grpc 1.33.0.pre1 → 1.34.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +342 -134
- data/include/grpc/grpc.h +1 -2
- data/include/grpc/grpc_security.h +149 -172
- data/include/grpc/impl/codegen/grpc_types.h +9 -2
- data/include/grpc/impl/codegen/port_platform.h +22 -55
- data/src/core/ext/filters/client_channel/client_channel.cc +11 -34
- data/src/core/ext/filters/client_channel/config_selector.h +2 -3
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +4 -1
- data/src/core/ext/filters/client_channel/health/health_check_client.h +2 -2
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.cc +5 -1
- data/src/core/ext/filters/client_channel/lb_policy.h +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +80 -71
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +3 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +47 -17
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +8 -5
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +16 -243
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +53 -17
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +809 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +20 -25
- data/src/core/ext/filters/client_channel/resolver.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver.h +4 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +20 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +66 -7
- data/src/core/ext/filters/client_channel/resolver_registry.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +13 -25
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +1 -1
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +2 -2
- data/src/core/ext/filters/client_channel/retry_throttle.h +1 -1
- data/src/core/ext/filters/client_channel/server_address.h +0 -4
- data/src/core/ext/filters/client_channel/service_config.cc +3 -1
- data/src/core/ext/filters/client_channel/service_config.h +1 -1
- data/src/core/ext/filters/client_channel/subchannel.cc +18 -15
- data/src/core/ext/filters/client_channel/subchannel.h +2 -2
- data/src/core/ext/filters/client_channel/subchannel_interface.h +7 -15
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +6 -2
- data/src/core/ext/filters/deadline/deadline_filter.cc +83 -77
- data/src/core/ext/filters/deadline/deadline_filter.h +7 -11
- data/src/core/ext/filters/http/client/http_client_filter.cc +1 -1
- data/src/core/ext/filters/http/server/http_server_filter.cc +3 -3
- data/src/core/ext/filters/max_age/max_age_filter.cc +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +17 -3
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +4 -24
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -2
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +12 -8
- data/src/core/ext/transport/chttp2/transport/internal.h +0 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/writing.cc +1 -2
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +38 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +41 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +254 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +105 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +558 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +145 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +133 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +127 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +266 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +125 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +143 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +263 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +233 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +228 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +80 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +110 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +113 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +146 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +190 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +185 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +97 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +915 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +280 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +71 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +511 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +48 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +166 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +105 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +249 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +152 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +83 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +82 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +83 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +86 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +74 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +73 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +81 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +92 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +95 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +34 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +47 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +61 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +38 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +386 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +165 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +39 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +37 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +65 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +39 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +75 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +70 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +33 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +43 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +68 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +307 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +145 -0
- data/src/core/ext/xds/certificate_provider_factory.h +7 -5
- data/src/core/ext/xds/certificate_provider_store.cc +84 -0
- data/src/core/ext/xds/certificate_provider_store.h +65 -8
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +119 -0
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +72 -0
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +28 -140
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +6 -4
- data/src/core/ext/xds/xds_api.cc +241 -718
- data/src/core/ext/xds/xds_api.h +50 -9
- data/src/core/ext/xds/xds_bootstrap.cc +172 -25
- data/src/core/ext/xds/xds_bootstrap.h +23 -7
- data/src/core/ext/xds/xds_certificate_provider.cc +240 -0
- data/src/core/ext/xds/xds_certificate_provider.h +74 -0
- data/src/core/ext/xds/xds_client.cc +161 -128
- data/src/core/ext/xds/xds_client.h +12 -11
- data/src/core/ext/xds/xds_client_stats.cc +41 -4
- data/src/core/ext/xds/xds_client_stats.h +2 -2
- data/src/core/lib/channel/channel_args.cc +2 -1
- data/src/core/lib/channel/channel_trace.cc +4 -2
- data/src/core/lib/channel/channelz.h +2 -2
- data/src/core/lib/channel/handshaker.h +2 -2
- data/src/core/lib/compression/compression.cc +8 -4
- data/src/core/lib/compression/compression_internal.cc +10 -5
- data/src/core/lib/compression/compression_internal.h +2 -1
- data/src/core/lib/compression/stream_compression_identity.cc +1 -3
- data/src/core/lib/debug/stats_data.cc +1 -0
- data/src/core/lib/gpr/cpu_iphone.cc +10 -2
- data/src/core/lib/gpr/log_linux.cc +17 -3
- data/src/core/lib/gpr/log_posix.cc +13 -1
- data/src/core/lib/gpr/log_windows.cc +16 -4
- data/src/core/lib/gpr/murmur_hash.cc +1 -1
- data/src/core/lib/gpr/string.cc +1 -1
- data/src/core/lib/gpr/time_precise.cc +3 -2
- data/src/core/lib/gpr/tls.h +4 -0
- data/src/core/lib/gpr/tls_msvc.h +2 -0
- data/src/core/lib/gpr/tls_stdcpp.h +48 -0
- data/src/core/lib/gpr/useful.h +5 -4
- data/src/core/lib/gprpp/dual_ref_counted.h +44 -49
- data/src/core/lib/gprpp/examine_stack.cc +43 -0
- data/src/core/lib/gprpp/examine_stack.h +46 -0
- data/src/core/lib/gprpp/fork.cc +2 -2
- data/src/core/lib/gprpp/manual_constructor.h +1 -1
- data/src/core/lib/gprpp/orphanable.h +4 -8
- data/src/core/lib/gprpp/ref_counted.h +40 -46
- data/src/core/lib/gprpp/ref_counted_ptr.h +9 -11
- data/src/core/lib/{security/authorization/mock_cel/statusor.h → gprpp/stat.h} +13 -25
- data/src/core/lib/gprpp/stat_posix.cc +49 -0
- data/src/core/lib/gprpp/stat_windows.cc +48 -0
- data/src/core/lib/gprpp/thd.h +2 -2
- data/src/core/lib/gprpp/thd_posix.cc +36 -36
- data/src/core/lib/http/parser.cc +46 -25
- data/src/core/lib/iomgr/error.cc +2 -1
- data/src/core/lib/iomgr/ev_epollex_linux.cc +8 -4
- data/src/core/lib/iomgr/exec_ctx.cc +1 -1
- data/src/core/lib/iomgr/executor/mpmcqueue.h +5 -5
- data/src/core/lib/iomgr/executor/threadpool.h +3 -3
- data/src/core/lib/iomgr/parse_address.cc +84 -6
- data/src/core/lib/iomgr/parse_address.h +20 -0
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +2 -1
- data/src/core/lib/iomgr/python_util.h +3 -3
- data/src/core/lib/iomgr/resolve_address_posix.cc +1 -5
- data/src/core/lib/iomgr/tcp_posix.cc +3 -2
- data/src/core/lib/iomgr/timer_custom.cc +2 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +27 -15
- data/src/core/lib/iomgr/unix_sockets_posix.h +5 -0
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +7 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -2
- data/src/core/lib/json/json.h +2 -2
- data/src/core/lib/json/json_reader.cc +8 -4
- data/src/core/lib/json/json_util.h +167 -0
- data/src/core/lib/json/json_writer.cc +2 -1
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +3 -1
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +5 -4
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +4 -0
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +6 -6
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +10 -9
- data/src/core/lib/security/context/security_context.h +3 -1
- data/src/core/lib/security/credentials/credentials.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +3 -3
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +208 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.h +73 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +311 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.h +118 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +136 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +49 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +211 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +59 -0
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +51 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +5 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +4 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +35 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +12 -8
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +78 -0
- data/src/core/lib/security/{certificate_provider.h → credentials/tls/grpc_tls_certificate_provider.h} +32 -18
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +77 -149
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +58 -187
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -12
- data/src/core/lib/security/credentials/tls/tls_credentials.h +2 -2
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +88 -0
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +70 -0
- data/src/core/lib/security/security_connector/load_system_roots.h +4 -0
