From b73cbc27091090d1213485cf5dd2ad097b2ebd20 Mon Sep 17 00:00:00 2001 From: Julien Boeuf Date: Tue, 20 Oct 2015 21:52:54 -0700 Subject: [PATCH] Addressing comments. The composite channel credentials creation does not change the passed-in channel creds anymore. --- src/core/security/credentials.c | 191 ++++++++++-------- src/core/security/credentials.h | 19 +- test/core/security/credentials_test.c | 126 ++++++++---- .../print_google_default_creds_token.c | 6 +- 4 files changed, 213 insertions(+), 129 deletions(-) diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c index 2674003962e..5c9d89c7646 100644 --- a/src/core/security/credentials.c +++ b/src/core/security/credentials.c @@ -87,8 +87,7 @@ grpc_channel_credentials *grpc_channel_credentials_ref( void grpc_channel_credentials_unref(grpc_channel_credentials *creds) { if (creds == NULL) return; if (gpr_unref(&creds->refcount)) { - creds->vtable->destruct(creds); - grpc_call_credentials_unref(creds->call_creds); + if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds); gpr_free(creds); } } @@ -107,7 +106,7 @@ grpc_call_credentials *grpc_call_credentials_ref(grpc_call_credentials *creds) { void grpc_call_credentials_unref(grpc_call_credentials *creds) { if (creds == NULL) return; if (gpr_unref(&creds->refcount)) { - creds->vtable->destruct(creds); + if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds); gpr_free(creds); } } @@ -135,14 +134,12 @@ grpc_security_status grpc_channel_credentials_create_security_connector( const grpc_channel_args *args, grpc_channel_security_connector **sc, grpc_channel_args **new_args) { *new_args = NULL; - if (channel_creds == NULL || - channel_creds->vtable->create_security_connector == NULL) { - gpr_log(GPR_ERROR, - "Invalid credentials for creating a security connector."); + if (channel_creds == NULL) { return GRPC_SECURITY_ERROR; } - return channel_creds->vtable->create_security_connector(channel_creds, target, - args, sc, new_args); + GPR_ASSERT(channel_creds->vtable->create_security_connector != NULL); + return channel_creds->vtable->create_security_connector( + channel_creds, NULL, target, args, sc, new_args); } grpc_server_credentials *grpc_server_credentials_ref( @@ -155,7 +152,7 @@ grpc_server_credentials *grpc_server_credentials_ref( void grpc_server_credentials_unref(grpc_server_credentials *creds) { if (creds == NULL) return; if (gpr_unref(&creds->refcount)) { - creds->vtable->destruct(creds); + if (creds->vtable->destruct != NULL) creds->vtable->destruct(creds); if (creds->processor.destroy != NULL && creds->processor.state != NULL) { creds->processor.destroy(creds->processor.state); } @@ -265,8 +262,8 @@ static void ssl_server_destruct(grpc_server_credentials *creds) { } static grpc_security_status ssl_create_security_connector( - grpc_channel_credentials *creds, const char *target, - const grpc_channel_args *args, + grpc_channel_credentials *creds, grpc_call_credentials *call_creds, + const char *target, const grpc_channel_args *args, grpc_channel_security_connector **sc, grpc_channel_args **new_args) { grpc_ssl_credentials *c = (grpc_ssl_credentials *)creds; grpc_security_status status = GRPC_SECURITY_OK; @@ -283,7 +280,7 @@ static grpc_security_status ssl_create_security_connector( } } status = grpc_ssl_channel_security_connector_create( - creds->call_creds, &c->config, target, overridden_target_name, sc); + call_creds, &c->config, target, overridden_target_name, sc); if (status != GRPC_SECURITY_OK) { return status; } @@ -875,21 +872,11 @@ grpc_call_credentials *grpc_access_token_credentials_create( /* -- Fake transport security credentials. -- */ -static void fake_transport_security_credentials_destruct( - grpc_channel_credentials *creds) { - /* Nothing to do here. */ -} - -static void fake_transport_security_server_credentials_destruct( - grpc_server_credentials *creds) { - /* Nothing to do here. */ -} - static grpc_security_status fake_transport_security_create_security_connector( - grpc_channel_credentials *c, const char *target, - const grpc_channel_args *args, grpc_channel_security_connector **sc, - grpc_channel_args **new_args) { - *sc = grpc_fake_channel_security_connector_create(c->call_creds, 1); + grpc_channel_credentials *c, grpc_call_credentials *call_creds, + const char *target, const grpc_channel_args *args, + grpc_channel_security_connector **sc, grpc_channel_args **new_args) { + *sc = grpc_fake_channel_security_connector_create(call_creds, 1); return GRPC_SECURITY_OK; } @@ -902,13 +889,11 @@ fake_transport_security_server_create_security_connector( static grpc_channel_credentials_vtable fake_transport_security_credentials_vtable = { - fake_transport_security_credentials_destruct, - fake_transport_security_create_security_connector}; + NULL, fake_transport_security_create_security_connector}; static grpc_server_credentials_vtable fake_transport_security_server_credentials_vtable = { - fake_transport_security_server_credentials_destruct, - fake_transport_security_server_create_security_connector}; + NULL, fake_transport_security_server_create_security_connector}; grpc_channel_credentials *grpc_fake_transport_security_credentials_create( void) { @@ -930,20 +915,20 @@ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( return c; } -/* -- Composite credentials. -- */ +/* -- Composite call credentials. -- */ typedef struct { - grpc_composite_credentials *composite_creds; + grpc_composite_call_credentials *composite_creds; size_t creds_index; grpc_credentials_md_store *md_elems; char *service_url; void *user_data; grpc_pollset *pollset; grpc_credentials_metadata_cb cb; -} grpc_composite_credentials_metadata_context; +} grpc_composite_call_credentials_metadata_context; -static void composite_destruct(grpc_call_credentials *creds) { - grpc_composite_credentials *c = (grpc_composite_credentials *)creds; +static void composite_call_destruct(grpc_call_credentials *creds) { + grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; size_t i; for (i = 0; i < c->inner.num_creds; i++) { grpc_call_credentials_unref(c->inner.creds_array[i]); @@ -951,18 +936,19 @@ static void composite_destruct(grpc_call_credentials *creds) { gpr_free(c->inner.creds_array); } -static void composite_md_context_destroy( - grpc_composite_credentials_metadata_context *ctx) { +static void composite_call_md_context_destroy( + grpc_composite_call_credentials_metadata_context *ctx) { grpc_credentials_md_store_unref(ctx->md_elems); if (ctx->service_url != NULL) gpr_free(ctx->service_url); gpr_free(ctx); } -static void composite_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data, - grpc_credentials_md *md_elems, size_t num_md, - grpc_credentials_status status) { - grpc_composite_credentials_metadata_context *ctx = - (grpc_composite_credentials_metadata_context *)user_data; +static void composite_call_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data, + grpc_credentials_md *md_elems, + size_t num_md, + grpc_credentials_status status) { + grpc_composite_call_credentials_metadata_context *ctx = + (grpc_composite_call_credentials_metadata_context *)user_data; if (status != GRPC_CREDENTIALS_OK) { ctx->cb(exec_ctx, ctx->user_data, NULL, 0, status); return; @@ -983,24 +969,24 @@ static void composite_metadata_cb(grpc_exec_ctx *exec_ctx, void *user_data, ctx->composite_creds->inner.creds_array[ctx->creds_index++]; grpc_call_credentials_get_request_metadata(exec_ctx, inner_creds, ctx->pollset, ctx->service_url, - composite_metadata_cb, ctx); + composite_call_metadata_cb, ctx); return; } /* We're done!. */ ctx->cb(exec_ctx, ctx->user_data, ctx->md_elems->entries, ctx->md_elems->num_entries, GRPC_CREDENTIALS_OK); - composite_md_context_destroy(ctx); + composite_call_md_context_destroy(ctx); } -static void composite_get_request_metadata( +static void composite_call_get_request_metadata( grpc_exec_ctx *exec_ctx, grpc_call_credentials *creds, grpc_pollset *pollset, const char *service_url, grpc_credentials_metadata_cb