Add C++ experimental API extensions for ALTS C stack

7 years ago · fe2fa0c1c8
parent 77c1761f5c
commit fe2fa0c1c8
17 changed files with 201 additions and 103 deletions
--- a/1
+++ b/1
@ -1708,6 +1708,7 @@ grpc_cc_library(
        "src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h",
        "src/core/tsi/alts/handshaker/transport_security_common_api.h",
    ],
+    public_hdrs = GRPC_SECURE_PUBLIC_HDRS, 
    external_deps = [
        "nanopb",
    ],
--- a/build.yaml
+++ b/build.yaml
@ -70,6 +70,8 @@ filegroups:
  - tsi_interface
  - tsi
 - name: alts_util
+  public_headers:
+  - include/grpc/grpc_security.h
  headers:
  - src/core/lib/security/credentials/alts/check_gcp_environment.h
  - src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h
--- a/grpc.def
+++ b/grpc.def
@ -115,6 +115,12 @@ EXPORTS
    grpc_server_add_secure_http2_port
    grpc_call_set_credentials
    grpc_server_credentials_set_auth_metadata_processor
+    grpc_alts_credentials_client_options_create
+    grpc_alts_credentials_server_options_create
+    grpc_alts_credentials_client_options_add_target_service_account
+    grpc_alts_credentials_options_destroy
+    grpc_alts_credentials_create
+    grpc_alts_server_credentials_create
    grpc_raw_byte_buffer_create
    grpc_raw_compressed_byte_buffer_create
    grpc_byte_buffer_copy
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@ -488,6 +488,76 @@ typedef struct {
 GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(
    grpc_server_credentials* creds, grpc_auth_metadata_processor processor);

+/** --- ALTS channel/server credentials --- **/
+
+/**
+ * Main interface for ALTS credentials options. The options will contain
+ * information that will be passed from grpc to TSI layer such as RPC protocol
+ * versions. ALTS client (channel) and server credentials will have their own
+ * implementation of this interface. The APIs listed in this header are
+ * thread-compatible. It is used for experimental purpose for now and subject
+ * to change.
+ */
+typedef struct grpc_alts_credentials_options grpc_alts_credentials_options;
+
+/**
+ * This method creates a grpc ALTS credentials client options instance.
+ * It is used for experimental purpose for now and subject to change.
+ */
+GRPCAPI grpc_alts_credentials_options*
+grpc_alts_credentials_client_options_create();
+
+/**
+ * This method creates a grpc ALTS credentials server options instance.
+ * It is used for experimental purpose for now and subject to change.
+ */
+GRPCAPI grpc_alts_credentials_options*
+grpc_alts_credentials_server_options_create();
+
+/**
+ * This method adds a target service account to grpc client's ALTS credentials
+ * options instance. It is used for experimental purpose for now and subject
+ * to change.
+ *
+ * - options: grpc ALTS credentials options instance.
+ * - service_account: service account of target endpoint.
+ */
+GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account(
+    grpc_alts_credentials_options* options, const char* service_account);
+
+/**
+ * This method destroys a grpc_alts_credentials_options instance by
+ * de-allocating all of its occupied memory. It is used for experimental purpose
+ * for now and subject to change.
+ *
+ * - options: a grpc_alts_credentials_options instance that needs to be
+ *   destroyed.
+ */
+GRPCAPI void grpc_alts_credentials_options_destroy(
+    grpc_alts_credentials_options* options);
+
+/**
+ * This method creates an ALTS channel credential object. It is used for
+ * experimental purpose for now and subject to change.
+ *
+ * - options: grpc ALTS credentials options instance for client.
+ *
+ * It returns the created ALTS channel credential object.
+ */
+GRPCAPI grpc_channel_credentials* grpc_alts_credentials_create(
+    const grpc_alts_credentials_options* options);
+
+/**
+ * This method creates an ALTS server credential object. It is used for
+ * experimental purpose for now and subject to change.
+ *
+ * - options: grpc ALTS credentials options instance for server.
+ *
+ * It returns the created ALTS server credential object.
+ */
+GRPCAPI grpc_server_credentials* grpc_alts_server_credentials_create(
+    const grpc_alts_credentials_options* options);
+
 #ifdef __cplusplus
 }
 #endif
--- a/include/grpcpp/security/credentials.h
+++ b/include/grpcpp/security/credentials.h
@ -21,6 +21,7 @@

