @@ int grpc_sockaddr_to_string(char **out,
}
char *grpc_sockaddr_to_uri(const grpc_resolved_address *resolved_addr) {
char *temp;
char *result;
grpc_resolved_address addr_normalized;
const struct sockaddr *addr;
if (grpc_sockaddr_is_v4mapped(resolved_addr, &addr_normalized)) {
resolved_addr = &addr_normalized;
}
const char *scheme = grpc_sockaddr_get_uri_scheme(resolved_addr);
if (scheme == NULL || strcmp("unix", scheme) == 0) {
return grpc_sockaddr_to_uri_unix_if_possible(resolved_addr);
}
char *path = NULL;
char *uri_str = NULL;
if (grpc_sockaddr_to_string(&path, resolved_addr,
false /* suppress errors */) &&
scheme != NULL) {
gpr_asprintf(&uri_str, "%s:%s", scheme, path);
}
gpr_free(path);
return uri_str != NULL ? uri_str : NULL;
}
addr = (const struct sockaddr *)resolved_addr->addr;
const char *grpc_sockaddr_get_uri_scheme(
const grpc_resolved_address *resolved_addr) {
const struct sockaddr *addr = (const struct sockaddr *)resolved_addr->addr;
switch (addr->sa_family) {
case AF_INET:
grpc_sockaddr_to_string(&temp, resolved_addr, 0);
gpr_asprintf(&result, "ipv4:%s", temp);
gpr_free(temp);
return result;
return "ipv4";
case AF_INET6:
grpc_sockaddr_to_string(&temp, resolved_addr, 0);
gpr_asprintf(&result, "ipv6:%s", temp);
gpr_free(temp);
return result;
default:
return grpc_sockaddr_to_uri_unix_if_possible(resolved_addr);
return "ipv6";
case AF_UNIX:
return "unix";
}
return NULL;
}
int grpc_sockaddr_get_port(const grpc_resolved_address *resolved_addr) {

4
src/core/lib/iomgr/sockaddr_utils.h
Unescape View File

@ -84,6 +84,10 @@ int grpc_sockaddr_set_port(const grpc_resolved_address *addr, int port);
int grpc_sockaddr_to_string(char **out, const grpc_resolved_address *addr,
int normalize);
/* Returns the URI string corresponding to \a addr */
char *grpc_sockaddr_to_uri(const grpc_resolved_address *addr);
/* Returns the URI scheme corresponding to \a addr */
const char *grpc_sockaddr_get_uri_scheme(const grpc_resolved_address *addr);
#endif /* GRPC_CORE_LIB_IOMGR_SOCKADDR_UTILS_H */

47
src/core/lib/security/credentials/credentials.c
Unescape View File

@ -160,6 +160,53 @@ grpc_channel_credentials_duplicate_without_call_credentials(
}
}
static void credentials_pointer_arg_destroy(grpc_exec_ctx *exec_ctx, void *p) {
grpc_channel_credentials_unref(exec_ctx, p);
}
static void *credentials_pointer_arg_copy(void *p) {
return grpc_channel_credentials_ref(p);
}
static int credentials_pointer_cmp(void *a, void *b) { return GPR_ICMP(a, b); }
static const grpc_arg_pointer_vtable credentials_pointer_vtable = {
credentials_pointer_arg_copy, credentials_pointer_arg_destroy,
credentials_pointer_cmp};
grpc_arg grpc_channel_credentials_to_arg(
grpc_channel_credentials *credentials) {
grpc_arg result;
result.type = GRPC_ARG_POINTER;
result.key = GRPC_ARG_CHANNEL_CREDENTIALS;
result.value.pointer.vtable = &credentials_pointer_vtable;
result.value.pointer.p = credentials;
return result;
}
grpc_channel_credentials *grpc_channel_credentials_from_arg(
const grpc_arg *arg) {
if (strcmp(arg->key, GRPC_ARG_CHANNEL_CREDENTIALS)) return NULL;
if (arg->type != GRPC_ARG_POINTER) {
gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type,
GRPC_ARG_CHANNEL_CREDENTIALS);
return NULL;
}
return arg->value.pointer.p;
}
grpc_channel_credentials *grpc_channel_credentials_find_in_args(
const grpc_channel_args *args) {
size_t i;
if (args == NULL) return NULL;
for (i = 0; i < args->num_args; i++) {
grpc_channel_credentials *credentials =
grpc_channel_credentials_from_arg(&args->args[i]);
if (credentials != NULL) return credentials;
}
return NULL;
}
grpc_server_credentials *grpc_server_credentials_ref(
grpc_server_credentials *creds) {
if (creds == NULL) return NULL;

13
src/core/lib/security/credentials/credentials.h
Unescape View File

@ -100,6 +100,8 @@ void grpc_override_well_known_credentials_path_getter(
/* --- grpc_channel_credentials. --- */
#define GRPC_ARG_CHANNEL_CREDENTIALS "grpc.channel_credentials"
typedef struct {
void (*destruct)(grpc_exec_ctx *exec_ctx, grpc_channel_credentials *c);
@ -140,6 +142,17 @@ grpc_channel_credentials *
grpc_channel_credentials_duplicate_without_call_credentials(
grpc_channel_credentials *creds);
/* Util to encapsulate the channel credentials in a channel arg. */
grpc_arg grpc_channel_credentials_to_arg(grpc_channel_credentials *credentials);
/* Util to get the channel credentials from a channel arg. */
grpc_channel_credentials *grpc_channel_credentials_from_arg(
const grpc_arg *arg);
/* Util to find the channel credentials from channel args. */
grpc_channel_credentials *grpc_channel_credentials_find_in_args(
const grpc_channel_args *args);
/* --- grpc_credentials_md. --- */
typedef struct {

