grpc 1.34.0 → 1.35.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +808 -2787
- data/etc/roots.pem +257 -573
- data/include/grpc/compression.h +1 -1
- data/include/grpc/grpc.h +14 -0
- data/include/grpc/grpc_security.h +61 -3
- data/include/grpc/impl/codegen/atm_windows.h +4 -0
- data/include/grpc/impl/codegen/byte_buffer.h +1 -1
- data/include/grpc/impl/codegen/grpc_types.h +1 -1
- data/include/grpc/impl/codegen/log.h +0 -2
- data/include/grpc/impl/codegen/sync_windows.h +4 -0
- data/include/grpc/slice_buffer.h +3 -3
- data/include/grpc/support/sync.h +3 -3
- data/include/grpc/support/time.h +7 -7
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +2734 -1498
- data/src/core/ext/filters/client_channel/client_channel.h +0 -4
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
- data/src/core/ext/filters/client_channel/config_selector.h +4 -0
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +186 -0
- data/src/core/ext/filters/client_channel/dynamic_filters.h +99 -0
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +6 -6
- data/src/core/ext/filters/client_channel/health/health_check_client.h +2 -2
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +4 -5
- data/src/core/ext/filters/client_channel/http_proxy.cc +21 -20
- data/src/core/ext/filters/client_channel/lb_policy.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.h +2 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +32 -30
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +162 -20
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +0 -8
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +24 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +5 -2
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +1262 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +7 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -32
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +454 -16
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -0
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +6 -9
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +18 -31
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +3 -5
- data/src/core/ext/filters/client_channel/resolver_factory.h +6 -6
- data/src/core/ext/filters/client_channel/resolver_registry.cc +40 -39
- data/src/core/ext/filters/client_channel/resolver_registry.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +11 -13
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +8 -8
- data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -3
- data/src/core/ext/filters/client_channel/retry_throttle.h +3 -1
- data/src/core/ext/filters/client_channel/service_config_call_data.h +19 -1
- data/src/core/ext/filters/client_channel/subchannel.cc +34 -50
- data/src/core/ext/filters/client_channel/subchannel.h +12 -18
- data/src/core/ext/filters/deadline/deadline_filter.cc +4 -2
- data/src/core/ext/filters/http/client_authority_filter.cc +6 -6
- data/src/core/ext/filters/http/http_filters_plugin.cc +6 -3
- data/src/core/ext/filters/message_size/message_size_filter.cc +1 -1
- data/src/core/ext/filters/workarounds/workaround_utils.cc +1 -1
- data/src/core/ext/transport/chttp2/client/authority.cc +3 -3
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +20 -8
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +21 -10
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +26 -14
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +178 -86
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +12 -5
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +6 -6
- data/src/core/ext/transport/chttp2/transport/writing.cc +1 -1
- data/src/core/ext/transport/inproc/inproc_transport.cc +42 -8
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +27 -27
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +139 -40
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +13 -13
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +44 -17
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +111 -111
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +424 -241
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +13 -5
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +22 -22
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +47 -21
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +21 -21
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +88 -39
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +15 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +44 -44
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +200 -78
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +17 -17
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +72 -35
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +27 -11
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +30 -30
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +136 -49
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +39 -39
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +157 -89
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +17 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +47 -47
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +163 -78
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +9 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +13 -13
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +59 -36
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +16 -16
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +61 -29
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +26 -26
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +101 -66
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +11 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +28 -28
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +23 -23
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +106 -54
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +13 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +16 -16
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +81 -35
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +38 -22
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +203 -203
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +845 -495
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +26 -6
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +17 -3
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +87 -87
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +343 -204
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +20 -20
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +85 -46
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +33 -11
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +32 -32
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +118 -67
