diff --git a/BUILD b/BUILD index c3ca67a489a..641169ea01e 100644 --- a/BUILD +++ b/BUILD @@ -1649,7 +1649,7 @@ grpc_cc_library( "src/core/lib/security/credentials/plugin/plugin_credentials.cc", "src/core/lib/security/credentials/ssl/ssl_credentials.cc", "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc", - "src/core/lib/security/credentials/tls/spiffe_credentials.cc", + "src/core/lib/security/credentials/tls/tls_credentials.cc", "src/core/lib/security/security_connector/alts/alts_security_connector.cc", "src/core/lib/security/security_connector/fake/fake_security_connector.cc", "src/core/lib/security/security_connector/load_system_roots_fallback.cc", @@ -1659,7 +1659,7 @@ grpc_cc_library( "src/core/lib/security/security_connector/ssl/ssl_security_connector.cc", "src/core/lib/security/security_connector/ssl_utils.cc", "src/core/lib/security/security_connector/ssl_utils_config.cc", - "src/core/lib/security/security_connector/tls/spiffe_security_connector.cc", + "src/core/lib/security/security_connector/tls/tls_security_connector.cc", "src/core/lib/security/transport/client_auth_filter.cc", "src/core/lib/security/transport/secure_endpoint.cc", "src/core/lib/security/transport/security_handshaker.cc", @@ -1687,7 +1687,7 @@ grpc_cc_library( "src/core/lib/security/credentials/plugin/plugin_credentials.h", "src/core/lib/security/credentials/ssl/ssl_credentials.h", "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h", - "src/core/lib/security/credentials/tls/spiffe_credentials.h", + "src/core/lib/security/credentials/tls/tls_credentials.h", "src/core/lib/security/security_connector/alts/alts_security_connector.h", "src/core/lib/security/security_connector/fake/fake_security_connector.h", "src/core/lib/security/security_connector/load_system_roots.h", @@ -1697,7 +1697,7 @@ grpc_cc_library( "src/core/lib/security/security_connector/ssl/ssl_security_connector.h", "src/core/lib/security/security_connector/ssl_utils.h", "src/core/lib/security/security_connector/ssl_utils_config.h", - "src/core/lib/security/security_connector/tls/spiffe_security_connector.h", + "src/core/lib/security/security_connector/tls/tls_security_connector.h", "src/core/lib/security/transport/auth_filters.h", "src/core/lib/security/transport/secure_endpoint.h", "src/core/lib/security/transport/security_handshaker.h", diff --git a/BUILD.gn b/BUILD.gn index 2d84429ad1f..910bdc3ac75 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -733,8 +733,8 @@ config("grpc_config") { "src/core/lib/security/credentials/ssl/ssl_credentials.h", "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc", "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h", - "src/core/lib/security/credentials/tls/spiffe_credentials.cc", - "src/core/lib/security/credentials/tls/spiffe_credentials.h", + "src/core/lib/security/credentials/tls/tls_credentials.cc", + "src/core/lib/security/credentials/tls/tls_credentials.h", "src/core/lib/security/security_connector/alts/alts_security_connector.cc", "src/core/lib/security/security_connector/alts/alts_security_connector.h", "src/core/lib/security/security_connector/fake/fake_security_connector.cc", @@ -753,8 +753,8 @@ config("grpc_config") { "src/core/lib/security/security_connector/ssl_utils.h", "src/core/lib/security/security_connector/ssl_utils_config.cc", "src/core/lib/security/security_connector/ssl_utils_config.h", - "src/core/lib/security/security_connector/tls/spiffe_security_connector.cc", - "src/core/lib/security/security_connector/tls/spiffe_security_connector.h", + "src/core/lib/security/security_connector/tls/tls_security_connector.cc", + "src/core/lib/security/security_connector/tls/tls_security_connector.h", "src/core/lib/security/transport/auth_filters.h", "src/core/lib/security/transport/client_auth_filter.cc", "src/core/lib/security/transport/secure_endpoint.cc", diff --git a/CMakeLists.txt b/CMakeLists.txt index 32add78b99b..ae5a18a9a06 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -746,7 +746,7 @@ if(gRPC_BUILD_TESTS) add_dependencies(buildtests_cxx grpc_cli) add_dependencies(buildtests_cxx grpc_fetch_oauth2) add_dependencies(buildtests_cxx grpc_linux_system_roots_test) - add_dependencies(buildtests_cxx grpc_spiffe_security_connector_test) + add_dependencies(buildtests_cxx grpc_tls_security_connector_test) add_dependencies(buildtests_cxx grpc_tool_test) add_dependencies(buildtests_cxx grpclb_api_test) add_dependencies(buildtests_cxx grpclb_end2end_test) @@ -1306,7 +1306,7 @@ add_library(grpc src/core/lib/security/credentials/plugin/plugin_credentials.cc src/core/lib/security/credentials/ssl/ssl_credentials.cc src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc - src/core/lib/security/credentials/tls/spiffe_credentials.cc + src/core/lib/security/credentials/tls/tls_credentials.cc src/core/lib/security/security_connector/alts/alts_security_connector.cc src/core/lib/security/security_connector/fake/fake_security_connector.cc src/core/lib/security/security_connector/load_system_roots_fallback.cc @@ -1316,7 +1316,7 @@ add_library(grpc src/core/lib/security/security_connector/ssl/ssl_security_connector.cc src/core/lib/security/security_connector/ssl_utils.cc src/core/lib/security/security_connector/ssl_utils_config.cc - src/core/lib/security/security_connector/tls/spiffe_security_connector.cc + src/core/lib/security/security_connector/tls/tls_security_connector.cc src/core/lib/security/transport/client_auth_filter.cc src/core/lib/security/transport/secure_endpoint.cc src/core/lib/security/transport/security_handshaker.cc @@ -1821,7 +1821,7 @@ add_library(grpc_cronet src/core/lib/security/credentials/plugin/plugin_credentials.cc src/core/lib/security/credentials/ssl/ssl_credentials.cc src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc - src/core/lib/security/credentials/tls/spiffe_credentials.cc + src/core/lib/security/credentials/tls/tls_credentials.cc src/core/lib/security/security_connector/alts/alts_security_connector.cc src/core/lib/security/security_connector/fake/fake_security_connector.cc src/core/lib/security/security_connector/load_system_roots_fallback.cc @@ -1831,7 +1831,7 @@ add_library(grpc_cronet src/core/lib/security/security_connector/ssl/ssl_security_connector.cc src/core/lib/security/security_connector/ssl_utils.cc src/core/lib/security/security_connector/ssl_utils_config.cc - src/core/lib/security/security_connector/tls/spiffe_security_connector.cc + src/core/lib/security/security_connector/tls/tls_security_connector.cc src/core/lib/security/transport/client_auth_filter.cc src/core/lib/security/transport/secure_endpoint.cc src/core/lib/security/transport/security_handshaker.cc @@ -13185,13 +13185,13 @@ endif() endif() if(gRPC_BUILD_TESTS) -add_executable(grpc_spiffe_security_connector_test - test/core/security/spiffe_security_connector_test.cc +add_executable(grpc_tls_security_connector_test + test/core/security/tls_security_connector_test.cc third_party/googletest/googletest/src/gtest-all.cc third_party/googletest/googlemock/src/gmock-all.cc ) -target_include_directories(grpc_spiffe_security_connector_test +target_include_directories(grpc_tls_security_connector_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/include @@ -13208,7 +13208,7 @@ target_include_directories(grpc_spiffe_security_connector_test ${_gRPC_PROTO_GENS_DIR} ) -target_link_libraries(grpc_spiffe_security_connector_test +target_link_libraries(grpc_tls_security_connector_test ${_gRPC_PROTOBUF_LIBRARIES} ${_gRPC_ALLTARGETS_LIBRARIES} grpc_test_util diff --git a/Makefile b/Makefile index 5f591c4361f..cfb20e3d213 100644 --- a/Makefile +++ b/Makefile @@ -1237,7 +1237,7 @@ grpc_objective_c_plugin: $(BINDIR)/$(CONFIG)/grpc_objective_c_plugin grpc_php_plugin: $(BINDIR)/$(CONFIG)/grpc_php_plugin grpc_python_plugin: $(BINDIR)/$(CONFIG)/grpc_python_plugin grpc_ruby_plugin: $(BINDIR)/$(CONFIG)/grpc_ruby_plugin -grpc_spiffe_security_connector_test: $(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test +grpc_tls_security_connector_test: $(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test grpc_tool_test: $(BINDIR)/$(CONFIG)/grpc_tool_test grpclb_api_test: $(BINDIR)/$(CONFIG)/grpclb_api_test grpclb_end2end_test: $(BINDIR)/$(CONFIG)/grpclb_end2end_test @@ -1705,7 +1705,7 @@ buildtests_cxx: privatelibs_cxx \ $(BINDIR)/$(CONFIG)/grpc_cli \ $(BINDIR)/$(CONFIG)/grpc_fetch_oauth2 \ $(BINDIR)/$(CONFIG)/grpc_linux_system_roots_test \ - $(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test \ + $(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test \ $(BINDIR)/$(CONFIG)/grpc_tool_test \ $(BINDIR)/$(CONFIG)/grpclb_api_test \ $(BINDIR)/$(CONFIG)/grpclb_end2end_test \ @@ -1878,7 +1878,7 @@ buildtests_cxx: privatelibs_cxx \ $(BINDIR)/$(CONFIG)/grpc_cli \ $(BINDIR)/$(CONFIG)/grpc_fetch_oauth2 \ $(BINDIR)/$(CONFIG)/grpc_linux_system_roots_test \ - $(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test \ + $(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test \ $(BINDIR)/$(CONFIG)/grpc_tool_test \ $(BINDIR)/$(CONFIG)/grpclb_api_test \ $(BINDIR)/$(CONFIG)/grpclb_end2end_test \ @@ -2383,8 +2383,8 @@ test_cxx: buildtests_cxx $(Q) $(BINDIR)/$(CONFIG)/grpc_alts_credentials_options_test || ( echo test grpc_alts_credentials_options_test failed ; exit 1 ) $(E) "[RUN] Testing grpc_linux_system_roots_test" $(Q) $(BINDIR)/$(CONFIG)/grpc_linux_system_roots_test || ( echo test grpc_linux_system_roots_test failed ; exit 1 ) - $(E) "[RUN] Testing grpc_spiffe_security_connector_test" - $(Q) $(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test || ( echo test grpc_spiffe_security_connector_test failed ; exit 1 ) + $(E) "[RUN] Testing grpc_tls_security_connector_test" + $(Q) $(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test || ( echo test grpc_tls_security_connector_test failed ; exit 1 ) $(E) "[RUN] Testing grpc_tool_test" $(Q) $(BINDIR)/$(CONFIG)/grpc_tool_test || ( echo test grpc_tool_test failed ; exit 1 ) $(E) "[RUN] Testing grpclb_api_test" @@ -3788,7 +3788,7 @@ LIBGRPC_SRC = \ src/core/lib/security/credentials/plugin/plugin_credentials.cc \ src/core/lib/security/credentials/ssl/ssl_credentials.cc \ src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \ - src/core/lib/security/credentials/tls/spiffe_credentials.cc \ + src/core/lib/security/credentials/tls/tls_credentials.cc \ src/core/lib/security/security_connector/alts/alts_security_connector.cc \ src/core/lib/security/security_connector/fake/fake_security_connector.cc \ src/core/lib/security/security_connector/load_system_roots_fallback.cc \ @@ -3798,7 +3798,7 @@ LIBGRPC_SRC = \ src/core/lib/security/security_connector/ssl/ssl_security_connector.cc \ src/core/lib/security/security_connector/ssl_utils.cc \ src/core/lib/security/security_connector/ssl_utils_config.cc \ - src/core/lib/security/security_connector/tls/spiffe_security_connector.cc \ + src/core/lib/security/security_connector/tls/tls_security_connector.cc \ src/core/lib/security/transport/client_auth_filter.cc \ src/core/lib/security/transport/secure_endpoint.cc \ src/core/lib/security/transport/security_handshaker.cc \ @@ -4295,7 +4295,7 @@ LIBGRPC_CRONET_SRC = \ src/core/lib/security/credentials/plugin/plugin_credentials.cc \ src/core/lib/security/credentials/ssl/ssl_credentials.cc \ src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \ - src/core/lib/security/credentials/tls/spiffe_credentials.cc \ + src/core/lib/security/credentials/tls/tls_credentials.cc \ src/core/lib/security/security_connector/alts/alts_security_connector.cc \ src/core/lib/security/security_connector/fake/fake_security_connector.cc \ src/core/lib/security/security_connector/load_system_roots_fallback.cc \ @@ -4305,7 +4305,7 @@ LIBGRPC_CRONET_SRC = \ src/core/lib/security/security_connector/ssl/ssl_security_connector.cc \ src/core/lib/security/security_connector/ssl_utils.cc \ src/core/lib/security/security_connector/ssl_utils_config.cc \ - src/core/lib/security/security_connector/tls/spiffe_security_connector.cc \ + src/core/lib/security/security_connector/tls/tls_security_connector.cc \ src/core/lib/security/transport/client_auth_filter.cc \ src/core/lib/security/transport/secure_endpoint.cc \ src/core/lib/security/transport/security_handshaker.cc \ @@ -17423,15 +17423,15 @@ ifneq ($(NO_DEPS),true) endif -GRPC_SPIFFE_SECURITY_CONNECTOR_TEST_SRC = \ - test/core/security/spiffe_security_connector_test.cc \ +GRPC_TLS_SECURITY_CONNECTOR_TEST_SRC = \ + test/core/security/tls_security_connector_test.cc \ -GRPC_SPIFFE_SECURITY_CONNECTOR_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(GRPC_SPIFFE_SECURITY_CONNECTOR_TEST_SRC)))) +GRPC_TLS_SECURITY_CONNECTOR_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(GRPC_TLS_SECURITY_CONNECTOR_TEST_SRC)))) ifeq ($(NO_SECURE),true) # You can't build secure targets if you don't have OpenSSL. -$(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test: openssl_dep_error +$(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test: openssl_dep_error else @@ -17442,26 +17442,26 @@ ifeq ($(NO_PROTOBUF),true) # You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.5.0+. -$(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test: protobuf_dep_error +$(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test: protobuf_dep_error else -$(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test: $(PROTOBUF_DEP) $(GRPC_SPIFFE_SECURITY_CONNECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a +$(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test: $(PROTOBUF_DEP) $(GRPC_TLS_SECURITY_CONNECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(E) "[LD] Linking $@" $(Q) mkdir -p `dirname $@` - $(Q) $(LDXX) $(LDFLAGS) $(GRPC_SPIFFE_SECURITY_CONNECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/grpc_spiffe_security_connector_test + $(Q) $(LDXX) $(LDFLAGS) $(GRPC_TLS_SECURITY_CONNECTOR_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/grpc_tls_security_connector_test endif endif -$(OBJDIR)/$(CONFIG)/test/core/security/spiffe_security_connector_test.o: $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a +$(OBJDIR)/$(CONFIG)/test/core/security/tls_security_connector_test.o: $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr.a -deps_grpc_spiffe_security_connector_test: $(GRPC_SPIFFE_SECURITY_CONNECTOR_TEST_OBJS:.o=.dep) +deps_grpc_tls_security_connector_test: $(GRPC_TLS_SECURITY_CONNECTOR_TEST_OBJS:.o=.dep) ifneq ($(NO_SECURE),true) ifneq ($(NO_DEPS),true) --include $(GRPC_SPIFFE_SECURITY_CONNECTOR_TEST_OBJS:.o=.dep) +-include $(GRPC_TLS_SECURITY_CONNECTOR_TEST_OBJS:.o=.dep) endif endif @@ -23112,7 +23112,7 @@ src/core/lib/security/credentials/oauth2/oauth2_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/plugin/plugin_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/ssl/ssl_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc: $(OPENSSL_DEP) -src/core/lib/security/credentials/tls/spiffe_credentials.cc: $(OPENSSL_DEP) +src/core/lib/security/credentials/tls/tls_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/security_connector/alts/alts_security_connector.cc: $(OPENSSL_DEP) src/core/lib/security/security_connector/fake/fake_security_connector.cc: $(OPENSSL_DEP) src/core/lib/security/security_connector/load_system_roots_fallback.cc: $(OPENSSL_DEP) @@ -23122,7 +23122,7 @@ src/core/lib/security/security_connector/security_connector.cc: $(OPENSSL_DEP) src/core/lib/security/security_connector/ssl/ssl_security_connector.cc: $(OPENSSL_DEP) src/core/lib/security/security_connector/ssl_utils.cc: $(OPENSSL_DEP) src/core/lib/security/security_connector/ssl_utils_config.cc: $(OPENSSL_DEP) -src/core/lib/security/security_connector/tls/spiffe_security_connector.cc: $(OPENSSL_DEP) +src/core/lib/security/security_connector/tls/tls_security_connector.cc: $(OPENSSL_DEP) src/core/lib/security/transport/client_auth_filter.cc: $(OPENSSL_DEP) src/core/lib/security/transport/secure_endpoint.cc: $(OPENSSL_DEP) src/core/lib/security/transport/security_handshaker.cc: $(OPENSSL_DEP) diff --git a/build.yaml b/build.yaml index d29dc2b5499..f840b42c03f 100644 --- a/build.yaml +++ b/build.yaml @@ -1282,7 +1282,7 @@ filegroups: - src/core/lib/security/credentials/plugin/plugin_credentials.h - src/core/lib/security/credentials/ssl/ssl_credentials.h - src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h - - src/core/lib/security/credentials/tls/spiffe_credentials.h + - src/core/lib/security/credentials/tls/tls_credentials.h - src/core/lib/security/security_connector/alts/alts_security_connector.h - src/core/lib/security/security_connector/fake/fake_security_connector.h - src/core/lib/security/security_connector/load_system_roots.h @@ -1292,7 +1292,7 @@ filegroups: - src/core/lib/security/security_connector/ssl/ssl_security_connector.h - src/core/lib/security/security_connector/ssl_utils.h - src/core/lib/security/security_connector/ssl_utils_config.h - - src/core/lib/security/security_connector/tls/spiffe_security_connector.h + - src/core/lib/security/security_connector/tls/tls_security_connector.h - src/core/lib/security/transport/auth_filters.h - src/core/lib/security/transport/secure_endpoint.h - src/core/lib/security/transport/security_handshaker.h @@ -1318,7 +1318,7 @@ filegroups: - src/core/lib/security/credentials/plugin/plugin_credentials.cc - src/core/lib/security/credentials/ssl/ssl_credentials.cc - src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc - - src/core/lib/security/credentials/tls/spiffe_credentials.cc + - src/core/lib/security/credentials/tls/tls_credentials.cc - src/core/lib/security/security_connector/alts/alts_security_connector.cc - src/core/lib/security/security_connector/fake/fake_security_connector.cc - src/core/lib/security/security_connector/load_system_roots_fallback.cc @@ -1328,7 +1328,7 @@ filegroups: - src/core/lib/security/security_connector/ssl/ssl_security_connector.cc - src/core/lib/security/security_connector/ssl_utils.cc - src/core/lib/security/security_connector/ssl_utils_config.cc - - src/core/lib/security/security_connector/tls/spiffe_security_connector.cc + - src/core/lib/security/security_connector/tls/tls_security_connector.cc - src/core/lib/security/transport/client_auth_filter.cc - src/core/lib/security/transport/secure_endpoint.cc - src/core/lib/security/transport/security_handshaker.cc @@ -5078,12 +5078,12 @@ targets: deps: - grpc_plugin_support secure: false -- name: grpc_spiffe_security_connector_test +- name: grpc_tls_security_connector_test gtest: true build: test language: c++ src: - - test/core/security/spiffe_security_connector_test.cc + - test/core/security/tls_security_connector_test.cc deps: - grpc_test_util - grpc++_test_util diff --git a/config.m4 b/config.m4 index e0e85f3e09f..81f723ba4bb 100644 --- a/config.m4 +++ b/config.m4 @@ -362,7 +362,7 @@ if test "$PHP_GRPC" != "no"; then src/core/lib/security/credentials/plugin/plugin_credentials.cc \ src/core/lib/security/credentials/ssl/ssl_credentials.cc \ src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \ - src/core/lib/security/credentials/tls/spiffe_credentials.cc \ + src/core/lib/security/credentials/tls/tls_credentials.cc \ src/core/lib/security/security_connector/alts/alts_security_connector.cc \ src/core/lib/security/security_connector/fake/fake_security_connector.cc \ src/core/lib/security/security_connector/load_system_roots_fallback.cc \ @@ -372,7 +372,7 @@ if test "$PHP_GRPC" != "no"; then src/core/lib/security/security_connector/ssl/ssl_security_connector.cc \ src/core/lib/security/security_connector/ssl_utils.cc \ src/core/lib/security/security_connector/ssl_utils_config.cc \ - src/core/lib/security/security_connector/tls/spiffe_security_connector.cc \ + src/core/lib/security/security_connector/tls/tls_security_connector.cc \ src/core/lib/security/transport/client_auth_filter.cc \ src/core/lib/security/transport/secure_endpoint.cc \ src/core/lib/security/transport/security_handshaker.cc \ diff --git a/config.w32 b/config.w32 index 2da55d6085f..bd9d70326fc 100644 --- a/config.w32 +++ b/config.w32 @@ -265,7 +265,7 @@ if (PHP_GRPC != "no") { "src\\core\\lib\\security\\credentials\\plugin\\plugin_credentials.cc " + "src\\core\\lib\\security\\credentials\\ssl\\ssl_credentials.cc " + "src\\core\\lib\\security\\credentials\\tls\\grpc_tls_credentials_options.cc " + - "src\\core\\lib\\security\\credentials\\tls\\spiffe_credentials.cc " + + "src\\core\\lib\\security\\credentials\\tls\\tls_credentials.cc " + "src\\core\\lib\\security\\security_connector\\alts\\alts_security_connector.cc " + "src\\core\\lib\\security\\security_connector\\fake\\fake_security_connector.cc " + "src\\core\\lib\\security\\security_connector\\load_system_roots_fallback.cc " + @@ -275,7 +275,7 @@ if (PHP_GRPC != "no") { "src\\core\\lib\\security\\security_connector\\ssl\\ssl_security_connector.cc " + "src\\core\\lib\\security\\security_connector\\ssl_utils.cc " + "src\\core\\lib\\security\\security_connector\\ssl_utils_config.cc " + - "src\\core\\lib\\security\\security_connector\\tls\\spiffe_security_connector.cc " + + "src\\core\\lib\\security\\security_connector\\tls\\tls_security_connector.cc " + "src\\core\\lib\\security\\transport\\client_auth_filter.cc " + "src\\core\\lib\\security\\transport\\secure_endpoint.cc " + "src\\core\\lib\\security\\transport\\security_handshaker.cc " + diff --git a/gRPC-C++.podspec b/gRPC-C++.podspec index 80495bf319d..c5338ae0a7a 100644 --- a/gRPC-C++.podspec +++ b/gRPC-C++.podspec @@ -545,7 +545,7 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/plugin/plugin_credentials.h', 'src/core/lib/security/credentials/ssl/ssl_credentials.h', 'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h', - 'src/core/lib/security/credentials/tls/spiffe_credentials.h', + 'src/core/lib/security/credentials/tls/tls_credentials.h', 'src/core/lib/security/security_connector/alts/alts_security_connector.h', 'src/core/lib/security/security_connector/fake/fake_security_connector.h', 'src/core/lib/security/security_connector/load_system_roots.h', @@ -555,7 +555,7 @@ Pod::Spec.new do |s| 'src/core/lib/security/security_connector/ssl/ssl_security_connector.h', 'src/core/lib/security/security_connector/ssl_utils.h', 'src/core/lib/security/security_connector/ssl_utils_config.h', - 'src/core/lib/security/security_connector/tls/spiffe_security_connector.h', + 'src/core/lib/security/security_connector/tls/tls_security_connector.h', 'src/core/lib/security/transport/auth_filters.h', 'src/core/lib/security/transport/secure_endpoint.h', 'src/core/lib/security/transport/security_handshaker.h', @@ -1133,7 +1133,7 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/plugin/plugin_credentials.h', 'src/core/lib/security/credentials/ssl/ssl_credentials.h', 'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h', - 'src/core/lib/security/credentials/tls/spiffe_credentials.h', + 'src/core/lib/security/credentials/tls/tls_credentials.h', 'src/core/lib/security/security_connector/alts/alts_security_connector.h', 'src/core/lib/security/security_connector/fake/fake_security_connector.h', 'src/core/lib/security/security_connector/load_system_roots.h', @@ -1143,7 +1143,7 @@ Pod::Spec.new do |s| 'src/core/lib/security/security_connector/ssl/ssl_security_connector.h', 'src/core/lib/security/security_connector/ssl_utils.h', 'src/core/lib/security/security_connector/ssl_utils_config.h', - 'src/core/lib/security/security_connector/tls/spiffe_security_connector.h', + 'src/core/lib/security/security_connector/tls/tls_security_connector.h', 'src/core/lib/security/transport/auth_filters.h', 'src/core/lib/security/transport/secure_endpoint.h', 'src/core/lib/security/transport/security_handshaker.h', diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec index 0f2d193e63e..ff9dd3a4708 100644 --- a/gRPC-Core.podspec +++ b/gRPC-Core.podspec @@ -785,8 +785,8 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/ssl/ssl_credentials.h', 'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc', 'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h', - 'src/core/lib/security/credentials/tls/spiffe_credentials.cc', - 'src/core/lib/security/credentials/tls/spiffe_credentials.h', + 'src/core/lib/security/credentials/tls/tls_credentials.cc', + 'src/core/lib/security/credentials/tls/tls_credentials.h', 'src/core/lib/security/security_connector/alts/alts_security_connector.cc', 'src/core/lib/security/security_connector/alts/alts_security_connector.h', 'src/core/lib/security/security_connector/fake/fake_security_connector.cc', @@ -805,8 +805,8 @@ Pod::Spec.new do |s| 'src/core/lib/security/security_connector/ssl_utils.h', 'src/core/lib/security/security_connector/ssl_utils_config.cc', 'src/core/lib/security/security_connector/ssl_utils_config.h', - 'src/core/lib/security/security_connector/tls/spiffe_security_connector.cc', - 'src/core/lib/security/security_connector/tls/spiffe_security_connector.h', + 'src/core/lib/security/security_connector/tls/tls_security_connector.cc', + 'src/core/lib/security/security_connector/tls/tls_security_connector.h', 'src/core/lib/security/transport/auth_filters.h', 'src/core/lib/security/transport/client_auth_filter.cc', 'src/core/lib/security/transport/secure_endpoint.cc', @@ -1238,7 +1238,7 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/plugin/plugin_credentials.h', 'src/core/lib/security/credentials/ssl/ssl_credentials.h', 'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h', - 'src/core/lib/security/credentials/tls/spiffe_credentials.h', + 'src/core/lib/security/credentials/tls/tls_credentials.h', 'src/core/lib/security/security_connector/alts/alts_security_connector.h', 'src/core/lib/security/security_connector/fake/fake_security_connector.h', 'src/core/lib/security/security_connector/load_system_roots.h', @@ -1248,7 +1248,7 @@ Pod::Spec.new do |s| 'src/core/lib/security/security_connector/ssl/ssl_security_connector.h', 'src/core/lib/security/security_connector/ssl_utils.h', 'src/core/lib/security/security_connector/ssl_utils_config.h', - 'src/core/lib/security/security_connector/tls/spiffe_security_connector.h', + 'src/core/lib/security/security_connector/tls/tls_security_connector.h', 'src/core/lib/security/transport/auth_filters.h', 'src/core/lib/security/transport/secure_endpoint.h', 'src/core/lib/security/transport/security_handshaker.h', diff --git a/grpc.gemspec b/grpc.gemspec index a91cf0d9eb3..ec53658ba9a 100644 --- a/grpc.gemspec +++ b/grpc.gemspec @@ -697,8 +697,8 @@ Gem::Specification.new do |s| s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.h ) s.files += %w( src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc ) s.files += %w( src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h ) - s.files += %w( src/core/lib/security/credentials/tls/spiffe_credentials.cc ) - s.files += %w( src/core/lib/security/credentials/tls/spiffe_credentials.h ) + s.files += %w( src/core/lib/security/credentials/tls/tls_credentials.cc ) + s.files += %w( src/core/lib/security/credentials/tls/tls_credentials.h ) s.files += %w( src/core/lib/security/security_connector/alts/alts_security_connector.cc ) s.files += %w( src/core/lib/security/security_connector/alts/alts_security_connector.h ) s.files += %w( src/core/lib/security/security_connector/fake/fake_security_connector.cc ) @@ -717,8 +717,8 @@ Gem::Specification.new do |s| s.files += %w( src/core/lib/security/security_connector/ssl_utils.h ) s.files += %w( src/core/lib/security/security_connector/ssl_utils_config.cc ) s.files += %w( src/core/lib/security/security_connector/ssl_utils_config.h ) - s.files += %w( src/core/lib/security/security_connector/tls/spiffe_security_connector.cc ) - s.files += %w( src/core/lib/security/security_connector/tls/spiffe_security_connector.h ) + s.files += %w( src/core/lib/security/security_connector/tls/tls_security_connector.cc ) + s.files += %w( src/core/lib/security/security_connector/tls/tls_security_connector.h ) s.files += %w( src/core/lib/security/transport/auth_filters.h ) s.files += %w( src/core/lib/security/transport/client_auth_filter.cc ) s.files += %w( src/core/lib/security/transport/secure_endpoint.cc ) diff --git a/grpc.gyp b/grpc.gyp index e4e4aff7ddf..766da996e2e 100644 --- a/grpc.gyp +++ b/grpc.gyp @@ -434,7 +434,7 @@ 'src/core/lib/security/credentials/plugin/plugin_credentials.cc', 'src/core/lib/security/credentials/ssl/ssl_credentials.cc', 'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc', - 'src/core/lib/security/credentials/tls/spiffe_credentials.cc', + 'src/core/lib/security/credentials/tls/tls_credentials.cc', 'src/core/lib/security/security_connector/alts/alts_security_connector.cc', 'src/core/lib/security/security_connector/fake/fake_security_connector.cc', 'src/core/lib/security/security_connector/load_system_roots_fallback.cc', @@ -444,7 +444,7 @@ 'src/core/lib/security/security_connector/ssl/ssl_security_connector.cc', 'src/core/lib/security/security_connector/ssl_utils.cc', 'src/core/lib/security/security_connector/ssl_utils_config.cc', - 'src/core/lib/security/security_connector/tls/spiffe_security_connector.cc', + 'src/core/lib/security/security_connector/tls/tls_security_connector.cc', 'src/core/lib/security/transport/client_auth_filter.cc', 'src/core/lib/security/transport/secure_endpoint.cc', 'src/core/lib/security/transport/security_handshaker.cc', diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 2bd30d912b7..164c6dacdb0 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -698,7 +698,7 @@ GRPCAPI grpc_channel_credentials* grpc_local_credentials_create( GRPCAPI grpc_server_credentials* grpc_local_server_credentials_create( grpc_local_connect_type type); -/** --- SPIFFE and HTTPS-based TLS channel/server credentials --- +/** --- TLS channel/server credentials --- * It is used for experimental purpose for now and subject to change. */ /** Config for TLS key materials. It is used for @@ -938,10 +938,8 @@ grpc_tls_server_authorization_check_config_create( grpc_tls_server_authorization_check_arg* arg), void (*destruct)(void* config_user_data)); -/** --- SPIFFE channel/server credentials --- **/ - /** - * This method creates a TLS SPIFFE channel credential object. + * This method creates a TLS channel credential object. * It takes ownership of the options parameter. * * - options: grpc TLS credentials options instance. @@ -952,7 +950,7 @@ grpc_tls_server_authorization_check_config_create( * to change. */ -grpc_channel_credentials* grpc_tls_spiffe_credentials_create( +grpc_channel_credentials* grpc_tls_credentials_create( grpc_tls_credentials_options* options); /** @@ -966,7 +964,7 @@ grpc_channel_credentials* grpc_tls_spiffe_credentials_create( * It is used for experimental purpose for now and subject * to change. */ -grpc_server_credentials* grpc_tls_spiffe_server_credentials_create( +grpc_server_credentials* grpc_tls_server_credentials_create( grpc_tls_credentials_options* options); #ifdef __cplusplus diff --git a/package.xml b/package.xml index 3066eca92b7..431ec4505a5 100644 --- a/package.xml +++ b/package.xml @@ -680,8 +680,8 @@ - - + + @@ -700,8 +700,8 @@ - - + + diff --git a/src/core/lib/security/credentials/tls/spiffe_credentials.cc b/src/core/lib/security/credentials/tls/tls_credentials.cc similarity index 73% rename from src/core/lib/security/credentials/tls/spiffe_credentials.cc rename to src/core/lib/security/credentials/tls/tls_credentials.cc index 078bc578a4f..701fd3b1502 100644 --- a/src/core/lib/security/credentials/tls/spiffe_credentials.cc +++ b/src/core/lib/security/credentials/tls/tls_credentials.cc @@ -18,7 +18,7 @@ #include -#include "src/core/lib/security/credentials/tls/spiffe_credentials.h" +#include "src/core/lib/security/credentials/tls/tls_credentials.h" #include @@ -28,24 +28,23 @@ #include #include "src/core/lib/channel/channel_args.h" -#include "src/core/lib/security/security_connector/tls/spiffe_security_connector.h" +#include "src/core/lib/security/security_connector/tls/tls_security_connector.h" -#define GRPC_CREDENTIALS_TYPE_SPIFFE "Spiffe" +#define GRPC_CREDENTIALS_TYPE_TLS "Tls" namespace { bool CredentialOptionSanityCheck(const grpc_tls_credentials_options* options, bool is_client) { if (options == nullptr) { - gpr_log(GPR_ERROR, "SPIFFE TLS credentials options is nullptr."); + gpr_log(GPR_ERROR, "TLS credentials options is nullptr."); return false; } if (options->key_materials_config() == nullptr && options->credential_reload_config() == nullptr) { - gpr_log( - GPR_ERROR, - "SPIFFE TLS credentials options must specify either key materials or " - "credential reload config."); + gpr_log(GPR_ERROR, + "TLS credentials options must specify either key materials or " + "credential reload config."); return false; } if (!is_client && options->server_authorization_check_config() != nullptr) { @@ -58,15 +57,15 @@ bool CredentialOptionSanityCheck(const grpc_tls_credentials_options* options, } // namespace -SpiffeCredentials::SpiffeCredentials( +TlsCredentials::TlsCredentials( grpc_core::RefCountedPtr options) - : grpc_channel_credentials(GRPC_CREDENTIALS_TYPE_SPIFFE), + : grpc_channel_credentials(GRPC_CREDENTIALS_TYPE_TLS), options_(std::move(options)) {} -SpiffeCredentials::~SpiffeCredentials() {} +TlsCredentials::~TlsCredentials() {} grpc_core::RefCountedPtr -SpiffeCredentials::create_security_connector( +TlsCredentials::create_security_connector( grpc_core::RefCountedPtr call_creds, const char* target_name, const grpc_channel_args* args, grpc_channel_args** new_args) { @@ -84,8 +83,8 @@ SpiffeCredentials::create_security_connector( static_cast(arg->value.pointer.p); } } - grpc_core::RefCountedPtr sc = grpc_core:: - SpiffeChannelSecurityConnector::CreateSpiffeChannelSecurityConnector( + grpc_core::RefCountedPtr sc = + grpc_core::TlsChannelSecurityConnector::CreateTlsChannelSecurityConnector( this->Ref(), std::move(call_creds), target_name, overridden_target_name, ssl_session_cache); if (sc == nullptr) { @@ -97,33 +96,33 @@ SpiffeCredentials::create_security_connector( return sc; } -SpiffeServerCredentials::SpiffeServerCredentials( +TlsServerCredentials::TlsServerCredentials( grpc_core::RefCountedPtr options) - : grpc_server_credentials(GRPC_CREDENTIALS_TYPE_SPIFFE), + : grpc_server_credentials(GRPC_CREDENTIALS_TYPE_TLS), options_(std::move(options)) {} -SpiffeServerCredentials::~SpiffeServerCredentials() {} +TlsServerCredentials::~TlsServerCredentials() {} grpc_core::RefCountedPtr -SpiffeServerCredentials::create_security_connector() { - return grpc_core::SpiffeServerSecurityConnector:: - CreateSpiffeServerSecurityConnector(this->Ref()); +TlsServerCredentials::create_security_connector() { + return grpc_core::TlsServerSecurityConnector:: + CreateTlsServerSecurityConnector(this->Ref()); } -grpc_channel_credentials* grpc_tls_spiffe_credentials_create( +grpc_channel_credentials* grpc_tls_credentials_create( grpc_tls_credentials_options* options) { if (!CredentialOptionSanityCheck(options, true /* is_client */)) { return nullptr; } - return new SpiffeCredentials( + return new TlsCredentials( grpc_core::RefCountedPtr(options)); } -grpc_server_credentials* grpc_tls_spiffe_server_credentials_create( +grpc_server_credentials* grpc_tls_server_credentials_create( grpc_tls_credentials_options* options) { if (!CredentialOptionSanityCheck(options, false /* is_client */)) { return nullptr; } - return new SpiffeServerCredentials( + return new TlsServerCredentials( grpc_core::RefCountedPtr(options)); } diff --git a/src/core/lib/security/credentials/tls/spiffe_credentials.h b/src/core/lib/security/credentials/tls/tls_credentials.h similarity index 77% rename from src/core/lib/security/credentials/tls/spiffe_credentials.h