- data/src/core/lib/security/security_connector/load_system_roots_linux.h +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.h +4 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +4 -2
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +293 -275
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +106 -61
- data/src/core/lib/security/transport/security_handshaker.cc +1 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +2 -1
- data/src/core/lib/security/util/json_util.h +1 -0
- data/src/core/lib/slice/slice.cc +7 -4
- data/src/core/lib/slice/slice_buffer.cc +2 -1
- data/src/core/lib/slice/slice_intern.cc +2 -2
- data/src/core/lib/surface/call.cc +9 -8
- data/src/core/lib/surface/completion_queue.cc +7 -6
- data/src/core/lib/surface/server.cc +4 -2
- data/src/core/lib/surface/server.h +2 -2
- data/src/core/lib/surface/validate_metadata.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/authority_override.h +2 -0
- data/src/core/lib/transport/bdp_estimator.cc +1 -1
- data/src/core/lib/transport/byte_stream.h +3 -3
- data/src/core/lib/transport/connectivity_state.h +3 -3
- data/src/core/lib/transport/metadata.h +2 -2
- data/src/core/lib/transport/timeout_encoding.cc +4 -4
- data/src/core/lib/transport/transport.cc +5 -3
- data/src/core/lib/transport/transport.h +1 -1
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +4 -3
- data/src/core/tsi/fake_transport_security.cc +1 -0
- data/src/core/tsi/local_transport_security.cc +5 -1
- data/src/core/tsi/local_transport_security.h +6 -7
- data/src/core/tsi/ssl/session_cache/ssl_session.h +3 -0
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -1
- data/src/core/tsi/ssl_transport_security.cc +14 -7
- data/src/core/tsi/ssl_transport_security.h +3 -0
- data/src/core/tsi/transport_security.cc +4 -2
- data/src/ruby/ext/grpc/extconf.rb +1 -1
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +22 -14
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +36 -24
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/algorithm/container.h +59 -22
- data/third_party/abseil-cpp/absl/base/attributes.h +99 -38
- data/third_party/abseil-cpp/absl/base/call_once.h +1 -1
- data/third_party/abseil-cpp/absl/base/casts.h +9 -6
- data/third_party/abseil-cpp/absl/base/config.h +60 -17
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +428 -335
- data/third_party/abseil-cpp/absl/base/internal/bits.h +17 -16
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +5 -0
- data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +398 -0
- data/third_party/abseil-cpp/absl/base/internal/invoke.h +4 -4
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +29 -1
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +7 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +25 -38
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +19 -25
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +8 -0
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +28 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +8 -0
- data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +3 -1
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +2 -2
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -3
- data/third_party/abseil-cpp/absl/base/macros.h +36 -109
- data/third_party/abseil-cpp/absl/base/optimization.h +61 -1
- data/third_party/abseil-cpp/absl/base/options.h +31 -4
- data/third_party/abseil-cpp/absl/base/policy_checks.h +1 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +94 -39
- data/third_party/abseil-cpp/absl/container/fixed_array.h +42 -25
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +2 -1
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +33 -36
- data/third_party/abseil-cpp/absl/container/internal/common.h +6 -2
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +33 -8
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +49 -29
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +15 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +24 -7
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +35 -11
- data/third_party/abseil-cpp/absl/container/internal/have_sse.h +10 -9
- data/third_party/abseil-cpp/absl/container/internal/layout.h +7 -5
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +55 -34
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +5 -4
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +66 -16
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +4 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +13 -4
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +43 -24
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +12 -3
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +10 -2
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +22 -1
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +0 -21
- data/third_party/abseil-cpp/absl/debugging/symbolize.cc +12 -1
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +101 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +100 -20
- data/third_party/abseil-cpp/absl/functional/bind_front.h +184 -0
- data/third_party/abseil-cpp/absl/functional/function_ref.h +1 -1
- data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +95 -0
- data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +2 -2
- data/third_party/abseil-cpp/absl/hash/hash.h +6 -5
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +73 -65
- data/third_party/abseil-cpp/absl/memory/memory.h +4 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +2 -8
- data/third_party/abseil-cpp/absl/numeric/int128.cc +13 -27
- data/third_party/abseil-cpp/absl/numeric/int128.h +16 -15
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +51 -0
- data/third_party/abseil-cpp/absl/status/status.cc +4 -6
- data/third_party/abseil-cpp/absl/status/status.h +502 -113
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +5 -10
- data/third_party/abseil-cpp/absl/strings/charconv.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/cord.cc +91 -112
- data/third_party/abseil-cpp/absl/strings/cord.h +360 -205
- data/third_party/abseil-cpp/absl/strings/escaping.cc +9 -9
- data/third_party/abseil-cpp/absl/strings/internal/char_map.h +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +45 -23
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +222 -136
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +136 -64
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +14 -21
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +7 -14
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +31 -7
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +147 -135
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +999 -87
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +3 -3
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +4 -12
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +8 -6
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +13 -11
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -2
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/str_cat.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_format.h +289 -13
- data/third_party/abseil-cpp/absl/strings/str_split.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/str_split.h +1 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +26 -19
- data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/substitute.h +32 -29
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +3 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +3 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +28 -28
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +4 -16
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +1 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +8 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -2
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +75 -64
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +15 -6
- data/third_party/abseil-cpp/absl/time/civil_time.cc +9 -9
- data/third_party/abseil-cpp/absl/time/clock.cc +3 -3
- data/third_party/abseil-cpp/absl/time/duration.cc +90 -59
- data/third_party/abseil-cpp/absl/time/format.cc +43 -36
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +26 -16
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +4 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +136 -29
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +13 -21
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +136 -129
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +4 -5
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +8 -7
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +6 -6
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +2 -1
- data/third_party/abseil-cpp/absl/time/time.h +15 -16
- data/third_party/abseil-cpp/absl/types/internal/variant.h +4 -4
- data/third_party/abseil-cpp/absl/types/optional.h +9 -9
- data/third_party/abseil-cpp/absl/types/span.h +49 -36
- data/third_party/abseil-cpp/absl/utility/utility.h +2 -2
- data/third_party/address_sorting/include/address_sorting/address_sorting.h +2 -0
- data/third_party/boringssl-with-bazel/err_data.c +340 -336
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +173 -35
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +46 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +8 -2
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +90 -63
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +60 -60
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +179 -47
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +766 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +14 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +24 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +7 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/des.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +202 -134
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +55 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +31 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +435 -394
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +18 -5
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +35 -0
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +36 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +42 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +67 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +11 -14
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +216 -11
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +53 -11
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +133 -39
- data/third_party/upb/upb/def.c +2169 -0
- data/third_party/upb/upb/def.h +330 -0
- data/third_party/upb/upb/def.hpp +525 -0
- data/third_party/upb/upb/reflection.c +391 -0
- data/third_party/upb/upb/reflection.h +168 -0
- data/third_party/upb/upb/text_encode.c +398 -0
- data/third_party/upb/upb/text_encode.h +35 -0
- metadata +227 -37
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds_drop.cc +0 -571
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +0 -129
|
@@ -21,11 +21,12 @@
|
|
|
21
21
|
#include <set>
|
|
22
22
|
#include <vector>
|
|
23
23
|
|
|
24
|
+
#include "absl/status/statusor.h"
|
|
25
|
+
|
|
24
26
|
#include "google/api/expr/v1alpha1/syntax.upb.h"
|
|
25
27
|
#include "src/core/lib/security/authorization/mock_cel/activation.h"
|
|
26
28
|
#include "src/core/lib/security/authorization/mock_cel/cel_expression.h"
|
|
27
29
|
#include "src/core/lib/security/authorization/mock_cel/cel_value.h"
|
|
28
|
-
#include "src/core/lib/security/authorization/mock_cel/statusor.h"
|
|
29
30
|
|
|
30
31
|
namespace grpc_core {
|
|
31
32
|
namespace mock_cel {
|
|
@@ -33,13 +34,11 @@ namespace mock_cel {
|
|
|
33
34
|
// This is a temporary stub implementation of CEL APIs.