8
src/core/lib/security/credentials/fake/fake_credentials.c
Unescape View File

@ -35,13 +35,13 @@
#include <string.h>
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/iomgr/executor.h"
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
#include "src/core/lib/iomgr/executor.h"
#include "src/core/lib/support/string.h"
/* -- Fake transport security credentials. -- */
static grpc_security_status fake_transport_security_create_security_connector(
@ -49,7 +49,7 @@ static grpc_security_status fake_transport_security_create_security_connector(
grpc_call_credentials *call_creds, const char *target,
const grpc_channel_args *args, grpc_channel_security_connector **sc,
grpc_channel_args **new_args) {
*sc = grpc_fake_channel_security_connector_create(call_creds);
*sc = grpc_fake_channel_security_connector_create(call_creds, target, args);
return GRPC_SECURITY_OK;
}

15
src/core/lib/security/credentials/fake/fake_credentials.h
Unescape View File

@ -38,6 +38,21 @@
/* -- Fake transport security credentials. -- */
/* Used to verify the target names given to the fake transport security
* connector.
*
* Its syntax by example:
* For LB channels:
* "backend_target_1,backend_target_2,...;lb_target_1,lb_target_2,..."
* For regular channels:
* "backend_taget_1,backend_target_2,..."
*
* That is to say, LB channels have a heading list of LB targets separated from
* the list of backend targets by a semicolon. For non-LB channels, only the
* latter is present. */
#define GRPC_ARG_FAKE_SECURITY_EXPECTED_TARGETS \
"grpc.test_only.fake_security.expected_target"
/* Creates a fake transport security credentials object for testing. */
grpc_channel_credentials *grpc_fake_transport_security_credentials_create(void);

2
src/core/lib/security/transport/client_auth_filter.c
Unescape View File

@ -335,7 +335,7 @@ static grpc_error *init_channel_elem(grpc_exec_ctx *exec_ctx,
grpc_channel_element *elem,
grpc_channel_element_args *args) {
grpc_security_connector *sc =
grpc_find_security_connector_in_args(args->channel_args);
grpc_security_connector_find_in_args(args->channel_args);
grpc_auth_context *auth_context =
grpc_find_auth_context_in_args(args->channel_args);

70
src/core/lib/security/transport/lb_targets_info.c
Unescape View File

@ -0,0 +1,70 @@
/*
*
* Copyright 2017, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <grpc/support/log.h>
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/security/transport/lb_targets_info.h"
/* Channel arg key for the mapping of LB server addresses to their names for
* secure naming purposes. */
#define GRPC_ARG_LB_SECURE_NAMING_MAP "grpc.lb_secure_naming_map"
static void *targets_info_copy(void *p) { return grpc_slice_hash_table_ref(p); }
static void targets_info_destroy(grpc_exec_ctx *exec_ctx, void *p) {
grpc_slice_hash_table_unref(exec_ctx, p);
}
static int targets_info_cmp(void *a, void *b) { return GPR_ICMP(a, b); }
static const grpc_arg_pointer_vtable server_to_balancer_names_vtable = {
targets_info_copy, targets_info_destroy, targets_info_cmp};
grpc_arg grpc_lb_targets_info_create_channel_arg(
grpc_slice_hash_table *targets_info) {
grpc_arg arg;
arg.type = GRPC_ARG_POINTER;
arg.key = GRPC_ARG_LB_SECURE_NAMING_MAP;
arg.value.pointer.p = targets_info;
arg.value.pointer.vtable = &server_to_balancer_names_vtable;
return arg;
}
grpc_slice_hash_table *grpc_lb_targets_info_find_in_args(
const grpc_channel_args *args) {
const grpc_arg *targets_info_arg =
grpc_channel_args_find(args, GRPC_ARG_LB_SECURE_NAMING_MAP);
if (targets_info_arg != NULL) {
GPR_ASSERT(targets_info_arg->type == GRPC_ARG_POINTER);
return targets_info_arg->value.pointer.p;
}
return NULL;
}

47
src/core/lib/security/transport/lb_targets_info.h
Unescape View File

@ -0,0 +1,47 @@
/*
*
* Copyright 2017, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef GRPC_CORE_LIB_SECURITY_TRANSPORT_LB_TARGETS_INFO_H
#define GRPC_CORE_LIB_SECURITY_TRANSPORT_LB_TARGETS_INFO_H
#include "src/core/lib/slice/slice_hash_table.h"
/** Return a channel argument containing \a targets_info. */
grpc_arg grpc_lb_targets_info_create_channel_arg(
grpc_slice_hash_table *targets_info);
/** Return the instance of targets info in \a args or NULL */
grpc_slice_hash_table *grpc_lb_targets_info_find_in_args(
const grpc_channel_args *args);
#endif /* GRPC_CORE_LIB_SECURITY_TRANSPORT_LB_TARGETS_INFO_H */