 #include <map>
 #include <memory>
+#include <vector>

 #include <grpcpp/impl/codegen/grpc_library.h>
 #include <grpcpp/security/auth_context.h>
@ -219,6 +220,21 @@ class MetadataCredentialsPlugin {
 std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin(
    std::unique_ptr<MetadataCredentialsPlugin> plugin);

+namespace experimental {
+
+/// Options used to build AltsCredentials.
+struct AltsCredentialsOptions {
+  /// service accounts of target endpoint that will be acceptable
+  /// by the client. If service accounts are provided and none of them matches
+  /// that of the server, authentication will fail.
+  std::vector<grpc::string> target_service_accounts;
+};
+
+/// Builds ALTS Credentials given ALTS specific options
+std::shared_ptr<ChannelCredentials> AltsCredentials(
+    const AltsCredentialsOptions& options);
+
+}  // namespace experimental
 }  // namespace grpc

 #endif  // GRPCPP_SECURITY_CREDENTIALS_H
--- a/include/grpcpp/security/server_credentials.h
+++ b/include/grpcpp/security/server_credentials.h
@ -86,6 +86,18 @@ std::shared_ptr<ServerCredentials> SslServerCredentials(
 /// Builds insecure server credentials.
 std::shared_ptr<ServerCredentials> InsecureServerCredentials();

+namespace experimental {
+
+/// Options to create ServerCredentials with ALTS
+struct AltsServerCredentialsOptions {
+  /// Add fields if needed.
+};
+
+/// Builds ALTS ServerCredentials given ALTS specific options
+std::shared_ptr<ServerCredentials> AltsServerCredentials(
+    const AltsServerCredentialsOptions& options);
+
+}  // namespace experimental
 }  // namespace grpc

 #endif  // GRPCPP_SECURITY_SERVER_CREDENTIALS_H
--- a/src/core/lib/security/credentials/alts/alts_credentials.h
+++ b/src/core/lib/security/credentials/alts/alts_credentials.h
@ -40,26 +40,6 @@ typedef struct grpc_alts_server_credentials {
  char* handshaker_service_url;
 } grpc_alts_server_credentials;

-/**
- * This method creates an ALTS channel credential object.
- *
- * - options: grpc ALTS credentials options instance for client.
- *
- * It returns the created ALTS channel credential object.
- */
-grpc_channel_credentials* grpc_alts_credentials_create(
-    const grpc_alts_credentials_options* options);
-
-/**
- * This method creates an ALTS server credential object.
- *
- * - options: grpc ALTS credentials options instance for server.
- *
- * It returns the created ALTS server credential object.
- */
-grpc_server_credentials* grpc_alts_server_credentials_create(
-    const grpc_alts_credentials_options* options);
-
 /**
 * This method creates an ALTS channel credential object with customized
 * information provided by caller.
--- a/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc
+++ b/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc
@ -44,20 +44,20 @@ static target_service_account* target_service_account_create(
  return sa;
 }

-bool grpc_alts_credentials_client_options_add_target_service_account(
-    grpc_alts_credentials_client_options* options,
-    const char* service_account) {
+void grpc_alts_credentials_client_options_add_target_service_account(
+    grpc_alts_credentials_options* options, const char* service_account) {
  if (options == nullptr || service_account == nullptr) {
    gpr_log(
        GPR_ERROR,
        "Invalid nullptr arguments to "
        "grpc_alts_credentials_client_options_add_target_service_account()");
-    return false;
+    return;
  }
+  auto client_options =
+      reinterpret_cast<grpc_alts_credentials_client_options*>(options);
  target_service_account* node = target_service_account_create(service_account);
-  node->next = options->target_account_list_head;
-  options->target_account_list_head = node;
-  return true;
+  node->next = client_options->target_account_list_head;
+  client_options->target_account_list_head = node;
 }

 static void target_service_account_destroy(
--- a/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h
+++ b/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h
@ -21,19 +21,10 @@

 #include <grpc/support/port_platform.h>

-#include <stdbool.h>
+#include <grpc/grpc_security.h>

 #include "src/core/tsi/alts/handshaker/transport_security_common_api.h"