rename to src/core/lib/security/credentials/tls/tls_credentials.h index 4985fda4a7e..388c71f6b73 100644 --- a/src/core/lib/security/credentials/tls/spiffe_credentials.h +++ b/src/core/lib/security/credentials/tls/tls_credentials.h @@ -16,8 +16,8 @@ * */ -#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_SPIFFE_CREDENTIALS_H -#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_SPIFFE_CREDENTIALS_H +#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_TLS_CREDENTIALS_H +#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_TLS_CREDENTIALS_H #include @@ -26,11 +26,11 @@ #include "src/core/lib/security/credentials/credentials.h" #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h" -class SpiffeCredentials final : public grpc_channel_credentials { +class TlsCredentials final : public grpc_channel_credentials { public: - explicit SpiffeCredentials( + explicit TlsCredentials( grpc_core::RefCountedPtr options); - ~SpiffeCredentials() override; + ~TlsCredentials() override; grpc_core::RefCountedPtr create_security_connector( @@ -44,11 +44,11 @@ class SpiffeCredentials final : public grpc_channel_credentials { grpc_core::RefCountedPtr options_; }; -class SpiffeServerCredentials final : public grpc_server_credentials { +class TlsServerCredentials final : public grpc_server_credentials { public: - explicit SpiffeServerCredentials( + explicit TlsServerCredentials( grpc_core::RefCountedPtr options); - ~SpiffeServerCredentials() override; + ~TlsServerCredentials() override; grpc_core::RefCountedPtr create_security_connector() override; @@ -59,4 +59,4 @@ class SpiffeServerCredentials final : public grpc_server_credentials { grpc_core::RefCountedPtr options_; }; -#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_SPIFFE_CREDENTIALS_H */ +#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_TLS_TLS_CREDENTIALS_H */ diff --git a/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc b/src/core/lib/security/security_connector/tls/tls_security_connector.cc similarity index 85% rename from src/core/lib/security/security_connector/tls/spiffe_security_connector.cc rename to src/core/lib/security/security_connector/tls/tls_security_connector.cc index a388f9d5739..62948eff57a 100644 --- a/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +++ b/src/core/lib/security/security_connector/tls/tls_security_connector.cc @@ -18,7 +18,7 @@ #include -#include "src/core/lib/security/security_connector/tls/spiffe_security_connector.h" +#include "src/core/lib/security/security_connector/tls/tls_security_connector.h" #include #include @@ -30,7 +30,7 @@ #include "src/core/lib/gprpp/host_port.h" #include "src/core/lib/security/credentials/ssl/ssl_credentials.h" -#include "src/core/lib/security/credentials/tls/spiffe_credentials.h" +#include "src/core/lib/security/credentials/tls/tls_credentials.h" #include "src/core/lib/security/security_connector/ssl_utils.h" #include "src/core/lib/security/transport/security_handshaker.h" #include "src/core/lib/slice/slice_internal.h" @@ -62,7 +62,7 @@ tsi_ssl_pem_key_cert_pair* ConvertToTsiPemKeyCertPair( } // namespace -/** -- Util function to fetch SPIFFE server/channel credentials. -- */ +/** -- Util function to fetch TLS server/channel credentials. -- */ grpc_status_code TlsFetchKeyMaterials( const grpc_core::RefCountedPtr& key_materials_config, @@ -111,7 +111,7 @@ grpc_status_code TlsFetchKeyMaterials( return status; } -SpiffeChannelSecurityConnector::SpiffeChannelSecurityConnector( +TlsChannelSecurityConnector::TlsChannelSecurityConnector( grpc_core::RefCountedPtr channel_creds, grpc_core::RefCountedPtr request_metadata_creds, const char* target_name, const char* overridden_target_name) @@ -129,7 +129,7 @@ SpiffeChannelSecurityConnector::SpiffeChannelSecurityConnector( target_name_ = grpc_core::StringViewToCString(host); } -SpiffeChannelSecurityConnector::~SpiffeChannelSecurityConnector() { +TlsChannelSecurityConnector::~TlsChannelSecurityConnector() { if (client_handshaker_factory_ != nullptr) { tsi_ssl_client_handshaker_factory_unref(client_handshaker_factory_); } @@ -139,7 +139,7 @@ SpiffeChannelSecurityConnector::~SpiffeChannelSecurityConnector() { ServerAuthorizationCheckArgDestroy(check_arg_); } -void SpiffeChannelSecurityConnector::add_handshakers( +void TlsChannelSecurityConnector::add_handshakers( const grpc_channel_args* args, grpc_pollset_set* /*interested_parties*/, grpc_core::HandshakeManager* handshake_mgr) { if (RefreshHandshakerFactory() != GRPC_SECURITY_OK) { @@ -162,7 +162,7 @@ void SpiffeChannelSecurityConnector::add_handshakers( handshake_mgr->Add(grpc_core::SecurityHandshakerCreate(tsi_hs, this, args)); } -void SpiffeChannelSecurityConnector::check_peer( +void TlsChannelSecurityConnector::check_peer( tsi_peer peer, grpc_endpoint* /*ep*/, grpc_core::RefCountedPtr* auth_context, grpc_closure* on_peer_checked) { @@ -175,10 +175,10 @@ void SpiffeChannelSecurityConnector::check_peer( tsi_peer_destruct(&peer); return; } - *auth_context = grpc_ssl_peer_to_auth_context( - &peer, GRPC_TLS_SPIFFE_TRANSPORT_SECURITY_TYPE); - const SpiffeCredentials* creds = - static_cast(channel_creds()); + *auth_context = + grpc_ssl_peer_to_auth_context(&peer, GRPC_TLS_TRANSPORT_SECURITY_TYPE); + const TlsCredentials* creds = + static_cast(channel_creds()); const grpc_tls_server_authorization_check_config* config = creds->options().server_authorization_check_config(); /* If server authorization config is not null, use it to perform @@ -216,10 +216,9 @@ void SpiffeChannelSecurityConnector::check_peer( tsi_peer_destruct(&peer); } -int SpiffeChannelSecurityConnector::cmp( +int TlsChannelSecurityConnector::cmp( const grpc_security_connector* other_sc) const { - auto* other = - reinterpret_cast(other_sc); + auto* other = reinterpret_cast(other_sc); int c = channel_security_connector_cmp(other); if (c != 0) { return c; @@ -229,7 +228,7 @@ int SpiffeChannelSecurityConnector::cmp( other->overridden_target_name_.get()); } -bool SpiffeChannelSecurityConnector::check_call_host( +bool TlsChannelSecurityConnector::check_call_host( grpc_core::StringView host, grpc_auth_context* auth_context, grpc_closure* on_call_host_checked, grpc_error** error) { return grpc_ssl_check_call_host(host, target_name_.get(), @@ -237,13 +236,13 @@ bool SpiffeChannelSecurityConnector::check_call_host( on_call_host_checked, error); } -void SpiffeChannelSecurityConnector::cancel_check_call_host( +void TlsChannelSecurityConnector::cancel_check_call_host( grpc_closure* /*on_call_host_checked*/, grpc_error* error) { GRPC_ERROR_UNREF(error); } grpc_core::RefCountedPtr -SpiffeChannelSecurityConnector::CreateSpiffeChannelSecurityConnector( +TlsChannelSecurityConnector::CreateTlsChannelSecurityConnector( grpc_core::RefCountedPtr channel_creds, grpc_core::RefCountedPtr request_metadata_creds, const char* target_name, const char* overridden_target_name, @@ -251,17 +250,17 @@ SpiffeChannelSecurityConnector::CreateSpiffeChannelSecurityConnector( if (channel_creds == nullptr) { gpr_log(GPR_ERROR, "channel_creds is nullptr in " - "SpiffeChannelSecurityConnectorCreate()"); + "TlsChannelSecurityConnectorCreate()"); return nullptr; } if (target_name == nullptr) { gpr_log(GPR_ERROR, "target_name is nullptr in " - "SpiffeChannelSecurityConnectorCreate()"); + "TlsChannelSecurityConnectorCreate()"); return nullptr; } - grpc_core::RefCountedPtr c = - grpc_core::MakeRefCounted( + grpc_core::RefCountedPtr c = + grpc_core::MakeRefCounted( std::move(channel_creds), std::move(request_metadata_creds), target_name, overridden_target_name); if (c->InitializeHandshakerFactory(ssl_session_cache) != GRPC_SECURITY_OK) { @@ -271,7 +270,7 @@ SpiffeChannelSecurityConnector::CreateSpiffeChannelSecurityConnector( return c; } -grpc_security_status SpiffeChannelSecurityConnector::ReplaceHandshakerFactory( +grpc_security_status TlsChannelSecurityConnector::ReplaceHandshakerFactory( tsi_ssl_session_cache* ssl_session_cache) { /* Free the client handshaker factory if exists. */ if (client_handshaker_factory_) { @@ -288,12 +287,11 @@ grpc_security_status SpiffeChannelSecurityConnector::ReplaceHandshakerFactory( return status; } -grpc_security_status -SpiffeChannelSecurityConnector::InitializeHandshakerFactory( +grpc_security_status TlsChannelSecurityConnector::InitializeHandshakerFactory( tsi_ssl_session_cache* ssl_session_cache) { grpc_core::MutexLock lock(&mu_); - const SpiffeCredentials* creds = - static_cast(channel_creds()); + const TlsCredentials* creds = + static_cast(channel_creds()); grpc_tls_key_materials_config* key_materials_config = creds->options().key_materials_config(); /* Copy key materials config from credential options. */ @@ -315,11 +313,10 @@ SpiffeChannelSecurityConnector::InitializeHandshakerFactory( return ReplaceHandshakerFactory(ssl_session_cache); } -grpc_security_status -SpiffeChannelSecurityConnector::RefreshHandshakerFactory() { +grpc_security_status