|
|
34
35
|
// Once gRPC imports the CEL library, this file will be removed.
|
|
35
36
|
|
|
36
|
-
class
|
|
37
|
+
class ExecutionPath {
|
|
37
38
|
public:
|
|
38
|
-
|
|
39
|
+
ExecutionPath() = default;
|
|
39
40
|
};
|
|
40
41
|
|
|
41
|
-
using ExecutionPath = std::vector<std::unique_ptr<const ExpressionStep>>;
|
|
42
|
-
|
|
43
42
|
// Implementation of the CelExpression that utilizes flattening
|
|
44
43
|
// of the expression tree.
|
|
45
44
|
class CelExpressionFlatImpl : public CelExpression {
|
|
@@ -56,7 +55,8 @@ class CelExpressionFlatImpl : public CelExpression {
|
|
|
56
55
|
bool enable_unknown_function_results = false) {}
|
|
57
56
|
|
|
58
57
|
// Implementation of CelExpression evaluate method.
|
|
59
|
-
StatusOr<CelValue> Evaluate(
|
|
58
|
+
absl::StatusOr<CelValue> Evaluate(
|
|
59
|
+
const BaseActivation& activation) const override {
|
|
60
60
|
return CelValue::CreateNull();
|
|
61
61
|
}
|
|
62
62
|
};
|
|
@@ -33,20 +33,21 @@ class FlatExprBuilder : public CelExpressionBuilder {
|
|
|
33
33
|
public:
|
|
34
34
|
FlatExprBuilder() = default;
|
|
35
35
|
|
|
36
|
-
|
|
37
|
-
const
|
|
38
|
-
const
|
|
39
|
-
const override {
|
|
36
|
+
absl::StatusOr<std::unique_ptr<CelExpression>> CreateExpression(
|
|
37
|
+
const google_api_expr_v1alpha1_Expr* expr,
|
|
38
|
+
const google_api_expr_v1alpha1_SourceInfo* source_info) const override {
|
|
40
39
|
ExecutionPath path;
|
|
41
|
-
return absl::make_unique<CelExpressionFlatImpl>(nullptr, path, 0
|
|
40
|
+
return absl::make_unique<CelExpressionFlatImpl>(nullptr, path, 0,
|
|
41
|
+
std::set<std::string>{});
|
|
42
42
|
}
|
|
43
43
|
|
|
44
|
-
|
|
45
|
-
const
|
|
46
|
-
const
|
|
44
|
+
absl::StatusOr<std::unique_ptr<CelExpression>> CreateExpression(
|
|
45
|
+
const google_api_expr_v1alpha1_Expr* expr,
|
|
46
|
+
const google_api_expr_v1alpha1_SourceInfo* source_info,
|
|
47
47
|
std::vector<absl::Status>* warnings) const override {
|
|
48
48
|
ExecutionPath path;
|
|
49
|
-
return absl::make_unique<CelExpressionFlatImpl>(nullptr, path, 0
|
|
49
|
+
return absl::make_unique<CelExpressionFlatImpl>(nullptr, path, 0,
|
|
50
|
+
std::set<std::string>{});
|
|
50
51
|
}
|
|
51
52
|
};
|
|
52
53
|
|
|
@@ -54,7 +54,9 @@ struct grpc_auth_context
|
|
|
54
54
|
grpc_core::RefCountedPtr<grpc_auth_context> chained)
|
|
55
55
|
: grpc_core::RefCounted<grpc_auth_context,
|
|
56
56
|
grpc_core::NonPolymorphicRefCount>(
|
|
57
|
-
|
|
57
|
+
GRPC_TRACE_FLAG_ENABLED(grpc_trace_auth_context_refcount)
|
|
58
|
+
? "auth_context_refcount"
|
|
59
|
+
: nullptr),
|
|
58
60
|
chained_(std::move(chained)) {
|
|
59
61
|
if (chained_ != nullptr) {
|
|
60
62
|
peer_identity_property_name_ = chained_->peer_identity_property_name_;
|
|
@@ -74,7 +74,7 @@ grpc_arg grpc_channel_credentials_to_arg(
|
|
|
74
74
|
|
|
75
75
|
grpc_channel_credentials* grpc_channel_credentials_from_arg(
|
|
76
76
|
const grpc_arg* arg) {
|
|
77
|
-
if (strcmp(arg->key, GRPC_ARG_CHANNEL_CREDENTIALS)) return nullptr;
|
|
77
|
+
if (strcmp(arg->key, GRPC_ARG_CHANNEL_CREDENTIALS) != 0) return nullptr;
|
|
78
78
|
if (arg->type != GRPC_ARG_POINTER) {
|
|
79
79
|
gpr_log(GPR_ERROR, "Invalid type %d for arg %s", arg->type,
|
|
80
80
|
GRPC_ARG_CHANNEL_CREDENTIALS);
|
|
@@ -102,7 +102,7 @@ struct grpc_channel_credentials
|
|
|
102
102
|
: grpc_core::RefCounted<grpc_channel_credentials> {
|
|
103
103
|
public:
|
|
104
104
|
explicit grpc_channel_credentials(const char* type) : type_(type) {}
|
|
105
|
-
|
|
105
|
+
~grpc_channel_credentials() override = default;
|
|
106
106
|
|
|
107
107
|
// Creates a security connector for the channel. May also create new channel
|
|
108
108
|
// args for the channel to be used in place of the passed in const args if
|
|
@@ -177,7 +177,7 @@ struct grpc_call_credentials
|
|
|
177
177
|
grpc_security_level min_security_level = GRPC_PRIVACY_AND_INTEGRITY)
|
|
178
178
|
: type_(type), min_security_level_(min_security_level) {}
|
|
179
179
|
|
|
180
|
-
|
|
180
|
+
~grpc_call_credentials() override = default;
|
|
181
181
|
|
|
182
182
|
// Returns true if completed synchronously, in which case \a error will
|
|
183
183
|
// be set to indicate the result. Otherwise, \a on_request_metadata will
|
|
@@ -225,7 +225,7 @@ struct grpc_server_credentials
|
|
|
225
225
|
public:
|
|
226
226
|
explicit grpc_server_credentials(const char* type) : type_(type) {}
|
|
227
227
|
|
|
228
|
-
|
|
228
|
+
~grpc_server_credentials() override { DestroyProcessor(); }
|
|
229
229
|
|
|
230
230
|
virtual grpc_core::RefCountedPtr<grpc_server_security_connector>
|
|
231
231
|
create_security_connector() = 0;
|
|
@@ -0,0 +1,208 @@
|
|
|
1
|
+
//
|
|
2
|
+
// Copyright 2020 gRPC authors.