-/**
- * Main interface for ALTS credentials options. The options will contain
- * information that will be passed from grpc to TSI layer such as RPC protocol
- * versions. ALTS client (channel) and server credentials will have their own
- * implementation of this interface. The APIs listed in this header are
- * thread-compatible.
- */
-typedef struct grpc_alts_credentials_options grpc_alts_credentials_options;
-
 /* V-table for grpc_alts_credentials_options */
 typedef struct grpc_alts_credentials_options_vtable {
  grpc_alts_credentials_options* (*copy)(
@ -80,33 +71,5 @@ typedef struct grpc_alts_credentials_server_options {
 grpc_alts_credentials_options* grpc_alts_credentials_options_copy(
    const grpc_alts_credentials_options* options);

-/**
- * This method destroys a grpc_alts_credentials_options instance by
- * de-allocating all of its occupied memory.
- *
- * - options: a grpc_alts_credentials_options instance that needs to be
- *   destroyed.
- */
-void grpc_alts_credentials_options_destroy(
-    grpc_alts_credentials_options* options);
-
-/* This method creates a grpc ALTS credentials client options instance. */
-grpc_alts_credentials_options* grpc_alts_credentials_client_options_create();
-
-/* This method creates a grpc ALTS credentials server options instance. */
-grpc_alts_credentials_options* grpc_alts_credentials_server_options_create();
-
-/**
- * This method adds a target service account to grpc ALTS credentials client
- * options instance.
- *
- * - options: grpc ALTS credentials client options instance.
- * - service_account: service account of target endpoint.
- *
- * It returns true on success and false on failure.
- */
-bool grpc_alts_credentials_client_options_add_target_service_account(
-    grpc_alts_credentials_client_options* options, const char* service_account);
-
 #endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_ALTS_GRPC_ALTS_CREDENTIALS_OPTIONS_H \
        */
--- a/src/cpp/client/secure_credentials.cc
+++ b/src/cpp/client/secure_credentials.cc
@ -87,6 +87,27 @@ std::shared_ptr<ChannelCredentials> SslCredentials(
  return WrapChannelCredentials(c_creds);
 }

+namespace experimental {
+
+// Builds ALTS Credentials given ALTS specific options
+std::shared_ptr<ChannelCredentials> AltsCredentials(
+    const AltsCredentialsOptions& options) {
+  GrpcLibraryCodegen init;  // To call grpc_init().
+  grpc_alts_credentials_options* c_options =
+      grpc_alts_credentials_client_options_create();
+  for (auto service_account = options.target_service_accounts.begin();
+       service_account != options.target_service_accounts.end();
+       service_account++) {
+    grpc_alts_credentials_client_options_add_target_service_account(
+        c_options, service_account->c_str());
+  }
+  grpc_channel_credentials* c_creds = grpc_alts_credentials_create(c_options);
+  grpc_alts_credentials_options_destroy(c_options);
+  return WrapChannelCredentials(c_creds);
+}
+
+}  // namespace experimental
+
 // Builds credentials for use when running in GCE
 std::shared_ptr<CallCredentials> GoogleComputeEngineCredentials() {
  GrpcLibraryCodegen init;  // To call grpc_init().
--- a/src/cpp/server/secure_server_credentials.cc
+++ b/src/cpp/server/secure_server_credentials.cc
@ -126,4 +126,18 @@ std::shared_ptr<ServerCredentials> SslServerCredentials(
      new SecureServerCredentials(c_creds));
 }