TlsChannelSecurityConnector::RefreshHandshakerFactory() { grpc_core::MutexLock lock(&mu_); - const SpiffeCredentials* creds = - static_cast(channel_creds()); + const TlsCredentials* creds = + static_cast(channel_creds()); grpc_ssl_certificate_config_reload_status reload_status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED; if (TlsFetchKeyMaterials(key_materials_config_, creds->options(), @@ -334,18 +331,17 @@ SpiffeChannelSecurityConnector::RefreshHandshakerFactory() { } } -void SpiffeChannelSecurityConnector::ServerAuthorizationCheckDone( +void TlsChannelSecurityConnector::ServerAuthorizationCheckDone( grpc_tls_server_authorization_check_arg* arg) { GPR_ASSERT(arg != nullptr); grpc_core::ExecCtx exec_ctx; grpc_error* error = ProcessServerAuthorizationCheckResult(arg); - SpiffeChannelSecurityConnector* connector = - static_cast(arg->cb_user_data); + TlsChannelSecurityConnector* connector = + static_cast(arg->cb_user_data); grpc_core::ExecCtx::Run(DEBUG_LOCATION, connector->on_peer_checked_, error); } -grpc_error* -SpiffeChannelSecurityConnector::ProcessServerAuthorizationCheckResult( +grpc_error* TlsChannelSecurityConnector::ProcessServerAuthorizationCheckResult( grpc_tls_server_authorization_check_arg* arg) { grpc_error* error = GRPC_ERROR_NONE; char* msg = nullptr; @@ -377,7 +373,7 @@ SpiffeChannelSecurityConnector::ProcessServerAuthorizationCheckResult( } grpc_tls_server_authorization_check_arg* -SpiffeChannelSecurityConnector::ServerAuthorizationCheckArgCreate( +TlsChannelSecurityConnector::ServerAuthorizationCheckArgCreate( void* user_data) { grpc_tls_server_authorization_check_arg* arg = new grpc_tls_server_authorization_check_arg(); @@ -387,7 +383,7 @@ SpiffeChannelSecurityConnector::ServerAuthorizationCheckArgCreate( return arg; } -void SpiffeChannelSecurityConnector::ServerAuthorizationCheckArgDestroy( +void TlsChannelSecurityConnector::ServerAuthorizationCheckArgDestroy( grpc_tls_server_authorization_check_arg* arg) { if (arg == nullptr) { return; @@ -401,14 +397,14 @@ void SpiffeChannelSecurityConnector::ServerAuthorizationCheckArgDestroy( delete arg; } -SpiffeServerSecurityConnector::SpiffeServerSecurityConnector( +TlsServerSecurityConnector::TlsServerSecurityConnector( grpc_core::RefCountedPtr server_creds) : grpc_server_security_connector(GRPC_SSL_URL_SCHEME, std::move(server_creds)) { key_materials_config_ = grpc_tls_key_materials_config_create()->Ref(); } -SpiffeServerSecurityConnector::~SpiffeServerSecurityConnector() { +TlsServerSecurityConnector::~TlsServerSecurityConnector() { if (server_handshaker_factory_ != nullptr) { tsi_ssl_server_handshaker_factory_unref(server_handshaker_factory_); } @@ -417,7 +413,7 @@ SpiffeServerSecurityConnector::~SpiffeServerSecurityConnector() { } } -void SpiffeServerSecurityConnector::add_handshakers( +void TlsServerSecurityConnector::add_handshakers( const grpc_channel_args* args, grpc_pollset_set* /*interested_parties*/, grpc_core::HandshakeManager* handshake_mgr) { /* Refresh handshaker factory if needed. */ @@ -425,7 +421,7 @@ void SpiffeServerSecurityConnector::add_handshakers( gpr_log(GPR_ERROR, "Handshaker factory refresh failed."); return; } - /* Create a TLS SPIFFE TSI handshaker for server. */ + /* Create a TLS TSI handshaker for server. */ tsi_handshaker* tsi_hs = nullptr; tsi_result result = tsi_ssl_server_handshaker_factory_create_handshaker( server_handshaker_factory_, &tsi_hs); @@ -437,34 +433,34 @@ void SpiffeServerSecurityConnector::add_handshakers( handshake_mgr->Add(grpc_core::SecurityHandshakerCreate(tsi_hs, this, args)); } -void SpiffeServerSecurityConnector::check_peer( +void TlsServerSecurityConnector::check_peer( tsi_peer peer, grpc_endpoint* /*ep*/, grpc_core::RefCountedPtr* auth_context, grpc_closure* on_peer_checked) { grpc_error* error = grpc_ssl_check_alpn(&peer); - *auth_context = grpc_ssl_peer_to_auth_context( - &peer, GRPC_TLS_SPIFFE_TRANSPORT_SECURITY_TYPE); + *auth_context = + grpc_ssl_peer_to_auth_context(&peer, GRPC_TLS_TRANSPORT_SECURITY_TYPE); tsi_peer_destruct(&peer); grpc_core::ExecCtx::Run(DEBUG_LOCATION, on_peer_checked, error); } -int SpiffeServerSecurityConnector::cmp( +int TlsServerSecurityConnector::cmp( const grpc_security_connector* other) const { return server_security_connector_cmp( static_cast(other)); } grpc_core::RefCountedPtr -SpiffeServerSecurityConnector::CreateSpiffeServerSecurityConnector( +TlsServerSecurityConnector::CreateTlsServerSecurityConnector( grpc_core::RefCountedPtr server_creds) { if (server_creds == nullptr) { gpr_log(GPR_ERROR, "server_creds is nullptr in " - "SpiffeServerSecurityConnectorCreate()"); + "TlsServerSecurityConnectorCreate()"); return nullptr; } - grpc_core::RefCountedPtr c = - grpc_core::MakeRefCounted( + grpc_core::RefCountedPtr c = + grpc_core::MakeRefCounted( std::move(server_creds)); if (c->InitializeHandshakerFactory() != GRPC_SECURITY_OK) { gpr_log(GPR_ERROR, "Could not initialize server handshaker factory."); @@ -473,9 +469,9 @@ SpiffeServerSecurityConnector::CreateSpiffeServerSecurityConnector( return c; } -grpc_security_status SpiffeServerSecurityConnector::ReplaceHandshakerFactory() { - const SpiffeServerCredentials* creds = - static_cast(server_creds()); +grpc_security_status TlsServerSecurityConnector::ReplaceHandshakerFactory() { + const TlsServerCredentials* creds = + static_cast(server_creds()); /* Free the server handshaker factory if exists. */ if (server_handshaker_factory_) { tsi_ssl_server_handshaker_factory_unref(server_handshaker_factory_); @@ -495,11 +491,10 @@ grpc_security_status SpiffeServerSecurityConnector::ReplaceHandshakerFactory() { return status; } -grpc_security_status -SpiffeServerSecurityConnector::InitializeHandshakerFactory() { +grpc_security_status TlsServerSecurityConnector::InitializeHandshakerFactory() { grpc_core::MutexLock lock(&mu_); - const SpiffeServerCredentials* creds = - static_cast(server_creds()); + const TlsServerCredentials* creds = + static_cast(server_creds()); grpc_tls_key_materials_config* key_materials_config = creds->options().key_materials_config(); if (key_materials_config != nullptr) { @@ -520,10 +515,10 @@ SpiffeServerSecurityConnector::InitializeHandshakerFactory() { return ReplaceHandshakerFactory(); } -grpc_security_status SpiffeServerSecurityConnector::RefreshHandshakerFactory() { +grpc_security_status TlsServerSecurityConnector::RefreshHandshakerFactory() { grpc_core::MutexLock lock(&mu_); - const SpiffeServerCredentials* creds = - static_cast(server_creds()); + const TlsServerCredentials* creds = + static_cast(server_creds()); grpc_ssl_certificate_config_reload_status reload_status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED; if (TlsFetchKeyMaterials(key_materials_config_, creds->options(), diff --git a/src/core/lib/security/security_connector/tls/spiffe_security_connector.h b/src/core/lib/security/security_connector/tls/tls_security_connector.h similarity index 85% rename from src/core/lib/security/security_connector/tls/spiffe_security_connector.h rename to src/core/lib/security/security_connector/tls/tls_security_connector.h index 8de2bfcd3a4..c669c6b9b75 100644 --- a/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +++ b/src/core/lib/security/security_connector/tls/tls_security_connector.h @@ -16,8 +16,8 @@ * */ -#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_TLS_SPIFFE_SECURITY_CONNECTOR_H -#define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_TLS_SPIFFE_SECURITY_CONNECTOR_H +#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_TLS_TLS_SECURITY_CONNECTOR_H +#define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_TLS_TLS_SECURITY_CONNECTOR_H #include @@ -25,27 +25,27 @@ #include "src/core/lib/security/context/security_context.h" #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h" -#define GRPC_TLS_SPIFFE_TRANSPORT_SECURITY_TYPE "spiffe" +#define GRPC_TLS_TRANSPORT_SECURITY_TYPE "tls" namespace grpc_core { -// Spiffe channel security connector. -class SpiffeChannelSecurityConnector final +// TLS channel security connector. +class TlsChannelSecurityConnector final : public grpc_channel_security_connector { public: - // static factory method to create a SPIFFE channel security connector. + // static factory method to create a TLS channel security connector. static grpc_core::RefCountedPtr - CreateSpiffeChannelSecurityConnector( + CreateTlsChannelSecurityConnector( grpc_core::RefCountedPtr channel_creds, grpc_core::RefCountedPtr request_metadata_creds, const char* target_name, const char* overridden_target_name, tsi_ssl_session_cache* ssl_session_cache); - SpiffeChannelSecurityConnector( + TlsChannelSecurityConnector( grpc_core::RefCountedPtr channel_creds, grpc_core::RefCountedPtr request_metadata_creds, const char* target_name, const char* overridden_target_name); - ~SpiffeChannelSecurityConnector() override; + ~TlsChannelSecurityConnector() override; void