Still missing:
- Caching of the already checked JWTs (although it could be done at an
upper layer).
- Caching of the jwks_uri to avoid 2 roundtrips for each verification.
Still TODO:
- a way to plug a metadata processing (somewhat elsewhere but did not
one to overload this already large PR).
- plug-in the auth context on the client side.
- Better end to end testing.
- This will take care of a potential issue with default credentials
where the slice pointer is casted as const char * for APIs that need a
null terminated string.
- Renaming default credentials -> google default credentials.
- Various other things in cpp:
- Adding Cpp wrapping for JWT Tokens.
- Renaming ComposeCredentials -> CompositeCredentials.
- Tested with new tool (print_default_creds_token) on:
- workstation for env var and well known place.
- GCE for compute engine default creds.
- I'd prefer the grpc_default_credentials_create() API to remain
synchronous even though there may be an async call for gce detection
on which we block.
- Changed the unsigned char * + size to NULL terminated strings which
makes sense for the PEM format. I may change TSI later (but the impact
will hopefully be much more limited).
- Added a way to pass multiple key/cert pairs to servers which is needed
when hosting more than one domain.
- Removed the C++ SSL credentials tests as we are going to have an
option to not specify the roots which will then be derived from the
environment (well-known platform dependent locations and/or
environment variable).
- Fixed the php build which is the only one added in the run_test.py.
This change will certainly break node, python and ruby.
Fixed any exposed bugs across the stack.
Add a poll() based implementation. Heavily leverages pollset infrastructure to allow small polls to be the norm. Exposes a mechanism to plug in epoll/kqueue for platforms where we have them.
Simplify iomgr callbacks to return one bit of success or failure (instead of the multi valued result that was mostly unused previously). This will ease the burden on new implementations, and the previous system provided no real value anyway.
Removed timeouts on endpoint read/write routines. This simplifies porting burden by providing a more orthogonal interface, and the functionality can always be replicated when desired by using an alarm combined with endpoint_shutdown. I'm fairly certain we ended up with this interface because it was convenient to do from libevent.
Things that need attention still:
- adding an fd to a pollset is O(n^2) - but this is probably ok given that we'll not
use this for multipolling once platform specific implementations are added.
- we rely on the backup poller too often - especially for SSL handshakes and for client
connection establishment we should have a better mechanism ([] []
- Linux needs to use epoll for multiple fds, FreeBSD variants (including
Darwin) need to use kqueue. ([] []
- Linux needs to use eventfd for poll kicking. ([]
Change on 2015/01/07 by ctiller <ctiller@google.com>
-------------
Created by MOE: http://code.google.com/p/moe-java
MOE_MIGRATED_REVID=83461069
Fixed any exposed bugs across the stack.
Add a poll() based implementation. Heavily leverages pollset infrastructure to allow small polls to be the norm. Exposes a mechanism to plug in epoll/kqueue for platforms where we have them.
Simplify iomgr callbacks to return one bit of success or failure (instead of the multi valued result that was mostly unused previously). This will ease the burden on new implementations, and the previous system provided no real value anyway.
Removed timeouts on endpoint read/write routines. This simplifies porting burden by providing a more orthogonal interface, and the functionality can always be replicated when desired by using an alarm combined with endpoint_shutdown. I'm fairly certain we ended up with this interface because it was convenient to do from libevent.
Things that need attention still:
- adding an fd to a pollset is O(n^2) - but this is probably ok given that we'll not
use this for multipolling once platform specific implementations are added.
- we rely on the backup poller too often - especially for SSL handshakes and for client
connection establishment we should have a better mechanism ([] []
- Linux needs to use epoll for multiple fds, FreeBSD variants (including
Darwin) need to use kqueue. ([] []
- Linux needs to use eventfd for poll kicking. ([]
Change on 2015/01/07 by ctiller <ctiller@google.com>
-------------
Created by MOE: http://code.google.com/p/moe-java
MOE_MIGRATED_REVID=83461069
- Tested end to end with a JSON key I generated for my account using the
fetch_oauth2 binary.
- The same fetch_oauth2 binary can get a token from the GCE metadata service on a VM in cloud.
Change on 2014/12/19 by jboeuf <jboeuf@google.com>
-------------
Created by MOE: http://code.google.com/p/moe-java
MOE_MIGRATED_REVID=82548689
It's a string of unit tests, so size should actually be small. Setting timeout
to long means we have 15 minutes to test everything, which should fit for now.
Also fixes a compile error.
Once this goes in, TAP should start running our tests again.
Change on 2014/12/17 by ctiller <ctiller@google.com>
-------------
Created by MOE: http://code.google.com/p/moe-java
MOE_MIGRATED_REVID=82395309
Fold endpoint interface into iomgr, move secure_endpoint into security/.
This will make it easier for endpoint to rely on some iomgr defined types (like
pollset).
Change on 2014/12/17 by ctiller <ctiller@google.com>
-------------
Created by MOE: http://code.google.com/p/moe-java
MOE_MIGRATED_REVID=82338036
a disaster and does not support url_safe which we need for the JWT.
Change on 2014/12/12 by jboeuf <jboeuf@google.com>
-------------
Created by MOE: http://code.google.com/p/moe-java
MOE_MIGRATED_REVID=82020601