|
|
3
|
+
//
|
|
4
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
|
+
// you may not use this file except in compliance with the License.
|
|
6
|
+
// You may obtain a copy of the License at
|
|
7
|
+
//
|
|
8
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
9
|
+
//
|
|
10
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
11
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
12
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
13
|
+
// See the License for the specific language governing permissions and
|
|
14
|
+
// limitations under the License.
|
|
15
|
+
//
|
|
16
|
+
#include <grpc/support/port_platform.h>
|
|
17
|
+
|
|
18
|
+
#include "src/core/lib/security/credentials/external/aws_request_signer.h"
|
|
19
|
+
|
|
20
|
+
#include "absl/strings/ascii.h"
|
|
21
|
+
#include "absl/strings/escaping.h"
|
|
22
|
+
#include "absl/strings/str_format.h"
|
|
23
|
+
#include "absl/strings/str_join.h"
|
|
24
|
+
#include "absl/strings/str_split.h"
|
|
25
|
+
#include "absl/time/clock.h"
|
|
26
|
+
#include "absl/time/time.h"
|
|
27
|
+
|
|
28
|
+
#include <openssl/hmac.h>
|
|
29
|
+
#include <openssl/sha.h>
|
|
30
|
+
|
|
31
|
+
namespace grpc_core {
|
|
32
|
+
|
|
33
|
+
namespace {
|
|
34
|
+
|
|
35
|
+
const char kAlgorithm[] = "AWS4-HMAC-SHA256";
|
|
36
|
+
const char kDateFormat[] = "%a, %d %b %E4Y %H:%M:%S %Z";
|
|
37
|
+
const char kXAmzDateFormat[] = "%Y%m%dT%H%M%SZ";
|
|
38
|
+
|
|
39
|
+
void SHA256(const std::string& str, unsigned char out[SHA256_DIGEST_LENGTH]) {
|
|
40
|
+
SHA256_CTX sha256;
|
|
41
|
+
SHA256_Init(&sha256);
|
|
42
|
+
SHA256_Update(&sha256, str.c_str(), str.size());
|
|
43
|
+
SHA256_Final(out, &sha256);
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
std::string SHA256Hex(const std::string& str) {
|
|
47
|
+
unsigned char hash[SHA256_DIGEST_LENGTH];
|
|
48
|
+
SHA256(str, hash);
|
|
49
|
+
std::string hash_str(reinterpret_cast<char const*>(hash),
|
|
50
|
+
SHA256_DIGEST_LENGTH);
|
|
51
|
+
return absl::BytesToHexString(hash_str);
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
std::string HMAC(const std::string& key, const std::string& msg) {
|
|
55
|
+
unsigned int len;
|
|
56
|
+
unsigned char digest[EVP_MAX_MD_SIZE];
|
|
57
|
+
HMAC(EVP_sha256(), key.c_str(), key.length(),
|
|
58
|
+
(const unsigned char*)msg.c_str(), msg.length(), digest, &len);
|
|
59
|
+
return std::string(digest, digest + len);
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
} // namespace
|
|
63
|
+
|
|
64
|
+
AwsRequestSigner::AwsRequestSigner(
|
|
65
|
+
std::string access_key_id, std::string secret_access_key, std::string token,
|
|
66
|
+
std::string method, std::string url, std::string region,
|
|
67
|
+
std::string request_payload,
|
|
68
|
+
std::map<std::string, std::string> additional_headers, grpc_error** error)
|
|
69
|
+
: access_key_id_(std::move(access_key_id)),
|
|
70
|
+
secret_access_key_(std::move(secret_access_key)),
|
|
71
|
+
token_(std::move(token)),
|
|
72
|
+
method_(std::move(method)),
|
|
73
|
+
region_(std::move(region)),
|
|
74
|
+
request_payload_(std::move(request_payload)),
|
|
75
|
+
additional_headers_(std::move(additional_headers)) {
|
|
76
|
+
auto amz_date_it = additional_headers_.find("x-amz-date");
|
|
77
|
+
auto date_it = additional_headers_.find("date");
|
|
78
|
+
if (amz_date_it != additional_headers_.end() &&
|
|
79
|
+
date_it != additional_headers_.end()) {
|
|
80
|
+
*error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
81
|
+
"Only one of {date, x-amz-date} can be specified, not both.");
|
|
82
|
+
return;
|
|
83
|
+
}
|
|
84
|
+
if (amz_date_it != additional_headers_.end()) {
|
|
85
|
+
static_request_date_ = amz_date_it->second;
|
|
86
|
+
} else if (date_it != additional_headers_.end()) {
|
|
87
|
+
absl::Time request_date;
|
|
88
|
+
std::string err_str;
|
|
89
|
+
if (!absl::ParseTime(kDateFormat, date_it->second, &request_date,
|
|
90
|
+
&err_str)) {
|
|
91
|
+
*error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(err_str.c_str());
|
|
92
|
+
return;
|
|
93
|
+
}
|
|
94
|
+
static_request_date_ =
|
|
95
|
+
absl::FormatTime(kXAmzDateFormat, request_date, absl::UTCTimeZone());
|
|
96
|
+
}
|
|
97
|
+
url_ = grpc_uri_parse(url, false);
|
|
98
|
+
if (url_ == nullptr) {
|
|
99
|
+
*error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("Invalid Aws request url.");
|
|
100
|
+
return;
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
|
|
104
|
+
AwsRequestSigner::~AwsRequestSigner() { grpc_uri_destroy(url_); }
|
|
105
|
+
|
|
106
|
+
std::map<std::string, std::string> AwsRequestSigner::GetSignedRequestHeaders() {
|
|
107
|
+
std::string request_date_full;
|
|
108
|
+
if (!static_request_date_.empty()) {
|
|
109
|
+
if (!request_headers_.empty()) {
|
|
110
|
+
return request_headers_;
|
|
111
|
+
}
|
|
112
|
+
request_date_full = static_request_date_;
|
|
113
|
+
} else {
|
|
114
|
+
absl::Time request_date = absl::Now();
|
|
115
|
+
request_date_full =
|
|
116
|
+
absl::FormatTime(kXAmzDateFormat, request_date, absl::UTCTimeZone());
|
|
117
|
+
}
|
|
118
|
+
std::string request_date_short = request_date_full.substr(0, 8);
|
|
119
|
+
// TASK 1: Create a canonical request for Signature Version 4
|
|
120
|
+
// https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
|
|
121
|
+
std::vector<absl::string_view> canonical_request_vector;
|
|
122
|
+
// 1. HTTPRequestMethod
|
|
123
|
+
canonical_request_vector.emplace_back(method_);
|
|
124
|
+
canonical_request_vector.emplace_back("\n");
|
|
125
|
+
// 2. CanonicalURI
|
|
126
|
+
|
|
127
|
+
canonical_request_vector.emplace_back(*url_->path == '\0' ? "/" : url_->path);
|
|
128
|
+
canonical_request_vector.emplace_back("\n");
|
|
129
|
+
// 3. CanonicalQueryString
|
|
130
|
+
canonical_request_vector.emplace_back(url_->query);
|
|
131
|
+
canonical_request_vector.emplace_back("\n");
|
|
132
|
+
// 4. CanonicalHeaders
|
|
133
|
+
if (request_headers_.empty()) {
|
|
134
|
+
request_headers_.insert({"host", url_->authority});
|
|
135
|
+
if (!token_.empty()) {
