Merge pull request #24015 from yashykt/certificateprovider

CertificateProvider API
4 years ago · eb2b9b89c7
parent d0502dccdb f4d18f2d95
commit eb2b9b89c7
10 changed files with 70 additions and 0 deletions
--- a/1
+++ b/1
@ -1811,6 +1811,7 @@ grpc_cc_library(
    hdrs = [
        "src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h",
        "src/core/ext/xds/xds_channel_args.h",
+        "src/core/lib/security/certificate_provider.h",
        "src/core/lib/security/context/security_context.h",
        "src/core/lib/security/credentials/alts/alts_credentials.h",
        "src/core/lib/security/credentials/composite/composite_credentials.h",
--- a/BUILD.gn
+++ b/BUILD.gn
@ -799,6 +799,7 @@ config("grpc_config") {
        "src/core/lib/security/authorization/mock_cel/evaluator_core.h",
        "src/core/lib/security/authorization/mock_cel/flat_expr_builder.h",
        "src/core/lib/security/authorization/mock_cel/statusor.h",
+        "src/core/lib/security/certificate_provider.h",
        "src/core/lib/security/context/security_context.cc",
        "src/core/lib/security/context/security_context.h",
        "src/core/lib/security/credentials/alts/alts_credentials.cc",
--- a/build_autogenerated.yaml
+++ b/build_autogenerated.yaml
@ -660,6 +660,7 @@ libs:
  - src/core/lib/security/authorization/mock_cel/evaluator_core.h
  - src/core/lib/security/authorization/mock_cel/flat_expr_builder.h
  - src/core/lib/security/authorization/mock_cel/statusor.h
+  - src/core/lib/security/certificate_provider.h
  - src/core/lib/security/context/security_context.h
  - src/core/lib/security/credentials/alts/alts_credentials.h
  - src/core/lib/security/credentials/alts/check_gcp_environment.h
--- a/gRPC-C++.podspec
+++ b/gRPC-C++.podspec
@ -523,6 +523,7 @@ Pod::Spec.new do |s|
                      'src/core/lib/security/authorization/mock_cel/evaluator_core.h',
                      'src/core/lib/security/authorization/mock_cel/flat_expr_builder.h',
                      'src/core/lib/security/authorization/mock_cel/statusor.h',
+                      'src/core/lib/security/certificate_provider.h',
                      'src/core/lib/security/context/security_context.h',
                      'src/core/lib/security/credentials/alts/alts_credentials.h',
                      'src/core/lib/security/credentials/alts/check_gcp_environment.h',
@ -1022,6 +1023,7 @@ Pod::Spec.new do |s|
                              'src/core/lib/security/authorization/mock_cel/evaluator_core.h',
                              'src/core/lib/security/authorization/mock_cel/flat_expr_builder.h',
                              'src/core/lib/security/authorization/mock_cel/statusor.h',
+                              'src/core/lib/security/certificate_provider.h',
                              'src/core/lib/security/context/security_context.h',
                              'src/core/lib/security/credentials/alts/alts_credentials.h',
                              'src/core/lib/security/credentials/alts/check_gcp_environment.h',
--- a/gRPC-Core.podspec
+++ b/gRPC-Core.podspec
@ -854,6 +854,7 @@ Pod::Spec.new do |s|
                      'src/core/lib/security/authorization/mock_cel/evaluator_core.h',
                      'src/core/lib/security/authorization/mock_cel/flat_expr_builder.h',
                      'src/core/lib/security/authorization/mock_cel/statusor.h',
+                      'src/core/lib/security/certificate_provider.h',
                      'src/core/lib/security/context/security_context.cc',
                      'src/core/lib/security/context/security_context.h',
                      'src/core/lib/security/credentials/alts/alts_credentials.cc',
@ -1433,6 +1434,7 @@ Pod::Spec.new do |s|
                              'src/core/lib/security/authorization/mock_cel/evaluator_core.h',
                              'src/core/lib/security/authorization/mock_cel/flat_expr_builder.h',
                              'src/core/lib/security/authorization/mock_cel/statusor.h',
+                              'src/core/lib/security/certificate_provider.h',
                              'src/core/lib/security/context/security_context.h',
                              'src/core/lib/security/credentials/alts/alts_credentials.h',
                              'src/core/lib/security/credentials/alts/check_gcp_environment.h',