141
src/core/lib/security/transport/security_connector.c
Unescape View File

@ -43,10 +43,13 @@
#include <grpc/support/string_util.h>
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/channel/handshaker.h"
#include "src/core/lib/iomgr/load_file.h"
#include "src/core/lib/security/context/security_context.h"
#include "src/core/lib/security/credentials/credentials.h"
#include "src/core/lib/security/credentials/fake/fake_credentials.h"
#include "src/core/lib/security/transport/lb_targets_info.h"
#include "src/core/lib/security/transport/secure_endpoint.h"
#include "src/core/lib/security/transport/security_handshaker.h"
#include "src/core/lib/support/env.h"
@ -205,23 +208,23 @@ static const grpc_arg_pointer_vtable connector_pointer_vtable = {
grpc_arg grpc_security_connector_to_arg(grpc_security_connector *sc) {
grpc_arg result;
result.type = GRPC_ARG_POINTER;
result.key = GRPC_SECURITY_CONNECTOR_ARG;
result.key = GRPC_ARG_SECURITY_CONNECTOR;
result.value.pointer.vtable = &connector_pointer_vtable;
result.value.pointer.p = sc;
return result;
}
grpc_security_connector *grpc_security_connector_from_arg(const grpc_arg *arg) {
if (strcmp(arg->key, GRPC_SECURITY_CONNECTOR_ARG)) return NULL;
if (strcmp(arg->key, GRPC_ARG_SECURITY_CONNECTOR)) return NULL;
if (arg->type != GRPC_ARG_POINTER) {
gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type,
GRPC_SECURITY_CONNECTOR_ARG);
GRPC_ARG_SECURITY_CONNECTOR);
return NULL;
}
return arg->value.pointer.p;
}
grpc_security_connector *grpc_find_security_connector_in_args(
grpc_security_connector *grpc_security_connector_find_in_args(
const grpc_channel_args *args) {
size_t i;
if (args == NULL) return NULL;
@ -235,11 +238,21 @@ grpc_security_connector *grpc_find_security_connector_in_args(
/* -- Fake implementation. -- */
typedef struct {
grpc_channel_security_connector base;
char *target;
char *expected_targets;
bool is_lb_channel;
} grpc_fake_channel_security_connector;
static void fake_channel_destroy(grpc_exec_ctx *exec_ctx,
grpc_security_connector *sc) {
grpc_channel_security_connector *c = (grpc_channel_security_connector *)sc;
grpc_call_credentials_unref(exec_ctx, c->request_metadata_creds);
gpr_free(sc);
grpc_fake_channel_security_connector *c =
(grpc_fake_channel_security_connector *)sc;
grpc_call_credentials_unref(exec_ctx, c->base.request_metadata_creds);
gpr_free(c->target);
gpr_free(c->expected_targets);
gpr_free(c);
}
static void fake_server_destroy(grpc_exec_ctx *exec_ctx,
@ -247,6 +260,68 @@ static void fake_server_destroy(grpc_exec_ctx *exec_ctx,
gpr_free(sc);
}
static bool fake_check_target(const char *target_type, const char *target,
const char *set_str) {
GPR_ASSERT(target_type != NULL);
GPR_ASSERT(target != NULL);
char **set = NULL;
size_t set_size = 0;
gpr_string_split(set_str, ",", &set, &set_size);
bool found = false;
for (size_t i = 0; i < set_size; ++i) {
if (set[i] != NULL && strcmp(target, set[i]) == 0) found = true;
}
for (size_t i = 0; i < set_size; ++i) {
gpr_free(set[i]);
}
gpr_free(set);
return found;
}
static void fake_secure_name_check(const char *target,
const char *expected_targets,
bool is_lb_channel) {
if (expected_targets == NULL) return;
char **lbs_and_backends = NULL;
size_t lbs_and_backends_size = 0;
bool success = false;
gpr_string_split(expected_targets, ";", &lbs_and_backends,
&lbs_and_backends_size);
if (lbs_and_backends_size > 2 || lbs_and_backends_size == 0) {
gpr_log(GPR_ERROR, "Invalid expected targets arg value: '%s'",
expected_targets);
goto done;
}
if (is_lb_channel) {
if (lbs_and_backends_size != 2) {
gpr_log(GPR_ERROR,
"Invalid expected targets arg value: '%s'. Expectations for LB "
"channels must be of the form 'be1,be2,be3,...;lb1,lb2,...",
expected_targets);
goto done;
}
if (!fake_check_target("LB", target, lbs_and_backends[1])) {
gpr_log(GPR_ERROR, "LB target '%s' not found in expected set '%s'",
target, lbs_and_backends[1]);
goto done;
}
success = true;
} else {
if (!fake_check_target("Backend", target, lbs_and_backends[0])) {
gpr_log(GPR_ERROR, "Backend target '%s' not found in expected set '%s'",
target, lbs_and_backends[0]);
goto done;
}
success = true;
}
done:
for (size_t i = 0; i < lbs_and_backends_size; ++i) {
gpr_free(lbs_and_backends[i]);
}
gpr_free(lbs_and_backends);
if (!success) abort();
}
static void fake_check_peer(grpc_exec_ctx *exec_ctx,
grpc_security_connector *sc, tsi_peer peer,
grpc_auth_context **auth_context,
@ -277,12 +352,28 @@ static void fake_check_peer(grpc_exec_ctx *exec_ctx,
grpc_auth_context_add_cstring_property(
*auth_context, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
GRPC_FAKE_TRANSPORT_SECURITY_TYPE);
end:
grpc_closure_sched(exec_ctx, on_peer_checked, error);
tsi_peer_destruct(&peer);
}
static void fake_channel_check_peer(grpc_exec_ctx *exec_ctx,
grpc_security_connector *sc, tsi_peer peer,
grpc_auth_context **auth_context,
grpc_closure *on_peer_checked) {
fake_check_peer(exec_ctx, sc, peer, auth_context, on_peer_checked);
grpc_fake_channel_security_connector *c =
(grpc_fake_channel_security_connector *)sc;
fake_secure_name_check(c->target, c->expected_targets, c->is_lb_channel);
}
static void fake_server_check_peer(grpc_exec_ctx *exec_ctx,
grpc_security_connector *sc, tsi_peer peer,
grpc_auth_context **auth_context,
grpc_closure *on_peer_checked) {
fake_check_peer(exec_ctx, sc, peer, auth_context, on_peer_checked);
}
static void fake_channel_check_call_host(grpc_exec_ctx *exec_ctx,
grpc_channel_security_connector *sc,
const char *host,
@ -313,22 +404,32 @@ static void fake_server_add_handshakers(grpc_exec_ctx *exec_ctx,
}
static grpc_security_connector_vtable fake_channel_vtable = {
fake_channel_destroy, fake_check_peer};
fake_channel_destroy, fake_channel_check_peer};
static grpc_security_connector_vtable fake_server_vtable = {fake_server_destroy,
fake_check_peer};
static grpc_security_connector_vtable fake_server_vtable = {
fake_server_destroy, fake_server_check_peer};
grpc_channel_security_connector *grpc_fake_channel_security_connector_create(
grpc_call_credentials *request_metadata_creds) {
grpc_channel_security_connector *c = gpr_malloc(sizeof(*c));
grpc_call_credentials *request_metadata_creds, const char *target,
const grpc_channel_args *args) {
grpc_fake_channel_security_connector *c = gpr_malloc(sizeof(*c));
memset(c, 0, sizeof(*c));
gpr_ref_init(&c->base.refcount, 1);
c->base.url_scheme = GRPC_FAKE_SECURITY_URL_SCHEME;
c->base.vtable = &fake_channel_vtable;
c->request_metadata_creds = grpc_call_credentials_ref(request_metadata_creds);
c->check_call_host = fake_channel_check_call_host;
c->add_handshakers = fake_channel_add_handshakers;
return c;
gpr_ref_init(&c->base.base.refcount, 1);
c->base.base.url_scheme = GRPC_FAKE_SECURITY_URL_SCHEME;
c->base.base.vtable = &fake_channel_vtable;
c->base.request_metadata_creds =
grpc_call_credentials_ref(request_metadata_creds);
c->base.check_call_host = fake_channel_check_call_host;
c->base.add_handshakers = fake_channel_add_handshakers;
c->target = gpr_strdup(target);
const grpc_arg *expected_target_arg =
grpc_channel_args_find(args, GRPC_ARG_FAKE_SECURITY_EXPECTED_TARGETS);
if (expected_target_arg != NULL) {
GPR_ASSERT(expected_target_arg->type == GRPC_ARG_STRING);
c->expected_targets = gpr_strdup(expected_target_arg->value.string);
}
c->is_lb_channel = (grpc_lb_targets_info_find_in_args(args) != NULL);
return &c->base;
}
grpc_server_security_connector *grpc_fake_server_security_connector_create(

