mirror of https://github.com/grpc/grpc.git
Merge pull request #23611 from grpc/revert-23609-revert-23308-create-channel
Revert "Revert "Move create_channel and credentials from ::grpc_impl to ::grpc""pull/23633/head
Karthik Ravi Shankar
5 years ago
committed by
GitHub
commit
8527ebb471
33 changed files with 382 additions and 671 deletions
@ -1,78 +0,0 @@ |
|||||||
/*
|
|
||||||
* |
|
||||||
* Copyright 2015 gRPC authors. |
|
||||||
* |
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
||||||
* you may not use this file except in compliance with the License. |
|
||||||
* You may obtain a copy of the License at |
|
||||||
* |
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
* |
|
||||||
* Unless required by applicable law or agreed to in writing, software |
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS, |
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
||||||
* See the License for the specific language governing permissions and |
|
||||||
* limitations under the License. |
|
||||||
* |
|
||||||
*/ |
|
||||||
|
|
||||||
#ifndef GRPCPP_CREATE_CHANNEL_IMPL_H |
|
||||||
#define GRPCPP_CREATE_CHANNEL_IMPL_H |
|
||||||
|
|
||||||
#include <memory> |
|
||||||
|
|
||||||
#include <grpcpp/channel.h> |
|
||||||
#include <grpcpp/impl/codegen/client_interceptor.h> |
|
||||||
#include <grpcpp/security/credentials.h> |
|
||||||
#include <grpcpp/support/channel_arguments.h> |
|
||||||
#include <grpcpp/support/config.h> |
|
||||||
|
|
||||||
namespace grpc_impl { |
|
||||||
/// Create a new \a Channel pointing to \a target.
|
|
||||||
///
|
|
||||||
/// \param target The URI of the endpoint to connect to.
|
|
||||||
/// \param creds Credentials to use for the created channel. If it does not
|
|
||||||
/// hold an object or is invalid, a lame channel (one on which all operations
|
|
||||||
/// fail) is returned.
|
|
||||||
std::shared_ptr<::grpc::Channel> CreateChannelImpl( |
|
||||||
const std::string& target, |
|
||||||
const std::shared_ptr<::grpc::ChannelCredentials>& creds); |
|
||||||
|
|
||||||
/// Create a new \em custom \a Channel pointing to \a target.
|
|
||||||
///
|
|
||||||
/// \warning For advanced use and testing ONLY. Override default channel
|
|
||||||
/// arguments only if necessary.
|
|
||||||
///
|
|
||||||
/// \param target The URI of the endpoint to connect to.
|
|
||||||
/// \param creds Credentials to use for the created channel. If it does not
|
|
||||||
/// hold an object or is invalid, a lame channel (one on which all operations
|
|
||||||
/// fail) is returned.
|
|
||||||
/// \param args Options for channel creation.
|
|
||||||
std::shared_ptr<::grpc::Channel> CreateCustomChannelImpl( |
|
||||||
const std::string& target, |
|
||||||
const std::shared_ptr<::grpc::ChannelCredentials>& creds, |
|
||||||
const ::grpc::ChannelArguments& args); |
|
||||||
|
|
||||||
namespace experimental { |
|
||||||
/// Create a new \em custom \a Channel pointing to \a target with \a
|
|
||||||
/// interceptors being invoked per call.
|
|
||||||
///
|
|
||||||
/// \warning For advanced use and testing ONLY. Override default channel
|
|
||||||
/// arguments only if necessary.
|
|
||||||
///
|
|
||||||
/// \param target The URI of the endpoint to connect to.
|
|
||||||
/// \param creds Credentials to use for the created channel. If it does not
|
|
||||||
/// hold an object or is invalid, a lame channel (one on which all operations
|
|
||||||
/// fail) is returned.
|
|
||||||
/// \param args Options for channel creation.