|
|
136
|
+
request_headers_.insert({"x-amz-security-token", token_});
|
|
137
|
+
}
|
|
138
|
+
for (const auto& header : additional_headers_) {
|
|
139
|
+
request_headers_.insert(
|
|
140
|
+
{absl::AsciiStrToLower(header.first), header.second});
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
if (additional_headers_.find("date") == additional_headers_.end()) {
|
|
144
|
+
request_headers_["x-amz-date"] = request_date_full;
|
|
145
|
+
}
|
|
146
|
+
std::vector<absl::string_view> canonical_headers_vector;
|
|
147
|
+
for (const auto& header : request_headers_) {
|
|
148
|
+
canonical_headers_vector.emplace_back(header.first);
|
|
149
|
+
canonical_headers_vector.emplace_back(":");
|
|
150
|
+
canonical_headers_vector.emplace_back(header.second);
|
|
151
|
+
canonical_headers_vector.emplace_back("\n");
|
|
152
|
+
}
|
|
153
|
+
std::string canonical_headers = absl::StrJoin(canonical_headers_vector, "");
|
|
154
|
+
canonical_request_vector.emplace_back(canonical_headers);
|
|
155
|
+
canonical_request_vector.emplace_back("\n");
|
|
156
|
+
// 5. SignedHeaders
|
|
157
|
+
std::vector<absl::string_view> signed_headers_vector;
|
|
158
|
+
for (const auto& header : request_headers_) {
|
|
159
|
+
signed_headers_vector.emplace_back(header.first);
|
|
160
|
+
}
|
|
161
|
+
std::string signed_headers = absl::StrJoin(signed_headers_vector, ";");
|
|
162
|
+
canonical_request_vector.emplace_back(signed_headers);
|
|
163
|
+
canonical_request_vector.emplace_back("\n");
|
|
164
|
+
// 6. RequestPayload
|
|
165
|
+
std::string hashed_request_payload = SHA256Hex(request_payload_);
|
|
166
|
+
canonical_request_vector.emplace_back(hashed_request_payload);
|
|
167
|
+
std::string canonical_request = absl::StrJoin(canonical_request_vector, "");
|
|
168
|
+
// TASK 2: Create a string to sign for Signature Version 4
|
|
169
|
+
// https://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html
|
|
170
|
+
std::vector<absl::string_view> string_to_sign_vector;
|
|
171
|
+
// 1. Algorithm
|
|
172
|
+
string_to_sign_vector.emplace_back("AWS4-HMAC-SHA256");
|
|
173
|
+
string_to_sign_vector.emplace_back("\n");
|
|
174
|
+
// 2. RequestDateTime
|
|
175
|
+
string_to_sign_vector.emplace_back(request_date_full);
|
|
176
|
+
string_to_sign_vector.emplace_back("\n");
|
|
177
|
+
// 3. CredentialScope
|
|
178
|
+
std::pair<absl::string_view, absl::string_view> host_parts =
|
|
179
|
+
absl::StrSplit(url_->authority, absl::MaxSplits('.', 1));
|
|
180
|
+
std::string service_name(host_parts.first);
|
|
181
|
+
std::string credential_scope = absl::StrFormat(
|
|
182
|
+
"%s/%s/%s/aws4_request", request_date_short, region_, service_name);
|
|
183
|
+
string_to_sign_vector.emplace_back(credential_scope);
|
|
184
|
+
string_to_sign_vector.emplace_back("\n");
|
|
185
|
+
// 4. HashedCanonicalRequest
|
|
186
|
+
std::string hashed_canonical_request = SHA256Hex(canonical_request);
|
|
187
|
+
string_to_sign_vector.emplace_back(hashed_canonical_request);
|
|
188
|
+
std::string string_to_sign = absl::StrJoin(string_to_sign_vector, "");
|
|
189
|
+
// TASK 3: Task 3: Calculate the signature for AWS Signature Version 4
|
|
190
|
+
// https://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html
|
|
191
|
+
// 1. Derive your signing key.
|
|
192
|
+
std::string date = HMAC("AWS4" + secret_access_key_, request_date_short);
|
|
193
|
+
std::string region = HMAC(date, region_);
|
|
194
|
+
std::string service = HMAC(region, service_name);
|
|
195
|
+
std::string signing = HMAC(service, "aws4_request");
|
|
196
|
+
// 2. Calculate the signature.
|
|
197
|
+
std::string signature_str = HMAC(signing, string_to_sign);
|
|
198
|
+
std::string signature = absl::BytesToHexString(signature_str);
|
|
199
|
+
// TASK 4: Add the signature to the HTTP request
|
|
200
|
+
// https://docs.aws.amazon.com/general/latest/gr/sigv4-add-signature-to-request.html
|
|
201
|
+
std::string authorization_header = absl::StrFormat(
|
|
202
|
+
"%s Credential=%s/%s, SignedHeaders=%s, Signature=%s", kAlgorithm,
|
|
203
|
+
access_key_id_, credential_scope, signed_headers, signature);
|
|
204
|
+
request_headers_["Authorization"] = authorization_header;
|
|
205
|
+
return request_headers_;
|
|
206
|
+
}
|
|
207
|
+
|
|
208
|
+
} // namespace grpc_core
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
//
|
|
2
|
+
// Copyright 2020 gRPC authors.
|
|
3
|
+
//
|
|
4
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
|
+
// you may not use this file except in compliance with the License.
|
|
6
|
+
// You may obtain a copy of the License at
|
|
7
|
+
//
|
|
8
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
9
|
+
//
|
|
10
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
11
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
12
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
13
|
+
// See the License for the specific language governing permissions and
|
|
14
|
+
// limitations under the License.
|
|
15
|
+
//
|
|
16
|
+
|
|
17
|
+
#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_AWS_REQUEST_SIGNER_H
|
|
18
|
+
#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_AWS_REQUEST_SIGNER_H
|
|
19
|
+
|
|
20
|
+
#include <grpc/support/port_platform.h>
|
|
21
|
+
|
|
22
|
+
#include <map>
|
|
23
|
+
#include <string>
|
|
24
|
+
|
|
25
|
+
#include "src/core/lib/iomgr/error.h"
|
|
26
|
+
#include "src/core/lib/uri/uri_parser.h"
|
|
27
|
+
|
|
28
|
+
namespace grpc_core {
|
|
29
|
+
|
|
30
|
+
// Implements an AWS API request signer based on the AWS Signature Version 4
|
|
31
|
+
// signing process.
|
|
32
|
+
// https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
|
|
33
|
+
// To retrieve the subject token in AwsExternalAccountCredentials, we need to
|
|
34
|
+
// sign an AWS request server and use the signed request as the subject token.
|
|
35
|
+
// This class is a utility to sign an AWS request.
|
|
36
|
+
class AwsRequestSigner {
|
|
37
|
+
public:
|
|
38
|
+
// Construct a signer with the necessary information to sign a request.