cb, void *user_data) { - grpc_composite_credentials *c = (grpc_composite_credentials *)creds; - grpc_composite_credentials_metadata_context *ctx; + grpc_composite_call_credentials *c = (grpc_composite_call_credentials *)creds; + grpc_composite_call_credentials_metadata_context *ctx; - ctx = gpr_malloc(sizeof(grpc_composite_credentials_metadata_context)); - memset(ctx, 0, sizeof(grpc_composite_credentials_metadata_context)); + ctx = gpr_malloc(sizeof(grpc_composite_call_credentials_metadata_context)); + memset(ctx, 0, sizeof(grpc_composite_call_credentials_metadata_context)); ctx->service_url = gpr_strdup(service_url); ctx->user_data = user_data; ctx->cb = cb; @@ -1009,11 +995,11 @@ static void composite_get_request_metadata( ctx->md_elems = grpc_credentials_md_store_create(c->inner.num_creds); grpc_call_credentials_get_request_metadata( exec_ctx, c->inner.creds_array[ctx->creds_index++], pollset, service_url, - composite_metadata_cb, ctx); + composite_call_metadata_cb, ctx); } -static grpc_call_credentials_vtable composite_credentials_vtable = { - composite_destruct, composite_get_request_metadata}; +static grpc_call_credentials_vtable composite_call_credentials_vtable = { + composite_call_destruct, composite_call_get_request_metadata}; static grpc_call_credentials_array get_creds_array( grpc_call_credentials **creds_addr) { @@ -1022,7 +1008,7 @@ static grpc_call_credentials_array get_creds_array( result.creds_array = creds_addr; result.num_creds = 1; if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) { - result = *grpc_composite_credentials_get_credentials(creds); + result = *grpc_composite_call_credentials_get_credentials(creds); } return result; } @@ -1034,18 +1020,18 @@ grpc_call_credentials *grpc_composite_call_credentials_create( size_t creds_array_byte_size; grpc_call_credentials_array creds1_array; grpc_call_credentials_array creds2_array; - grpc_composite_credentials *c; + grpc_composite_call_credentials *c; GRPC_API_TRACE( - "grpc_composite_credentials_create(creds1=%p, creds2=%p, " + "grpc_composite_call_credentials_create(creds1=%p, creds2=%p, " "reserved=%p)", 3, (creds1, creds2, reserved)); GPR_ASSERT(reserved == NULL); GPR_ASSERT(creds1 != NULL); GPR_ASSERT(creds2 != NULL); - c = gpr_malloc(sizeof(grpc_composite_credentials)); - memset(c, 0, sizeof(grpc_composite_credentials)); + c = gpr_malloc(sizeof(grpc_composite_call_credentials)); + memset(c, 0, sizeof(grpc_composite_call_credentials)); c->base.type = GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE; - c->base.vtable = &composite_credentials_vtable; + c->base.vtable = &composite_call_credentials_vtable; gpr_ref_init(&c->base.refcount, 1); creds1_array = get_creds_array(&creds1); creds2_array = get_creds_array(&creds2); @@ -1065,10 +1051,10 @@ grpc_call_credentials *grpc_composite_call_credentials_create( return &c->base; } -const grpc_call_credentials_array *grpc_composite_credentials_get_credentials( - grpc_call_credentials *creds) { - const grpc_composite_credentials *c = - (const grpc_composite_credentials *)creds; +const grpc_call_credentials_array * +grpc_composite_call_credentials_get_credentials(grpc_call_credentials *creds) { + const grpc_composite_call_credentials *c = + (const grpc_composite_call_credentials *)creds; GPR_ASSERT(strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0); return &c->inner; } @@ -1082,7 +1068,7 @@ grpc_call_credentials *grpc_credentials_contains_type( return creds; } else if (strcmp(creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0) { const grpc_call_credentials_array *inner_creds_array = - grpc_composite_credentials_get_credentials(creds); + grpc_composite_call_credentials_get_credentials(creds); for (i = 0; i < inner_creds_array->num_creds; i++) { if (strcmp(type, inner_creds_array->creds_array[i]->type) == 0) { if (composite_creds != NULL) *composite_creds = creds; @@ -1093,24 +1079,6 @@ grpc_call_credentials *grpc_credentials_contains_type( return