[alts] Remove CheckCallHost checks in ALTS security connector. (#33043)

This check compares the host portion of the target name to the authority header, but in common use cases (e.g. GCS) they may not coincide. Additionally, this check does not happen in the Go and Java ALTS stacks.
2 years ago · 68b416d383
parent 3d291cc463
commit 68b416d383
2 changed files with 1 additions and 9 deletions
--- a/1
+++ b/1
@ -3160,7 +3160,6 @@ grpc_cc_library(
    external_deps = [
        "absl/status",
        "absl/strings",
-        "absl/strings:str_format",
        "absl/types:optional",
    ],
    language = "c++",
--- a/src/core/lib/security/security_connector/alts/alts_security_connector.cc
+++ b/src/core/lib/security/security_connector/alts/alts_security_connector.cc
@ -23,11 +23,9 @@
 #include <string.h>

 #include <algorithm>
-#include <initializer_list>
 #include <utility>

 #include "absl/status/status.h"
-#include "absl/strings/str_format.h"
 #include "absl/strings/string_view.h"
 #include "absl/types/optional.h"

@ -132,12 +130,7 @@ class grpc_alts_channel_security_connector final
  }

  grpc_core::ArenaPromise<absl::Status> CheckCallHost(
-      absl::string_view host, grpc_auth_context*) override {
-    if (host.empty() || host != target_name_) {
-      return grpc_core::Immediate(absl::UnauthenticatedError(absl::StrFormat(
-          "ALTS call host [%s] does not match target name [%s].", host,
-          target_name_)));
-    }
+      absl::string_view, grpc_auth_context*) override {
    return grpc_core::ImmediateOkStatus();
  }