diff --git a/BUILD b/BUILD index 2b79d689320..e2c5eb54544 100644 --- a/BUILD +++ b/BUILD @@ -1734,6 +1734,9 @@ grpc_cc_library( ], hdrs = [ "src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h", + "src/core/ext/xds/certificate_provider_factory.h", + "src/core/ext/xds/certificate_provider_registry.h", + "src/core/ext/xds/certificate_provider_store.h", "src/core/ext/xds/xds_channel_args.h", "src/core/lib/security/certificate_provider.h", "src/core/lib/security/context/security_context.h", diff --git a/BUILD.gn b/BUILD.gn index c91829bbde2..51317462f43 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -542,6 +542,9 @@ config("grpc_config") { "src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h", "src/core/ext/upb-generated/validate/validate.upb.c", "src/core/ext/upb-generated/validate/validate.upb.h", + "src/core/ext/xds/certificate_provider_factory.h", + "src/core/ext/xds/certificate_provider_registry.h", + "src/core/ext/xds/certificate_provider_store.h", "src/core/ext/xds/xds_api.cc", "src/core/ext/xds/xds_api.h", "src/core/ext/xds/xds_bootstrap.cc", diff --git a/build_autogenerated.yaml b/build_autogenerated.yaml index 71526f04347..7ef16a33376 100644 --- a/build_autogenerated.yaml +++ b/build_autogenerated.yaml @@ -534,6 +534,9 @@ libs: - src/core/ext/upb-generated/udpa/annotations/versioning.upb.h - src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h - src/core/ext/upb-generated/validate/validate.upb.h + - src/core/ext/xds/certificate_provider_factory.h + - src/core/ext/xds/certificate_provider_registry.h + - src/core/ext/xds/certificate_provider_store.h - src/core/ext/xds/xds_api.h - src/core/ext/xds/xds_bootstrap.h - src/core/ext/xds/xds_channel_args.h diff --git a/gRPC-C++.podspec b/gRPC-C++.podspec index a4687199584..984c8bddc3a 100644 --- a/gRPC-C++.podspec +++ b/gRPC-C++.podspec @@ -367,6 +367,9 @@ Pod::Spec.new do |s| 'src/core/ext/upb-generated/udpa/annotations/versioning.upb.h', 'src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h', 'src/core/ext/upb-generated/validate/validate.upb.h', + 'src/core/ext/xds/certificate_provider_factory.h', + 'src/core/ext/xds/certificate_provider_registry.h', + 'src/core/ext/xds/certificate_provider_store.h', 'src/core/ext/xds/xds_api.h', 'src/core/ext/xds/xds_bootstrap.h', 'src/core/ext/xds/xds_channel_args.h', @@ -866,6 +869,9 @@ Pod::Spec.new do |s| 'src/core/ext/upb-generated/udpa/annotations/versioning.upb.h', 'src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h', 'src/core/ext/upb-generated/validate/validate.upb.h', + 'src/core/ext/xds/certificate_provider_factory.h', + 'src/core/ext/xds/certificate_provider_registry.h', + 'src/core/ext/xds/certificate_provider_store.h', 'src/core/ext/xds/xds_api.h', 'src/core/ext/xds/xds_bootstrap.h', 'src/core/ext/xds/xds_channel_args.h', diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec index f33344d2e94..bfa1337f955 100644 --- a/gRPC-Core.podspec +++ b/gRPC-Core.podspec @@ -528,6 +528,9 @@ Pod::Spec.new do |s| 'src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h', 'src/core/ext/upb-generated/validate/validate.upb.c', 'src/core/ext/upb-generated/validate/validate.upb.h', + 'src/core/ext/xds/certificate_provider_factory.h', + 'src/core/ext/xds/certificate_provider_registry.h', + 'src/core/ext/xds/certificate_provider_store.h', 'src/core/ext/xds/xds_api.cc', 'src/core/ext/xds/xds_api.h', 'src/core/ext/xds/xds_bootstrap.cc', @@ -1278,6 +1281,9 @@ Pod::Spec.new do |s| 'src/core/ext/upb-generated/udpa/annotations/versioning.upb.h', 'src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h', 'src/core/ext/upb-generated/validate/validate.upb.h', + 'src/core/ext/xds/certificate_provider_factory.h', + 'src/core/ext/xds/certificate_provider_registry.h', + 'src/core/ext/xds/certificate_provider_store.h', 'src/core/ext/xds/xds_api.h', 'src/core/ext/xds/xds_bootstrap.h', 'src/core/ext/xds/xds_channel_args.h', diff --git a/grpc.gemspec b/grpc.gemspec