- Removing service_accounts credentials. These credentials just have
drawbacks compared to service_account_jwt_access credentials, notably
in terms for security.
- Renaming Google specific credentials with a Google prefix for C and
C++. This should be done as well for wrapped languages.
run_tests.py will start a server (if it's not running, or if the running
port server mismatches the 'current' one) that serves ports to use for
tests. The server is left running after run_tests.py finishes, so that
in environments such as Mac and Windows where tests run unshielded from
each other, we don't start jumping on already used ports.
Currently, if two threads call grpc_completion_queue_pluck on the same
completion queue for different tags, there is a 50% chance that we
deliver the completion wakeup to the wrong poller - forcing the correct
poller to wait until its polling times out before it can return an event
up to the application.
This change tweaks our polling interfaces so that we can indeed wake a
specific poller.
Nothing has been performance tuned yet. It's definitely sub-optimal in a
number of places. Wakeup file-descriptors should be recycled. We should
have a path that avoids calling poll() followed by epoll(). We can
probably live without it right at the second though.
This code will fail on Windows at least (I'll do that port when I'm in the office and have a Windows
machine).
- Right now it is a global function: would be better to have this per
(secure) port.
- Changed the interface of the auth_context slightly to make it more
friendly.
- Positive tests pass. Still need some work on error case (have a
negative case as well).
- Fixing cpp auth context tests so that they use the shiny new C API.
Still missing:
- Caching of the already checked JWTs (although it could be done at an
upper layer).
- Caching of the jwks_uri to avoid 2 roundtrips for each verification.
Still TODO:
- a way to plug a metadata processing (somewhat elsewhere but did not
one to overload this already large PR).
- plug-in the auth context on the client side.
- Better end to end testing.
- This will take care of a potential issue with default credentials
where the slice pointer is casted as const char * for APIs that need a
null terminated string.
- Renaming default credentials -> google default credentials.
- Various other things in cpp:
- Adding Cpp wrapping for JWT Tokens.
- Renaming ComposeCredentials -> CompositeCredentials.