RubyGems - grpc - Versions diffs - 1.31.1 → 1.32.0.pre1 - Mend

grpc 1.31.1 → 1.32.0.pre1

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (431) hide show

data/src/core/lib/security/authorization/mock_cel/cel_value.h ADDED

@@ -0,0 +1,93 @@
+// Copyright 2020 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_VALUE_H
+#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_VALUE_H
+// CelValue is a holder, capable of storing all kinds of data
+// supported by CEL.
+// CelValue defines explicitly typed/named getters/setters.
+// When storing pointers to objects, CelValue does not accept ownership
+// to them and does not control their lifecycle. Instead objects are expected
+// to be either external to expression evaluation, and controlled beyond the
+// scope or to be allocated and associated with some allocation/ownership
+// controller (Arena).
+// Usage examples:
+// (a) For primitive types:
+//    CelValue value = CelValue::CreateInt64(1);
+// (b) For string:
+//    std::string* msg("test");
+//    CelValue value = CelValue::CreateString(msg);
+#include <grpc/support/port_platform.h>
+#include "absl/strings/string_view.h"
+namespace grpc_core {
+namespace mock_cel {
+// Break cyclic depdendencies for container types.
+class CelMap {
+ public:
+  CelMap() = default;
+};
+// This is a temporary stub implementation of CEL APIs.
+// Once gRPC imports the CEL library, this class will be removed.
+class CelValue {
+ public:
+  // Default constructor.
+  // Creates CelValue with null data type.
+  CelValue() : CelValue(nullptr) {}
+  // We will use factory methods instead of public constructors
+  // The reason for this is the high risk of implicit type conversions
+  // between bool/int/pointer types.
+  // We rely on copy elision to avoid extra copying.
+  static CelValue CreateNull() { return CelValue(nullptr); }
+  static CelValue CreateInt64(int64_t value) { return CreateNull(); }
+  static CelValue CreateUint64(uint64_t value) { return CreateNull(); }
+  static CelValue CreateStringView(absl::string_view value) {
+    return CreateNull();
+  }
+  static CelValue CreateString(const std::string* str) { return CreateNull(); }
+  static CelValue CreateMap(const CelMap* value) { return CreateNull(); }
+ private:
+  // Constructs CelValue wrapping value supplied as argument.
+  // Value type T should be supported by specification of ValueHolder.
+  template <class T>
+  explicit CelValue(T value) {}
+};
+// CelMap implementation that uses STL map container as backing storage.
+class ContainerBackedMapImpl : public CelMap {
+ public:
+  ContainerBackedMapImpl() = default;
+  static std::unique_ptr<CelMap> Create(
+      absl::Span<std::pair<CelValue, CelValue>> key_values) {
+    return absl::make_unique<ContainerBackedMapImpl>();
+  }
+};
+}  // namespace mock_cel
+}  // namespace grpc_core
+#endif  // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_VALUE_H

data/src/core/lib/security/authorization/mock_cel/evaluator_core.h ADDED

@@ -0,0 +1,67 @@
+// Copyright 2020 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_EVALUATOR_CORE_H
+#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_EVALUATOR_CORE_H
+#include <grpc/support/port_platform.h>
+#include <memory>
+#include <set>
+#include <vector>
+#include "google/api/expr/v1alpha1/syntax.upb.h"
+#include "src/core/lib/security/authorization/mock_cel/activation.h"
+#include "src/core/lib/security/authorization/mock_cel/cel_expression.h"
+#include "src/core/lib/security/authorization/mock_cel/cel_value.h"
+#include "src/core/lib/security/authorization/mock_cel/statusor.h"
+namespace grpc_core {
+namespace mock_cel {
+// This is a temporary stub implementation of CEL APIs.
+// Once gRPC imports the CEL library, this file will be removed.
+class ExpressionStep {
+ public:
+  virtual ~ExpressionStep() = default;
+};
+using ExecutionPath = std::vector<std::unique_ptr<const ExpressionStep>>;
+// Implementation of the CelExpression that utilizes flattening
+// of the expression tree.
+class CelExpressionFlatImpl : public CelExpression {
+  // Constructs CelExpressionFlatImpl instance.
+  // path is flat execution path that is based upon
+  // flattened AST tree. Max iterations dictates the maximum number of
+  // iterations in the comprehension expressions (use 0 to disable the upper
+  // bound).
+ public:
+  CelExpressionFlatImpl(const google_api_expr_v1alpha1_Expr* root_expr,
+                        ExecutionPath path, int max_iterations,
+                        std::set<std::string> iter_variable_names,
+                        bool enable_unknowns = false,
+                        bool enable_unknown_function_results = false) {}
+  // Implementation of CelExpression evaluate method.
+  StatusOr<CelValue> Evaluate(const BaseActivation& activation) const override {
+    return CelValue::CreateNull();
+  }
+};
+}  // namespace mock_cel
+}  // namespace grpc_core
+#endif  // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_EVALUATOR_CORE_H