add_handshakers(const grpc_channel_args* args, grpc_pollset_set* interested_parties, @@ -105,18 +105,17 @@ class SpiffeChannelSecurityConnector final grpc_core::RefCountedPtr key_materials_config_; }; -// Spiffe server security connector. -class SpiffeServerSecurityConnector final - : public grpc_server_security_connector { +// TLS server security connector. +class TlsServerSecurityConnector final : public grpc_server_security_connector { public: - // static factory method to create a SPIFFE server security connector. + // static factory method to create a TLS server security connector. static grpc_core::RefCountedPtr - CreateSpiffeServerSecurityConnector( + CreateTlsServerSecurityConnector( grpc_core::RefCountedPtr server_creds); - explicit SpiffeServerSecurityConnector( + explicit TlsServerSecurityConnector( grpc_core::RefCountedPtr server_creds); - ~SpiffeServerSecurityConnector() override; + ~TlsServerSecurityConnector() override; void add_handshakers(const grpc_channel_args* args, grpc_pollset_set* interested_parties, @@ -154,5 +153,5 @@ grpc_status_code TlsFetchKeyMaterials( } // namespace grpc_core -#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_TLS_SPIFFE_SECURITY_CONNECTOR_H \ +#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_TLS_TLS_SECURITY_CONNECTOR_H \ */ diff --git a/src/cpp/client/secure_credentials.cc b/src/cpp/client/secure_credentials.cc index a5a0794be15..ca326974f01 100644 --- a/src/cpp/client/secure_credentials.cc +++ b/src/cpp/client/secure_credentials.cc @@ -282,7 +282,7 @@ std::shared_ptr LocalCredentials( std::shared_ptr TlsCredentials( const TlsCredentialsOptions& options) { return WrapChannelCredentials( - grpc_tls_spiffe_credentials_create(options.c_credentials_options())); + grpc_tls_credentials_create(options.c_credentials_options())); } } // namespace experimental diff --git a/src/cpp/server/secure_server_credentials.cc b/src/cpp/server/secure_server_credentials.cc index 81b99913000..205ebc7872f 100644 --- a/src/cpp/server/secure_server_credentials.cc +++ b/src/cpp/server/secure_server_credentials.cc @@ -149,9 +149,8 @@ std::shared_ptr LocalServerCredentials( std::shared_ptr TlsServerCredentials( const TlsCredentialsOptions& options) { - return std::shared_ptr( - new SecureServerCredentials(grpc_tls_spiffe_server_credentials_create( - options.c_credentials_options()))); + return std::shared_ptr(new SecureServerCredentials( + grpc_tls_server_credentials_create(options.c_credentials_options()))); } } // namespace experimental diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py index 31458933f5f..a8bb3f8863e 100644 --- a/src/python/grpcio/grpc_core_dependencies.py +++ b/src/python/grpcio/grpc_core_dependencies.py @@ -341,7 +341,7 @@ CORE_SOURCE_FILES = [ 'src/core/lib/security/credentials/plugin/plugin_credentials.cc', 'src/core/lib/security/credentials/ssl/ssl_credentials.cc', 'src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc', - 'src/core/lib/security/credentials/tls/spiffe_credentials.cc', + 'src/core/lib/security/credentials/tls/tls_credentials.cc', 'src/core/lib/security/security_connector/alts/alts_security_connector.cc', 'src/core/lib/security/security_connector/fake/fake_security_connector.cc', 'src/core/lib/security/security_connector/load_system_roots_fallback.cc', @@ -351,7 +351,7 @@ CORE_SOURCE_FILES = [ 'src/core/lib/security/security_connector/ssl/ssl_security_connector.cc', 'src/core/lib/security/security_connector/ssl_utils.cc', 'src/core/lib/security/security_connector/ssl_utils_config.cc', - 'src/core/lib/security/security_connector/tls/spiffe_security_connector.cc', + 'src/core/lib/security/security_connector/tls/tls_security_connector.cc', 'src/core/lib/security/transport/client_auth_filter.cc', 'src/core/lib/security/transport/secure_endpoint.cc', 'src/core/lib/security/transport/security_handshaker.cc', diff --git a/test/core/end2end/fixtures/h2_spiffe.cc b/test/core/end2end/fixtures/h2_tls.cc similarity index 94% rename from test/core/end2end/fixtures/h2_spiffe.cc rename to test/core/end2end/fixtures/h2_tls.cc index 306e94fd1b2..905f470bd8a 100644 --- a/test/core/end2end/fixtures/h2_spiffe.cc +++ b/test/core/end2end/fixtures/h2_tls.cc @@ -128,7 +128,7 @@ static int server_authz_check_async( fullstack_secure_fixture_data* ffd = static_cast(config_user_data); ffd->thd_list.push_back( - grpc_core::Thread("h2_spiffe_test", &server_authz_check_cb, arg)); + grpc_core::Thread("h2_tls_test", &server_authz_check_cb, arg)); ffd->thd_list[ffd->thd_list.size() - 1].Start(); return 1; } @@ -189,8 +189,8 @@ static int server_cred_reload_sync(void* /*config_user_data*/, return 0; } -// Create a SPIFFE channel credential. -static grpc_channel_credentials* create_spiffe_channel_credentials( +// Create a TLS channel credential. +static grpc_channel_credentials* create_tls_channel_credentials( fullstack_secure_fixture_data* ffd) { grpc_tls_credentials_options* options = grpc_tls_credentials_options_create(); /* Set credential reload config. */ @@ -205,13 +205,13 @@ static grpc_channel_credentials* create_spiffe_channel_credentials( ffd, server_authz_check_async, nullptr, nullptr); grpc_tls_credentials_options_set_server_authorization_check_config( options, check_config); - /* Create SPIFFE channel credentials. */ - grpc_channel_credentials* creds = grpc_tls_spiffe_credentials_create(options); + /* Create TLS channel credentials. */ + grpc_channel_credentials* creds = grpc_tls_credentials_create(options); return creds; } -// Create a SPIFFE server credential. -static grpc_server_credentials* create_spiffe_server_credentials() { +// Create a TLS server credential. +static grpc_server_credentials* create_tls_server_credentials() { grpc_tls_credentials_options* options = grpc_tls_credentials_options_create(); /* Set credential reload config. */ grpc_tls_credential_reload_config* reload_config = @@ -222,14 +222,13 @@ static grpc_server_credentials* create_spiffe_server_credentials() { /* Set client certificate request type. */ grpc_tls_credentials_options_set_cert_request_type( options, GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY); - grpc_server_credentials* creds = - grpc_tls_spiffe_server_credentials_create(options); + grpc_server_credentials* creds = grpc_tls_server_credentials_create(options); return creds; } static void chttp2_init_client(grpc_end2end_test_fixture* f, grpc_channel_args* client_args) { - grpc_channel_credentials* ssl_creds = create_spiffe_channel_credentials( + grpc_channel_credentials* ssl_creds = create_tls_channel_credentials( static_cast(f->fixture_data)); grpc_arg ssl_name_override = { GRPC_ARG_STRING, @@ -255,7 +254,7 @@ static int fail_server_auth_check(grpc_channel_args* server_args) { static void chttp2_init_server(grpc_end2end_test_fixture* f, grpc_channel_args* server_args) { - grpc_server_credentials* ssl_creds = create_spiffe_server_credentials(); + grpc_server_credentials* ssl_creds = create_tls_server_credentials(); if (fail_server_auth_check(server_args)) { grpc_auth_metadata_processor processor = {process_auth_failure, nullptr, nullptr}; diff --git a/test/core/end2end/generate_tests.bzl b/test/core/end2end/generate_tests.bzl index 3aa40ca4f88..38efc2f1cae 100755 --- a/test/core/end2end/generate_tests.bzl +++ b/test/core/end2end/generate_tests.bzl @@ -88,7 +88,7 @@ END2END_FIXTURES = { ), "h2_ssl": _fixture_options(secure = True), "h2_ssl_cred_reload": _fixture_options(secure = True), - "h2_spiffe": _fixture_options(secure = True), + "h2_tls": _fixture_options(secure = True), "h2_local_uds": _fixture_options(secure = True, dns_resolver = False, _platforms = ["linux", "mac", "posix"]), "h2_local_ipv4": _fixture_options(secure = True, dns_resolver = False, _platforms = ["linux", "mac", "posix"]), "h2_local_ipv6": _fixture_options(secure = True, dns_resolver = False, _platforms = ["linux", "mac", "posix"]), diff --git a/test/core/security/BUILD b/test/core/security/BUILD index 7d07157478d..25fd11e0ca0 100644 --- a/test/core/security/BUILD +++ b/test/core/security/BUILD @@ -259,8 +259,8 @@ grpc_cc_test( ) grpc_cc_test( - name = "spiffe_security_connector_test", - srcs = ["spiffe_security_connector_test.cc"], + name = "tls_security_connector_test", + srcs = ["tls_security_connector_test.cc"], external_deps = [ "gtest", ], diff --git a/test/core/security/spiffe_security_connector_test.cc b/test/core/security/tls_security_connector_test.cc similarity index 85% rename from test/core/security/spiffe_security_connector_test.cc rename to test/core/security/tls_security_connector_test.cc index 406c539dd1e..bab6575a19e 100644 --- a/test/core/security/spiffe_security_connector_test.cc +++ b/test/core/security/tls_security_connector_test.cc @@ -25,7 +25,7 @@ #include #include -#include "src/core/lib/security/security_connector/tls/spiffe_security_connector.h" +#include "src/core/lib/security/security_connector/tls/tls_security_connector.h" #include "test/core/end2end/data/ssl_test_data.h" #include "test/core/util/test_config.h" @@ -75,9 +75,9 @@ int CredReloadAsync(void* /*config_user_data*/, namespace grpc { namespace testing { -class SpiffeSecurityConnectorTest : public ::testing::Test { +class TlsSecurityConnectorTest : public ::testing::Test { protected: - SpiffeSecurityConnectorTest() {} + TlsSecurityConnectorTest() {} void SetUp() override { options_ = grpc_tls_credentials_options_create()->Ref(); config_ = grpc_tls_key_materials_config_create()->Ref(); @@ -115,7 +115,7 @@ class SpiffeSecurityConnectorTest : public ::testing::Test { grpc_core::RefCountedPtr config_; }; -TEST_F(SpiffeSecurityConnectorTest, NoKeysAndConfig) { +TEST_F(TlsSecurityConnectorTest, NoKeysAndConfig) { grpc_ssl_certificate_config_reload_status reload_status; grpc_status_code status = TlsFetchKeyMaterials(config_, *options_, &reload_status); @@ -123,7 +123,7 @@ TEST_F(SpiffeSecurityConnectorTest, NoKeysAndConfig) { options_->Unref(); } -TEST_F(SpiffeSecurityConnectorTest, NoKeySuccessReload) { +TEST_F(TlsSecurityConnectorTest, NoKeySuccessReload) { grpc_ssl_certificate_config_reload_status reload_status; SetOptions(SUCCESS); grpc_status_code status = @@ -133,7 +133,7 @@ TEST_F(SpiffeSecurityConnectorTest, NoKeySuccessReload) { options_->Unref(); } -TEST_F(SpiffeSecurityConnectorTest, NoKeyFailReload) { +TEST_F(TlsSecurityConnectorTest, NoKeyFailReload) { grpc_ssl_certificate_config_reload_status reload_status; SetOptions(FAIL); grpc_status_code status = @@ -143,7 +143,7 @@ TEST_F(SpiffeSecurityConnectorTest, NoKeyFailReload) { options_->Unref(); } -TEST_F(SpiffeSecurityConnectorTest, NoKeyAsyncReload) { +TEST_F(TlsSecurityConnectorTest, NoKeyAsyncReload) { grpc_ssl_certificate_config_reload_status reload_status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED; SetOptions(ASYNC); @@ -154,7 +154,7 @@ TEST_F(SpiffeSecurityConnectorTest, NoKeyAsyncReload) { options_->Unref(); } -TEST_F(SpiffeSecurityConnectorTest, NoKeyUnchangedReload) { +TEST_F(TlsSecurityConnectorTest, NoKeyUnchangedReload) { grpc_ssl_certificate_config_reload_status reload_status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED; SetOptions(UNCHANGED); @@ -165,7 +165,7 @@ TEST_F(SpiffeSecurityConnectorTest, NoKeyUnchangedReload) { options_->Unref(); } -TEST_F(SpiffeSecurityConnectorTest, WithKeyNoReload) { +TEST_F(TlsSecurityConnectorTest, WithKeyNoReload) { grpc_ssl_certificate_config_reload_status reload_status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED; SetKeyMaterialsConfig(); @@ -175,7 +175,7 @@ TEST_F(SpiffeSecurityConnectorTest, WithKeyNoReload) { options_->Unref(); } -TEST_F(SpiffeSecurityConnectorTest, WithKeySuccessReload) { +TEST_F(TlsSecurityConnectorTest, WithKeySuccessReload) { grpc_ssl_certificate_config_reload_status reload_status; SetOptions(SUCCESS); SetKeyMaterialsConfig(); @@ -186,7 +186,7 @@ TEST_F(SpiffeSecurityConnectorTest, WithKeySuccessReload) { options_->Unref(); } -TEST_F(SpiffeSecurityConnectorTest, WithKeyFailReload) { +TEST_F(TlsSecurityConnectorTest, WithKeyFailReload) { grpc_ssl_certificate_config_reload_status reload_status; SetOptions(FAIL); SetKeyMaterialsConfig(); @@ -197,7 +197,7 @@ TEST_F(SpiffeSecurityConnectorTest, WithKeyFailReload) { options_->Unref(); } -TEST_F(SpiffeSecurityConnectorTest, WithKeyAsyncReload) { +TEST_F(TlsSecurityConnectorTest, WithKeyAsyncReload) { grpc_ssl_certificate_config_reload_status reload_status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED; SetOptions(ASYNC); @@ -209,7 +209,7 @@ TEST_F(SpiffeSecurityConnectorTest, WithKeyAsyncReload) { options_->Unref(); } -TEST_F(SpiffeSecurityConnectorTest, WithKeyUnchangedReload) { +TEST_F(TlsSecurityConnectorTest, WithKeyUnchangedReload) { grpc_ssl_certificate_config_reload_status reload_status = GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED; SetOptions(UNCHANGED); @@ -221,10 +221,10 @@ TEST_F(SpiffeSecurityConnectorTest, WithKeyUnchangedReload) { options_->Unref(); } -TEST_F(SpiffeSecurityConnectorTest, CreateChannelSecurityConnectorSuccess) { +TEST_F(TlsSecurityConnectorTest, CreateChannelSecurityConnectorSuccess) { SetOptions(SUCCESS); auto cred = std::unique_ptr( - grpc_tls_spiffe_credentials_create(options_.get())); + grpc_tls_credentials_create(options_.get())); const char* target_name = "some_target"; grpc_channel_args* new_args = nullptr; auto connector = @@ -233,39 +233,39 @@ TEST_F(SpiffeSecurityConnectorTest, CreateChannelSecurityConnectorSuccess) { grpc_channel_args_destroy(new_args); } -TEST_F(SpiffeSecurityConnectorTest, +TEST_F(TlsSecurityConnectorTest, CreateChannelSecurityConnectorFailNoTargetName) { SetOptions(SUCCESS); auto cred = std::unique_ptr( - grpc_tls_spiffe_credentials_create(options_.get())); + grpc_tls_credentials_create(options_.get())); grpc_channel_args* new_args = nullptr; auto connector = cred->create_security_connector(nullptr, nullptr, nullptr, &new_args); EXPECT_EQ(connector, nullptr); } -TEST_F(SpiffeSecurityConnectorTest, CreateChannelSecurityConnectorFailInit) { +TEST_F(TlsSecurityConnectorTest, CreateChannelSecurityConnectorFailInit) { SetOptions(FAIL); auto cred = std::unique_ptr( - grpc_tls_spiffe_credentials_create(options_.get())); + grpc_tls_credentials_create(options_.get())); grpc_channel_args* new_args = nullptr; auto connector = cred->create_security_connector(nullptr, nullptr, nullptr, &new_args); EXPECT_EQ(connector, nullptr); } -TEST_F(SpiffeSecurityConnectorTest, CreateServerSecurityConnectorSuccess) { +TEST_F(TlsSecurityConnectorTest, CreateServerSecurityConnectorSuccess) { SetOptions(SUCCESS); auto cred = std::unique_ptr( - grpc_tls_spiffe_server_credentials_create(options_.get())); + grpc_tls_server_credentials_create(options_.get())); auto connector = cred->create_security_connector(); EXPECT_NE(connector, nullptr); } -TEST_F(SpiffeSecurityConnectorTest, CreateServerSecurityConnectorFailInit) { +TEST_F(TlsSecurityConnectorTest, CreateServerSecurityConnectorFailInit) { SetOptions(FAIL); auto cred = std::unique_ptr( - grpc_tls_spiffe_server_credentials_create(options_.get())); + grpc_tls_server_credentials_create(options_.get())); auto connector = cred->create_security_connector(); EXPECT_EQ(connector, nullptr); } diff --git a/test/cpp/client/credentials_test.cc b/test/cpp/client/credentials_test.cc index de7dc91353f..07c428de084 100644 --- a/test/cpp/client/credentials_test.cc +++ b/test/cpp/client/credentials_test.cc @@ -648,7 +648,7 @@ TEST_F(CredentialsTest, TlsCredentialsOptionsCppToC) { } // This test demonstrates how the SPIFFE credentials will be used. -TEST_F(CredentialsTest, LoadSpiffeChannelCredentials) { +TEST_F(CredentialsTest, LoadTlsChannelCredentials) { std::shared_ptr test_credential_reload( new TestTlsCredentialReload()); std::shared_ptr credential_reload_config( diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal index 82538fe6883..c4e0efff000 100644 --- a/tools/doxygen/Doxyfile.core.internal +++ b/tools/doxygen/Doxyfile.core.internal @@ -1487,8 +1487,8 @@ src/core/lib/security/credentials/ssl/ssl_credentials.cc \ src/core/lib/security/credentials/ssl/ssl_credentials.h \ src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc \ src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h \ -src/core/lib/security/credentials/tls/spiffe_credentials.cc \ -src/core/lib/security/credentials/tls/spiffe_credentials.h \ +src/core/lib/security/credentials/tls/tls_credentials.cc \ +src/core/lib/security/credentials/tls/tls_credentials.h \ src/core/lib/security/security_connector/alts/alts_security_connector.cc \ src/core/lib/security/security_connector/alts/alts_security_connector.h \ src/core/lib/security/security_connector/fake/fake_security_connector.cc \ @@ -1507,8 +1507,8 @@ src/core/lib/security/security_connector/ssl_utils.cc \ src/core/lib/security/security_connector/ssl_utils.h \ src/core/lib/security/security_connector/ssl_utils_config.cc \ src/core/lib/security/security_connector/ssl_utils_config.h \ -src/core/lib/security/security_connector/tls/spiffe_security_connector.cc \ -src/core/lib/security/security_connector/tls/spiffe_security_connector.h \ +src/core/lib/security/security_connector/tls/tls_security_connector.cc \ +src/core/lib/security/security_connector/tls/tls_security_connector.h \ src/core/lib/security/transport/auth_filters.h \ src/core/lib/security/transport/client_auth_filter.cc \ src/core/lib/security/transport/secure_endpoint.cc \ diff --git a/tools/run_tests/generated/tests.json b/tools/run_tests/generated/tests.json index 8c4283846b1..fd10fbc679e 100644 --- a/tools/run_tests/generated/tests.json +++ b/tools/run_tests/generated/tests.json @@ -4726,7 +4726,7 @@ "flaky": false, "gtest": true, "language": "c++", - "name": "grpc_spiffe_security_connector_test", + "name": "grpc_tls_security_connector_test", "platforms": [ "linux", "mac",