7
src/core/lib/security/transport/security_connector.h
Unescape View File

@ -57,7 +57,7 @@ typedef enum { GRPC_SECURITY_OK = 0, GRPC_SECURITY_ERROR } grpc_security_status;
typedef struct grpc_security_connector grpc_security_connector;
#define GRPC_SECURITY_CONNECTOR_ARG "grpc.security_connector"
#define GRPC_ARG_SECURITY_CONNECTOR "grpc.security_connector"
typedef struct {
void (*destroy)(grpc_exec_ctx *exec_ctx, grpc_security_connector *sc);
@ -115,7 +115,7 @@ grpc_arg grpc_security_connector_to_arg(grpc_security_connector *sc);
grpc_security_connector *grpc_security_connector_from_arg(const grpc_arg *arg);
/* Util to find the connector from channel args. */
grpc_security_connector *grpc_find_security_connector_in_args(
grpc_security_connector *grpc_security_connector_find_in_args(
const grpc_channel_args *args);
/* --- channel_security_connector object. ---
@ -175,7 +175,8 @@ void grpc_server_security_connector_add_handshakers(
/* For TESTING ONLY!
Creates a fake connector that emulates real channel security. */
grpc_channel_security_connector *grpc_fake_channel_security_connector_create(
grpc_call_credentials *request_metadata_creds);
grpc_call_credentials *request_metadata_creds, const char *target,
const grpc_channel_args *args);
/* For TESTING ONLY!
Creates a fake connector that emulates real server security. */

4
src/core/lib/security/transport/security_handshaker.c
Unescape View File

@ -451,7 +451,7 @@ static void client_handshaker_factory_add_handshakers(
grpc_exec_ctx *exec_ctx, grpc_handshaker_factory *handshaker_factory,
const grpc_channel_args *args, grpc_handshake_manager *handshake_mgr) {
grpc_channel_security_connector *security_connector =
(grpc_channel_security_connector *)grpc_find_security_connector_in_args(
(grpc_channel_security_connector *)grpc_security_connector_find_in_args(
args);
grpc_channel_security_connector_add_handshakers(exec_ctx, security_connector,
handshake_mgr);
@ -461,7 +461,7 @@ static void server_handshaker_factory_add_handshakers(
grpc_exec_ctx *exec_ctx, grpc_handshaker_factory *hf,
const grpc_channel_args *args, grpc_handshake_manager *handshake_mgr) {
grpc_server_security_connector *security_connector =
(grpc_server_security_connector *)grpc_find_security_connector_in_args(
(grpc_server_security_connector *)grpc_security_connector_find_in_args(
args);
grpc_server_security_connector_add_handshakers(exec_ctx, security_connector,
handshake_mgr);

2
src/core/lib/surface/init_secure.c
Unescape View File

@ -56,7 +56,7 @@ static bool maybe_prepend_client_auth_filter(
grpc_channel_stack_builder_get_channel_arguments(builder);
if (args) {
for (size_t i = 0; i < args->num_args; i++) {
if (0 == strcmp(GRPC_SECURITY_CONNECTOR_ARG, args->args[i].key)) {
if (0 == strcmp(GRPC_ARG_SECURITY_CONNECTOR, args->args[i].key)) {
return grpc_channel_stack_builder_prepend_filter(
builder, &grpc_client_auth_filter, NULL, NULL);
}