data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h ADDED

@@ -0,0 +1,56 @@
+// Copyright 2020 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_FLAT_EXPR_BUILDER_H
+#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_FLAT_EXPR_BUILDER_H
+#include <grpc/support/port_platform.h>
+#include <memory>
+#include "src/core/lib/security/authorization/mock_cel/evaluator_core.h"
+namespace grpc_core {
+namespace mock_cel {
+// This is a temporary stub implementation of CEL APIs.
+// Once gRPC imports the CEL library, this file will be removed.
+// CelExpressionBuilder implementation.
+// Builds instances of CelExpressionFlatImpl.
+class FlatExprBuilder : public CelExpressionBuilder {
+ public:
+  FlatExprBuilder() = default;
+  cel_base::StatusOr<std::unique_ptr<CelExpression>> CreateExpression(
+      const google::api::expr::v1alpha1::Expr* expr,
+      const google::api::expr::v1alpha1::SourceInfo* source_info)
+      const override {
+    ExecutionPath path;
+    return absl::make_unique<CelExpressionFlatImpl>(nullptr, path, 0);
+  }
+  cel_base::StatusOr<std::unique_ptr<CelExpression>> CreateExpression(
+      const google::api::expr::v1alpha1::Expr* expr,
+      const google::api::expr::v1alpha1::SourceInfo* source_info,
+      std::vector<absl::Status>* warnings) const override {
+    ExecutionPath path;
+    return absl::make_unique<CelExpressionFlatImpl>(nullptr, path, 0);
+  }
+};
+}  // namespace mock_cel
+}  // namespace grpc_core
+#endif  // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_FLAT_EXPR_BUILDER_H

data/src/core/lib/security/authorization/mock_cel/statusor.h ADDED

@@ -0,0 +1,50 @@
+// Copyright 2020 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_STATUSOR_H
+#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_STATUSOR_H
+#include <grpc/support/port_platform.h>
+#include <memory>
+#include "absl/status/status.h"
+namespace grpc_core {
+namespace mock_cel {
+// This is a temporary stub implementation of CEL APIs.
+// Once gRPC imports the CEL library, this file will be removed.
+template <typename T>
+class ABSL_MUST_USE_RESULT StatusOr;
+template <typename T>
+class StatusOr {
+ public:
+  StatusOr() = default;
+  StatusOr(const T& value) {}
+  StatusOr(const absl::Status& status) {}
+  StatusOr(absl::Status&& status) {}
+  bool ok() const { return true; }
+};
+}  // namespace mock_cel
+}  // namespace grpc_core
+#endif  // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_STATUSOR_H

data/src/core/lib/security/credentials/google_default/google_default_credentials.cc CHANGED

