Currently, if two threads call grpc_completion_queue_pluck on the same
completion queue for different tags, there is a 50% chance that we
deliver the completion wakeup to the wrong poller - forcing the correct
poller to wait until its polling times out before it can return an event
up to the application.
This change tweaks our polling interfaces so that we can indeed wake a
specific poller.
Nothing has been performance tuned yet. It's definitely sub-optimal in a
number of places. Wakeup file-descriptors should be recycled. We should
have a path that avoids calling poll() followed by epoll(). We can
probably live without it right at the second though.
This code will fail on Windows at least (I'll do that port when I'm in the office and have a Windows
machine).
- Right now it is a global function: would be better to have this per
(secure) port.
- Changed the interface of the auth_context slightly to make it more
friendly.
- Positive tests pass. Still need some work on error case (have a
negative case as well).
- Fixing cpp auth context tests so that they use the shiny new C API.
Still missing:
- Caching of the already checked JWTs (although it could be done at an
upper layer).
- Caching of the jwks_uri to avoid 2 roundtrips for each verification.
Still TODO:
- a way to plug a metadata processing (somewhat elsewhere but did not
one to overload this already large PR).
- plug-in the auth context on the client side.
- Better end to end testing.
- This will take care of a potential issue with default credentials
where the slice pointer is casted as const char * for APIs that need a
null terminated string.
- Renaming default credentials -> google default credentials.
- Various other things in cpp:
- Adding Cpp wrapping for JWT Tokens.
- Renaming ComposeCredentials -> CompositeCredentials.
- Tested with new tool (print_default_creds_token) on:
- workstation for env var and well known place.
- GCE for compute engine default creds.
- I'd prefer the grpc_default_credentials_create() API to remain
synchronous even though there may be an async call for gce detection
on which we block.