* RLS LB policy plugin implementation
* Add RLS tests
* rls proto
* generate projects
* Fix adding child policy to child policy map
* Fix issues
* Fix rotten bits
* generate projects
* revert some strange changes
* First batch of fixes
* second batch of addressing comments
* generate_projects
* 3rd batch of fixes
* generate_projects
* 4th batch of fix
* 5th batch of fix
* Empty commit to trigger github PR refresh
* Add insecure build
* generate project
* update picker in a closure
* mutex guard audit
* clang-format
* Aggregate child policy states
* Use OrphanablePtr on ChildPolicyOwner()
* More fixes on comments
* Remove include grpc_security from rls.cc
* Fix key builder test as we removed RlsFindPathFromMetadata
* Update rls proto and add multi-target capability
* code changes to fix build after merging master
* remove support for insecure builds
* WIP
* add LB policy metadata lookup API
* add API for creating errors from C++ strings
* add missing include
* finished updating JSON parsing
* use DualRefCounted<> for ChildPolicyWrapper
* use grpc_core::Mutex instead of std::recursive_mutex
* add lock annotations and fix some lifetime issues
* misc fixes and cleanups
* simplify child policy connectivity state machine
* add comment about hopping into ExecCtx
* don't use wait_for_ready for RLS call
* extraKeys and constantKeys support
* add lock annotations for child policy wrapper connectivity state
* improve logging
* simplify child policy state handling in picker
* use C++ style comments
* remove rls_config.proto, since it's not needed
* rewrote tests
* fix build
* fix copyright headers
* clang-format
* appease clang-tidy
* remove unnecessary dependendency on grpclb
* buildifier
* remove illegal term
* remove unneeded includes
* clang-format
* fix clang-tidy
* fix build
* move class declaration into .cc file
* clang-tidy again
* fix build
* reorganize code and misc cleanups
* clang-format
* fixed a bunch of asan bugs; still some left to debug
* fix asan problem
* make test work on IPv6-only machines
* move LRU list handling into Cache::Entry and add lock annotations
* use preincrement instead of postincrement
* fix deadlock
* add more FIXMEs
* clean up backoff timer logic
* fix build from merge
* clang-format
* fix include path to work on podspec builds
* clean up picker logic
* clang-format
* update rls.proto
* populate reason and stale_header_data in RLS request
* improve logging and fix some cache size type issues
* clang-format
* add some TODOs about a better way to expose channel creds to LB policies
* centralize handling of channel's default authority
* clang-format
* fix backup poller bug
* fix handling of call creds and authority on RLS channel
* remove unused params
* clang-format
* use two-phase update for child policies to avoid deadlocks
* fix portability issue
* minor cleanups
* update for change in grpc_error_get_status() API
* change test to store RLS requests and responses in proto form
* clang-format
* account for test slowdown factor in timeouts
* fix tsan failure and channelz linkage
* fix RLS authority death test
* fix test to not try to connect to target that should not work
* remove illegal term
* cacheSizeBytes is a required field
* add missing BUILD deps from merge
* add tests for connectivity state reporting and fix bugs found
* fix BUILD sanity
* buildifier
* fix BUILD package path
* fix bugs related to child policy lifetime and updates
* remove unnecessary srand() call from grpc_init()
* add test for two cache entries with the same target
* update rls.proto
* change RLS config parser test to support GRPC_ERROR_IS_ABSEIL_STATUS
* update upb codegen
* fix include path
* add env var guard
* avoid duplication of CountedService
* generate_projects
* add upper limit for cacheSizeBytes
* fix build
Co-authored-by: Muxi Yan <mxyan@google.com>
This commit
1. Implements the security policies that does not require JNI. This
includes a security policy that always allow connection and a security
policy that allows connection when remote UID is the same us local UID.
2. Add security policy as an argument in our interfaces. Old interfaces
are temporarily preserved so compilation will not suddenly break when we
import the code to internal repo.
3. Pumping the security policy from the public interfaces to the code
that handles SETUP_TRANSPORT transaction.
4. Abort the transport setup when the security policy is not satisfied.
Since meaningful tests will require to be run in real Android
environment, we will implement it later. For now, this change is
manually tested with example APKs.
For security policies that need to invoke Java to check authorization,
we will implement them in later.
* Expand Table, BitSet API's
Add a population count to BitSet, use it to add a count() method to
Table to get the number of fields set.
Add a ForEach to Table so that it can be iterated
* Automated change: Fix sanity tests
* fix
* Automated change: Fix sanity tests
Co-authored-by: ctiller <ctiller@users.noreply.github.com>
* Make a suite of wakeup schedulers for tests
* add missing file
* Automated change: Fix sanity tests
Co-authored-by: ctiller <ctiller@users.noreply.github.com>
* make error independent
* Separate grpc_error into its own library
This is forward work to move Closure, ExecCtx into their own libraries
in order to make use of them in the activity code for resource quota
wakeups.
* Automated change: Fix sanity tests
* fixes
Co-authored-by: ctiller <ctiller@users.noreply.github.com>
* separate slice into internal and refcount, with refcount being the minimal base
* python3-ize
* Separate slices from mdelems for static data
Allows us to separate a small build target with just some slice basics
from the rest, which will help simplify the build system longer term.
Additionally exposed an opportunity to eliminate an init function.
Should also help in a month or so when it's time to jettison interned
metadata and slices entirely.
* fix compilation
* Automated change: Fix sanity tests
* fixes
* fixfixfix
Co-authored-by: ctiller <ctiller@users.noreply.github.com>
Add `grpc::BinderServerCredentials()` and other related functionalities for the server to listen to binder transactions through a phony "binder port".
The APIs are temporarily placed in internal headers until the corresponding gRFC is merged.
* add test proving that we fail to take refs to send_initial_metadart payload
* fix grpc_slice_from_copied_string() to take refs and grpc_metadata_batch_copy() to copy the mdelems when necessary
* fix criteria used to determine if mdelem is reffable
* add support for inline slices
* fix sanity