@@ -49,6 +49,8 @@ using grpc_core::Json;
 /* -- Constants. -- */
 #define GRPC_COMPUTE_ENGINE_DETECTION_HOST "metadata.google.internal."
+#define GRPC_GOOGLE_CREDENTIAL_CREATION_ERROR \
+  "Failed to create Google credentials"
 /* -- Default credentials. -- */
@@ -57,7 +59,6 @@ using grpc_core::Json;
  * means the detection is done via network test that is unreliable and the
  * unreliable result should not be referred by successive calls. */
 static int g_metadata_server_available = 0;
-static int g_is_on_gce = 0;
 static gpr_mu g_state_mu;
 /* Protect a metadata_server_detector instance that can be modified by more than
  * one gRPC threads */
@@ -89,7 +90,7 @@ grpc_google_default_channel_credentials::create_security_connector(
   bool use_alts =
       is_grpclb_load_balancer || is_backend_from_grpclb_load_balancer;
   /* Return failure if ALTS is selected but not running on GCE. */
-  if (use_alts && !g_is_on_gce) {
+  if (use_alts && alts_creds_ == nullptr) {
     gpr_log(GPR_ERROR, "ALTS is selected, but not running on GCE.");
     return nullptr;
   }
@@ -273,59 +274,78 @@ end:
   return error;
 }
-grpc_channel_credentials* grpc_google_default_credentials_create() {
-  grpc_channel_credentials* result = nullptr;
-  grpc_core::RefCountedPtr<grpc_call_credentials> call_creds;
-  grpc_error* error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
-      "Failed to create Google credentials");
-  grpc_error* err;
-  grpc_core::ExecCtx exec_ctx;
+static void update_tenancy() {
+  gpr_once_init(&g_once, init_default_credentials);
+  grpc_core::MutexLock lock(&g_state_mu);
-  GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ());
+  /* Try a platform-provided hint for GCE. */
+  if (!g_metadata_server_available) {
+    g_metadata_server_available = g_gce_tenancy_checker();
+  }
+  /* TODO: Add a platform-provided hint for GAE. */
-  gpr_once_init(&g_once, init_default_credentials);
+  /* Do a network test for metadata server. */
+  if (!g_metadata_server_available) {
+    g_metadata_server_available = is_metadata_server_reachable();
+  }
+}
+static bool metadata_server_available() {
+  grpc_core::MutexLock lock(&g_state_mu);
+  return static_cast<bool>(g_metadata_server_available);
+}
+static grpc_core::RefCountedPtr<grpc_call_credentials> make_default_call_creds(
+    grpc_error** error) {
+  grpc_core::RefCountedPtr<grpc_call_credentials> call_creds;
+  grpc_error* err;
   /* First, try the environment variable. */
   char* path_from_env = gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR);
   if (path_from_env != nullptr) {
     err = create_default_creds_from_path(path_from_env, &call_creds);
     gpr_free(path_from_env);
-    if (err == GRPC_ERROR_NONE) goto end;
-    error = grpc_error_add_child(error, err);
+    if (err == GRPC_ERROR_NONE) return call_creds;
+    *error = grpc_error_add_child(*error, err);
   }
   /* Then the well-known file. */
   err = create_default_creds_from_path(
       grpc_get_well_known_google_credentials_file_path(), &call_creds);
-  if (err == GRPC_ERROR_NONE) goto end;
-  error = grpc_error_add_child(error, err);
+  if (err == GRPC_ERROR_NONE) return call_creds;
+  *error = grpc_error_add_child(*error, err);
-  gpr_mu_lock(&g_state_mu);
+  update_tenancy();
-  /* Try a platform-provided hint for GCE. */
-  if (!g_metadata_server_available) {
-    g_is_on_gce = g_gce_tenancy_checker();
-    g_metadata_server_available = g_is_on_gce;
-  }
-  /* TODO: Add a platform-provided hint for GAE. */
-  /* Do a network test for metadata server. */
-  if (!g_metadata_server_available) {
-    g_metadata_server_available = is_metadata_server_reachable();
-  }
-  gpr_mu_unlock(&g_state_mu);
-  if (g_metadata_server_available) {
+  if (metadata_server_available()) {
     call_creds = grpc_core::RefCountedPtr<grpc_call_credentials>(
         grpc_google_compute_engine_credentials_create(nullptr));
     if (call_creds == nullptr) {
-      error = grpc_error_add_child(
-          error, GRPC_ERROR_CREATE_FROM_STATIC_STRING(
-                     "Failed to get credentials from network"));
+      *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+          GRPC_GOOGLE_CREDENTIAL_CREATION_ERROR);
+      *error = grpc_error_add_child(
+          *error, GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+                      "Failed to get credentials from network"));
     }
   }
-end:
+  return call_creds;
+}
+grpc_channel_credentials* grpc_google_default_credentials_create(
+    grpc_call_credentials* call_credentials) {
+  grpc_channel_credentials* result = nullptr;
+  grpc_core::RefCountedPtr<grpc_call_credentials> call_creds(call_credentials);
+  grpc_error* error = nullptr;
+  grpc_core::ExecCtx exec_ctx;
+  GRPC_API_TRACE("grpc_google_default_credentials_create(%p)", 1,
+                 (call_credentials));
+  if (call_creds == nullptr) {
+    call_creds = make_default_call_creds(&error);
+  }
   if (call_creds != nullptr) {
     /* Create google default credentials. */
     grpc_channel_credentials* ssl_creds =
@@ -338,10 +358,8 @@ end:
     grpc_alts_credentials_options_destroy(options);
     auto creds =
         grpc_core::MakeRefCounted<grpc_google_default_channel_credentials>(
-            alts_creds != nullptr ? alts_creds->Ref() : nullptr,
-            ssl_creds != nullptr ? ssl_creds->Ref() : nullptr);
-    if (ssl_creds) ssl_creds->Unref();
-    if (alts_creds) alts_creds->Unref();
+            grpc_core::RefCountedPtr<grpc_channel_credentials>(alts_creds),
+            grpc_core::RefCountedPtr<grpc_channel_credentials>(ssl_creds));
     result = grpc_composite_channel_credentials_create(
         creds.get(), call_creds.get(), nullptr);
     GPR_ASSERT(result != nullptr);