--- a/grpc.gemspec
+++ b/grpc.gemspec
@ -772,6 +772,7 @@ Gem::Specification.new do |s|
  s.files += %w( src/core/lib/security/authorization/mock_cel/evaluator_core.h )
  s.files += %w( src/core/lib/security/authorization/mock_cel/flat_expr_builder.h )
  s.files += %w( src/core/lib/security/authorization/mock_cel/statusor.h )
+  s.files += %w( src/core/lib/security/certificate_provider.h )
  s.files += %w( src/core/lib/security/context/security_context.cc )
  s.files += %w( src/core/lib/security/context/security_context.h )
  s.files += %w( src/core/lib/security/credentials/alts/alts_credentials.cc )
--- a/package.xml
+++ b/package.xml
@ -752,6 +752,7 @@
    <file baseinstalldir="/" name="src/core/lib/security/authorization/mock_cel/evaluator_core.h" role="src" />
    <file baseinstalldir="/" name="src/core/lib/security/authorization/mock_cel/flat_expr_builder.h" role="src" />
    <file baseinstalldir="/" name="src/core/lib/security/authorization/mock_cel/statusor.h" role="src" />
+    <file baseinstalldir="/" name="src/core/lib/security/certificate_provider.h" role="src" />
    <file baseinstalldir="/" name="src/core/lib/security/context/security_context.cc" role="src" />
    <file baseinstalldir="/" name="src/core/lib/security/context/security_context.h" role="src" />
    <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/alts_credentials.cc" role="src" />
--- a/src/core/lib/security/certificate_provider.h
+++ b/src/core/lib/security/certificate_provider.h
@ -0,0 +1,59 @@
+//
+//
+// Copyright 2020 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+//
+
+#ifndef GRPC_CORE_LIB_SECURITY_CERTIFICATE_PROVIDER_H
+#define GRPC_CORE_LIB_SECURITY_CERTIFICATE_PROVIDER_H
+
+#include <grpc/support/port_platform.h>
+
+#include "src/core/lib/gprpp/ref_counted_ptr.h"
+#include "src/core/lib/iomgr/pollset_set.h"
+
+// TODO(yashkt): After https://github.com/grpc/grpc/pull/23572, remove this
+// forward declaration and include the header for the distributor instead.
+struct grpc_tls_certificate_distributor;
+
+// Interface for a grpc_tls_certificate_provider that handles the process to
+// fetch credentials and validation contexts. Implementations are free to rely
+// on local or remote sources to fetch the latest secrets, and free to share any
+// state among different instances as they deem fit.
+//
+// On creation, grpc_tls_certificate_provider creates a
+// grpc_tls_certificate_distributor object. When the credentials and validation
+// contexts become valid or changed, a grpc_tls_certificate_provider should
+// notify its distributor so as to propagate the update to the watchers.
+struct grpc_tls_certificate_provider
+    : public RefCounted<grpc_tls_certificate_provider> {
+ public:
+  grpc_tls_certificate_provider()
+      : interested_parties_(grpc_pollset_set_create()) {}
+
+  virtual ~grpc_tls_certificate_provider() {
+    grpc_pollset_set_destroy(interested_parties_);
+  }
+
+  grpc_pollset_set* interested_parties() const { return interested_parties_; }
+
+  virtual RefCountedPtr<grpc_tls_certificate_distributor> distributor()
+      const = 0;
+
+ private:
+  grpc_pollset_set* interested_parties_;
+};
+
+#endif  // GRPC_CORE_LIB_SECURITY_CERTIFICATE_PROVIDER_H
--- a/tools/doxygen/Doxyfile.c++.internal
+++ b/tools/doxygen/Doxyfile.c++.internal
@ -1721,6 +1721,7 @@ src/core/lib/security/authorization/mock_cel/cel_value.h \
 src/core/lib/security/authorization/mock_cel/evaluator_core.h \
 src/core/lib/security/authorization/mock_cel/flat_expr_builder.h \
 src/core/lib/security/authorization/mock_cel/statusor.h \
+src/core/lib/security/certificate_provider.h \
 src/core/lib/security/context/security_context.cc \
 src/core/lib/security/context/security_context.h \
 src/core/lib/security/credentials/alts/alts_credentials.cc \
--- a/tools/doxygen/Doxyfile.core.internal
+++ b/tools/doxygen/Doxyfile.core.internal
@ -1548,6 +1548,7 @@ src/core/lib/security/authorization/mock_cel/cel_value.h \
 src/core/lib/security/authorization/mock_cel/evaluator_core.h \
 src/core/lib/security/authorization/mock_cel/flat_expr_builder.h \
 src/core/lib/security/authorization/mock_cel/statusor.h \
+src/core/lib/security/certificate_provider.h \
 src/core/lib/security/context/security_context.cc \
 src/core/lib/security/context/security_context.h \
 src/core/lib/security/credentials/alts/alts_credentials.cc \