+namespace experimental {
+
+std::shared_ptr<ServerCredentials> AltsServerCredentials(
+    const AltsServerCredentialsOptions& options) {
+  grpc_alts_credentials_options* c_options =
+      grpc_alts_credentials_server_options_create();
+  grpc_server_credentials* c_creds =
+      grpc_alts_server_credentials_create(c_options);
+  grpc_alts_credentials_options_destroy(c_options);
+  return std::shared_ptr<ServerCredentials>(
+      new SecureServerCredentials(c_creds));
+}
+
+}  // namespace experimental
 }  // namespace grpc
--- a/src/ruby/ext/grpc/rb_grpc_imports.generated.c
+++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.c
@ -138,6 +138,12 @@ grpc_ssl_server_credentials_create_with_options_type grpc_ssl_server_credentials
 grpc_server_add_secure_http2_port_type grpc_server_add_secure_http2_port_import;
 grpc_call_set_credentials_type grpc_call_set_credentials_import;
 grpc_server_credentials_set_auth_metadata_processor_type grpc_server_credentials_set_auth_metadata_processor_import;
+grpc_alts_credentials_client_options_create_type grpc_alts_credentials_client_options_create_import;
+grpc_alts_credentials_server_options_create_type grpc_alts_credentials_server_options_create_import;
+grpc_alts_credentials_client_options_add_target_service_account_type grpc_alts_credentials_client_options_add_target_service_account_import;
+grpc_alts_credentials_options_destroy_type grpc_alts_credentials_options_destroy_import;
+grpc_alts_credentials_create_type grpc_alts_credentials_create_import;
+grpc_alts_server_credentials_create_type grpc_alts_server_credentials_create_import;
 grpc_raw_byte_buffer_create_type grpc_raw_byte_buffer_create_import;
 grpc_raw_compressed_byte_buffer_create_type grpc_raw_compressed_byte_buffer_create_import;
 grpc_byte_buffer_copy_type grpc_byte_buffer_copy_import;
@ -380,6 +386,12 @@ void grpc_rb_load_imports(HMODULE library) {
  grpc_server_add_secure_http2_port_import = (grpc_server_add_secure_http2_port_type) GetProcAddress(library, "grpc_server_add_secure_http2_port");
  grpc_call_set_credentials_import = (grpc_call_set_credentials_type) GetProcAddress(library, "grpc_call_set_credentials");
  grpc_server_credentials_set_auth_metadata_processor_import = (grpc_server_credentials_set_auth_metadata_processor_type) GetProcAddress(library, "grpc_server_credentials_set_auth_metadata_processor");
+  grpc_alts_credentials_client_options_create_import = (grpc_alts_credentials_client_options_create_type) GetProcAddress(library, "grpc_alts_credentials_client_options_create");
+  grpc_alts_credentials_server_options_create_import = (grpc_alts_credentials_server_options_create_type) GetProcAddress(library, "grpc_alts_credentials_server_options_create");
+  grpc_alts_credentials_client_options_add_target_service_account_import = (grpc_alts_credentials_client_options_add_target_service_account_type) GetProcAddress(library, "grpc_alts_credentials_client_options_add_target_service_account");
+  grpc_alts_credentials_options_destroy_import = (grpc_alts_credentials_options_destroy_type) GetProcAddress(library, "grpc_alts_credentials_options_destroy");
+  grpc_alts_credentials_create_import = (grpc_alts_credentials_create_type) GetProcAddress(library, "grpc_alts_credentials_create");
+  grpc_alts_server_credentials_create_import = (grpc_alts_server_credentials_create_type) GetProcAddress(library, "grpc_alts_server_credentials_create");
  grpc_raw_byte_buffer_create_import = (grpc_raw_byte_buffer_create_type) GetProcAddress(library, "grpc_raw_byte_buffer_create");
  grpc_raw_compressed_byte_buffer_create_import = (grpc_raw_compressed_byte_buffer_create_type) GetProcAddress(library, "grpc_raw_compressed_byte_buffer_create");
  grpc_byte_buffer_copy_import = (grpc_byte_buffer_copy_type) GetProcAddress(library, "grpc_byte_buffer_copy");
--- a/src/ruby/ext/grpc/rb_grpc_imports.generated.h
+++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.h
@ -389,6 +389,24 @@ extern grpc_call_set_credentials_type grpc_call_set_credentials_import;
 typedef void(*grpc_server_credentials_set_auth_metadata_processor_type)(grpc_server_credentials* creds, grpc_auth_metadata_processor processor);
 extern grpc_server_credentials_set_auth_metadata_processor_type grpc_server_credentials_set_auth_metadata_processor_import;
 #define grpc_server_credentials_set_auth_metadata_processor grpc_server_credentials_set_auth_metadata_processor_import
+typedef grpc_alts_credentials_options*(*grpc_alts_credentials_client_options_create_type)();
+extern grpc_alts_credentials_client_options_create_type grpc_alts_credentials_client_options_create_import;
+#define grpc_alts_credentials_client_options_create grpc_alts_credentials_client_options_create_import
+typedef grpc_alts_credentials_options*(*grpc_alts_credentials_server_options_create_type)();
+extern grpc_alts_credentials_server_options_create_type grpc_alts_credentials_server_options_create_import;
+#define grpc_alts_credentials_server_options_create grpc_alts_credentials_server_options_create_import
+typedef void(*grpc_alts_credentials_client_options_add_target_service_account_type)(grpc_alts_credentials_options* options, const char* service_account);
+extern grpc_alts_credentials_client_options_add_target_service_account_type grpc_alts_credentials_client_options_add_target_service_account_import;
+#define grpc_alts_credentials_client_options_add_target_service_account grpc_alts_credentials_client_options_add_target_service_account_import
+typedef void(*grpc_alts_credentials_options_destroy_type)(grpc_alts_credentials_options* options);
+extern grpc_alts_credentials_options_destroy_type grpc_alts_credentials_options_destroy_import;
+#define grpc_alts_credentials_options_destroy grpc_alts_credentials_options_destroy_import
+typedef grpc_channel_credentials*(*grpc_alts_credentials_create_type)(const grpc_alts_credentials_options* options);
+extern grpc_alts_credentials_create_type grpc_alts_credentials_create_import;
+#define grpc_alts_credentials_create grpc_alts_credentials_create_import
+typedef grpc_server_credentials*(*grpc_alts_server_credentials_create_type)(const grpc_alts_credentials_options* options);
+extern grpc_alts_server_credentials_create_type grpc_alts_server_credentials_create_import;
+#define grpc_alts_server_credentials_create grpc_alts_server_credentials_create_import
 typedef grpc_byte_buffer*(*grpc_raw_byte_buffer_create_type)(grpc_slice* slices, size_t nslices);
 extern grpc_raw_byte_buffer_create_type grpc_raw_byte_buffer_create_import;
 #define grpc_raw_byte_buffer_create grpc_raw_byte_buffer_create_import
--- a/test/core/security/grpc_alts_credentials_options_test.cc
+++ b/test/core/security/grpc_alts_credentials_options_test.cc
@ -30,39 +30,22 @@