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +29 -29
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +120 -82
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +31 -16
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +25 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +29 -8
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +16 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +19 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +46 -3
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +41 -8
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +19 -0
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +7 -0
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +1 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +34 -34
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +149 -72
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +34 -34
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +142 -59
- data/src/core/ext/upb-generated/google/api/http.upb.c +3 -3
- data/src/core/ext/upb-generated/google/api/http.upb.h +25 -6
- data/src/core/ext/upb-generated/google/protobuf/any.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +90 -90
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +455 -292
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +22 -3
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +9 -9
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +55 -0
- data/src/core/ext/upb-generated/google/rpc/status.upb.c +1 -1
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +10 -3
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +11 -3
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +41 -41
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +149 -76
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +5 -5
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +21 -6
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +2 -2
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +13 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +17 -17
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +82 -25
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +19 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +1 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +2 -2
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +9 -2
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.c +1 -1
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +5 -5
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +21 -7
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +2 -2
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +4 -4
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +17 -8
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +7 -7
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +31 -18
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +5 -5
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +19 -11
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +7 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +64 -64
- data/src/core/ext/upb-generated/validate/validate.upb.h +296 -157
- data/src/core/ext/xds/certificate_provider_store.cc +10 -7
- data/src/core/ext/xds/certificate_provider_store.h +12 -7
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +25 -0
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +1 -4
- data/src/core/ext/xds/xds_api.cc +220 -31
- data/src/core/ext/xds/xds_api.h +41 -10
- data/src/core/ext/xds/xds_bootstrap.h +0 -1
- data/src/core/ext/xds/xds_certificate_provider.cc +61 -2
- data/src/core/ext/xds/xds_certificate_provider.h +40 -2
- data/src/core/ext/xds/xds_client.cc +31 -29
- data/src/core/ext/xds/xds_client.h +6 -1
- data/src/core/ext/xds/xds_client_stats.cc +2 -2
- data/src/core/ext/xds/xds_server_config_fetcher.cc +131 -0
- data/src/core/lib/channel/channel_args.cc +8 -8
- data/src/core/lib/channel/channel_trace.h +1 -1
- data/src/core/lib/channel/channelz.cc +13 -14
- data/src/core/lib/channel/channelz.h +0 -1
- data/src/core/lib/channel/channelz_registry.h +0 -1
- data/src/core/lib/channel/handshaker.cc +2 -2
- data/src/core/lib/compression/compression_args.cc +3 -2
- data/src/core/lib/debug/stats.h +2 -2
- data/src/core/lib/debug/stats_data.h +13 -13
- data/src/core/lib/gpr/alloc.cc +3 -2
- data/src/core/lib/gpr/log.cc +53 -16
- data/src/core/lib/gpr/log_linux.cc +3 -1
- data/src/core/lib/gpr/log_posix.cc +3 -1
- data/src/core/lib/gpr/log_windows.cc +3 -1
- data/src/core/lib/gpr/spinlock.h +10 -2
- data/src/core/lib/gpr/string.cc +22 -21
- data/src/core/lib/gpr/string.h +5 -6
- data/src/core/lib/gpr/sync.cc +4 -4
- data/src/core/lib/gpr/time.cc +12 -12
- data/src/core/lib/gprpp/arena.h +3 -2
- data/src/core/lib/gprpp/ref_counted.h +2 -2
- data/src/core/lib/gprpp/ref_counted_ptr.h +9 -1
- data/src/core/lib/gprpp/thd_posix.cc +6 -1
- data/src/core/lib/gprpp/thd_windows.cc +3 -1
- data/src/core/lib/http/httpcli.cc +1 -1
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +1 -1
- data/src/core/lib/http/parser.cc +1 -2
- data/src/core/lib/iomgr/call_combiner.cc +8 -5
- data/src/core/lib/iomgr/combiner.cc +2 -1
- data/src/core/lib/iomgr/endpoint.h +1 -1
- data/src/core/lib/iomgr/error.cc +15 -11
- data/src/core/lib/iomgr/error_internal.h +1 -1
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -13
- data/src/core/lib/iomgr/ev_epollex_linux.cc +17 -13
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -7
- data/src/core/lib/iomgr/exec_ctx.h +6 -4
- data/src/core/lib/iomgr/executor.cc +2 -1
- data/src/core/lib/iomgr/executor.h +1 -1
- data/src/core/lib/iomgr/executor/threadpool.h +1 -1
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/load_file.h +1 -1
- data/src/core/lib/iomgr/lockfree_event.cc +19 -14
- data/src/core/lib/iomgr/lockfree_event.h +2 -2
- data/src/core/lib/iomgr/parse_address.cc +52 -46
- data/src/core/lib/iomgr/parse_address.h +13 -9
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +1 -1
- data/src/core/lib/iomgr/pollset_set_custom.cc +1 -1
- data/src/core/lib/iomgr/python_util.h +1 -1
- data/src/core/lib/iomgr/resolve_address.cc +4 -4
- data/src/core/lib/iomgr/resource_quota.cc +4 -4
- data/src/core/lib/iomgr/sockaddr_utils.cc +10 -10
- data/src/core/lib/iomgr/sockaddr_utils.h +1 -1
- data/src/core/lib/iomgr/socket_factory_posix.cc +3 -2
- data/src/core/lib/iomgr/socket_mutator.cc +3 -2
- data/src/core/lib/iomgr/tcp_client.cc +3 -3
- data/src/core/lib/iomgr/tcp_client_custom.cc +7 -6
- data/src/core/lib/iomgr/tcp_custom.cc +22 -17
- data/src/core/lib/iomgr/tcp_posix.cc +9 -6
- data/src/core/lib/iomgr/tcp_server_custom.cc +28 -22
- data/src/core/lib/iomgr/timer_custom.cc +3 -3
- data/src/core/lib/iomgr/timer_generic.cc +3 -3
- data/src/core/lib/iomgr/timer_manager.cc +2 -2