|
|
||||||
std::shared_ptr<::grpc::Channel> CreateCustomChannelWithInterceptors( |
|
||||||
const std::string& target, |
|
||||||
const std::shared_ptr<grpc::ChannelCredentials>& creds, |
|
||||||
const ::grpc::ChannelArguments& args, |
|
||||||
std::vector< |
|
||||||
std::unique_ptr<grpc::experimental::ClientInterceptorFactoryInterface>> |
|
||||||
interceptor_creators); |
|
||||||
} // namespace experimental
|
|
||||||
} // namespace grpc_impl
|
|
||||||
|
|
||||||
#endif // GRPCPP_CREATE_CHANNEL_IMPL_H
|
|
||||||
@ -1,356 +0,0 @@ |
|||||||
/*
|
|
||||||
* |
|
||||||
* Copyright 2015 gRPC authors. |
|
||||||
* |
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
||||||
* you may not use this file except in compliance with the License. |
|
||||||
* You may obtain a copy of the License at |
|
||||||
* |
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
* |
|
||||||
* Unless required by applicable law or agreed to in writing, software |
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS, |
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
||||||
* See the License for the specific language governing permissions and |
|
||||||
* limitations under the License. |
|
||||||
* |
|
||||||
*/ |
|
||||||
|
|
||||||
#ifndef GRPCPP_SECURITY_CREDENTIALS_IMPL_H |
|
||||||
#define GRPCPP_SECURITY_CREDENTIALS_IMPL_H |
|
||||||
|
|
||||||
#include <map> |
|
||||||
#include <memory> |
|
||||||
#include <vector> |
|
||||||
|
|
||||||
#include <grpc/grpc_security_constants.h> |
|
||||||
#include <grpcpp/channel_impl.h> |
|
||||||
#include <grpcpp/impl/codegen/client_interceptor.h> |
|
||||||
#include <grpcpp/impl/codegen/grpc_library.h> |
|
||||||
#include <grpcpp/security/auth_context.h> |
|
||||||
#include <grpcpp/security/tls_credentials_options.h> |
|
||||||
#include <grpcpp/support/channel_arguments_impl.h> |
|
||||||
#include <grpcpp/support/status.h> |
|
||||||
#include <grpcpp/support/string_ref.h> |
|
||||||
|
|
||||||
struct grpc_call; |
|
||||||
|
|
||||||
namespace grpc_impl { |
|
||||||
|
|
||||||
class ChannelCredentials; |
|
||||||
class CallCredentials; |
|
||||||
class SecureCallCredentials; |
|
||||||
class SecureChannelCredentials; |
|
||||||
|
|
||||||
std::shared_ptr<Channel> CreateCustomChannelImpl( |
|
||||||
const std::string& target, const std::shared_ptr<ChannelCredentials>& creds, |
|
||||||
const ChannelArguments& args); |
|
||||||
|
|
||||||
namespace experimental { |
|
||||||
std::shared_ptr<Channel> CreateCustomChannelWithInterceptors( |
|
||||||
const std::string& target, const std::shared_ptr<ChannelCredentials>& creds, |
|
||||||
const ChannelArguments& args, |
|
||||||
std::vector< |
|
||||||
std::unique_ptr<grpc::experimental::ClientInterceptorFactoryInterface>> |
|
||||||
interceptor_creators); |
|
||||||
} |
|
||||||
|
|
||||||
/// A channel credentials object encapsulates all the state needed by a client
|
|
||||||
/// to authenticate with a server for a given channel.
|
|
||||||
/// It can make various assertions, e.g., about the client’s identity, role
|
|
||||||
/// for all the calls on that channel.