index 59c1a8a1aff..331344b9db2 100644 --- a/grpc.gemspec +++ b/grpc.gemspec @@ -446,6 +446,9 @@ Gem::Specification.new do |s| s.files += %w( src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h ) s.files += %w( src/core/ext/upb-generated/validate/validate.upb.c ) s.files += %w( src/core/ext/upb-generated/validate/validate.upb.h ) + s.files += %w( src/core/ext/xds/certificate_provider_factory.h ) + s.files += %w( src/core/ext/xds/certificate_provider_registry.h ) + s.files += %w( src/core/ext/xds/certificate_provider_store.h ) s.files += %w( src/core/ext/xds/xds_api.cc ) s.files += %w( src/core/ext/xds/xds_api.h ) s.files += %w( src/core/ext/xds/xds_bootstrap.cc ) diff --git a/package.xml b/package.xml index 60f4e6d9dc7..58bac48a17a 100644 --- a/package.xml +++ b/package.xml @@ -426,6 +426,9 @@ + + + diff --git a/src/core/ext/xds/certificate_provider_factory.h b/src/core/ext/xds/certificate_provider_factory.h new file mode 100644 index 00000000000..244fdd9ff9d --- /dev/null +++ b/src/core/ext/xds/certificate_provider_factory.h @@ -0,0 +1,59 @@ +// +// +// Copyright 2020 gRPC authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// + +#ifndef GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_FACTORY_H +#define GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_FACTORY_H + +#include + +#include "src/core/lib/iomgr/error.h" +#include "src/core/lib/json/json.h" +#include "src/core/lib/security/certificate_provider.h" + +namespace grpc_core { + +// Factories for plugins. Each plugin implementation should create its own +// factory implementation and register an instance with the registry. +class CertificateProviderFactory { + public: + // Interface for configs for CertificateProviders. + class Config { + public: + virtual ~Config() = default; + + // Name of the type of the CertificateProvider. Unique to each type of + // config. + virtual const char* name() const = 0; + }; + + virtual ~CertificateProviderFactory() = default; + + // Name of the plugin. + virtual const char* name() const = 0; + + virtual std::unique_ptr CreateCertificateProviderConfig( + const Json& config_json, grpc_error** error) = 0; + + // Create a CertificateProvider instance from config. + virtual RefCountedPtr + CreateCertificateProvider(std::unique_ptr config) = 0; +}; + +} // namespace grpc_core + +#endif // GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_FACTORY_H diff --git a/src/core/ext/xds/certificate_provider_registry.h b/src/core/ext/xds/certificate_provider_registry.h new file mode 100644 index 00000000000..06c5e6665d8 --- /dev/null +++ b/src/core/ext/xds/certificate_provider_registry.h @@ -0,0 +1,57 @@ +// +// +// Copyright 2020 gRPC authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// + +#ifndef GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_REGISTRY_H +#define GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_REGISTRY_H + +#include + +#include + +#include "src/core/ext/xds/certificate_provider_factory.h" + +namespace grpc_core { + +// Global registry for all the certificate provider plugins. +class CertificateProviderRegistry { + public: + // Returns the factory for the plugin keyed by name. + static CertificateProviderFactory* LookupCertificateProviderFactory( + const std::string& name); + + // The following methods are used to create and populate the + // CertificateProviderRegistry. NOT THREAD SAFE -- to be used only during + // global gRPC initialization and shutdown. + + // Global initialization of the registry. + static void InitRegistry(); + + // Global shutdown of the registry. + static void ShutdownRegistry(); + + // Register a provider with the registry. Can only be called after calling + // InitRegistry(). The key of the factory is extracted from factory + // parameter with method CertificateProviderFactory::name. If the same key + // is registered twice, an exception is raised. + static void RegisterCertificateProviderFactory( + std::unique_ptr