2
src/python/grpcio/grpc_core_dependencies.py
Unescape View File

@ -231,6 +231,7 @@ CORE_SOURCE_FILES = [
'src/core/lib/security/credentials/plugin/plugin_credentials.c',
'src/core/lib/security/credentials/ssl/ssl_credentials.c',
'src/core/lib/security/transport/client_auth_filter.c',
'src/core/lib/security/transport/lb_targets_info.c',
'src/core/lib/security/transport/secure_endpoint.c',
'src/core/lib/security/transport/security_connector.c',
'src/core/lib/security/transport/security_handshaker.c',
@ -271,6 +272,7 @@ CORE_SOURCE_FILES = [
'src/core/ext/transport/chttp2/client/insecure/channel_create.c',
'src/core/ext/transport/chttp2/client/insecure/channel_create_posix.c',
'src/core/ext/lb_policy/grpclb/grpclb.c',
'src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c',
'src/core/ext/lb_policy/grpclb/load_balancer_api.c',
'src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c',
'third_party/nanopb/pb_common.c',

29
test/core/end2end/fake_resolver.c
Unescape View File

@ -154,12 +154,34 @@ static grpc_resolver* fake_resolver_create(grpc_exec_ctx* exec_ctx,
grpc_uri_get_query_arg(args->uri, "lb_enabled");
const bool lb_enabled =
lb_enabled_qpart != NULL && strcmp("0", lb_enabled_qpart) != 0;
// Get the balancer's names.
const char* balancer_names =
grpc_uri_get_query_arg(args->uri, "balancer_names");
grpc_slice_buffer balancer_names_parts;
grpc_slice_buffer_init(&balancer_names_parts);
if (balancer_names != NULL) {
const grpc_slice balancer_names_slice =
grpc_slice_from_copied_string(balancer_names);
grpc_slice_split(balancer_names_slice, ",", &balancer_names_parts);
grpc_slice_unref(balancer_names_slice);
}
// Construct addresses.
grpc_slice path_slice =
grpc_slice_new(args->uri->path, strlen(args->uri->path), do_nothing);
grpc_slice_buffer path_parts;
grpc_slice_buffer_init(&path_parts);
grpc_slice_split(path_slice, ",", &path_parts);
if (balancer_names_parts.count > 0 &&
path_parts.count != balancer_names_parts.count) {
gpr_log(GPR_ERROR,
"Balancer names present but mismatched with number of addresses: "
"%lu balancer names != %lu addresses",
(unsigned long)balancer_names_parts.count,
(unsigned long)path_parts.count);
return NULL;
}
grpc_lb_addresses* addresses =
grpc_lb_addresses_create(path_parts.count, NULL /* user_data_vtable */);
bool errors_found = false;
@ -171,10 +193,15 @@ static grpc_resolver* fake_resolver_create(grpc_exec_ctx* exec_ctx,
errors_found = true;
}
gpr_free(part_str);
addresses->addresses[i].is_balancer = lb_enabled;
if (errors_found) break;
addresses->addresses[i].is_balancer = lb_enabled;
addresses->addresses[i].balancer_name =
balancer_names_parts.count > 0
? grpc_dump_slice(balancer_names_parts.slices[i], GPR_DUMP_ASCII)
: NULL;
}
grpc_slice_buffer_destroy_internal(exec_ctx, &path_parts);
grpc_slice_buffer_destroy_internal(exec_ctx, &balancer_names_parts);
grpc_slice_unref(path_slice);
if (errors_found) {
grpc_lb_addresses_destroy(exec_ctx, addresses);

2
test/core/surface/secure_channel_create_test.c
Unescape View File

@ -62,7 +62,7 @@ void test_security_connector_already_in_arg(void) {
grpc_arg arg;
arg.type = GRPC_ARG_POINTER;
arg.value.pointer.p = NULL;
arg.key = GRPC_SECURITY_CONNECTOR_ARG;
arg.key = GRPC_ARG_SECURITY_CONNECTOR;
grpc_channel_args args;
args.num_args = 1;
args.args = &arg;