- data/src/core/lib/iomgr/udp_server.cc +1 -2
- data/src/core/lib/iomgr/udp_server.h +1 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +17 -18
- data/src/core/lib/json/json.h +10 -0
- data/src/core/lib/security/authorization/evaluate_args.cc +5 -10
- data/src/core/lib/security/authorization/evaluate_args.h +1 -1
- data/src/core/lib/security/context/security_context.cc +4 -3
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/credentials.cc +6 -6
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +413 -0
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +80 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +15 -10
- data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -2
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +217 -31
- data/src/core/lib/security/credentials/external/external_account_credentials.h +7 -5
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -6
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +3 -4
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +20 -18
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +5 -6
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +18 -12
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +18 -5
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +3 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +37 -44
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -4
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +5 -5
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +1 -6
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +1 -6
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +326 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +64 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +0 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +1 -1
- data/src/core/lib/security/credentials/tls/tls_utils.cc +91 -0
- data/src/core/lib/security/credentials/tls/tls_utils.h +38 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +140 -10
- data/src/core/lib/security/credentials/xds/xds_credentials.h +27 -9
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +46 -13
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +23 -6
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/security_connector.cc +3 -2
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +12 -19
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +57 -12
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +2 -3
- data/src/core/lib/security/transport/secure_endpoint.cc +2 -2
- data/src/core/lib/security/transport/security_handshaker.cc +2 -2
- data/src/core/lib/slice/slice_intern.cc +4 -5
- data/src/core/lib/slice/slice_internal.h +2 -2
- data/src/core/lib/surface/call.cc +32 -24
- data/src/core/lib/surface/call_details.cc +8 -8
- data/src/core/lib/surface/channel.cc +16 -10
- data/src/core/lib/surface/channel.h +3 -2
- data/src/core/lib/surface/channel_init.cc +1 -1
- data/src/core/lib/surface/completion_queue.cc +23 -18
- data/src/core/lib/surface/completion_queue.h +16 -16
- data/src/core/lib/surface/init.cc +6 -5
- data/src/core/lib/surface/lame_client.cc +20 -46
- data/src/core/lib/surface/lame_client.h +4 -0
- data/src/core/lib/surface/server.cc +59 -15
- data/src/core/lib/surface/server.h +37 -5
- data/src/core/lib/surface/version.cc +1 -1
- data/src/core/lib/transport/authority_override.cc +6 -4
- data/src/core/lib/transport/authority_override.h +5 -2
- data/src/core/lib/transport/connectivity_state.h +6 -4
- data/src/core/lib/transport/error_utils.h +1 -1
- data/src/core/lib/transport/metadata_batch.h +4 -4
- data/src/core/lib/transport/static_metadata.cc +1 -1
- data/src/core/lib/transport/status_metadata.cc +4 -3
- data/src/core/lib/transport/transport.h +7 -7
- data/src/core/lib/uri/uri_parser.cc +131 -249
- data/src/core/lib/uri/uri_parser.h +57 -21
- data/src/core/plugin_registry/grpc_plugin_registry.cc +10 -4
- data/src/core/tsi/alts/crypt/gsec.cc +5 -4
- data/src/core/tsi/alts/frame_protector/frame_handler.cc +8 -6
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +23 -23
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +8 -6
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +4 -4
- data/src/core/tsi/fake_transport_security.cc +5 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +62 -49
- data/src/core/tsi/ssl_transport_security.h +6 -6
- data/src/core/tsi/transport_security.cc +6 -6
- data/src/core/tsi/transport_security_interface.h +1 -1
- data/src/ruby/ext/grpc/rb_event_thread.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +12 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +31 -13
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +28 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +18 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -6
- data/third_party/abseil-cpp/absl/container/flat_hash_map.h +606 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +197 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +399 -0
- data/third_party/abseil-cpp/absl/status/statusor.cc +71 -0
- data/third_party/abseil-cpp/absl/status/statusor.h +760 -0
- data/third_party/upb/third_party/wyhash/wyhash.h +145 -0
- data/third_party/upb/upb/decode.c +248 -167
- data/third_party/upb/upb/decode.h +20 -1
- data/third_party/upb/upb/decode.int.h +163 -0
- data/third_party/upb/upb/decode_fast.c +1040 -0
- data/third_party/upb/upb/decode_fast.h +126 -0
- data/third_party/upb/upb/def.c +525 -516
- data/third_party/upb/upb/def.h +16 -31
- data/third_party/upb/upb/def.hpp +37 -123
- data/third_party/upb/upb/encode.c +227 -169
- data/third_party/upb/upb/encode.h +27 -2
- data/third_party/upb/upb/json_decode.c +1443 -0
- data/third_party/upb/upb/json_decode.h +23 -0
- data/third_party/upb/upb/json_encode.c +713 -0
- data/third_party/upb/upb/json_encode.h +36 -0
- data/third_party/upb/upb/msg.c +167 -88
- data/third_party/upb/upb/msg.h +174 -34
- data/third_party/upb/upb/port_def.inc +74 -61
- data/third_party/upb/upb/port_undef.inc +3 -7
- data/third_party/upb/upb/reflection.c +36 -19
- data/third_party/upb/upb/table.c +34 -197
- data/third_party/upb/upb/table.int.h +14 -5
- data/third_party/upb/upb/text_encode.c +45 -22
- data/third_party/upb/upb/text_encode.h +4 -1
- data/third_party/upb/upb/upb.c +18 -41
- data/third_party/upb/upb/upb.h +36 -7
- data/third_party/upb/upb/upb.hpp +4 -4
- data/third_party/upb/upb/upb.int.h +29 -0
- metadata +60 -46
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +0 -909
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +0 -485
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +0 -68
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +0 -355
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +0 -138
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +0 -265