 const size_t kTargetServiceAccountNum = 2;

-static void test_add_target_service_account_failure() {
-  /* Initialization. */
-  grpc_alts_credentials_options* options =
-      grpc_alts_credentials_client_options_create();
-  auto client_options =
-      reinterpret_cast<grpc_alts_credentials_client_options*>(options);
-
-  /* Test. */
-  GPR_ASSERT(!grpc_alts_credentials_client_options_add_target_service_account(
-      client_options, nullptr));
-  GPR_ASSERT(!grpc_alts_credentials_client_options_add_target_service_account(
-      nullptr, ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1));
-
-  /* Cleanup. */
-  grpc_alts_credentials_options_destroy(options);
-}
-
 static void test_copy_client_options_failure() {
  /* Initialization. */
  grpc_alts_credentials_options* options =
      grpc_alts_credentials_client_options_create();
-
  /* Test. */
  GPR_ASSERT(grpc_alts_credentials_options_copy(nullptr) == nullptr);
-
  /* Cleanup. */
  grpc_alts_credentials_options_destroy(options);
 }

 static size_t get_target_service_account_num(
-    grpc_alts_credentials_client_options* options) {
+    grpc_alts_credentials_options* options) {
+  auto client_options =
+      reinterpret_cast<grpc_alts_credentials_client_options*>(options);
  size_t num = 0;
-  target_service_account* node = options->target_account_list_head;
+  target_service_account* node = client_options->target_account_list_head;
  while (node != nullptr) {
    num++;
    node = node->next;
@ -74,36 +57,31 @@ static void test_client_options_api_success() {
  /* Initialization. */
  grpc_alts_credentials_options* options =
      grpc_alts_credentials_client_options_create();
-  auto client_options =
-      reinterpret_cast<grpc_alts_credentials_client_options*>(options);
-
  /* Set client options fields. */
  grpc_alts_credentials_client_options_add_target_service_account(
-      client_options, ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1);
+      options, ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1);
  grpc_alts_credentials_client_options_add_target_service_account(
-      client_options, ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2);
-
+      options, ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2);
  /* Validate client option fields. */
-  GPR_ASSERT(get_target_service_account_num(client_options) ==
+  GPR_ASSERT(get_target_service_account_num(options) ==
             kTargetServiceAccountNum);
+  auto client_options =
+      reinterpret_cast<grpc_alts_credentials_client_options*>(options);
  GPR_ASSERT(strcmp(client_options->target_account_list_head->data,
                    ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2) == 0);
  GPR_ASSERT(strcmp(client_options->target_account_list_head->next->data,
                    ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1) == 0);
-
  /* Perform a copy operation and validate its correctness. */
  grpc_alts_credentials_options* new_options =
      grpc_alts_credentials_options_copy(options);
+  GPR_ASSERT(get_target_service_account_num(new_options) ==
+             kTargetServiceAccountNum);
  auto new_client_options =
      reinterpret_cast<grpc_alts_credentials_client_options*>(new_options);
-
-  GPR_ASSERT(get_target_service_account_num(new_client_options) ==
-             kTargetServiceAccountNum);
  GPR_ASSERT(strcmp(new_client_options->target_account_list_head->data,
                    ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_2) == 0);
  GPR_ASSERT(strcmp(new_client_options->target_account_list_head->next->data,
                    ALTS_CLIENT_OPTIONS_TEST_TARGET_SERVICE_ACCOUNT_1) == 0);
-
  /* Cleanup.*/
  grpc_alts_credentials_options_destroy(options);
  grpc_alts_credentials_options_destroy(new_options);
@ -111,7 +89,6 @@ static void test_client_options_api_success() {