89
test/cpp/grpclb/grpclb_test.cc
Unescape View File

@ -52,8 +52,10 @@
#include <grpc++/impl/codegen/config.h>
extern "C" {
#include "src/core/ext/client_channel/client_channel.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/channel/channel_stack.h"
#include "src/core/lib/iomgr/sockaddr.h"
#include "src/core/lib/security/credentials/fake/fake_credentials.h"
#include "src/core/lib/support/string.h"
#include "src/core/lib/support/tmpfile.h"
#include "src/core/lib/surface/channel.h"
@ -110,6 +112,7 @@ typedef struct server_fixture {
grpc_call *server_call;
grpc_completion_queue *cq;
char *servers_hostport;
const char *balancer_name;
int port;
const char *lb_token_prefix;
gpr_thd_id tid;
@ -201,10 +204,12 @@ static void start_lb_server(server_fixture *sf, int *ports, size_t nports,
&request_metadata_recv, sf->cq, sf->cq,
tag(200));
GPR_ASSERT(GRPC_CALL_OK == error);
gpr_log(GPR_INFO, "LB Server[%s] up", sf->servers_hostport);
gpr_log(GPR_INFO, "LB Server[%s](%s) up", sf->servers_hostport,
sf->balancer_name);
CQ_EXPECT_COMPLETION(cqv, tag(200), 1);
cq_verify(cqv);
gpr_log(GPR_INFO, "LB Server[%s] after tag 200", sf->servers_hostport);
gpr_log(GPR_INFO, "LB Server[%s](%s) after tag 200", sf->servers_hostport,
sf->balancer_name);
// make sure we've received the initial metadata from the grpclb request.
GPR_ASSERT(request_metadata_recv.count > 0);
@ -221,7 +226,8 @@ static void start_lb_server(server_fixture *sf, int *ports, size_t nports,
GPR_ASSERT(GRPC_CALL_OK == error);
CQ_EXPECT_COMPLETION(cqv, tag(202), 1);
cq_verify(cqv);
gpr_log(GPR_INFO, "LB Server[%s] after RECV_MSG", sf->servers_hostport);
gpr_log(GPR_INFO, "LB Server[%s](%s) after RECV_MSG", sf->servers_hostport,
sf->balancer_name);
// validate initial request.
grpc_byte_buffer_reader bbr;
@ -250,7 +256,8 @@ static void start_lb_server(server_fixture *sf, int *ports, size_t nports,
op++;
error = grpc_call_start_batch(s, ops, (size_t)(op - ops), tag(201), NULL);
GPR_ASSERT(GRPC_CALL_OK == error);
gpr_log(GPR_INFO, "LB Server[%s] after tag 201", sf->servers_hostport);
gpr_log(GPR_INFO, "LB Server[%s](%s) after tag 201", sf->servers_hostport,
sf->balancer_name);
for (int i = 0; i < 2; i++) {
if (i == 0) {
@ -276,13 +283,14 @@ static void start_lb_server(server_fixture *sf, int *ports, size_t nports,
GPR_ASSERT(GRPC_CALL_OK == error);
CQ_EXPECT_COMPLETION(cqv, tag(203), 1);
cq_verify(cqv);
gpr_log(GPR_INFO, "LB Server[%s] after SEND_MESSAGE, iter %d",
sf->servers_hostport, i);
gpr_log(GPR_INFO, "LB Server[%s](%s) after SEND_MESSAGE, iter %d",
sf->servers_hostport, sf->balancer_name, i);
grpc_byte_buffer_destroy(response_payload);
grpc_slice_unref(response_payload_slice);
}
gpr_log(GPR_INFO, "LB Server[%s] shutting down", sf->servers_hostport);
gpr_log(GPR_INFO, "LB Server[%s](%s) shutting down", sf->servers_hostport,
sf->balancer_name);
op = ops;
op->op = GRPC_OP_SEND_STATUS_FROM_SERVER;
@ -299,8 +307,8 @@ static void start_lb_server(server_fixture *sf, int *ports, size_t nports,
CQ_EXPECT_COMPLETION(cqv, tag(201), 1);
CQ_EXPECT_COMPLETION(cqv, tag(204), 1);
cq_verify(cqv);
gpr_log(GPR_INFO, "LB Server[%s] after tag 204. All done. LB server out",
sf->servers_hostport);
gpr_log(GPR_INFO, "LB Server[%s](%s) after tag 204. All done. LB server out",
sf->servers_hostport, sf->balancer_name);
grpc_call_destroy(s);
@ -561,10 +569,38 @@ static void perform_request(client_fixture *cf) {
gpr_free(peer);
}
static void setup_client(const char *server_hostport, client_fixture *cf) {
#define BALANCERS_NAME "lb.name"
static void setup_client(const server_fixture *lb_server,
const server_fixture *backends, client_fixture *cf) {
grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
char *lb_uri;
// The grpclb LB policy will be automatically selected by virtue of
// the fact that the returned addresses are balancer addresses.
gpr_asprintf(&lb_uri, "test:///%s?lb_enabled=1&balancer_names=%s",
lb_server->servers_hostport, lb_server->balancer_name);
grpc_arg expected_target_arg;
expected_target_arg.type = GRPC_ARG_STRING;
expected_target_arg.key =
const_cast<char *>(GRPC_ARG_FAKE_SECURITY_EXPECTED_TARGETS);
char *expected_target_names = NULL;
const char *backends_name = lb_server->servers_hostport;
gpr_asprintf(&expected_target_names, "%s;%s", backends_name, BALANCERS_NAME);
expected_target_arg.value.string = const_cast<char *>(expected_target_names);
grpc_channel_args *args =
grpc_channel_args_copy_and_add(NULL, &expected_target_arg, 1);
gpr_free(expected_target_names);
cf->cq = grpc_completion_queue_create(NULL);
cf->server_uri = gpr_strdup(server_hostport);
cf->client = grpc_insecure_channel_create(cf->server_uri, NULL, NULL);
cf->server_uri = lb_uri;
grpc_channel_credentials *fake_creds =
grpc_fake_transport_security_credentials_create();
cf->client =
grpc_secure_channel_create(fake_creds, cf->server_uri, args, NULL);
grpc_channel_credentials_unref(&exec_ctx, fake_creds);
grpc_channel_args_destroy(&exec_ctx, args);
}
static void teardown_client(client_fixture *cf) {
@ -591,10 +627,14 @@ static void setup_server(const char *host, server_fixture *sf) {
gpr_join_host_port(&sf->servers_hostport, host, sf->port);
}
grpc_server_credentials *server_creds =
grpc_fake_transport_security_server_credentials_create();
sf->server = grpc_server_create(NULL, NULL);
grpc_server_register_completion_queue(sf->server, sf->cq, NULL);
GPR_ASSERT((assigned_port = grpc_server_add_insecure_http2_port(
sf->server, sf->servers_hostport)) > 0);
GPR_ASSERT((assigned_port = grpc_server_add_secure_http2_port(
sf->server, sf->servers_hostport, server_creds)) > 0);
grpc_server_credentials_release(server_creds);
GPR_ASSERT(sf->port == assigned_port);
grpc_server_start(sf->server);
}
@ -656,17 +696,10 @@ static test_fixture setup_test_fixture(int lb_server_update_delay_ms) {
}
tf.lb_server.lb_token_prefix = LB_TOKEN_PREFIX;
tf.lb_server.balancer_name = BALANCERS_NAME;
setup_server("127.0.0.1", &tf.lb_server);
gpr_thd_new(&tf.lb_server.tid, fork_lb_server, &tf.lb_server, &options);
char *server_uri;
// The grpclb LB policy will be automatically selected by virtue of
// the fact that the returned addresses are balancer addresses.
gpr_asprintf(&server_uri, "test:///%s?lb_enabled=1",
tf.lb_server.servers_hostport);
setup_client(server_uri, &tf.client);
gpr_free(server_uri);
setup_client(&tf.lb_server, tf.lb_backends, &tf.client);
return tf;
}
@ -711,8 +744,9 @@ TEST(GrpclbTest, Updates) {
// batch 1. All subsequent picks will come from the second half of the
// backends, those coming in the LB update.
tf_result = grpc::test_update(800);
GPR_ASSERT(tf_result.lb_backends[0].num_calls_serviced == 1);
GPR_ASSERT(tf_result.lb_backends[1].num_calls_serviced == 0);
GPR_ASSERT(tf_result.lb_backends[0].num_calls_serviced +
tf_result.lb_backends[1].num_calls_serviced ==
1);
GPR_ASSERT(tf_result.lb_backends[2].num_calls_serviced +
tf_result.lb_backends[3].num_calls_serviced >
0);
@ -728,8 +762,9 @@ TEST(GrpclbTest, Updates) {
// update. In any case, the total number of serviced calls must again be equal
// to four across all the backends.
tf_result = grpc::test_update(2500);
GPR_ASSERT(tf_result.lb_backends[0].num_calls_serviced >= 1);
GPR_ASSERT(tf_result.lb_backends[1].num_calls_serviced == 1);
GPR_ASSERT(tf_result.lb_backends[0].num_calls_serviced +
tf_result.lb_backends[1].num_calls_serviced >=
2);
GPR_ASSERT(tf_result.lb_backends[2].num_calls_serviced +
tf_result.lb_backends[3].num_calls_serviced >
0);

