As opposed to a flat directory, we now have the following structure:
- security
-context
- credentials
- composite
- fake
- google_default
- iam
- jwt
- oauth2
- plugin
- ssl
- transport
- util
We have not refactored the test code yet but this PR is already large
enough...
Starting to allow for >1 implementation of pollset within a binary.
Do so without requiring an extra allocation for completion queues (which
we could not tolerate).
Currently, if two threads call grpc_completion_queue_pluck on the same
completion queue for different tags, there is a 50% chance that we
deliver the completion wakeup to the wrong poller - forcing the correct
poller to wait until its polling times out before it can return an event
up to the application.
This change tweaks our polling interfaces so that we can indeed wake a
specific poller.
Nothing has been performance tuned yet. It's definitely sub-optimal in a
number of places. Wakeup file-descriptors should be recycled. We should
have a path that avoids calling poll() followed by epoll(). We can
probably live without it right at the second though.
This code will fail on Windows at least (I'll do that port when I'm in the office and have a Windows
machine).
Still missing:
- Caching of the already checked JWTs (although it could be done at an
upper layer).
- Caching of the jwks_uri to avoid 2 roundtrips for each verification.
- Renaming default credentials -> google default credentials.
- Various other things in cpp:
- Adding Cpp wrapping for JWT Tokens.
- Renaming ComposeCredentials -> CompositeCredentials.
- Tested with new tool (print_default_creds_token) on:
- workstation for env var and well known place.
- GCE for compute engine default creds.
- I'd prefer the grpc_default_credentials_create() API to remain
synchronous even though there may be an async call for gce detection
on which we block.