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +0 -104
- data/src/core/lib/gprpp/map.h +0 -53
- data/third_party/upb/upb/port.c +0 -26
data/src/core/ext/xds/xds_api.h
CHANGED
|
@@ -175,23 +175,40 @@ class XdsApi {
|
|
|
175
175
|
VirtualHost* FindVirtualHostForDomain(const std::string& domain);
|
|
176
176
|
};
|
|
177
177
|
|
|
178
|
-
|
|
178
|
+
class StringMatcher {
|
|
179
|
+
public:
|
|
179
180
|
enum class StringMatcherType {
|
|
180
|
-
EXACT, // value stored in
|
|
181
|
-
PREFIX, // value stored in
|
|
182
|
-
SUFFIX, // value stored in
|
|
183
|
-
SAFE_REGEX, //
|
|
184
|
-
CONTAINS, // value stored in
|
|
181
|
+
EXACT, // value stored in string_matcher_ field
|
|
182
|
+
PREFIX, // value stored in string_matcher_ field
|
|
183
|
+
SUFFIX, // value stored in string_matcher_ field
|
|
184
|
+
SAFE_REGEX, // pattern stored in regex_matcher_ field
|
|
185
|
+
CONTAINS, // value stored in string_matcher_ field
|
|
185
186
|
};
|
|
186
|
-
StringMatcherType type;
|
|
187
|
-
std::string string_matcher;
|
|
188
|
-
std::unique_ptr<RE2> regex_match;
|
|
189
|
-
bool ignore_case;
|
|
190
187
|
|
|
191
188
|
StringMatcher() = default;
|
|
192
189
|
StringMatcher(const StringMatcher& other);
|
|
190
|
+
StringMatcher(StringMatcherType type, const std::string& matcher,
|
|
191
|
+
bool ignore_case = false);
|
|
193
192
|
StringMatcher& operator=(const StringMatcher& other);
|
|
194
193
|
bool operator==(const StringMatcher& other) const;
|
|
194
|
+
|
|
195
|
+
bool Match(absl::string_view value) const;
|
|
196
|
+
|
|
197
|
+
std::string ToString() const;
|
|
198
|
+
|
|
199
|
+
StringMatcherType type() const { return type_; }
|
|
200
|
+
|
|
201
|
+
// Valid for EXACT, PREFIX, SUFFIX and CONTAINS
|
|
202
|
+
const std::string& string_matcher() const { return string_matcher_; }
|
|
203
|
+
|
|
204
|
+
// Valid for SAFE_REGEX
|
|
205
|
+
RE2* regex_matcher() const { return regex_matcher_.get(); }
|
|
206
|
+
|
|
207
|
+
private:
|
|
208
|
+
StringMatcherType type_ = StringMatcherType::EXACT;
|
|
209
|
+
std::string string_matcher_;
|
|
210
|
+
std::unique_ptr<RE2> regex_matcher_;
|
|
211
|
+
bool ignore_case_ = false;
|
|
195
212
|
};
|
|
196
213
|
|
|
197
214
|
struct CommonTlsContext {
|
|
@@ -201,6 +218,9 @@ class XdsApi {
|
|
|
201
218
|
bool operator==(const CertificateValidationContext& other) const {
|
|
202
219
|
return match_subject_alt_names == other.match_subject_alt_names;
|
|
203
220
|
}
|
|
221
|
+
|
|
222
|
+
std::string ToString() const;
|
|
223
|
+
bool Empty() const;
|
|
204
224
|
};
|
|
205
225
|
|
|
206
226
|
struct CertificateProviderInstance {
|
|
@@ -211,6 +231,9 @@ class XdsApi {
|
|
|
211
231
|
return instance_name == other.instance_name &&
|
|
212
232
|
certificate_name == other.certificate_name;
|
|
213
233
|
}
|
|
234
|
+
|
|
235
|
+
std::string ToString() const;
|
|
236
|
+
bool Empty() const;
|
|
214
237
|
};
|
|
215
238
|
|
|
216
239
|
struct CombinedCertificateValidationContext {
|
|
@@ -223,6 +246,9 @@ class XdsApi {
|
|
|
223
246
|
validation_context_certificate_provider_instance ==
|
|
224
247
|
other.validation_context_certificate_provider_instance;
|
|
225
248
|
}
|
|
249
|
+
|
|
250
|
+
std::string ToString() const;
|
|
251
|
+
bool Empty() const;
|
|
226
252
|
};
|
|
227
253
|
|
|
228
254
|
CertificateProviderInstance tls_certificate_certificate_provider_instance;
|
|
@@ -233,6 +259,9 @@ class XdsApi {
|
|
|
233
259
|
other.tls_certificate_certificate_provider_instance &&
|
|
234
260
|
combined_validation_context == other.combined_validation_context;
|
|
235
261
|
}
|
|
262
|
+
|
|
263
|
+
std::string ToString() const;
|
|
264
|
+
bool Empty() const;
|
|
236
265
|
};
|
|
237
266
|
|
|
238
267
|
// TODO(roth): When we can use absl::variant<>, consider using that
|
|
@@ -280,6 +309,8 @@ class XdsApi {
|
|
|
280
309
|
other.lrs_load_reporting_server_name &&
|
|
281
310
|
max_concurrent_requests == other.max_concurrent_requests;
|
|
282
311
|
}
|
|
312
|
+
|
|
313
|
+
std::string ToString() const;
|
|
283
314
|
};
|
|
284
315
|
|
|
285
316
|
using CdsUpdateMap = std::map<std::string /*cluster_name*/, CdsUpdate>;
|
|
@@ -29,7 +29,6 @@
|
|
|
29
29
|
#include <grpc/slice.h>
|
|
30
30
|
|
|
31
31
|
#include "src/core/ext/xds/certificate_provider_store.h"
|
|
32
|
-
#include "src/core/lib/gprpp/map.h"
|
|
33
32
|
#include "src/core/lib/gprpp/memory.h"
|
|
34
33
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
|
35
34
|
#include "src/core/lib/iomgr/error.h"
|
|
@@ -18,10 +18,12 @@
|
|
|
18
18
|
|
|
19
19
|
#include <grpc/support/port_platform.h>
|
|
20
20
|
|
|
21
|
+
#include "src/core/ext/xds/xds_certificate_provider.h"
|
|
22
|
+
|
|
21
23
|
#include "absl/functional/bind_front.h"
|
|
22
24
|
#include "absl/strings/str_cat.h"
|
|
23
25
|
|
|
24
|
-
#include "src/core/
|
|
26
|
+
#include "src/core/lib/gpr/useful.h"
|
|
25
27
|
|
|
26
28
|
namespace grpc_core {
|
|
27
29
|
|
|
@@ -100,20 +102,30 @@ XdsCertificateProvider::XdsCertificateProvider(
|
|
|
100
102
|
absl::string_view root_cert_name,
|
|
101
103
|
RefCountedPtr<grpc_tls_certificate_distributor> root_cert_distributor,
|
|
102
104
|
absl::string_view identity_cert_name,
|
|
103
|
-
RefCountedPtr<grpc_tls_certificate_distributor> identity_cert_distributor
|
|
105
|
+
RefCountedPtr<grpc_tls_certificate_distributor> identity_cert_distributor,
|
|
106
|
+
std::vector<XdsApi::StringMatcher> san_matchers)
|
|
104
107
|
: root_cert_name_(root_cert_name),
|
|
105
108
|
identity_cert_name_(identity_cert_name),
|
|
106
109
|
root_cert_distributor_(std::move(root_cert_distributor)),
|
|
107
110
|
identity_cert_distributor_(std::move(identity_cert_distributor)),
|
|
111
|
+
san_matchers_(std::move(san_matchers)),
|
|
108
112
|
distributor_(MakeRefCounted<grpc_tls_certificate_distributor>()) {
|
|
109
113
|
distributor_->SetWatchStatusCallback(
|
|
110
114
|
absl::bind_front(&XdsCertificateProvider::WatchStatusCallback, this));
|
|
111
115
|
}
|
|
112
116
|
|
|
117
|
+
XdsCertificateProvider::~XdsCertificateProvider() {
|
|
118
|
+
distributor_->SetWatchStatusCallback(nullptr);
|
|
119
|
+
}
|
|
120
|
+
|
|
113
121
|
void XdsCertificateProvider::UpdateRootCertNameAndDistributor(
|
|
114
122
|
absl::string_view root_cert_name,
|
|
115
123
|
RefCountedPtr<grpc_tls_certificate_distributor> root_cert_distributor) {
|
|
116
124
|
MutexLock lock(&mu_);
|
|
125
|
+
if (root_cert_name_ == root_cert_name &&
|
|
126
|
+
root_cert_distributor_ == root_cert_distributor) {
|
|
127
|
+
return;
|
|
128
|
+
}
|
|
117
129
|
root_cert_name_ = std::string(root_cert_name);
|
|
118
130
|
if (watching_root_certs_) {
|
|
119
131
|
// The root certificates are being watched. Swap out the watcher.