|
|
39
|
+
// `access_key_id`, `secret_access_key` and `token` are the AWS credentials
|
|
40
|
+
// required for signing. `method` and `url` are the HTTP method and url of the
|
|
41
|
+
// request. `region` is the region of the AWS environment. `request_payload`
|
|
42
|
+
// is the payload of the HTTP request. `additional_headers` are additional
|
|
43
|
+
// headers to be inject into the request.
|
|
44
|
+
AwsRequestSigner(std::string access_key_id, std::string secret_access_key,
|
|
45
|
+
std::string token, std::string method, std::string url,
|
|
46
|
+
std::string region, std::string request_payload,
|
|
47
|
+
std::map<std::string, std::string> additional_headers,
|
|
48
|
+
grpc_error** error);
|
|
49
|
+
~AwsRequestSigner();
|
|
50
|
+
|
|
51
|
+
// This method triggers the signing process then returns the headers of the
|
|
52
|
+
// signed request as a map. In case there is an error, the input `error`
|
|
53
|
+
// parameter will be updated and an empty map will be returned if there is
|
|
54
|
+
// error.
|
|
55
|
+
std::map<std::string, std::string> GetSignedRequestHeaders();
|
|
56
|
+
|
|
57
|
+
private:
|
|
58
|
+
std::string access_key_id_;
|
|
59
|
+
std::string secret_access_key_;
|
|
60
|
+
std::string token_;
|
|
61
|
+
std::string method_;
|
|
62
|
+
grpc_uri* url_ = nullptr;
|
|
63
|
+
std::string region_;
|
|
64
|
+
std::string request_payload_;
|
|
65
|
+
std::map<std::string, std::string> additional_headers_;
|
|
66
|
+
|
|
67
|
+
std::string static_request_date_;
|
|
68
|
+
std::map<std::string, std::string> request_headers_;
|
|
69
|
+
};
|
|
70
|
+
|
|
71
|
+
} // namespace grpc_core
|
|
72
|
+
|
|
73
|
+
#endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_AWS_REQUEST_SIGNER_H
|
|
@@ -0,0 +1,311 @@
|
|
|
1
|
+
//
|
|
2
|
+
// Copyright 2020 gRPC authors.
|
|
3
|
+
//
|
|
4
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
|
+
// you may not use this file except in compliance with the License.
|
|
6
|
+
// You may obtain a copy of the License at
|
|
7
|
+
//
|
|
8
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
9
|
+
//
|
|
10
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
11
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
12
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
13
|
+
// See the License for the specific language governing permissions and
|
|
14
|
+
// limitations under the License.
|
|
15
|
+
//
|
|
16
|
+
#include <grpc/support/port_platform.h>
|
|
17
|
+
|
|
18
|
+
#include "src/core/lib/security/credentials/external/external_account_credentials.h"
|
|
19
|
+
|
|
20
|
+
#include "absl/strings/str_format.h"
|
|
21
|
+
#include "absl/strings/str_join.h"
|
|
22
|
+
#include "absl/time/clock.h"
|
|
23
|
+
#include "absl/time/time.h"
|
|
24
|
+
|
|
25
|
+
#include "src/core/lib/http/parser.h"
|
|
26
|
+
#include "src/core/lib/security/util/json_util.h"
|
|
27
|
+
#include "src/core/lib/slice/b64.h"
|
|
28
|
+
|
|
29
|
+
#define EXTERNAL_ACCOUNT_CREDENTIALS_GRANT_TYPE \
|
|
30
|
+
"urn:ietf:params:oauth:grant-type:token-exchange"
|
|
31
|
+
#define EXTERNAL_ACCOUNT_CREDENTIALS_REQUESTED_TOKEN_TYPE \
|
|
32
|
+
"urn:ietf:params:oauth:token-type:access_token"
|
|
33
|
+
#define GOOGLE_CLOUD_PLATFORM_DEFAULT_SCOPE \
|
|
34
|
+
"https://www.googleapis.com/auth/cloud-platform"
|
|
35
|
+
|
|
36
|
+
namespace grpc_core {
|
|
37
|
+
|
|
38
|
+
ExternalAccountCredentials::ExternalAccountCredentials(
|
|
39
|
+
ExternalAccountCredentialsOptions options, std::vector<std::string> scopes)
|
|
40
|
+
: options_(std::move(options)) {
|
|
41
|
+
if (scopes.empty()) {
|
|
42
|
+
scopes.push_back(GOOGLE_CLOUD_PLATFORM_DEFAULT_SCOPE);
|
|
43
|
+
}
|
|
44
|
+
scopes_ = std::move(scopes);
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
ExternalAccountCredentials::~ExternalAccountCredentials() {}
|
|
48
|
+
|
|
49
|
+
std::string ExternalAccountCredentials::debug_string() {
|
|
50
|
+
return absl::StrFormat("ExternalAccountCredentials{Audience:%s,%s}",
|
|
51
|
+
options_.audience,
|
|
52
|
+
grpc_oauth2_token_fetcher_credentials::debug_string());
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
// The token fetching flow:
|
|
56
|
+
// 1. Retrieve subject token - Subclass's RetrieveSubjectToken() gets called
|
|
57
|
+
// and the subject token is received in OnRetrieveSubjectTokenInternal().
|
|
58
|
+
// 2. Exchange token - ExchangeToken() gets called with the
|
|
59
|
+
// subject token from #1. Receive the response in OnExchangeTokenInternal().
|
|
60
|
+
// 3. (Optional) Impersonate service account - ImpersenateServiceAccount() gets
|
|
61
|
+
// called with the access token of the response from #2. Get an impersonated
|
|
62
|
+
// access token in OnImpersenateServiceAccountInternal().
|
|
63
|
+
// 4. Finish token fetch - Return back the response that contains an access
|
|
64
|
+
// token in FinishTokenFetch().
|
|
65
|
+
// TODO(chuanr): Avoid starting the remaining requests if the channel gets shut
|
|
66
|
+
// down.