|
|
||||||
///
|
|
||||||
/// \see https://grpc.io/docs/guides/auth
|
|
||||||
class ChannelCredentials : private grpc::GrpcLibraryCodegen { |
|
||||||
public: |
|
||||||
ChannelCredentials(); |
|
||||||
~ChannelCredentials(); |
|
||||||
|
|
||||||
protected: |
|
||||||
friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials( |
|
||||||
const std::shared_ptr<ChannelCredentials>& channel_creds, |
|
||||||
const std::shared_ptr<CallCredentials>& call_creds); |
|
||||||
|
|
||||||
virtual SecureChannelCredentials* AsSecureCredentials() = 0; |
|
||||||
|
|
||||||
private: |
|
||||||
friend std::shared_ptr<Channel> CreateCustomChannelImpl( |
|
||||||
const std::string& target, |
|
||||||
const std::shared_ptr<ChannelCredentials>& creds, |
|
||||||
const ChannelArguments& args); |
|
||||||
|
|
||||||
friend std::shared_ptr<Channel> |
|
||||||
grpc_impl::experimental::CreateCustomChannelWithInterceptors( |
|
||||||
const std::string& target, |
|
||||||
const std::shared_ptr<ChannelCredentials>& creds, |
|
||||||
const ChannelArguments& args, |
|
||||||
std::vector<std::unique_ptr< |
|
||||||
grpc::experimental::ClientInterceptorFactoryInterface>> |
|
||||||
interceptor_creators); |
|
||||||
|
|
||||||
virtual std::shared_ptr<Channel> CreateChannelImpl( |
|
||||||
const std::string& target, const ChannelArguments& args) = 0; |
|
||||||
|
|
||||||
// This function should have been a pure virtual function, but it is
|
|
||||||
// implemented as a virtual function so that it does not break API.
|
|
||||||
virtual std::shared_ptr<Channel> CreateChannelWithInterceptors( |
|
||||||
const std::string& /*target*/, const ChannelArguments& /*args*/, |
|
||||||
std::vector<std::unique_ptr< |
|
||||||
grpc::experimental::ClientInterceptorFactoryInterface>> |
|
||||||
/*interceptor_creators*/) { |
|
||||||
return nullptr; |
|
||||||
} |
|
||||||
}; |
|
||||||
|
|
||||||
/// A call credentials object encapsulates the state needed by a client to
|
|
||||||
/// authenticate with a server for a given call on a channel.
|
|
||||||
///
|
|
||||||
/// \see https://grpc.io/docs/guides/auth
|
|
||||||
class CallCredentials : private grpc::GrpcLibraryCodegen { |
|
||||||
public: |
|
||||||
CallCredentials(); |
|
||||||
~CallCredentials(); |
|
||||||
|
|
||||||
/// Apply this instance's credentials to \a call.
|
|
||||||
virtual bool ApplyToCall(grpc_call* call) = 0; |
|
||||||
virtual std::string DebugString() { |
|
||||||
return "CallCredentials did not provide a debug string"; |
|
||||||
} |
|
||||||
|
|
||||||
protected: |
|
||||||
friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials( |
|
||||||
const std::shared_ptr<ChannelCredentials>& channel_creds, |
|
||||||
const std::shared_ptr<CallCredentials>& call_creds); |
|
||||||
|
|
||||||
friend std::shared_ptr<CallCredentials> CompositeCallCredentials( |
|
||||||
const std::shared_ptr<CallCredentials>& creds1, |
|
||||||
const std::shared_ptr<CallCredentials>& creds2); |
|
||||||
|
|
||||||
virtual SecureCallCredentials* AsSecureCredentials() = 0; |
|
||||||
}; |
|
||||||
|
|
||||||
/// Options used to build SslCredentials.
|
|
||||||
struct SslCredentialsOptions { |
|
||||||
/// The buffer containing the PEM encoding of the server root certificates. If
|
|
||||||
/// this parameter is empty, the default roots will be used. The default
|
|
||||||
/// roots can be overridden using the \a GRPC_DEFAULT_SSL_ROOTS_FILE_PATH
|
|
||||||
/// environment variable pointing to a file on the file system containing the
|
|
||||||
/// roots.
|
|
||||||
std::string pem_root_certs; |
|
||||||
|
|
||||||
/// The buffer containing the PEM encoding of the client's private key. This
|
|
||||||
/// parameter can be empty if the client does not have a private key.