NULL; } -grpc_channel_credentials *grpc_composite_channel_credentials_create( - grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, - void *reserved) { - GPR_ASSERT(reserved == NULL); - if (channel_creds == NULL) return NULL; - if (channel_creds->call_creds == NULL) { - channel_creds->call_creds = grpc_call_credentials_ref(call_creds); - } else if (call_creds != NULL) { - grpc_call_credentials *composite_creds = - grpc_composite_call_credentials_create(channel_creds->call_creds, - call_creds, NULL); - if (composite_creds == NULL) return NULL; - grpc_call_credentials_unref(channel_creds->call_creds); - channel_creds->call_creds = composite_creds; - } - return grpc_channel_credentials_ref(channel_creds); -} - /* -- IAM credentials. -- */ static void iam_destruct(grpc_call_credentials *creds) { @@ -1232,6 +1200,8 @@ static grpc_call_credentials_vtable plugin_vtable = { grpc_call_credentials *grpc_metadata_credentials_create_from_plugin( grpc_metadata_credentials_plugin plugin, void *reserved) { grpc_plugin_credentials *c = gpr_malloc(sizeof(*c)); + GRPC_API_TRACE("grpc_metadata_credentials_create_from_plugin(reserved=%p)", 1, + (reserved)); GPR_ASSERT(reserved == NULL); memset(c, 0, sizeof(*c)); c->base.type = GRPC_CALL_CREDENTIALS_TYPE_METADATA_PLUGIN; @@ -1240,3 +1210,60 @@ grpc_call_credentials *grpc_metadata_credentials_create_from_plugin( c->plugin = plugin; return &c->base; } + +/* -- Composite channel credentials. -- */ + +static void composite_channel_destruct(grpc_channel_credentials *creds) { + grpc_composite_channel_credentials *c = + (grpc_composite_channel_credentials *)creds; + grpc_channel_credentials_unref(c->inner_creds); + grpc_call_credentials_unref(c->call_creds); +} + +static grpc_security_status composite_channel_create_security_connector( + grpc_channel_credentials *creds, grpc_call_credentials *call_creds, + const char *target, const grpc_channel_args *args, + grpc_channel_security_connector **sc, grpc_channel_args **new_args) { + grpc_composite_channel_credentials *c = + (grpc_composite_channel_credentials *)creds; + grpc_security_status status = GRPC_SECURITY_ERROR; + + GPR_ASSERT(c->inner_creds != NULL && c->call_creds != NULL && + c->inner_creds->vtable != NULL && + c->inner_creds->vtable->create_security_connector != NULL); + /* If we are passed a call_creds, create a call composite to pass it + downstream. */ + if (call_creds != NULL) { + grpc_call_credentials *composite_call_creds = + grpc_composite_call_credentials_create(c->call_creds, call_creds, NULL); + status = c->inner_creds->vtable->create_security_connector( + c->inner_creds, composite_call_creds, target, args, sc, new_args); + grpc_call_credentials_unref(composite_call_creds); + } else { + status = c->inner_creds->vtable->create_security_connector( + c->inner_creds, c->call_creds, target, args, sc, new_args); + } + return status; +} + +static grpc_channel_credentials_vtable composite_channel_credentials_vtable = { + composite_channel_destruct, composite_channel_create_security_connector}; + +grpc_channel_credentials *grpc_composite_channel_credentials_create( + grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds, + void *reserved) { + grpc_composite_channel_credentials *c = gpr_malloc(sizeof(*c)); + memset(c, 0, sizeof(*c)); + GPR_ASSERT(channel_creds != NULL && call_creds != NULL && reserved == NULL); + GRPC_API_TRACE( + "grpc_composite_channel_credentials_create(channel_creds=%p, " + "call_creds=%p, reserved=%p)", + 3, (channel_creds, call_creds, reserved)); + c->base.type = channel_creds->type; + c->base.vtable = &composite_channel_credentials_vtable; + gpr_ref_init(&c->base.refcount, 1); + c->inner_creds = grpc_channel_credentials_ref(channel_creds); + c->call_creds = grpc_call_credentials_ref(call_creds); + return &c->base; +} + diff --git a/src/core/security/credentials.h b/src/core/security/credentials.h index b507e2b178d..5189a6d8167 100644 --- a/src/core/security/credentials.h +++ b/src/core/security/credentials.h @@ -100,16 +100,15 @@ typedef struct { void (*destruct)(grpc_channel_credentials *c); grpc_security_status (*create_security_connector)( - grpc_channel_credentials *c, const char *target, - const grpc_channel_args *args, grpc_channel_security_connector **sc, - grpc_channel_args **new_args); + grpc_channel_credentials *c, grpc_call_credentials *call_creds, + const char *target, const grpc_channel_args *args, + grpc_channel_security_connector **sc, grpc_channel_args **new_args); } grpc_channel_credentials_vtable; struct grpc_channel_credentials { const grpc_channel_credentials_vtable *vtable; const char *type; gpr_refcount refcount; - grpc_call_credentials *call_creds; }; grpc_channel_credentials *grpc_channel_credentials_ref( @@ -188,7 +187,7 @@ typedef struct { size_t num_creds; } grpc_call_credentials_array; -const grpc_call_credentials_array *grpc_composite_credentials_get_credentials( +const grpc_call_credentials_array *grpc_composite_call_credentials_get_credentials( grpc_call_credentials *composite_creds); /* Returns creds if creds is of the specified type or the inner creds of the @@ -273,6 +272,14 @@ typedef struct { grpc_ssl_server_config config; } grpc_ssl_server_credentials; +/* -- Channel composite credentials. -- */ + +typedef struct { + grpc_channel_credentials base; + grpc_channel_credentials *inner_creds; + grpc_call_credentials *call_creds; +} grpc_composite_channel_credentials; + /* -- Jwt credentials -- */ typedef struct { @@ -349,7 +356,7 @@ typedef struct { typedef struct { grpc_call_credentials base; grpc_call_credentials_array inner; -} grpc_composite_credentials; +} grpc_composite_call_credentials; /* -- Plugin credentials. -- */ diff --git a/test/core/security/credentials_test.c b/test/core/security/credentials_test.c index 876a5192a4f..dcb35e53096 100644 --- a/test/core/security/credentials_test.c +++ b/test/core/security/credentials_test.c @@ -50,6 +50,20 @@ #include +/* -- Mock channel credentials. -- */ + +static grpc_channel_credentials *grpc_mock_channel_credentials_create( + const grpc_channel_credentials_vtable *vtable) { + grpc_channel_credentials *c = gpr_malloc(sizeof(*c)); + memset(c, 0, sizeof(*c)); + c->type = "mock"; + c->vtable = vtable; + gpr_ref_init(&c->refcount, 1); + return c; +} + +/* -- Constants. -- */ + static const char test_google_iam_authorization_token[] = "blahblahblhahb"; static const char test_google_iam_authority_selector[] = "respectmyauthoritah"; static const char test_oauth2_bearer_token[] = @@ -112,6 +126,8 @@ static const char test_signed_jwt[] = static const char test_service_url[] = "https://foo.com/foo.v1"; static const char other_test_service_url[] = "https://bar.com/bar.v1"; +/* -- Utils. -- */ + static char *test_json_key_str(void) { size_t result_len = strlen(test_json_key_str_part1) + strlen(test_json_key_str_part2) + @@ -140,6 +156,8 @@ static grpc_httpcli_response http_response(int status, const char *body) { return response; } +/* -- Tests. -- */ + static void test_empty_md_store(void) { grpc_credentials_md_store *store = grpc_credentials_md_store_create(0); GPR_ASSERT(store->num_entries == 0); @@ -364,19 +382,33 @@ static void test_access_token_creds(void) { grpc_exec_ctx_finish(&exec_ctx); } -static void test_ssl_oauth2_composite_creds(void) { - grpc_channel_credentials *ssl_creds = - grpc_ssl_credentials_create(NULL, NULL, NULL); +static grpc_security_status check_channel_oauth2_create_security_connector( + grpc_channel_credentials *c, grpc_call_credentials *call_creds, + const char *target, const grpc_channel_args *args, + grpc_channel_security_connector **sc, grpc_channel_args **new_args) { + GPR_ASSERT(strcmp(c->type, "mock") == 0); + GPR_ASSERT(call_creds != NULL); + GPR_ASSERT(strcmp(call_creds->type, GRPC_CALL_CREDENTIALS_TYPE_OAUTH2) == 0); + return GRPC_SECURITY_OK; +} + +static void test_channel_oauth2_composite_creds(void) { + grpc_channel_args *new_args; + grpc_channel_credentials_vtable vtable = { + NULL, check_channel_oauth2_create_security_connector}; + grpc_channel_credentials *channel_creds = + grpc_mock_channel_credentials_create(&vtable); grpc_call_credentials *oauth2_creds = grpc_access_token_credentials_create("blah", NULL); - grpc_channel_credentials *ssl_oauth2_creds = - grpc_composite_channel_credentials_create(ssl_creds, oauth2_creds, NULL); - grpc_channel_credentials_release(ssl_creds); + grpc_channel_credentials *channel_oauth2_creds = + grpc_composite_channel_credentials_create(channel_creds, oauth2_creds, + NULL); + grpc_channel_credentials_release(channel_creds); grpc_call_credentials_release(oauth2_creds); - GPR_ASSERT(ssl_oauth2_creds->call_creds != NULL); - GPR_ASSERT(strcmp(ssl_oauth2_creds->call_creds->type, - GRPC_CALL_CREDENTIALS_TYPE_OAUTH2) == 0); - grpc_channel_credentials_release(ssl_oauth2_creds); + GPR_ASSERT(grpc_channel_credentials_create_security_connector( + channel_oauth2_creds, NULL, NULL, NULL, &new_args) == + GRPC_SECURITY_OK); + grpc_channel_credentials_release(channel_oauth2_creds); } static void check_oauth2_google_iam_composite_metadata( @@ -409,7 +441,8 @@ static void test_oauth2_google_iam_composite_creds(void) { grpc_call_credentials_unref(google_iam_creds); GPR_ASSERT( strcmp(composite_creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0); - creds_array = grpc_composite_credentials_get_credentials(composite_creds); + creds_array = + grpc_composite_call_credentials_get_credentials(composite_creds); GPR_ASSERT(creds_array->num_creds == 2); GPR_ASSERT(strcmp(creds_array->creds_array[0]->type, GRPC_CALL_CREDENTIALS_TYPE_OAUTH2) == 0); @@ -421,35 +454,50 @@ static void test_oauth2_google_iam_composite_creds(void) { grpc_exec_ctx_finish(&exec_ctx); } -static void test_ssl_oauth2_google_iam_composite_creds(void) { +static grpc_security_status +check_channel_oauth2_google_iam_create_security_connector( + grpc_channel_credentials *c, grpc_call_credentials *call_creds, + const char *target, const grpc_channel_args *args, + grpc_channel_security_connector **sc, grpc_channel_args **new_args) { const grpc_call_credentials_array *creds_array; - grpc_channel_credentials *ssl_creds = - grpc_ssl_credentials_create(NULL, NULL, NULL); + GPR_ASSERT(strcmp(c->type, "mock") == 0); + GPR_ASSERT(call_creds != NULL); + GPR_ASSERT(strcmp(call_creds->type, GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == + 0); + creds_array = grpc_composite_call_credentials_get_credentials(call_creds); + GPR_ASSERT(strcmp(creds_array->creds_array[0]->type, + GRPC_CALL_CREDENTIALS_TYPE_OAUTH2) == 0); + GPR_ASSERT(strcmp(creds_array->creds_array[1]->type, + GRPC_CALL_CREDENTIALS_TYPE_IAM) == 0); + return GRPC_SECURITY_OK; +} + +static void test_channel_oauth2_google_iam_composite_creds(void) { + grpc_channel_args *new_args; + grpc_channel_credentials_vtable vtable = { + NULL, check_channel_oauth2_google_iam_create_security_connector}; + grpc_channel_credentials *channel_creds = + grpc_mock_channel_credentials_create(&vtable); grpc_call_credentials *oauth2_creds = grpc_access_token_credentials_create("blah", NULL); - grpc_channel_credentials *ssl_oauth2_creds = - grpc_composite_channel_credentials_create(ssl_creds, oauth2_creds, NULL); + grpc_channel_credentials *channel_oauth2_creds = + grpc_composite_channel_credentials_create(channel_creds, oauth2_creds, NULL); grpc_call_credentials *google_iam_creds = grpc_google_iam_credentials_create( test_google_iam_authorization_token, test_google_iam_authority_selector, NULL); - grpc_channel_credentials *ssl_oauth2_iam_creds = - grpc_composite_channel_credentials_create(ssl_oauth2_creds, + grpc_channel_credentials *channel_oauth2_iam_creds = + grpc_composite_channel_credentials_create(channel_oauth2_creds, google_iam_creds, NULL); - grpc_channel_credentials_release(ssl_creds); + grpc_channel_credentials_release(channel_creds); grpc_call_credentials_release(oauth2_creds); - grpc_channel_credentials_release(ssl_oauth2_creds); + grpc_channel_credentials_release(channel_oauth2_creds); grpc_call_credentials_release(google_iam_creds); - GPR_ASSERT(ssl_oauth2_iam_creds->call_creds != NULL); - GPR_ASSERT(strcmp(ssl_oauth2_iam_creds->call_creds->type, - GRPC_CALL_CREDENTIALS_TYPE_COMPOSITE) == 0); - creds_array = grpc_composite_credentials_get_credentials( - ssl_oauth2_iam_creds->call_creds); - GPR_ASSERT(strcmp(creds_array->creds_array[0]->type, - GRPC_CALL_CREDENTIALS_TYPE_OAUTH2) == 0); - GPR_ASSERT(strcmp(creds_array->creds_array[1]->type, - GRPC_CALL_CREDENTIALS_TYPE_IAM) == 0); - grpc_channel_credentials_release(ssl_oauth2_iam_creds); + GPR_ASSERT(grpc_channel_credentials_create_security_connector( + channel_oauth2_iam_creds, NULL, NULL, NULL, &new_args) == + GRPC_SECURITY_OK); + + grpc_channel_credentials_release(channel_oauth2_iam_creds); } static void on_oauth2_creds_get_metadata_success( @@ -789,35 +837,37 @@ static void set_google_default_creds_env_var_with_file_contents( static void test_google_default_creds_auth_key(void) { grpc_service_account_jwt_access_credentials *jwt; - grpc_channel_credentials *creds; + grpc_composite_channel_credentials *creds; char *json_key = test_json_key_str(); grpc_flush_cached_google_default_credentials(); set_google_default_creds_env_var_with_file_contents( "json_key_google_default_creds", json_key); gpr_free(json_key); - creds = grpc_google_default_credentials_create(); + creds = (grpc_composite_channel_credentials *) + grpc_google_default_credentials_create(); GPR_ASSERT(creds != NULL); jwt = (grpc_service_account_jwt_access_credentials *)creds->call_creds; GPR_ASSERT( strcmp(jwt->key.client_id, "777-abaslkan11hlb6nmim3bpspl31ud.apps.googleusercontent.com") == 0); - grpc_channel_credentials_unref(creds); + grpc_channel_credentials_unref(&creds->base); gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */ } static void test_google_default_creds_access_token(void) { grpc_google_refresh_token_credentials *refresh; - grpc_channel_credentials *creds; + grpc_composite_channel_credentials *creds; grpc_flush_cached_google_default_credentials(); set_google_default_creds_env_var_with_file_contents( "refresh_token_google_default_creds", test_refresh_token_str); - creds = grpc_google_default_credentials_create(); + creds = (grpc_composite_channel_credentials *) + grpc_google_default_credentials_create(); GPR_ASSERT(creds != NULL); refresh = (grpc_google_refresh_token_credentials *)creds->call_creds; GPR_ASSERT(strcmp(refresh->refresh_token.client_id, "32555999999.apps.googleusercontent.com") == 0); - grpc_channel_credentials_unref(creds); + grpc_channel_credentials_unref(&creds->base); gpr_setenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR, ""); /* Reset. */ } @@ -947,9 +997,9 @@ int main(int argc, char **argv) { test_oauth2_token_fetcher_creds_parsing_missing_token_lifetime(); test_google_iam_creds(); test_access_token_creds(); - test_ssl_oauth2_composite_creds(); + test_channel_oauth2_composite_creds(); test_oauth2_google_iam_composite_creds(); - test_ssl_oauth2_google_iam_composite_creds(); + test_channel_oauth2_google_iam_composite_creds(); test_compute_engine_creds_success(); test_compute_engine_creds_failure(); test_refresh_token_creds_success(); diff --git a/test/core/security/print_google_default_creds_token.c b/test/core/security/print_google_default_creds_token.c index 3b6b07638fa..eb637247153 100644 --- a/test/core/security/print_google_default_creds_token.c +++ b/test/core/security/print_google_default_creds_token.c @@ -91,9 +91,9 @@ int main(int argc, char **argv) { grpc_pollset_init(&sync.pollset); sync.is_done = 0; - grpc_call_credentials_get_request_metadata(&exec_ctx, creds->call_creds, - &sync.pollset, service_url, - on_metadata_response, &sync); + grpc_call_credentials_get_request_metadata( + &exec_ctx, ((grpc_composite_channel_credentials *)creds)->call_creds, + &sync.pollset, service_url, on_metadata_response, &sync); gpr_mu_lock(GRPC_POLLSET_MU(&sync.pollset)); while (!sync.is_done) {