4
tools/doxygen/Doxyfile.core.internal
Unescape View File

@ -927,6 +927,8 @@ src/core/ext/client_channel/uri_parser.c \
src/core/ext/client_channel/uri_parser.h \
src/core/ext/lb_policy/grpclb/grpclb.c \
src/core/ext/lb_policy/grpclb/grpclb.h \
src/core/ext/lb_policy/grpclb/grpclb_channel.h \
src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c \
src/core/ext/lb_policy/grpclb/load_balancer_api.c \
src/core/ext/lb_policy/grpclb/load_balancer_api.h \
src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c \
@ -1191,6 +1193,8 @@ src/core/lib/security/credentials/ssl/ssl_credentials.c \
src/core/lib/security/credentials/ssl/ssl_credentials.h \
src/core/lib/security/transport/auth_filters.h \
src/core/lib/security/transport/client_auth_filter.c \
src/core/lib/security/transport/lb_targets_info.c \
src/core/lib/security/transport/lb_targets_info.h \
src/core/lib/security/transport/secure_endpoint.c \
src/core/lib/security/transport/secure_endpoint.h \
src/core/lib/security/transport/security_connector.c \

37
tools/run_tests/generated/sources_and_headers.json
Unescape View File

@ -5214,7 +5214,7 @@
"census",
"gpr",
"grpc_base",
"grpc_lb_policy_grpclb",
"grpc_lb_policy_grpclb_secure",
"grpc_lb_policy_pick_first",
"grpc_lb_policy_round_robin",
"grpc_load_reporting",
@ -7531,6 +7531,7 @@
],
"headers": [
"src/core/ext/lb_policy/grpclb/grpclb.h",
"src/core/ext/lb_policy/grpclb/grpclb_channel.h",
"src/core/ext/lb_policy/grpclb/load_balancer_api.h",
"src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h"
],
@ -7540,6 +7541,37 @@
"src": [
"src/core/ext/lb_policy/grpclb/grpclb.c",
"src/core/ext/lb_policy/grpclb/grpclb.h",
"src/core/ext/lb_policy/grpclb/grpclb_channel.c",
"src/core/ext/lb_policy/grpclb/grpclb_channel.h",
"src/core/ext/lb_policy/grpclb/load_balancer_api.c",
"src/core/ext/lb_policy/grpclb/load_balancer_api.h",
"src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c",
"src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h"
],
"third_party": false,
"type": "filegroup"
},
{
"deps": [
"gpr",
"grpc_base",
"grpc_client_channel",
"nanopb"
],
"headers": [
"src/core/ext/lb_policy/grpclb/grpclb.h",
"src/core/ext/lb_policy/grpclb/grpclb_channel.h",
"src/core/ext/lb_policy/grpclb/load_balancer_api.h",
"src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h"
],
"is_filegroup": true,
"language": "c",
"name": "grpc_lb_policy_grpclb_secure",
"src": [
"src/core/ext/lb_policy/grpclb/grpclb.c",
"src/core/ext/lb_policy/grpclb/grpclb.h",
"src/core/ext/lb_policy/grpclb/grpclb_channel.h",
"src/core/ext/lb_policy/grpclb/grpclb_channel_secure.c",
"src/core/ext/lb_policy/grpclb/load_balancer_api.c",
"src/core/ext/lb_policy/grpclb/load_balancer_api.h",
"src/core/ext/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c",
@ -7655,6 +7687,7 @@
"src/core/lib/security/credentials/plugin/plugin_credentials.h",
"src/core/lib/security/credentials/ssl/ssl_credentials.h",
"src/core/lib/security/transport/auth_filters.h",
"src/core/lib/security/transport/lb_targets_info.h",
"src/core/lib/security/transport/secure_endpoint.h",
"src/core/lib/security/transport/security_connector.h",
"src/core/lib/security/transport/security_handshaker.h",
@ -7696,6 +7729,8 @@
"src/core/lib/security/credentials/ssl/ssl_credentials.h",
"src/core/lib/security/transport/auth_filters.h",
"src/core/lib/security/transport/client_auth_filter.c",
"src/core/lib/security/transport/lb_targets_info.c",
"src/core/lib/security/transport/lb_targets_info.h",
"src/core/lib/security/transport/secure_endpoint.c",
"src/core/lib/security/transport/secure_endpoint.h",
"src/core/lib/security/transport/security_connector.c",