|
|
@@ -139,6 +151,10 @@ void XdsCertificateProvider::UpdateIdentityCertNameAndDistributor(
|
|
|
139
151
|
absl::string_view identity_cert_name,
|
|
140
152
|
RefCountedPtr<grpc_tls_certificate_distributor> identity_cert_distributor) {
|
|
141
153
|
MutexLock lock(&mu_);
|
|
154
|
+
if (identity_cert_name_ == identity_cert_name &&
|
|
155
|
+
identity_cert_distributor_ == identity_cert_distributor) {
|
|
156
|
+
return;
|
|
157
|
+
}
|
|
142
158
|
identity_cert_name_ = std::string(identity_cert_name);
|
|
143
159
|
if (watching_identity_certs_) {
|
|
144
160
|
// The identity certificates are being watched. Swap out the watcher.
|
|
@@ -160,6 +176,12 @@ void XdsCertificateProvider::UpdateIdentityCertNameAndDistributor(
|
|
|
160
176
|
identity_cert_distributor_ = std::move(identity_cert_distributor);
|
|
161
177
|
}
|
|
162
178
|
|
|
179
|
+
void XdsCertificateProvider::UpdateSubjectAlternativeNameMatchers(
|
|
180
|
+
std::vector<XdsApi::StringMatcher> matchers) {
|
|
181
|
+
MutexLock lock(&san_matchers_mu_);
|
|
182
|
+
san_matchers_ = std::move(matchers);
|
|
183
|
+
}
|
|
184
|
+
|
|
163
185
|
void XdsCertificateProvider::WatchStatusCallback(std::string cert_name,
|
|
164
186
|
bool root_being_watched,
|
|
165
187
|
bool identity_being_watched) {
|
|
@@ -237,4 +259,41 @@ void XdsCertificateProvider::UpdateIdentityCertWatcher(
|
|
|
237
259
|
std::move(watcher), absl::nullopt, identity_cert_name_);
|
|
238
260
|
}
|
|
239
261
|
|
|
262
|
+
namespace {
|
|
263
|
+
|
|
264
|
+
void* XdsCertificateProviderArgCopy(void* p) {
|
|
265
|
+
XdsCertificateProvider* xds_certificate_provider =
|
|
266
|
+
static_cast<XdsCertificateProvider*>(p);
|
|
267
|
+
return xds_certificate_provider->Ref().release();
|
|
268
|
+
}
|
|
269
|
+
|
|
270
|
+
void XdsCertificateProviderArgDestroy(void* p) {
|
|
271
|
+
XdsCertificateProvider* xds_certificate_provider =
|
|
272
|
+
static_cast<XdsCertificateProvider*>(p);
|
|
273
|
+
xds_certificate_provider->Unref();
|
|
274
|
+
}
|
|
275
|
+
|
|
276
|
+
int XdsCertificateProviderArgCmp(void* p, void* q) { return GPR_ICMP(p, q); }
|
|
277
|
+
|
|
278
|
+
const grpc_arg_pointer_vtable kChannelArgVtable = {
|
|
279
|
+
XdsCertificateProviderArgCopy, XdsCertificateProviderArgDestroy,
|
|
280
|
+
XdsCertificateProviderArgCmp};
|
|
281
|
+
|
|
282
|
+
} // namespace
|
|
283
|
+
|
|
284
|
+
grpc_arg XdsCertificateProvider::MakeChannelArg() const {
|
|
285
|
+
return grpc_channel_arg_pointer_create(
|
|
286
|
+
const_cast<char*>(GRPC_ARG_XDS_CERTIFICATE_PROVIDER),
|
|
287
|
+
const_cast<XdsCertificateProvider*>(this), &kChannelArgVtable);
|
|
288
|
+
}
|
|
289
|
+
|
|
290
|
+
RefCountedPtr<XdsCertificateProvider>
|
|
291
|
+
XdsCertificateProvider::GetFromChannelArgs(const grpc_channel_args* args) {
|
|
292
|
+
XdsCertificateProvider* xds_certificate_provider =
|
|
293
|
+
grpc_channel_args_find_pointer<XdsCertificateProvider>(
|
|
294
|
+
args, GRPC_ARG_XDS_CERTIFICATE_PROVIDER);
|
|
295
|
+
return xds_certificate_provider != nullptr ? xds_certificate_provider->Ref()
|
|
296
|
+
: nullptr;
|
|
297
|
+
}
|
|
298
|
+
|
|
240
299
|
} // namespace grpc_core
|
|
@@ -21,8 +21,12 @@
|
|
|
21
21
|
|
|
22
22
|
#include <grpc/support/port_platform.h>
|
|
23
23
|
|
|
24
|
+
#include "src/core/ext/xds/xds_api.h"
|
|
24
25
|
#include "src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h"
|
|
25
26
|
|
|
27
|
+
#define GRPC_ARG_XDS_CERTIFICATE_PROVIDER \
|
|
28
|
+
"grpc.internal.xds_certificate_provider"
|
|
29
|
+
|
|
26
30
|
namespace grpc_core {
|
|
27
31
|
|
|
28
32
|
class XdsCertificateProvider : public grpc_tls_certificate_provider {
|
|
@@ -31,8 +35,10 @@ class XdsCertificateProvider : public grpc_tls_certificate_provider {
|
|
|
31
35
|
absl::string_view root_cert_name,
|
|
32
36
|
RefCountedPtr<grpc_tls_certificate_distributor> root_cert_distributor,
|
|
33
37
|
absl::string_view identity_cert_name,
|
|
34
|
-
RefCountedPtr<grpc_tls_certificate_distributor>
|
|
35
|
-
|
|
38
|
+
RefCountedPtr<grpc_tls_certificate_distributor> identity_cert_distributor,
|
|
39
|
+
std::vector<XdsApi::StringMatcher> san_matchers);
|
|
40
|
+
|
|
41
|
+
~XdsCertificateProvider() override;
|
|
36
42
|
|
|
37
43
|
void UpdateRootCertNameAndDistributor(
|
|
38
44
|
absl::string_view root_cert_name,
|
|
@@ -41,12 +47,34 @@ class XdsCertificateProvider : public grpc_tls_certificate_provider {
|
|
|
41
47
|
absl::string_view identity_cert_name,
|
|
42
48
|
RefCountedPtr<grpc_tls_certificate_distributor>
|
|
43
49
|
identity_cert_distributor);
|
|
50
|
+
void UpdateSubjectAlternativeNameMatchers(
|
|
51
|
+
std::vector<XdsApi::StringMatcher> matchers);
|
|
44
52
|
|
|
45
53
|
grpc_core::RefCountedPtr<grpc_tls_certificate_distributor> distributor()
|
|
46
54
|
const override {
|
|
47
55
|
return distributor_;
|
|
48
56
|
}
|
|
49
57
|
|
|
58
|
+
bool ProvidesRootCerts() {
|
|
59
|
+
MutexLock lock(&mu_);
|
|
60
|
+
return root_cert_distributor_ != nullptr;
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
bool ProvidesIdentityCerts() {
|
|
64
|
+
MutexLock lock(&mu_);
|
|
65
|
+
return identity_cert_distributor_ != nullptr;
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
std::vector<XdsApi::StringMatcher> subject_alternative_name_matchers() {
|
|
69
|
+
MutexLock lock(&san_matchers_mu_);
|
|
70
|
+
return san_matchers_;
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
grpc_arg MakeChannelArg() const;
|
|
74
|
+
|
|
75
|
+
static RefCountedPtr<XdsCertificateProvider> GetFromChannelArgs(
|
|
76
|
+
const grpc_channel_args* args);
|
|
77
|
+
|
|
50
78
|
private:
|
|
51
79
|
void WatchStatusCallback(std::string cert_name, bool root_being_watched,
|
|
52
80
|
bool identity_being_watched);
|
|
@@ -56,12 +84,22 @@ class XdsCertificateProvider : public grpc_tls_certificate_provider {
|
|
|
56
84
|
grpc_tls_certificate_distributor* identity_cert_distributor);
|
|
57
85
|
|
|
58
86
|
Mutex mu_;
|
|
87
|
+
// Use a separate mutex for san_matchers_ to avoid deadlocks since
|
|
88
|
+
// san_matchers_ needs to be accessed when a handshake is being done and we
|
|
89
|
+
// run into a possible deadlock scenario if using the same mutex. The mutex
|
|
90
|
+
// deadlock cycle is formed as -
|
|
91
|
+
// WatchStatusCallback() -> SetKeyMaterials() ->
|
|
92
|
+
// TlsChannelSecurityConnector::TlsChannelCertificateWatcher::OnCertificatesChanged()
|
|
93
|
+
// -> HandshakeManager::Add() -> SecurityHandshaker::DoHandshake() ->
|
|
94
|
+
// subject_alternative_names_matchers()
|
|
95
|
+
Mutex san_matchers_mu_;
|
|
59
96
|
bool watching_root_certs_ = false;
|
|
60
97
|
bool watching_identity_certs_ = false;
|
|
61
98
|
std::string root_cert_name_;
|
|
62
99
|
std::string identity_cert_name_;
|
|
63
100
|
RefCountedPtr<grpc_tls_certificate_distributor> root_cert_distributor_;
|
|
64
101
|
RefCountedPtr<grpc_tls_certificate_distributor> identity_cert_distributor_;
|
|
102
|
+
std::vector<XdsApi::StringMatcher> san_matchers_;
|
|
65
103
|
RefCountedPtr<grpc_tls_certificate_distributor> distributor_;
|
|
66
104
|
grpc_tls_certificate_distributor::TlsCertificatesWatcherInterface*
|
|
67
105
|
root_cert_watcher_ = nullptr;
|
|
@@ -42,7 +42,6 @@
|
|
|
42
42
|
#include "src/core/lib/channel/channel_args.h"
|
|
43
43
|
#include "src/core/lib/channel/channel_stack.h"
|
|
44
44
|
#include "src/core/lib/gpr/string.h"
|
|
45
|
-
#include "src/core/lib/gprpp/map.h"
|
|
46
45
|
#include "src/core/lib/gprpp/memory.h"
|
|
47
46
|
#include "src/core/lib/gprpp/orphanable.h"
|
|
48
47
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
|
@@ -66,6 +65,7 @@
|
|
|
66
65
|
namespace grpc_core {
|
|
67
66
|
|
|
68
67
|
TraceFlag grpc_xds_client_trace(false, "xds_client");
|
|
68
|
+
TraceFlag grpc_xds_client_refcount_trace(false, "xds_client_refcount");
|
|
69
69
|
|
|
70
70
|
namespace {
|
|
71
71
|
|
|
@@ -460,8 +460,9 @@ grpc_channel* CreateXdsChannel(const XdsBootstrap::XdsServer& server) {
|
|
|
460
460
|
XdsClient::ChannelState::ChannelState(WeakRefCountedPtr<XdsClient> xds_client,
|
|
461
461
|
const XdsBootstrap::XdsServer& server)
|
|
462
462
|
: InternallyRefCounted<ChannelState>(
|
|
463
|
-
GRPC_TRACE_FLAG_ENABLED(
|
|
464
|
-
|
|
463
|
+
GRPC_TRACE_FLAG_ENABLED(grpc_xds_client_refcount_trace)
|
|
464
|
+
? "ChannelState"
|
|
465
|
+
: nullptr),
|
|
465
466
|
xds_client_(std::move(xds_client)),
|
|
466
467
|
server_(server) {
|
|
467
468
|
if (GRPC_TRACE_FLAG_ENABLED(grpc_xds_client_trace)) {
|
|
@@ -668,8 +669,9 @@ void XdsClient::ChannelState::RetryableCall<T>::OnRetryTimerLocked(
|
|
|
668
669
|
XdsClient::ChannelState::AdsCallState::AdsCallState(
|
|
669
670
|
RefCountedPtr<RetryableCall<AdsCallState>> parent)
|
|
670
671
|
: InternallyRefCounted<AdsCallState>(
|
|
671
|
-
GRPC_TRACE_FLAG_ENABLED(
|
|
672
|
-
|
|
672
|
+
GRPC_TRACE_FLAG_ENABLED(grpc_xds_client_refcount_trace)
|
|
673
|
+
? "AdsCallState"
|
|
674
|
+
: nullptr),
|
|
673
675
|
parent_(std::move(parent)) {
|
|
674
676
|
// Init the ADS call. Note that the call will progress every time there's
|
|
675
677
|
// activity in xds_client()->interested_parties_, which is comprised of
|
|
@@ -707,8 +709,8 @@ XdsClient::ChannelState::AdsCallState::AdsCallState(
|
|
|
707
709
|
GRPC_INITIAL_METADATA_WAIT_FOR_READY_EXPLICITLY_SET;
|
|
708
710
|
op->reserved = nullptr;
|
|
709
711
|
op++;
|
|
710
|
-
call_error = grpc_call_start_batch_and_execute(
|
|
711
|
-
|
|
712
|
+
call_error = grpc_call_start_batch_and_execute(
|
|
713
|
+
call_, ops, static_cast<size_t>(op - ops), nullptr);
|
|
712
714
|
GPR_ASSERT(GRPC_CALL_OK == call_error);
|
|
713
715
|
// Op: send request message.
|
|
714
716
|
GRPC_CLOSURE_INIT(&on_request_sent_, OnRequestSent, this,
|
|
@@ -742,8 +744,8 @@ XdsClient::ChannelState::AdsCallState::AdsCallState(
|
|
|
742
744
|
Ref(DEBUG_LOCATION, "ADS+OnResponseReceivedLocked").release();
|
|
743
745
|
GRPC_CLOSURE_INIT(&on_response_received_, OnResponseReceived, this,
|
|
744
746
|
grpc_schedule_on_exec_ctx);
|
|
745
|
-
call_error = grpc_call_start_batch_and_execute(
|
|
746
|
-
|
|
747
|
+
call_error = grpc_call_start_batch_and_execute(
|
|
748
|
+
call_, ops, static_cast<size_t>(op - ops), &on_response_received_);
|
|
747
749
|
GPR_ASSERT(GRPC_CALL_OK == call_error);
|
|
748
750
|
// Op: recv server status.
|
|
749
751
|
op = ops;
|
|
@@ -759,8 +761,8 @@ XdsClient::ChannelState::AdsCallState::AdsCallState(
|
|
|
759
761
|
// unreffed.
|
|
760
762
|
GRPC_CLOSURE_INIT(&on_status_received_, OnStatusReceived, this,
|
|
761
763
|
grpc_schedule_on_exec_ctx);
|
|
762
|
-
call_error = grpc_call_start_batch_and_execute(
|
|
763
|
-
|
|
764
|
+
call_error = grpc_call_start_batch_and_execute(
|
|
765
|
+
call_, ops, static_cast<size_t>(op - ops), &on_status_received_);
|
|
764
766
|
GPR_ASSERT(GRPC_CALL_OK == call_error);
|
|
765
767
|
}
|
|
766
768
|
|
|
@@ -1005,13 +1007,8 @@ void XdsClient::ChannelState::AdsCallState::AcceptCdsUpdate(
|
|
|
1005
1007
|
auto& state = cds_state.subscribed_resources[cluster_name];
|
|
1006
1008
|
if (state != nullptr) state->Finish();
|
|
1007
1009
|
if (GRPC_TRACE_FLAG_ENABLED(grpc_xds_client_trace)) {
|
|
1008
|
-
gpr_log(GPR_INFO,
|
|
1009
|
-
|
|
1010
|
-
"lrs_load_reporting_server_name=%s",
|
|
1011
|
-
xds_client(), cluster_name, cds_update.eds_service_name.c_str(),
|
|
1012
|
-
cds_update.lrs_load_reporting_server_name.has_value()
|
|
1013
|
-
? cds_update.lrs_load_reporting_server_name.value().c_str()
|
|
1014
|
-
: "(N/A)");
|
|
1010
|
+
gpr_log(GPR_INFO, "[xds_client %p] cluster=%s: %s", xds_client(),
|
|
1011
|
+
cluster_name, cds_update.ToString().c_str());
|
|
1015
1012
|
}
|
|
1016
1013
|
// Record the EDS resource names seen.
|
|
1017
1014
|
eds_resource_names_seen.insert(cds_update.eds_service_name.empty()
|
|
@@ -1425,8 +1422,9 @@ bool XdsClient::ChannelState::LrsCallState::Reporter::OnReportDoneLocked(
|
|
|
1425
1422
|
XdsClient::ChannelState::LrsCallState::LrsCallState(
|
|
1426
1423
|
RefCountedPtr<RetryableCall<LrsCallState>> parent)
|
|
1427
1424
|
: InternallyRefCounted<LrsCallState>(
|
|
1428
|
-
GRPC_TRACE_FLAG_ENABLED(
|
|
1429
|
-
|
|
1425
|
+
GRPC_TRACE_FLAG_ENABLED(grpc_xds_client_refcount_trace)
|
|
1426
|
+
? "LrsCallState"
|
|
1427
|
+
: nullptr),
|
|
1430
1428
|
parent_(std::move(parent)) {
|
|
1431
1429
|
// Init the LRS call. Note that the call will progress every time there's
|
|
1432
1430
|
// activity in xds_client()->interested_parties_, which is comprised of
|
|
@@ -1479,8 +1477,8 @@ XdsClient::ChannelState::LrsCallState::LrsCallState(
|
|
|
1479
1477
|
Ref(DEBUG_LOCATION, "LRS+OnInitialRequestSentLocked").release();
|
|
1480
1478
|
GRPC_CLOSURE_INIT(&on_initial_request_sent_, OnInitialRequestSent, this,
|
|
1481
1479
|
grpc_schedule_on_exec_ctx);
|
|
1482
|
-
call_error = grpc_call_start_batch_and_execute(
|
|
1483
|
-
|
|
1480
|
+
call_error = grpc_call_start_batch_and_execute(
|
|
1481
|
+
call_, ops, static_cast<size_t>(op - ops), &on_initial_request_sent_);
|
|
1484
1482
|
GPR_ASSERT(GRPC_CALL_OK == call_error);
|
|
1485
1483
|
// Op: recv initial metadata.