 int main(int argc, char** argv) {
  /* Test. */
-  test_add_target_service_account_failure();
  test_copy_client_options_failure();
  test_client_options_api_success();
  return 0;
--- a/test/core/surface/public_headers_must_be_c89.c
+++ b/test/core/surface/public_headers_must_be_c89.c
@ -173,6 +173,12 @@ int main(int argc, char **argv) {
  printf("%lx", (unsigned long) grpc_server_add_secure_http2_port);
  printf("%lx", (unsigned long) grpc_call_set_credentials);
  printf("%lx", (unsigned long) grpc_server_credentials_set_auth_metadata_processor);
+  printf("%lx", (unsigned long) grpc_alts_credentials_client_options_create);
+  printf("%lx", (unsigned long) grpc_alts_credentials_server_options_create);
+  printf("%lx", (unsigned long) grpc_alts_credentials_client_options_add_target_service_account);
+  printf("%lx", (unsigned long) grpc_alts_credentials_options_destroy);
+  printf("%lx", (unsigned long) grpc_alts_credentials_create);
+  printf("%lx", (unsigned long) grpc_alts_server_credentials_create);
  printf("%lx", (unsigned long) grpc_raw_byte_buffer_create);
  printf("%lx", (unsigned long) grpc_raw_compressed_byte_buffer_create);
  printf("%lx", (unsigned long) grpc_byte_buffer_copy);
--- a/test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc
+++ b/test/core/tsi/alts/handshaker/alts_handshaker_client_test.cc
@ -54,11 +54,9 @@ static alts_tsi_event* alts_tsi_event_create_for_testing(bool is_client) {
                         : grpc_alts_credentials_server_options_create();
  if (is_client) {
    grpc_alts_credentials_client_options_add_target_service_account(
-        reinterpret_cast<grpc_alts_credentials_client_options*>(e->options),
-        ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT1);
+        e->options, ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT1);
    grpc_alts_credentials_client_options_add_target_service_account(
-        reinterpret_cast<grpc_alts_credentials_client_options*>(e->options),
-        ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT2);
+        e->options, ALTS_HANDSHAKER_CLIENT_TEST_TARGET_SERVICE_ACCOUNT2);
  }
  grpc_gcp_rpc_protocol_versions* versions = &e->options->rpc_versions;
  GPR_ASSERT(grpc_gcp_rpc_protocol_versions_set_max(
--- a/tools/run_tests/generated/sources_and_headers.json
+++ b/tools/run_tests/generated/sources_and_headers.json
@ -8792,6 +8792,7 @@
      "tsi_interface"
    ], 
    "headers": [
+      "include/grpc/grpc_security.h", 
      "src/core/lib/security/credentials/alts/check_gcp_environment.h", 
      "src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h", 
      "src/core/tsi/alts/handshaker/alts_handshaker_service_api.h", 
@ -8803,6 +8804,7 @@
    "language": "c", 
    "name": "alts_util", 
    "src": [
+      "include/grpc/grpc_security.h", 
      "src/core/lib/security/credentials/alts/check_gcp_environment.cc", 
      "src/core/lib/security/credentials/alts/check_gcp_environment.h", 
      "src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc",