Mario Jones Vimal
a934848de5
[core/security] Add Custom Token Lifetime - Service Acc Impersonation ( #33351 )
...
Adds access token lifetime configuration for workload identity
federation with service account impersonation for both explicit and
implicit flows.
Changes:
1. Adds a new member "service_account_impersonation" to the
ExternalAccountCredentials class. "token_lifetime_seconds" is a member
of "service_account_impersonation".
2. Adds validation checks, like token_lifetime_seconds should be between
the minimum and maximum accepted value, during the creation of an
ExternalAccountCredentials object.
3. Appends "lifetime" to the body of the service account impersonation
request.
Tests:
1. Modifies a test to check if the default value is passed when
"service_account_impersonation" is empty.
2. Adds tests to check if the token_lifetime_seconds value is propagated
to the request body.
3. Adds tests to verify that an error is thrown when
token_lifetime_seconds is invalid.
2 years ago
Mark D. Roth
844e740183
[JSON] Replace ctors with factory methods ( #32834 )
2 years ago
Mark D. Roth
36d2716d52
[JSON] move Parse() and Dump() methods out of JSON object ( #32742 )
...
More prep for making this a public API.
2 years ago
Jin
c3bd5e9a1e
fix: gRPC: Remove AWS URL validation ( #32674 )
...
As of adding support in future for TPC support. We removed all url
validations from Credentials.
AWS url validation doesn't make sense here either.
2 years ago
Carl Lundin
87818f60fe
AWSCredentials: fix interaction with metadata server ( #32532 )
...
* No need to call metadata server if environment variables are set.
* AWS_SESSION_TOKEN is optional.
2 years ago
Jin
89980d01f6
feat: Auth lib: Remove 3PI config url validation ( #32450 )
...
To support TPC feature for BYOID (3PI), we need to remove the validation
the pattern of impersonation endpoints, sts endpoints and token info
endpoints since they are different in TPC regions.
A security review is already passed at b/261634871
<!--
If you know who should review your pull request, please assign it to
that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the
appropriate
lang label.
-->
2 years ago
Craig Tiller
67f364e23e
[cleanup] Eliminate usage of GRPC_ASSERT(false...); ( #31757 )
...
* crash function
* progress
* fix
* fix
* Automated change: Fix sanity tests
* fix
* fix
* fix
* fixes
* Automated change: Fix sanity tests
* fix
* Automated change: Fix sanity tests
* fix
* fix
* use cpp attr
* Automated change: Fix sanity tests
* fix
* fix
* fix
* fix
* fix
* fix
* add exclusion
* fix
* typo
* fix
* fmt
* Update tcp_socket_utils.cc
* Automated change: Fix sanity tests
* fix
* revert php changes
* Automated change: Fix sanity tests
Co-authored-by: ctiller <ctiller@users.noreply.github.com>
2 years ago
Yijie Ma
f99b8b5bc4
Convert c-style comments to C++-style comments ( #31923 )
...
* baseline
* fix clang-tidy
* manually revert these files
* manually fixup at eof
* revert 2 more files
* change check_deprecated_grpc++.py
* change end2end_defs.include template
* fix check_include_guards.py
* untrack tools/distrib/python/convert_cstyle_comments_to_cpp.py
not yet ready to be submitted
* fix
yapf check_include_guards.py
remove a space...
* fix version.cc.template
* fix version_info.h.template
2 years ago
Cheng-Yu Chung
0d3fcb41ea
Revert "Move google_default channel_credentials out of `include/grpc/grpc_security.h` ( #31786 )" ( #31822 )
...
This reverts commit 3d59abc94e
.
2 years ago
Cheng-Yu Chung
3d59abc94e
Move google_default channel_credentials out of `include/grpc/grpc_security.h` ( #31786 )
2 years ago
Alisha Nanda
ad91404e0e
Remove static initialization of memory allocator in tests ( #31776 )
...
* Add more info to error
* Fix tests
* Remove static initialization of memory allocator
* Fix test failure
* Automated change: Fix sanity tests
Co-authored-by: ananda1066 <ananda1066@users.noreply.github.com>
2 years ago
Esun Kim
d44e1520a7
Fix readability-redundant-access-specifiers ( #31561 )
...
* Added readability-redundant-access-specifiers
* Fix
2 years ago
aeitzman
d934aabb09
Added url validation for aws metadata endpoints in aws external account ( #31626 )
...
* Added url validation for aws metadata endpoints in aws external account
* addressing review comments
* fix error message back
* Fix broken test
2 years ago
aeitzman
57e0806515
Adding token url validation cases for psc endpoints ( #31616 )
...
* Adding validation case for psc endpoint
* formatting fix
2 years ago
Craig Tiller
0724a90fd8
Revert "Revert "[arena] pool allocator ( #31298 )" ( #31414 )" ( #31415 )
...
This reverts commit 2c11e56433
.
2 years ago
Alisha Nanda
2c11e56433
Revert "[arena] pool allocator ( #31298 )" ( #31414 )
...
This reverts commit 5e27b2df97
.
2 years ago
Craig Tiller
5e27b2df97
[arena] pool allocator ( #31298 )
...
* [arena] pool allocator
* add tests
* Automated change: Fix sanity tests
* better sizes
* iwyu
* Automated change: Fix sanity tests
* first pass cut fragments
* fix1
* fix
* Automated change: Fix sanity tests
* fix
* iwyu
* build-deps
* fix for windows
* fix
Co-authored-by: ctiller <ctiller@users.noreply.github.com>
2 years ago
Esun Kim
85794d4094
Deprecated grpc_error_std_string ( #31267 )
2 years ago
Esun Kim
3c96517fc0
Simplified GRPC_ERROR_CREATE macros ( #31222 )
...
* Simplified GRPC_ERROR_CREATE macros
* Code migration
2 years ago
Esun Kim
347bf1a1f4
Removed GRPC_ERROR_[INT|STR] macros ( #31195 )
...
* Clean-up which
* Reformat
2 years ago
Esun Kim
d43511f4af
Removed GRPC_ERROR_NONE ( #31131 )
2 years ago
Esun Kim
ba8af0157b
Removing GRPC_ERROR_[REF|UNREF|IS_NONE] ( #31089 )
...
* Removing GRPC_ERROR_[REF|UNREF|IS_NONE]
* Clean up unnecessary error
* Fix
* Fix2
* Remove unnecessary else
2 years ago
Craig Tiller
c2ab8c99bb
Revert "Revert "[c++] Move environment functions to C++ ( #30937 )" ( #30986 )" ( #30988 )
...
This reverts commit 96264e07b8
.
2 years ago
Craig Tiller
96264e07b8
Revert "[c++] Move environment functions to C++ ( #30937 )" ( #30986 )
...
This reverts commit 74c0d6fe3f
.
2 years ago
Craig Tiller
74c0d6fe3f
[c++] Move environment functions to C++ ( #30937 )
...
* [gprpp] Move env to C++
* move headers/impl
* Automated change: Fix sanity tests
* fix
* fix
* Automated change: Fix sanity tests
* Update http_proxy.cc
* fix
* fix
* rename
* fix merge
* fix
Co-authored-by: ctiller <ctiller@users.noreply.github.com>
2 years ago
Anirudh Ramachandra
f920ae0329
Also allow passing in channel args as part of the check_peer call. ( #30481 )
...
This allows the security connectors to receive args that might be added by handshakers. Currently none of the connectors use the args, hence they are marked as unused. This is required for changes internally for security connectors related to Directpath
3 years ago
Mark D. Roth
536b9351ec
JSON: use absl::Status instead of grpc_error ( #30397 )
...
* JSON: use absl::Status instead of grpc_error
* Automated change: Fix sanity tests
* fix credentials_test
* fix tests
* add missing build dep
* fix build
* fix test
* Automated change: Fix sanity tests
Co-authored-by: markdroth <markdroth@users.noreply.github.com>
3 years ago
Craig Tiller
d304712f64
[channel_args] Spread grpc_core::ChannelArgs through client channel code ( #30008 )
...
* [channel_args] Spread grpc_core::ChannelArgs through client channel code
* progress
* progress
* grpc compiles
* uniqueptr+compiles
* fix
* fix
* fix
* fix
* fix
* fix
* fixes
* fix
* fix
* fixes
* fix-lb
* fix
* fix up arg construction
* fix
* fix
* fix
* fix
* move to const& to save bytes
* fix
* fix
* progress
* review feedback
* fix
* fix
* fixes
* fixes
* Automated change: Fix sanity tests
* Automated change: Fix sanity tests
* Automated change: Fix sanity tests
* Automated change: Fix sanity tests
* fix
* fix
* Automated change: Fix sanity tests
* Automated change: Fix sanity tests
* fix
* debug-helper
* Automated change: Fix sanity tests
* fix
* Automated change: Fix sanity tests
* fix
Co-authored-by: ctiller <ctiller@users.noreply.github.com>
3 years ago
Esun Kim
c6ebbb5482
Added GRPC_ERROR_IS_NONE ( #29937 )
...
* Added GRPC_ERROR_IS_NONE
* Convert
* Fix
3 years ago
Mark D. Roth
709dff9ca8
security and subchannel: implement UniqueTypeName and use it in these interfaces ( #29709 )
...
* implement UniqueTypeName API
* convert security code to use UniqueTypeName
* change subchannel data producer API to use UniqueTypeName
* sanitize
* add missing build dep
* fix credentials_test
* fix certificate_provider_store_test
* fix tls_security_connector_test
* attempt to fix windows build
* avoid unnecessary allocation
* work around MSVC 2017 bug
* sanity
* change factory to not be templated
* fix sanity
* fix bug in chttp2 connector that used server creds instead of channel creds
* add missing build dep
* simplify API
3 years ago
sai-sunder-s
387dbb92bd
Add Session Token to AWS IMDSv2 Metadata requests ( #29296 )
...
* Add AWS Session Token to AWS IMDS Metadata Requests
* Formatted code
* rename header method, remove unused code
* formatted code
* minor fixes
* fix duplicate param in test function header
* fixing build failures
3 years ago
AJ Heller
18a8f6aad9
Refactor end2end tests to exercise each EventEngine ( #29202 )
...
* Refactor end2end tests to exercise each EventEngine
* fix incorrect bazel_only exclusions
* Automated change: Fix sanity tests
* microbenchmark fix
* sanitize, fix iOS flub
* Automated change: Fix sanity tests
* iOS fix
* reviewer feedback
* first pass at excluding EventEngine test expansion
Also caught a few cases where we should not test pollers, but should
test all engines. And two cases where we likely shouldn't be testing
either product.
* end2end fuzzers to be fuzzed differently via EventEngine.
* sanitize
* reviewer feedback
* remove misleading comment
* reviewer feedback: comments
* EE test_init needs to play with our build system
* fix golden file test runner
Co-authored-by: drfloob <drfloob@users.noreply.github.com>
3 years ago
Yash Tibrewal
01f333a1c1
TlsCredentials: Comparator implementation ( #28940 )
...
* TlsCredentials: Comparator implementation
* Update tests
* Redundant namespace qualifiers
* clang-tidy
* Reviewer comments
* Reviewer comments
* Reviewer comments
* Reviewer comments
* Reviewer comments
* Add generator for grpc_tls_credentials_options.h
* Generator script modifications for tests
* Sanity
* Reviewer comments
* Reviewer comments
* Add a common place to look-up known types
* Formatting
* Script fix
* Reviewer comments
* Add test mode to script
* Add to sanitize.sh
* clang-tidy
* Fix
* Fix
* Reviewer comments
* Clang-format
3 years ago
Craig Tiller
138c4667c9
Change main argument of call promise to be a struct ( #29019 )
...
* introduce call args
* bs
* x
* Automated change: Fix sanity tests
* fix
* Simplify naming
* tweak
Co-authored-by: ctiller <ctiller@users.noreply.github.com>
3 years ago
Yash Tibrewal
55ba777c7a
credentials_test: Add namespace ( #29006 )
3 years ago
Craig Tiller
87acbadba1
Third attempt: Convert client_auth_filter to promises ( #28968 )
...
* wip
* Automated change: Fix sanity tests
* fixes
* progress
* progress
* grpc compiles
* Automated change: Fix sanity tests
* fixing tests
* x
* progress
* better code
* Automated change: Fix sanity tests
* progress
* progress
* windows fix
* Make Duration metadata trivial
* better message
* fix
* Automated change: Fix sanity tests
* fix
* fix
* fix
* fix
* Automated change: Fix sanity tests
* Automated change: Fix sanity tests
* fix
* progress
* fixes
* fix
* fix
* spam
* un-disable errantly disabled tests
* gain insight
* Automated change: Fix sanity tests
* fixes
* fixes
* fix
* debug
* tweak
* fix
* fix timeout
* fix comment
* fixes
* x
* better test
* tests
* Automated change: Fix sanity tests
* missed file
* fix
* x
* fix
* fix
* fix
* fix
* Automated change: Fix sanity tests
* fix
* merge
* Automated change: Fix sanity tests
* Revert "Revert "Revert "Revert "Convert client_auth_filter to promises (#28767 )" (#28951 )" (#28952 )" (#28967 )"
This reverts commit 0f73576b17
.
* fix potential memory leak
* Fix behavior if >1 pending request
* fix
* fix nullptr access
Co-authored-by: ctiller <ctiller@users.noreply.github.com>
3 years ago
Craig Tiller
5fc3ff8203
grpc_millis -> Timestamp/Duration ( #28119 )
...