|
|
1486
1484
|
op = ops;
|
|
@@ -1499,8 +1497,8 @@ XdsClient::ChannelState::LrsCallState::LrsCallState(
|
|
|
1499
1497
|
Ref(DEBUG_LOCATION, "LRS+OnResponseReceivedLocked").release();
|
|
1500
1498
|
GRPC_CLOSURE_INIT(&on_response_received_, OnResponseReceived, this,
|
|
1501
1499
|
grpc_schedule_on_exec_ctx);
|
|
1502
|
-
call_error = grpc_call_start_batch_and_execute(
|
|
1503
|
-
|
|
1500
|
+
call_error = grpc_call_start_batch_and_execute(
|
|
1501
|
+
call_, ops, static_cast<size_t>(op - ops), &on_response_received_);
|
|
1504
1502
|
GPR_ASSERT(GRPC_CALL_OK == call_error);
|
|
1505
1503
|
// Op: recv server status.
|
|
1506
1504
|
op = ops;
|
|
@@ -1516,8 +1514,8 @@ XdsClient::ChannelState::LrsCallState::LrsCallState(
|
|
|
1516
1514
|
// unreffed.
|
|
1517
1515
|
GRPC_CLOSURE_INIT(&on_status_received_, OnStatusReceived, this,
|
|
1518
1516
|
grpc_schedule_on_exec_ctx);
|
|
1519
|
-
call_error = grpc_call_start_batch_and_execute(
|
|
1520
|
-
|
|
1517
|
+
call_error = grpc_call_start_batch_and_execute(
|
|
1518
|
+
call_, ops, static_cast<size_t>(op - ops), &on_status_received_);
|
|
1521
1519
|
GPR_ASSERT(GRPC_CALL_OK == call_error);
|
|
1522
1520
|
}
|
|
1523
1521
|
|
|
@@ -1737,13 +1735,17 @@ grpc_millis GetRequestTimeout() {
|
|
|
1737
1735
|
} // namespace
|
|
1738
1736
|
|
|
1739
1737
|
XdsClient::XdsClient(grpc_error** error)
|
|
1740
|
-
: DualRefCounted<XdsClient>(
|
|
1741
|
-
|
|
1742
|
-
|
|
1738
|
+
: DualRefCounted<XdsClient>(
|
|
1739
|
+
GRPC_TRACE_FLAG_ENABLED(grpc_xds_client_refcount_trace) ? "XdsClient"
|
|
1740
|
+
: nullptr),
|
|
1743
1741
|
request_timeout_(GetRequestTimeout()),
|
|
1744
1742
|
interested_parties_(grpc_pollset_set_create()),
|
|
1745
1743
|
bootstrap_(
|
|
1746
1744
|
XdsBootstrap::ReadFromFile(this, &grpc_xds_client_trace, error)),
|
|
1745
|
+
certificate_provider_store_(MakeOrphanable<CertificateProviderStore>(
|
|
1746
|
+
bootstrap_ == nullptr
|
|
1747
|
+
? CertificateProviderStore::PluginDefinitionMap()
|
|
1748
|
+
: bootstrap_->certificate_providers())),
|
|
1747
1749
|
api_(this, &grpc_xds_client_trace,
|
|
1748
1750
|
bootstrap_ == nullptr ? nullptr : bootstrap_->node()) {
|
|
1749
1751
|
if (GRPC_TRACE_FLAG_ENABLED(grpc_xds_client_trace)) {
|
|
@@ -30,7 +30,6 @@
|
|
|
30
30
|
#include "src/core/ext/xds/xds_client_stats.h"
|
|
31
31
|
#include "src/core/lib/channel/channelz.h"
|
|
32
32
|
#include "src/core/lib/gprpp/dual_ref_counted.h"
|
|
33
|
-
#include "src/core/lib/gprpp/map.h"
|
|
34
33
|
#include "src/core/lib/gprpp/memory.h"
|
|
35
34
|
#include "src/core/lib/gprpp/orphanable.h"
|
|
36
35
|
#include "src/core/lib/gprpp/ref_counted.h"
|
|
@@ -40,6 +39,7 @@
|
|
|
40
39
|
namespace grpc_core {
|
|
41
40
|
|
|
42
41
|
extern TraceFlag grpc_xds_client_trace;
|
|
42
|
+
extern TraceFlag grpc_xds_client_refcount_trace;
|
|
43
43
|
|
|
44
44
|
class XdsClient : public DualRefCounted<XdsClient> {
|
|
45
45
|
public:
|
|
@@ -88,6 +88,10 @@ class XdsClient : public DualRefCounted<XdsClient> {
|
|
|
88
88
|
explicit XdsClient(grpc_error** error);
|
|
89
89
|
~XdsClient() override;
|
|
90
90
|
|
|
91
|
+
CertificateProviderStore& certificate_provider_store() {
|
|
92
|
+
return *certificate_provider_store_;
|
|
93
|
+
}
|
|
94
|
+
|
|
91
95
|
grpc_pollset_set* interested_parties() const { return interested_parties_; }
|
|
92
96
|
|
|
93
97
|
// TODO(roth): When we add federation, there will be multiple channels
|
|
@@ -292,6 +296,7 @@ class XdsClient : public DualRefCounted<XdsClient> {
|
|
|
292
296
|
const grpc_millis request_timeout_;
|
|
293
297
|
grpc_pollset_set* interested_parties_;
|
|
294
298
|
std::unique_ptr<XdsBootstrap> bootstrap_;
|
|
299
|
+
OrphanablePtr<CertificateProviderStore> certificate_provider_store_;
|
|
295
300
|
XdsApi api_;
|
|
296
301
|
|
|
297
302
|
Mutex mu_;
|