6
vsprojects/vcxproj/grpc/grpc.vcxproj
Unescape View File

@ -437,6 +437,7 @@
<ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\plugin\plugin_credentials.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\lib\security\credentials\ssl\ssl_credentials.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\auth_filters.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\lb_targets_info.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\secure_endpoint.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\security_connector.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\security_handshaker.h" />
@ -469,6 +470,7 @@
<ClInclude Include="$(SolutionDir)\..\src\core\ext\client_channel\uri_parser.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\ext\transport\chttp2\client\chttp2_connector.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb_channel.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\load_balancer_api.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\proto\grpc\lb\v1\load_balancer.pb.h" />
<ClInclude Include="$(SolutionDir)\..\third_party\nanopb\pb.h" />
@ -804,6 +806,8 @@
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\client_auth_filter.c">
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\lb_targets_info.c">
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\secure_endpoint.c">
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\security_connector.c">
@ -884,6 +888,8 @@
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb.c">
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb_channel_secure.c">
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\load_balancer_api.c">
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\proto\grpc\lb\v1\load_balancer.pb.c">

12
vsprojects/vcxproj/grpc/grpc.vcxproj.filters
Unescape View File

@ -472,6 +472,9 @@
<ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\client_auth_filter.c">
<Filter>src\core\lib\security\transport</Filter>
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\lb_targets_info.c">
<Filter>src\core\lib\security\transport</Filter>
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\lib\security\transport\secure_endpoint.c">
<Filter>src\core\lib\security\transport</Filter>
</ClCompile>
@ -592,6 +595,9 @@
<ClCompile Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb.c">
<Filter>src\core\ext\lb_policy\grpclb</Filter>
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb_channel_secure.c">
<Filter>src\core\ext\lb_policy\grpclb</Filter>
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\load_balancer_api.c">
<Filter>src\core\ext\lb_policy\grpclb</Filter>
</ClCompile>
@ -1178,6 +1184,9 @@
<ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\auth_filters.h">
<Filter>src\core\lib\security\transport</Filter>
</ClInclude>
<ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\lb_targets_info.h">
<Filter>src\core\lib\security\transport</Filter>
</ClInclude>
<ClInclude Include="$(SolutionDir)\..\src\core\lib\security\transport\secure_endpoint.h">
<Filter>src\core\lib\security\transport</Filter>
</ClInclude>
@ -1274,6 +1283,9 @@
<ClInclude Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb.h">
<Filter>src\core\ext\lb_policy\grpclb</Filter>
</ClInclude>
<ClInclude Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb_channel.h">
<Filter>src\core\ext\lb_policy\grpclb</Filter>
</ClInclude>
<ClInclude Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\load_balancer_api.h">
<Filter>src\core\ext\lb_policy\grpclb</Filter>
</ClInclude>

3
vsprojects/vcxproj/grpc_unsecure/grpc_unsecure.vcxproj
Unescape View File

@ -437,6 +437,7 @@
<ClInclude Include="$(SolutionDir)\..\src\core\ext\load_reporting\load_reporting.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\ext\load_reporting\load_reporting_filter.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb_channel.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\load_balancer_api.h" />
<ClInclude Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\proto\grpc\lb\v1\load_balancer.pb.h" />
<ClInclude Include="$(SolutionDir)\..\third_party\nanopb\pb.h" />
@ -802,6 +803,8 @@
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb.c">
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb_channel.c">
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\load_balancer_api.c">
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\proto\grpc\lb\v1\load_balancer.pb.c">

6
vsprojects/vcxproj/grpc_unsecure/grpc_unsecure.vcxproj.filters
Unescape View File

@ -520,6 +520,9 @@
<ClCompile Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb.c">
<Filter>src\core\ext\lb_policy\grpclb</Filter>
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb_channel.c">
<Filter>src\core\ext\lb_policy\grpclb</Filter>
</ClCompile>
<ClCompile Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\load_balancer_api.c">
<Filter>src\core\ext\lb_policy\grpclb</Filter>
</ClCompile>
@ -1121,6 +1124,9 @@
<ClInclude Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb.h">
<Filter>src\core\ext\lb_policy\grpclb</Filter>
</ClInclude>
<ClInclude Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\grpclb_channel.h">
<Filter>src\core\ext\lb_policy\grpclb</Filter>
</ClInclude>
<ClInclude Include="$(SolutionDir)\..\src\core\ext\lb_policy\grpclb\load_balancer_api.h">
<Filter>src\core\ext\lb_policy\grpclb</Filter>
</ClInclude>

Write Preview
Loading…
Cancel
Save