* wip
* Automated change: Fix sanity tests
* fixes
* progress
* progress
* grpc compiles
* Automated change: Fix sanity tests
* fixing tests
* x
* progress
* better code
* Automated change: Fix sanity tests
* progress
* progress
* windows fix
* Make Duration metadata trivial
* better message
* fix
* Automated change: Fix sanity tests
* fix
* fix
* fix
* fix
* Automated change: Fix sanity tests
* Automated change: Fix sanity tests
* fix
* progress
* fixes
* fix
* fix
* spam
* un-disable errantly disabled tests
* gain insight
* Automated change: Fix sanity tests
* fixes
* fixes
* fix
* debug
* tweak
* fix
* fix timeout
* fix comment
* fixes
* x
* better test
* tests
* Automated change: Fix sanity tests
* missed file
* fix
* x
* fix
* fix
* fix
* fix
* Automated change: Fix sanity tests
* fix
* merge
* Automated change: Fix sanity tests
* fix
Co-authored-by: ctiller <ctiller@users.noreply.github.com>
3 years ago
Craig Tiller
0f73576b17
Revert "Revert "Revert "Convert client_auth_filter to promises ( #28767 )" ( #28951 )" ( #28952 )" ( #28967 )
...
This reverts commit 235098de22
.
3 years ago
Craig Tiller
235098de22
Revert "Revert "Convert client_auth_filter to promises ( #28767 )" ( #28951 )" ( #28952 )
...
* Revert "Revert "Convert client_auth_filter to promises (#28767 )" (#28951 )"
This reverts commit 5bfe38f10f
.
* fix
3 years ago
Craig Tiller
5bfe38f10f
Revert "Convert client_auth_filter to promises ( #28767 )" ( #28951 )
...
This reverts commit cadce47ebf
.
3 years ago
Craig Tiller
cadce47ebf
Convert client_auth_filter to promises ( #28767 )
...
* Convert client_auth_filter to promises
* outline
* x
* x
* fixes
* remove-spam
* Async sequences over iterators
* iterate
* better semantics
* fix
* clang-tidy
* Automated change: Fix sanity tests
* Automated change: Fix sanity tests
* fixes
* fixes
* Automated change: Fix sanity tests
* progress
* progress
* progress
* progress
* progress
* credentials_test passes
* Automated change: Fix sanity tests
* Make Activity more of an interface
Move mutex and wakeup logic into a new class between PromiseActivity<>
and Activity (so that the sharing can persist), but make Activity closer
to a pure interface, so that whilst we migrate code we can implement
better fakes without forcing allocation.
* fixes
* Automated change: Fix sanity tests
* fixes
* test the awful failure
* x
* fix typo
* fix race
* 4.9
* x
* review feedback
* review feedback
* Automated change: Fix sanity tests
* review feedback
* replace AuthMetadataContext interface with GetRequestMetadataArgs struct
* Automated change: Fix sanity tests
* fix merge
* Fixup
* fix
* fix
* fix
Co-authored-by: ctiller <ctiller@users.noreply.github.com>
Co-authored-by: Mark D. Roth <roth@google.com>
3 years ago
Yash Tibrewal
3f19e0cc02
Revert "Revert "CompositeChannelCredentials: Comparator implementation ( #28902 )" ( #28919 )" ( #28918 )
...
* CompositeChannelCredentials: Comparator implementation retry
* Fix test
3 years ago
Yash Tibrewal
bbfcb7ca35
Revert CompositeChannelCreds merge fiasco ( #28930 )
3 years ago
Yash Tibrewal
778ad437b1
HttpRequestSSLCredentials: Comparator implementation ( #28900 )
...
* HttpRequestSSLCredentials: Comparator implementation
* Unused argument
* Singleton HttpRequestSSLCredentials
3 years ago
Yash Tibrewal
a72c8ebb7d
CredentialsTest: Fix TestGoogleDefaultCredsExternalAccountCredentials ( #28923 )
3 years ago
Yash Tibrewal
e6a54ef372
Revert "CompositeChannelCredentials: Comparator implementation ( #28902 )" ( #28919 )
...
This reverts commit 2fdb5f90c3
.
3 years ago
Yash Tibrewal
2fdb5f90c3
CompositeChannelCredentials: Comparator implementation ( #28902 )
3 years ago
Yash Tibrewal
e178a44931
XdsCredentials: Comparator implementation ( #28903 )
3 years ago
Yash Tibrewal
95c12d88c3
InsecureCredentials : Comparator implementation ( #28899 )
...
* InsecureCredentials: Update cmp_impl
* Fix tests
* Unused argument
3 years ago
Yash Tibrewal
c65a55383a
Gtestify credentials_test ( #28897 )
3 years ago