Merge pull request #24052 from markdroth/xds_channel_creds

xds: Don't fall back to creds from parent channel, and add insecure creds
pull/24044/head
Mark D. Roth 4 years ago committed by GitHub
commit cd9b0e3fc7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 30
      src/core/ext/xds/xds_client.cc

@ -1780,15 +1780,18 @@ grpc_millis GetRequestTimeout(const grpc_channel_args& args) {
grpc_channel* CreateXdsChannel(const XdsBootstrap& bootstrap,
const grpc_channel_args& args,
grpc_error** error) {
grpc_channel_credentials* creds = nullptr;
RefCountedPtr<grpc_channel_credentials> creds_to_unref;
if (!bootstrap.server().channel_creds.empty()) {
for (size_t i = 0; i < bootstrap.server().channel_creds.size(); ++i) {
if (bootstrap.server().channel_creds[i].type == "google_default") {
creds = grpc_google_default_credentials_create(nullptr);
RefCountedPtr<grpc_channel_credentials> creds;
for (const auto& channel_creds : bootstrap.server().channel_creds) {
if (channel_creds.type == "google_default") {
creds.reset(grpc_google_default_credentials_create(nullptr));
break;
} else if (bootstrap.server().channel_creds[i].type == "fake") {
creds = grpc_fake_transport_security_credentials_create();
}
if (channel_creds.type == "insecure") {
return grpc_insecure_channel_create(bootstrap.server().server_uri.c_str(),
&args, nullptr);
}
if (channel_creds.type == "fake") {
creds.reset(grpc_fake_transport_security_credentials_create());
break;
}
}
@ -1797,20 +1800,11 @@ grpc_channel* CreateXdsChannel(const XdsBootstrap& bootstrap,
"no supported credential types found");
return nullptr;
}
creds_to_unref.reset(creds);
} else {
creds = grpc_channel_credentials_find_in_args(&args);
if (creds == nullptr) {
// Built with security but parent channel is insecure.
return grpc_insecure_channel_create(bootstrap.server().server_uri.c_str(),
&args, nullptr);
}
}
const char* arg_to_remove = GRPC_ARG_CHANNEL_CREDENTIALS;
grpc_channel_args* new_args =
grpc_channel_args_copy_and_remove(&args, &arg_to_remove, 1);
grpc_channel* channel = grpc_secure_channel_create(
creds, bootstrap.server().server_uri.c_str(), new_args, nullptr);
creds.get(), bootstrap.server().server_uri.c_str(), new_args, nullptr);
grpc_channel_args_destroy(new_args);
return channel;
}

Loading…
Cancel
Save