|
|
||||||
std::string pem_private_key; |
|
||||||
|
|
||||||
/// The buffer containing the PEM encoding of the client's certificate chain.
|
|
||||||
/// This parameter can be empty if the client does not have a certificate
|
|
||||||
/// chain.
|
|
||||||
std::string pem_cert_chain; |
|
||||||
}; |
|
||||||
|
|
||||||
// Factories for building different types of Credentials The functions may
|
|
||||||
// return empty shared_ptr when credentials cannot be created. If a
|
|
||||||
// Credentials pointer is returned, it can still be invalid when used to create
|
|
||||||
// a channel. A lame channel will be created then and all rpcs will fail on it.
|
|
||||||
|
|
||||||
/// Builds credentials with reasonable defaults.
|
|
||||||
///
|
|
||||||
/// \warning Only use these credentials when connecting to a Google endpoint.
|
|
||||||
/// Using these credentials to connect to any other service may result in this
|
|
||||||
/// service being able to impersonate your client for requests to Google
|
|
||||||
/// services.
|
|
||||||
std::shared_ptr<ChannelCredentials> GoogleDefaultCredentials(); |
|
||||||
|
|
||||||
/// Builds SSL Credentials given SSL specific options
|
|
||||||
std::shared_ptr<ChannelCredentials> SslCredentials( |
|
||||||
const SslCredentialsOptions& options); |
|
||||||
|
|
||||||
/// Builds credentials for use when running in GCE
|
|
||||||
///
|
|
||||||
/// \warning Only use these credentials when connecting to a Google endpoint.
|
|
||||||
/// Using these credentials to connect to any other service may result in this
|
|
||||||
/// service being able to impersonate your client for requests to Google
|
|
||||||
/// services.
|
|
||||||
std::shared_ptr<CallCredentials> GoogleComputeEngineCredentials(); |
|
||||||
|
|
||||||
constexpr long kMaxAuthTokenLifetimeSecs = 3600; |
|
||||||
|
|
||||||
/// Builds Service Account JWT Access credentials.
|
|
||||||
/// json_key is the JSON key string containing the client's private key.
|
|
||||||
/// token_lifetime_seconds is the lifetime in seconds of each Json Web Token
|
|
||||||
/// (JWT) created with this credentials. It should not exceed
|
|
||||||
/// \a kMaxAuthTokenLifetimeSecs or will be cropped to this value.
|
|
||||||
std::shared_ptr<CallCredentials> ServiceAccountJWTAccessCredentials( |
|
||||||
const std::string& json_key, |
|
||||||
long token_lifetime_seconds = grpc_impl::kMaxAuthTokenLifetimeSecs); |
|
||||||
|
|
||||||
/// Builds refresh token credentials.
|
|
||||||
/// json_refresh_token is the JSON string containing the refresh token along
|
|
||||||
/// with a client_id and client_secret.
|
|
||||||
///
|
|
||||||
/// \warning Only use these credentials when connecting to a Google endpoint.
|
|
||||||
/// Using these credentials to connect to any other service may result in this
|
|
||||||
/// service being able to impersonate your client for requests to Google
|
|
||||||
/// services.
|
|
||||||
std::shared_ptr<CallCredentials> GoogleRefreshTokenCredentials( |
|
||||||
const std::string& json_refresh_token); |
|
||||||
|
|
||||||
/// Builds access token credentials.
|
|
||||||
/// access_token is an oauth2 access token that was fetched using an out of band
|
|
||||||
/// mechanism.
|
|
||||||
///
|
|
||||||
/// \warning Only use these credentials when connecting to a Google endpoint.
|
|
||||||
/// Using these credentials to connect to any other service may result in this
|
|
||||||
/// service being able to impersonate your client for requests to Google
|
|
||||||
/// services.
|
|
||||||
std::shared_ptr<CallCredentials> AccessTokenCredentials( |
|
||||||
const std::string& access_token); |
|
||||||
|
|
||||||
/// Builds IAM credentials.
|
|
||||||
///
|
|
||||||
/// \warning Only use these credentials when connecting to a Google endpoint.
|
|
||||||
/// Using these credentials to connect to any other service may result in this
|
|
||||||
/// service being able to impersonate your client for requests to Google
|
|
||||||
/// services.
|
|
||||||
std::shared_ptr<CallCredentials> GoogleIAMCredentials( |
|
||||||
const std::string& authorization_token, |
|
||||||
const std::string& authority_selector); |
|
||||||
|
|
||||||
/// Combines a channel credentials and a call credentials into a composite
|
|
||||||
/// channel credentials.
|
|
||||||
std::shared_ptr<ChannelCredentials> CompositeChannelCredentials( |
|
||||||
const std::shared_ptr<ChannelCredentials>& channel_creds, |
|
||||||
const std::shared_ptr<CallCredentials>& call_creds); |
|
||||||
|
|
||||||
/// Combines two call credentials objects into a composite call credentials.
|
|
||||||
std::shared_ptr<CallCredentials> CompositeCallCredentials( |
|
||||||
const std::shared_ptr<CallCredentials>& creds1, |
|
||||||
const std::shared_ptr<CallCredentials>& creds2); |
|
||||||
|
|
||||||
/// Credentials for an unencrypted, unauthenticated channel
|
|
||||||
std::shared_ptr<ChannelCredentials> InsecureChannelCredentials(); |
|
||||||
|
|
||||||
/// User defined metadata credentials.
|
|
||||||
class MetadataCredentialsPlugin { |
|
||||||
public: |
|
||||||
virtual ~MetadataCredentialsPlugin() {} |
|
||||||
|
|
||||||
/// If this method returns true, the Process function will be scheduled in
|
|
||||||
/// a different thread from the one processing the call.
|
|
||||||
virtual bool IsBlocking() const { return true; } |
|
||||||
|
|
||||||
/// Type of credentials this plugin is implementing.
|
|
||||||
virtual const char* GetType() const { return ""; } |
|
||||||
|
|
||||||
/// Gets the auth metatada produced by this plugin.
|
|
||||||
/// The fully qualified method name is:
|
|
||||||
/// service_url + "/" + method_name.
|
|
||||||
/// The channel_auth_context contains (among other things), the identity of
|
|
||||||
/// the server.
|
|
||||||
virtual grpc::Status GetMetadata( |
|
||||||
grpc::string_ref service_url, grpc::string_ref method_name, |
|
||||||
const grpc::AuthContext& channel_auth_context, |
|
||||||
std::multimap<std::string, std::string>* metadata) = 0; |
|
||||||
|
|
||||||
virtual std::string DebugString() { |
|
||||||
return "MetadataCredentialsPlugin did not provide a debug string"; |
|
||||||
} |
|
||||||
}; |
|
||||||
|
|
||||||
std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin( |
|
||||||
std::unique_ptr<MetadataCredentialsPlugin> plugin); |
|
||||||
|
|
||||||
namespace experimental { |
|
||||||
|
|
||||||
/// Options for creating STS Oauth Token Exchange credentials following the IETF
|
|
||||||
/// draft https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16.
|
|
||||||
/// Optional fields may be set to empty string. It is the responsibility of the
|
|
||||||
/// caller to ensure that the subject and actor tokens are refreshed on disk at
|
|
||||||
/// the specified paths.
|
|
||||||
struct StsCredentialsOptions { |
|
||||||
std::string token_exchange_service_uri; // Required.
|
|
||||||
std::string resource; // Optional.
|
|
||||||
std::string audience; // Optional.
|
|
||||||
std::string scope; // Optional.
|
|
||||||
std::string requested_token_type; // Optional.
|
|
||||||
std::string subject_token_path; // Required.
|
|
||||||
std::string subject_token_type; // Required.