data/src/core/lib/security/security_connector/fake/fake_security_connector.cc CHANGED

@@ -29,8 +29,8 @@
 #include <grpc/support/string_util.h>
 #include "src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h"
-#include "src/core/ext/filters/client_channel/xds/xds_channel_args.h"
 #include "src/core/ext/transport/chttp2/alpn/alpn.h"
+#include "src/core/ext/xds/xds_channel_args.h"
 #include "src/core/lib/channel/channel_args.h"
 #include "src/core/lib/channel/handshaker.h"
 #include "src/core/lib/gpr/string.h"
@@ -40,7 +40,6 @@
 #include "src/core/lib/security/credentials/credentials.h"
 #include "src/core/lib/security/credentials/fake/fake_credentials.h"
 #include "src/core/lib/security/transport/security_handshaker.h"
-#include "src/core/lib/security/transport/target_authority_table.h"
 #include "src/core/tsi/fake_transport_security.h"
 namespace {

data/src/core/lib/security/transport/secure_endpoint.cc CHANGED

@@ -401,11 +401,16 @@ static void endpoint_delete_from_pollset_set(grpc_endpoint* secure_ep,
   grpc_endpoint_delete_from_pollset_set(ep->wrapped_ep, pollset_set);
 }
-static char* endpoint_get_peer(grpc_endpoint* secure_ep) {
+static absl::string_view endpoint_get_peer(grpc_endpoint* secure_ep) {
   secure_endpoint* ep = reinterpret_cast<secure_endpoint*>(secure_ep);
   return grpc_endpoint_get_peer(ep->wrapped_ep);
 }
+static absl::string_view endpoint_get_local_address(grpc_endpoint* secure_ep) {
+  secure_endpoint* ep = reinterpret_cast<secure_endpoint*>(secure_ep);
+  return grpc_endpoint_get_local_address(ep->wrapped_ep);
+}
 static int endpoint_get_fd(grpc_endpoint* secure_ep) {
   secure_endpoint* ep = reinterpret_cast<secure_endpoint*>(secure_ep);
   return grpc_endpoint_get_fd(ep->wrapped_ep);
@@ -431,6 +436,7 @@ static const grpc_endpoint_vtable vtable = {endpoint_read,
                                             endpoint_destroy,
                                             endpoint_get_resource_user,
                                             endpoint_get_peer,
+                                            endpoint_get_local_address,
                                             endpoint_get_fd,
                                             endpoint_can_track_err};