factory); +}; + +} // namespace grpc_core + +#endif // GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_REGISTRY_H diff --git a/src/core/ext/xds/certificate_provider_store.h b/src/core/ext/xds/certificate_provider_store.h new file mode 100644 index 00000000000..c6881a9bf3d --- /dev/null +++ b/src/core/ext/xds/certificate_provider_store.h @@ -0,0 +1,50 @@ +// +// +// Copyright 2020 gRPC authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// + +#ifndef GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H +#define GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H + +#include + +#include + +#include "src/core/lib/gprpp/ref_counted_ptr.h" +#include "src/core/lib/gprpp/sync.h" +#include "src/core/lib/security/certificate_provider.h" + +namespace grpc_core { + +// Map for xDS based grpc_tls_certificate_provider instances. +class CertificateProviderStore { + public: + // If a provider corresponding to the config is found, a raw pointer to the + // grpc_tls_certificate_provider in the map is returned. If no provider is + // found for a key, a new provider is created. The CertificateProviderStore + // maintains a ref to the grpc_tls_certificate_provider for its entire + // lifetime. + RefCountedPtr CreateOrGetCertificateProvider( + absl::string_view key); + + private: + // Underlying map for the providers. + std::map> map_; +}; + +} // namespace grpc_core + +#endif // GRPC_CORE_EXT_XDS_CERTIFICATE_PROVIDER_STORE_H diff --git a/src/core/lib/security/certificate_provider.h b/src/core/lib/security/certificate_provider.h index 5a9af3d615e..5a9cfee0b94 100644 --- a/src/core/lib/security/certificate_provider.h +++ b/src/core/lib/security/certificate_provider.h @@ -21,6 +21,7 @@ #include +#include "src/core/lib/gprpp/ref_counted.h" #include "src/core/lib/gprpp/ref_counted_ptr.h" #include "src/core/lib/iomgr/pollset_set.h" @@ -38,7 +39,7 @@ struct grpc_tls_certificate_distributor; // contexts become valid or changed, a grpc_tls_certificate_provider should // notify its distributor so as to propagate the update to the watchers. struct grpc_tls_certificate_provider - : public RefCounted { + : public grpc_core::RefCounted { public: grpc_tls_certificate_provider() : interested_parties_(grpc_pollset_set_create()) {} @@ -49,8 +50,8 @@ struct grpc_tls_certificate_provider grpc_pollset_set* interested_parties() const { return interested_parties_; } - virtual RefCountedPtr distributor() - const = 0; + virtual grpc_core::RefCountedPtr + distributor() const = 0; private: grpc_pollset_set* interested_parties_; diff --git a/tools/doxygen/Doxyfile.c++.internal b/tools/doxygen/Doxyfile.c++.internal index df867519766..eec908f7ef0 100644 --- a/tools/doxygen/Doxyfile.c++.internal +++ b/tools/doxygen/Doxyfile.c++.internal @@ -1393,6 +1393,9 @@ src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c \ src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h \ src/core/ext/upb-generated/validate/validate.upb.c \ src/core/ext/upb-generated/validate/validate.upb.h \ +src/core/ext/xds/certificate_provider_factory.h \ +src/core/ext/xds/certificate_provider_registry.h \ +src/core/ext/xds/certificate_provider_store.h \ src/core/ext/xds/xds_api.cc \ src/core/ext/xds/xds_api.h \ src/core/ext/xds/xds_bootstrap.cc \ diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal index b0a92e95da3..68a8a0bb794 100644 --- a/tools/doxygen/Doxyfile.core.internal +++ b/tools/doxygen/Doxyfile.core.internal @@ -1217,6 +1217,9 @@ src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c \ src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h \ src/core/ext/upb-generated/validate/validate.upb.c \ src/core/ext/upb-generated/validate/validate.upb.h \ +src/core/ext/xds/certificate_provider_factory.h \ +src/core/ext/xds/certificate_provider_registry.h \ +src/core/ext/xds/certificate_provider_store.h \ src/core/ext/xds/xds_api.cc \ src/core/ext/xds/xds_api.h \ src/core/ext/xds/xds_bootstrap.cc \