|
|
67
|
+
void ExternalAccountCredentials::fetch_oauth2(
|
|
68
|
+
grpc_credentials_metadata_request* metadata_req,
|
|
69
|
+
grpc_httpcli_context* httpcli_context, grpc_polling_entity* pollent,
|
|
70
|
+
grpc_iomgr_cb_func response_cb, grpc_millis deadline) {
|
|
71
|
+
GPR_ASSERT(ctx_ == nullptr);
|
|
72
|
+
ctx_ = new HTTPRequestContext(httpcli_context, pollent, deadline);
|
|
73
|
+
metadata_req_ = metadata_req;
|
|
74
|
+
response_cb_ = response_cb;
|
|
75
|
+
auto cb = [this](std::string token, grpc_error* error) {
|
|
76
|
+
OnRetrieveSubjectTokenInternal(token, error);
|
|
77
|
+
};
|
|
78
|
+
RetrieveSubjectToken(ctx_, options_, cb);
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
void ExternalAccountCredentials::OnRetrieveSubjectTokenInternal(
|
|
82
|
+
absl::string_view subject_token, grpc_error* error) {
|
|
83
|
+
if (error != GRPC_ERROR_NONE) {
|
|
84
|
+
FinishTokenFetch(error);
|
|
85
|
+
} else {
|
|
86
|
+
ExchangeToken(subject_token);
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
void ExternalAccountCredentials::ExchangeToken(
|
|
91
|
+
absl::string_view subject_token) {
|
|
92
|
+
grpc_uri* uri = grpc_uri_parse(options_.token_url, false);
|
|
93
|
+
if (uri == nullptr) {
|
|
94
|
+
FinishTokenFetch(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
|
95
|
+
absl::StrFormat("Invalid token url: %s.", options_.token_url).c_str()));
|
|
96
|
+
return;
|
|
97
|
+
}
|
|
98
|
+
grpc_httpcli_request request;
|
|
99
|
+
memset(&request, 0, sizeof(grpc_httpcli_request));
|
|
100
|
+
request.host = const_cast<char*>(uri->authority);
|
|
101
|
+
request.http.path = gpr_strdup(uri->path);
|
|
102
|
+
grpc_http_header* headers = nullptr;
|
|
103
|
+
if (!options_.client_id.empty() && !options_.client_secret.empty()) {
|
|
104
|
+
request.http.hdr_count = 2;
|
|
105
|
+
headers = static_cast<grpc_http_header*>(
|
|
106
|
+
gpr_malloc(sizeof(grpc_http_header) * request.http.hdr_count));
|
|
107
|
+
headers[0].key = gpr_strdup("Content-Type");
|
|
108
|
+
headers[0].value = gpr_strdup("application/x-www-form-urlencoded");
|
|
109
|
+
std::string raw_cred =
|
|
110
|
+
absl::StrFormat("%s:%s", options_.client_id, options_.client_secret);
|
|
111
|
+
char* encoded_cred =
|
|
112
|
+
grpc_base64_encode(raw_cred.c_str(), raw_cred.length(), 0, 0);
|
|
113
|
+
std::string str = absl::StrFormat("Basic %s", std::string(encoded_cred));
|
|
114
|
+
headers[1].key = gpr_strdup("Authorization");
|
|
115
|
+
headers[1].value = gpr_strdup(str.c_str());
|
|
116
|
+
gpr_free(encoded_cred);
|
|
117
|
+
} else {
|
|
118
|
+
request.http.hdr_count = 1;
|
|
119
|
+
headers = static_cast<grpc_http_header*>(
|
|
120
|
+
gpr_malloc(sizeof(grpc_http_header) * request.http.hdr_count));
|
|
121
|
+
headers[0].key = gpr_strdup("Content-Type");
|
|
122
|
+
headers[0].value = gpr_strdup("application/x-www-form-urlencoded");
|
|
123
|
+
}
|
|
124
|
+
request.http.hdrs = headers;
|
|
125
|
+
request.handshaker = (strcmp(uri->scheme, "https") == 0)
|
|
126
|
+
? &grpc_httpcli_ssl
|
|
127
|
+
: &grpc_httpcli_plaintext;
|
|
128
|
+
std::vector<std::string> body_parts;
|
|
129
|
+
body_parts.push_back(absl::StrFormat("%s=%s", "audience", options_.audience));
|
|
130
|
+
body_parts.push_back(absl::StrFormat(
|
|
131
|
+
"%s=%s", "grant_type", EXTERNAL_ACCOUNT_CREDENTIALS_GRANT_TYPE));
|
|
132
|
+
body_parts.push_back(
|
|
133
|
+
absl::StrFormat("%s=%s", "requested_token_type",
|
|
134
|
+
EXTERNAL_ACCOUNT_CREDENTIALS_REQUESTED_TOKEN_TYPE));
|
|
135
|
+
body_parts.push_back(absl::StrFormat("%s=%s", "subject_token_type",
|
|
136
|
+
options_.subject_token_type));
|
|
137
|
+
body_parts.push_back(
|
|
138
|
+
absl::StrFormat("%s=%s", "subject_token", subject_token));
|
|
139
|
+
std::string scope = GOOGLE_CLOUD_PLATFORM_DEFAULT_SCOPE;
|
|
140
|
+
if (options_.service_account_impersonation_url.empty()) {
|
|
141
|
+
scope = absl::StrJoin(scopes_, " ");
|
|
142
|
+
}
|
|
143
|
+
body_parts.push_back(absl::StrFormat("%s=%s", "scope", scope));
|
|
144
|
+
std::string body = absl::StrJoin(body_parts, "&");
|
|
145
|
+
grpc_resource_quota* resource_quota =
|
|
146
|
+
grpc_resource_quota_create("external_account_credentials");
|
|
147
|
+
grpc_http_response_destroy(&ctx_->response);
|
|
148
|
+
ctx_->response = {};
|
|
149
|
+
GRPC_CLOSURE_INIT(&ctx_->closure, OnExchangeToken, this, nullptr);
|
|
150
|
+
grpc_httpcli_post(ctx_->httpcli_context, ctx_->pollent, resource_quota,
|
|
151
|
+
&request, body.c_str(), body.size(), ctx_->deadline,
|
|
152
|
+
&ctx_->closure, &ctx_->response);
|
|
153
|
+
grpc_resource_quota_unref_internal(resource_quota);
|
|
154
|
+
grpc_http_request_destroy(&request.http);
|
|
155
|
+
grpc_uri_destroy(uri);
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
void ExternalAccountCredentials::OnExchangeToken(void* arg, grpc_error* error) {
|
|
159
|
+
ExternalAccountCredentials* self =
|
|
160
|
+
static_cast<ExternalAccountCredentials*>(arg);
|
|
161
|
+
self->OnExchangeTokenInternal(GRPC_ERROR_REF(error));
|
|
162
|
+
}
|
|
163
|
+
|
|
164
|
+
void ExternalAccountCredentials::OnExchangeTokenInternal(grpc_error* error) {
|
|
165
|
+
if (error != GRPC_ERROR_NONE) {
|
|
166
|
+
FinishTokenFetch(error);
|
|
167
|
+
} else {
|
|
168
|
+
if (options_.service_account_impersonation_url.empty()) {
|
|
169
|
+
metadata_req_->response = ctx_->response;
|
|
170
|
+
metadata_req_->response.body = gpr_strdup(ctx_->response.body);
|
|
171
|
+
FinishTokenFetch(GRPC_ERROR_NONE);
|
|
172
|
+
} else {
|
|
173
|
+
ImpersenateServiceAccount();
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
|
|
178
|
+
void ExternalAccountCredentials::ImpersenateServiceAccount() {
|
|
179
|
+
grpc_error* error = GRPC_ERROR_NONE;
|
|
180
|
+
absl::string_view response_body(ctx_->response.body,
|
|
181
|
+
ctx_->response.body_length);
|
|
182
|
+
Json json = Json::Parse(response_body, &error);
|
|
183
|
+
if (error != GRPC_ERROR_NONE || json.type() != Json::Type::OBJECT) {
|
|
184
|
+
FinishTokenFetch(GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING(
|
|
185
|
+
"Invalid token exchange response.", &error, 1));
|
|
186
|
+