|
|
||||||
std::string actor_token_path; // Optional.
|
|
||||||
std::string actor_token_type; // Optional.
|
|
||||||
}; |
|
||||||
|
|
||||||
/// Creates STS Options from a JSON string. The JSON schema is as follows:
|
|
||||||
/// {
|
|
||||||
/// "title": "STS Credentials Config",
|
|
||||||
/// "type": "object",
|
|
||||||
/// "required": ["token_exchange_service_uri", "subject_token_path",
|
|
||||||
/// "subject_token_type"],
|
|
||||||
/// "properties": {
|
|
||||||
/// "token_exchange_service_uri": {
|
|
||||||
/// "type": "string"
|
|
||||||
/// },
|
|
||||||
/// "resource": {
|
|
||||||
/// "type": "string"
|
|
||||||
/// },
|
|
||||||
/// "audience": {
|
|
||||||
/// "type": "string"
|
|
||||||
/// },
|
|
||||||
/// "scope": {
|
|
||||||
/// "type": "string"
|
|
||||||
/// },
|
|
||||||
/// "requested_token_type": {
|
|
||||||
/// "type": "string"
|
|
||||||
/// },
|
|
||||||
/// "subject_token_path": {
|
|
||||||
/// "type": "string"
|
|
||||||
/// },
|
|
||||||
/// "subject_token_type": {
|
|
||||||
/// "type": "string"
|
|
||||||
/// },
|
|
||||||
/// "actor_token_path" : {
|
|
||||||
/// "type": "string"
|
|
||||||
/// },
|
|
||||||
/// "actor_token_type": {
|
|
||||||
/// "type": "string"
|
|
||||||
/// }
|
|
||||||
/// }
|
|
||||||
/// }
|
|
||||||
grpc::Status StsCredentialsOptionsFromJson(const std::string& json_string, |
|
||||||
StsCredentialsOptions* options); |
|
||||||
|
|
||||||
/// Creates STS credentials options from the $STS_CREDENTIALS environment
|
|
||||||
/// variable. This environment variable points to the path of a JSON file
|
|
||||||
/// comforming to the schema described above.
|
|
||||||
grpc::Status StsCredentialsOptionsFromEnv(StsCredentialsOptions* options); |
|
||||||
|
|
||||||
std::shared_ptr<CallCredentials> StsCredentials( |
|
||||||
const StsCredentialsOptions& options); |
|
||||||
|
|
||||||
std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin( |
|
||||||
std::unique_ptr<MetadataCredentialsPlugin> plugin, |
|
||||||
grpc_security_level min_security_level); |
|
||||||
|
|
||||||
/// Options used to build AltsCredentials.
|
|
||||||
struct AltsCredentialsOptions { |
|
||||||
/// service accounts of target endpoint that will be acceptable
|
|
||||||
/// by the client. If service accounts are provided and none of them matches
|
|
||||||
/// that of the server, authentication will fail.
|
|
||||||
std::vector<std::string> target_service_accounts; |
|
||||||
}; |
|
||||||
|
|
||||||
/// Builds ALTS Credentials given ALTS specific options
|
|
||||||
std::shared_ptr<ChannelCredentials> AltsCredentials( |
|
||||||
const AltsCredentialsOptions& options); |
|
||||||
|
|
||||||
/// Builds Local Credentials.
|
|
||||||
std::shared_ptr<ChannelCredentials> LocalCredentials( |
|
||||||
grpc_local_connect_type type); |
|
||||||
|
|
||||||
/// Builds TLS Credentials given TLS options.
|
|
||||||
std::shared_ptr<ChannelCredentials> TlsCredentials( |
|
||||||
const TlsCredentialsOptions& options); |
|
||||||
|
|
||||||
} // namespace experimental
|
|
||||||
} // namespace grpc_impl
|
|
||||||
|
|
||||||
#endif // GRPCPP_SECURITY_CREDENTIALS_IMPL_H
|
|
||||||
Loading…
Reference in new issue