GRPC_ERROR_UNREF(error);
|
|
187
|
+
return;
|
|
188
|
+
}
|
|
189
|
+
auto it = json.object_value().find("access_token");
|
|
190
|
+
if (it == json.object_value().end() ||
|
|
191
|
+
it->second.type() != Json::Type::STRING) {
|
|
192
|
+
FinishTokenFetch(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
|
193
|
+
absl::StrFormat("Missing or invalid access_token in %s.", response_body)
|
|
194
|
+
.c_str()));
|
|
195
|
+
return;
|
|
196
|
+
}
|
|
197
|
+
std::string access_token = it->second.string_value();
|
|
198
|
+
grpc_uri* uri =
|
|
199
|
+
grpc_uri_parse(options_.service_account_impersonation_url, false);
|
|
200
|
+
if (uri == nullptr) {
|
|
201
|
+
FinishTokenFetch(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
|
202
|
+
absl::StrFormat("Invalid service account impersonation url: %s.",
|
|
203
|
+
options_.service_account_impersonation_url)
|
|
204
|
+
.c_str()));
|
|
205
|
+
return;
|
|
206
|
+
}
|
|
207
|
+
grpc_httpcli_request request;
|
|
208
|
+
memset(&request, 0, sizeof(grpc_httpcli_request));
|
|
209
|
+
request.host = const_cast<char*>(uri->authority);
|
|
210
|
+
request.http.path = gpr_strdup(uri->path);
|
|
211
|
+
request.http.hdr_count = 2;
|
|
212
|
+
grpc_http_header* headers = static_cast<grpc_http_header*>(
|
|
213
|
+
gpr_malloc(sizeof(grpc_http_header) * request.http.hdr_count));
|
|
214
|
+
headers[0].key = gpr_strdup("Content-Type");
|
|
215
|
+
headers[0].value = gpr_strdup("application/x-www-form-urlencoded");
|
|
216
|
+
std::string str = absl::StrFormat("Bearer %s", access_token);
|
|
217
|
+
headers[1].key = gpr_strdup("Authorization");
|
|
218
|
+
headers[1].value = gpr_strdup(str.c_str());
|
|
219
|
+
request.http.hdrs = headers;
|
|
220
|
+
request.handshaker = (strcmp(uri->scheme, "https") == 0)
|
|
221
|
+
? &grpc_httpcli_ssl
|
|
222
|
+
: &grpc_httpcli_plaintext;
|
|
223
|
+
std::string scope = absl::StrJoin(scopes_, " ");
|
|
224
|
+
std::string body = absl::StrFormat("%s=%s", "scope", scope);
|
|
225
|
+
grpc_resource_quota* resource_quota =
|
|
226
|
+
grpc_resource_quota_create("external_account_credentials");
|
|
227
|
+
grpc_http_response_destroy(&ctx_->response);
|
|
228
|
+
ctx_->response = {};
|
|
229
|
+
GRPC_CLOSURE_INIT(&ctx_->closure, OnImpersenateServiceAccount, this, nullptr);
|
|
230
|
+
grpc_httpcli_post(ctx_->httpcli_context, ctx_->pollent, resource_quota,
|
|
231
|
+
&request, body.c_str(), body.size(), ctx_->deadline,
|
|
232
|
+
&ctx_->closure, &ctx_->response);
|
|
233
|
+
grpc_resource_quota_unref_internal(resource_quota);
|
|
234
|
+
grpc_http_request_destroy(&request.http);
|
|
235
|
+
grpc_uri_destroy(uri);
|
|
236
|
+
}
|
|
237
|
+
|
|
238
|
+
void ExternalAccountCredentials::OnImpersenateServiceAccount(
|
|
239
|
+
void* arg, grpc_error* error) {
|
|
240
|
+
ExternalAccountCredentials* self =
|
|
241
|
+
static_cast<ExternalAccountCredentials*>(arg);
|
|
242
|
+
self->OnImpersenateServiceAccountInternal(GRPC_ERROR_REF(error));
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
void ExternalAccountCredentials::OnImpersenateServiceAccountInternal(
|
|
246
|
+
grpc_error* error) {
|
|
247
|
+
if (error != GRPC_ERROR_NONE) {
|
|
248
|
+
FinishTokenFetch(error);
|
|
249
|
+
return;
|
|
250
|
+
}
|
|
251
|
+
absl::string_view response_body(ctx_->response.body,
|
|
252
|
+
ctx_->response.body_length);
|
|
253
|
+
Json json = Json::Parse(response_body, &error);
|
|
254
|
+
if (error != GRPC_ERROR_NONE || json.type() != Json::Type::OBJECT) {
|
|
255
|
+
FinishTokenFetch(GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING(
|
|
256
|
+
"Invalid service account impersonation response.", &error, 1));
|
|
257
|
+
GRPC_ERROR_UNREF(error);
|
|
258
|
+
return;
|
|
259
|
+
}
|
|
260
|
+
auto it = json.object_value().find("accessToken");
|
|
261
|
+
if (it == json.object_value().end() ||
|
|
262
|
+
it->second.type() != Json::Type::STRING) {
|
|
263
|
+
FinishTokenFetch(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
|
264
|
+
absl::StrFormat("Missing or invalid accessToken in %s.", response_body)
|
|
265
|
+
.c_str()));
|
|
266
|
+
return;
|
|
267
|
+
}
|
|
268
|
+
std::string access_token = it->second.string_value();
|
|
269
|
+
it = json.object_value().find("expireTime");
|
|
270
|
+
if (it == json.object_value().end() ||
|
|
271
|
+
it->second.type() != Json::Type::STRING) {
|
|
272
|
+
FinishTokenFetch(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
|
273
|
+
absl::StrFormat("Missing or invalid expireTime in %s.", response_body)
|
|
274
|
+
.c_str()));
|
|
275
|
+
return;
|
|
276
|
+
}
|
|
277
|
+
std::string expire_time = it->second.string_value();
|
|
278
|
+
absl::Time t;
|
|
279
|
+
if (!absl::ParseTime(absl::RFC3339_full, expire_time, &t, nullptr)) {
|
|
280
|
+
FinishTokenFetch(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
281
|
+
"Invalid expire time of service account impersonation response."));
|
|
282
|
+
return;
|
|
283
|
+
}
|
|
284
|
+
int expire_in = (t - absl::Now()) / absl::Seconds(1);
|
|
285
|
+
std::string body = absl::StrFormat(
|
|
286
|
+
"{\"access_token\":\"%s\",\"expires_in\":%d,\"token_type\":\"Bearer\"}",
|
|
287
|
+
access_token, expire_in);
|
|
288
|
+
metadata_req_->response = ctx_->response;
|
|
289
|
+
metadata_req_->response.body = gpr_strdup(body.c_str());
|
|
290
|
+
metadata_req_->response.body_length = body.length();
|
|
291
|
+
FinishTokenFetch(GRPC_ERROR_NONE);
|
|
292
|
+
}
|
|
293
|
+
|
|
294
|
+
void ExternalAccountCredentials::FinishTokenFetch(grpc_error* error) {
|
|
295
|
+
GRPC_LOG_IF_ERROR("Fetch external account credentials access token",
|
|
296
|
+
GRPC_ERROR_REF(error));
|
|
297
|
+
// Move object state into local variables.
|
|
298
|
+
auto* cb = response_cb_;
|
|
299
|
+
response_cb_ = nullptr;
|
|
300
|
+
auto* metadata_req = metadata_req_;
|
|
301
|
+
metadata_req_ = nullptr;
|
|
302
|
+
auto* ctx = ctx_;
|
|
303
|
+
ctx_ = nullptr;
|
|
304
|
+
// Invoke the callback.
|
|
305
|
+
cb(metadata_req, error);
|
|
306
|
+
// Delete context.
|
|
307
|
+
delete ctx;
|
|
308
|
+
GRPC_ERROR_UNREF(error);
|
|
309
|
+
}
|
|
310
|
+
|
|
311
|
+
} // namespace grpc_core
|