grpc 1.35.0.pre1 → 1.37.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +121 -89
- data/include/grpc/grpc.h +15 -1
- data/include/grpc/grpc_security.h +16 -11
- data/include/grpc/impl/codegen/port_platform.h +2 -0
- data/src/core/ext/filters/client_channel/client_channel.cc +359 -331
- data/src/core/ext/filters/client_channel/client_channel.h +0 -2
- data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -1
- data/src/core/ext/filters/client_channel/config_selector.h +9 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +9 -4
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -10
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy.cc +3 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +23 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +27 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +289 -170
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -25
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +232 -110
- data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
- data/src/core/ext/filters/client_channel/resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver.h +1 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +36 -45
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +34 -50
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +16 -14
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +18 -15
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +377 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +307 -155
- data/src/core/ext/filters/client_channel/server_address.cc +9 -0
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +69 -146
- data/src/core/ext/filters/client_channel/subchannel.h +63 -95
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +16 -2
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +10 -8
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +1 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +500 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +189 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
- data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +3 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +1 -1
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +3 -2
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +490 -178
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +1 -1
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +39 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +12 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +5 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1459 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +350 -0
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1348 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +6 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +25 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +488 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +141 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +452 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +57 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +150 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +268 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +78 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +281 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +113 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +19 -21
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +64 -51
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +93 -0
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +323 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +90 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +124 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +33 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +77 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +383 -0
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +10 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +753 -724
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +120 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +76 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +371 -377
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +130 -0
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +8 -7
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +9 -9
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +44 -0
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/xds_api.cc +2149 -666
- data/src/core/ext/xds/xds_api.h +321 -119
- data/src/core/ext/xds/xds_bootstrap.cc +80 -45
- data/src/core/ext/xds/xds_bootstrap.h +17 -5
- data/src/core/ext/xds/xds_certificate_provider.cc +180 -74
- data/src/core/ext/xds/xds_certificate_provider.h +83 -44
- data/src/core/ext/xds/xds_client.cc +181 -34
- data/src/core/ext/xds/xds_client.h +29 -0
- data/src/core/ext/xds/xds_client_stats.cc +2 -1
- data/src/core/ext/xds/xds_client_stats.h +2 -2
- data/src/core/ext/xds/xds_http_fault_filter.cc +226 -0
- data/src/core/ext/xds/xds_http_fault_filter.h +63 -0
- data/src/core/ext/xds/xds_http_filters.cc +114 -0
- data/src/core/ext/xds/xds_http_filters.h +130 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +425 -24
- data/src/core/lib/channel/channel_stack.cc +12 -0
- data/src/core/lib/channel/channel_stack.h +7 -0
- data/src/core/lib/channel/channelz.cc +92 -4
- data/src/core/lib/channel/channelz.h +30 -1
- data/src/core/lib/channel/channelz_registry.cc +14 -0
- data/src/core/lib/channel/handshaker.cc +2 -44
- data/src/core/lib/channel/handshaker.h +1 -18
- data/src/core/lib/channel/status_util.cc +12 -2
- data/src/core/lib/channel/status_util.h +5 -0
- data/src/core/lib/gpr/log.cc +6 -1
- data/src/core/lib/gpr/sync_abseil.cc +3 -6
- data/src/core/lib/gpr/sync_windows.cc +2 -2
- data/src/core/lib/gprpp/atomic.h +3 -3
- data/src/core/lib/gprpp/dual_ref_counted.h +3 -3
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/ref_counted.h +1 -1
- data/src/core/lib/gprpp/ref_counted_ptr.h +2 -0
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/thd.h +1 -1
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli_security_connector.cc +2 -2
- data/src/core/lib/iomgr/buffer_list.h +1 -1
- data/src/core/lib/iomgr/cfstream_handle.cc +2 -2
- data/src/core/lib/iomgr/error.h +1 -1
- data/src/core/lib/iomgr/ev_apple.cc +11 -8
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +3 -3
- data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -4
- data/src/core/lib/iomgr/ev_posix.cc +3 -3
- data/src/core/lib/iomgr/exec_ctx.cc +6 -2
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/resource_quota.cc +1 -1
- data/src/core/lib/iomgr/sockaddr_utils.cc +121 -1
- data/src/core/lib/iomgr/sockaddr_utils.h +25 -0
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +5 -8
- data/src/core/lib/iomgr/tcp_uv.cc +2 -2
- data/src/core/lib/iomgr/timer_generic.cc +2 -2
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -1
- data/src/core/lib/matchers/matchers.cc +339 -0
- data/src/core/lib/matchers/matchers.h +160 -0
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/credentials.h +2 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +2 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -6
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +0 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -3
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +128 -59
- data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +9 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +32 -14
- data/src/core/lib/security/transport/security_handshaker.cc +33 -5
- data/src/core/lib/security/transport/server_auth_filter.cc +7 -0
- data/src/core/lib/slice/slice_intern.cc +5 -6
- data/src/core/lib/surface/channel.h +3 -3
- data/src/core/lib/surface/completion_queue.cc +1 -1
- data/src/core/lib/surface/init.cc +13 -15
- data/src/core/lib/surface/lame_client.cc +38 -19
- data/src/core/lib/surface/lame_client.h +4 -3
- data/src/core/lib/surface/server.cc +43 -36
- data/src/core/lib/surface/server.h +76 -14
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/lib/transport/metadata_batch.cc +27 -0
- data/src/core/lib/transport/metadata_batch.h +14 -0
- data/src/core/plugin_registry/grpc_plugin_registry.cc +12 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +18 -24
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +16 -21
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
- data/src/core/tsi/fake_transport_security.cc +11 -2
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
- data/src/core/tsi/ssl_transport_security.cc +0 -3
- data/src/core/tsi/ssl_transport_security.h +0 -3
- data/src/ruby/ext/grpc/extconf.rb +9 -1
- data/src/ruby/ext/grpc/rb_channel.c +10 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.c +11 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
- data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
- data/src/ruby/ext/grpc/rb_grpc.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -1
- data/src/ruby/ext/grpc/rb_server.c +13 -1
- data/src/ruby/ext/grpc/rb_server_credentials.c +19 -3
- data/src/ruby/ext/grpc/rb_server_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +215 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +35 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +169 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.h +35 -0
- data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
- data/src/ruby/spec/call_spec.rb +1 -1
- data/src/ruby/spec/channel_credentials_spec.rb +32 -0
- data/src/ruby/spec/channel_spec.rb +17 -6
- data/src/ruby/spec/client_auth_spec.rb +27 -1
- data/src/ruby/spec/errors_spec.rb +1 -1
- data/src/ruby/spec/generic/active_call_spec.rb +2 -2
- data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
- data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
- data/src/ruby/spec/server_credentials_spec.rb +25 -0
- data/src/ruby/spec/server_spec.rb +22 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +715 -713
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +21 -13
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +135 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -29
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +22 -17
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +19 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +67 -33
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -99
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +362 -50
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
- data/third_party/xxhash/xxhash.h +5443 -0
- metadata +140 -84
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
- data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
- data/src/core/lib/security/authorization/authorization_engine.h +0 -84
- data/src/core/lib/security/authorization/evaluate_args.cc +0 -148
- data/src/core/lib/security/authorization/evaluate_args.h +0 -59
- data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -44
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -69
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -97
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -57
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -504
- data/third_party/upb/upb/json_decode.c +0 -1443
- data/third_party/upb/upb/json_decode.h +0 -23
- data/third_party/upb/upb/json_encode.c +0 -713
- data/third_party/upb/upb/json_encode.h +0 -36
|
@@ -48,8 +48,8 @@ bool XdsChannelCredsRegistry::IsSupported(const std::string& creds_type) {
|
|
|
48
48
|
creds_type == "fake";
|
|
49
49
|
}
|
|
50
50
|
|
|
51
|
-
bool XdsChannelCredsRegistry::IsValidConfig(const std::string& creds_type
|
|
52
|
-
const Json& config) {
|
|
51
|
+
bool XdsChannelCredsRegistry::IsValidConfig(const std::string& /*creds_type*/,
|
|
52
|
+
const Json& /*config*/) {
|
|
53
53
|
// Currently, none of the creds types actually take a config, but we
|
|
54
54
|
// ignore whatever might be specified in the bootstrap file for
|
|
55
55
|
// forward compatibility reasons.
|
|
@@ -58,7 +58,7 @@ bool XdsChannelCredsRegistry::IsValidConfig(const std::string& creds_type,
|
|
|
58
58
|
|
|
59
59
|
RefCountedPtr<grpc_channel_credentials>
|
|
60
60
|
XdsChannelCredsRegistry::MakeChannelCreds(const std::string& creds_type,
|
|
61
|
-
const Json& config) {
|
|
61
|
+
const Json& /*config*/) {
|
|
62
62
|
if (creds_type == "google_default") {
|
|
63
63
|
return grpc_google_default_credentials_create(nullptr);
|
|
64
64
|
} else if (creds_type == "insecure") {
|
|
@@ -93,13 +93,14 @@ std::string BootstrapString(const XdsBootstrap& bootstrap) {
|
|
|
93
93
|
" locality={\n"
|
|
94
94
|
" region=\"%s\",\n"
|
|
95
95
|
" zone=\"%s\",\n"
|
|
96
|
-
"
|
|
96
|
+
" sub_zone=\"%s\"\n"
|
|
97
97
|
" },\n"
|
|
98
98
|
" metadata=%s,\n"
|
|
99
99
|
"},\n",
|
|
100
100
|
bootstrap.node()->id, bootstrap.node()->cluster,
|
|
101
101
|
bootstrap.node()->locality_region, bootstrap.node()->locality_zone,
|
|
102
|
-
bootstrap.node()->
|
|
102
|
+
bootstrap.node()->locality_sub_zone,
|
|
103
|
+
bootstrap.node()->metadata.Dump()));
|
|
103
104
|
}
|
|
104
105
|
parts.push_back(absl::StrFormat(
|
|
105
106
|
"servers=[\n"
|
|
@@ -118,6 +119,11 @@ std::string BootstrapString(const XdsBootstrap& bootstrap) {
|
|
|
118
119
|
absl::StrJoin(bootstrap.server().server_features, ", "), "],\n"));
|
|
119
120
|
}
|
|
120
121
|
parts.push_back(" }\n],\n");
|
|
122
|
+
if (!bootstrap.server_listener_resource_name_template().empty()) {
|
|
123
|
+
parts.push_back(
|
|
124
|
+
absl::StrFormat("server_listener_resource_name_template=\"%s\",\n",
|
|
125
|
+
bootstrap.server_listener_resource_name_template()));
|
|
126
|
+
}
|
|
121
127
|
parts.push_back("certificate_providers={\n");
|
|
122
128
|
for (const auto& entry : bootstrap.certificate_providers()) {
|
|
123
129
|
parts.push_back(
|
|
@@ -132,36 +138,14 @@ std::string BootstrapString(const XdsBootstrap& bootstrap) {
|
|
|
132
138
|
return absl::StrJoin(parts, "");
|
|
133
139
|
}
|
|
134
140
|
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
grpc_error** error) {
|
|
140
|
-
grpc_core::UniquePtr<char> path(gpr_getenv("GRPC_XDS_BOOTSTRAP"));
|
|
141
|
-
if (path == nullptr) {
|
|
142
|
-
*error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
143
|
-
"Environment variable GRPC_XDS_BOOTSTRAP not defined");
|
|
144
|
-
return nullptr;
|
|
145
|
-
}
|
|
146
|
-
if (GRPC_TRACE_FLAG_ENABLED(*tracer)) {
|
|
147
|
-
gpr_log(GPR_INFO,
|
|
148
|
-
"[xds_client %p] Got bootstrap file location from "
|
|
149
|
-
"GRPC_XDS_BOOTSTRAP environment variable: %s",
|
|
150
|
-
client, path.get());
|
|
151
|
-
}
|
|
152
|
-
grpc_slice contents;
|
|
153
|
-
*error = grpc_load_file(path.get(), /*add_null_terminator=*/true, &contents);
|
|
154
|
-
if (*error != GRPC_ERROR_NONE) return nullptr;
|
|
155
|
-
absl::string_view contents_str_view = StringViewFromSlice(contents);
|
|
156
|
-
if (GRPC_TRACE_FLAG_ENABLED(*tracer)) {
|
|
157
|
-
gpr_log(GPR_DEBUG, "[xds_client %p] Bootstrap file contents: %s", client,
|
|
158
|
-
std::string(contents_str_view).c_str());
|
|
159
|
-
}
|
|
160
|
-
Json json = Json::Parse(contents_str_view, error);
|
|
161
|
-
grpc_slice_unref_internal(contents);
|
|
141
|
+
std::unique_ptr<XdsBootstrap> ParseJsonAndCreate(
|
|
142
|
+
XdsClient* client, TraceFlag* tracer, absl::string_view json_string,
|
|
143
|
+
absl::string_view bootstrap_source, grpc_error** error) {
|
|
144
|
+
Json json = Json::Parse(json_string, error);
|
|
162
145
|
if (*error != GRPC_ERROR_NONE) {
|
|
163
146
|
grpc_error* error_out = GRPC_ERROR_CREATE_REFERENCING_FROM_COPIED_STRING(
|
|
164
|
-
absl::StrCat("Failed to parse bootstrap
|
|
147
|
+
absl::StrCat("Failed to parse bootstrap from ", bootstrap_source)
|
|
148
|
+
.c_str(),
|
|
165
149
|
error, 1);
|
|
166
150
|
GRPC_ERROR_UNREF(*error);
|
|
167
151
|
*error = error_out;
|
|
@@ -177,6 +161,55 @@ std::unique_ptr<XdsBootstrap> XdsBootstrap::ReadFromFile(XdsClient* client,
|
|
|
177
161
|
return result;
|
|
178
162
|
}
|
|
179
163
|
|
|
164
|
+
} // namespace
|
|
165
|
+
|
|
166
|
+
std::unique_ptr<XdsBootstrap> XdsBootstrap::Create(XdsClient* client,
|
|
167
|
+
TraceFlag* tracer,
|
|
168
|
+
const char* fallback_config,
|
|
169
|
+
grpc_error** error) {
|
|
170
|
+
// First, try GRPC_XDS_BOOTSTRAP env var.
|
|
171
|
+
grpc_core::UniquePtr<char> path(gpr_getenv("GRPC_XDS_BOOTSTRAP"));
|
|
172
|
+
if (path != nullptr) {
|
|
173
|
+
if (GRPC_TRACE_FLAG_ENABLED(*tracer)) {
|
|
174
|
+
gpr_log(GPR_INFO,
|
|
175
|
+
"[xds_client %p] Got bootstrap file location from "
|
|
176
|
+
"GRPC_XDS_BOOTSTRAP environment variable: %s",
|
|
177
|
+
client, path.get());
|
|
178
|
+
}
|
|
179
|
+
grpc_slice contents;
|
|
180
|
+
*error =
|
|
181
|
+
grpc_load_file(path.get(), /*add_null_terminator=*/true, &contents);
|
|
182
|
+
if (*error != GRPC_ERROR_NONE) return nullptr;
|
|
183
|
+
absl::string_view contents_str_view = StringViewFromSlice(contents);
|
|
184
|
+
if (GRPC_TRACE_FLAG_ENABLED(*tracer)) {
|
|
185
|
+
gpr_log(GPR_DEBUG, "[xds_client %p] Bootstrap file contents: %s", client,
|
|
186
|
+
std::string(contents_str_view).c_str());
|
|
187
|
+
}
|
|
188
|
+
std::string bootstrap_source = absl::StrCat("file ", path.get());
|
|
189
|
+
auto result = ParseJsonAndCreate(client, tracer, contents_str_view,
|
|
190
|
+
bootstrap_source, error);
|
|
191
|
+
grpc_slice_unref_internal(contents);
|
|
192
|
+
return result;
|
|
193
|
+
}
|
|
194
|
+
// Next, try GRPC_XDS_BOOTSTRAP_CONFIG env var.
|
|
195
|
+
grpc_core::UniquePtr<char> env_config(
|
|
196
|
+
gpr_getenv("GRPC_XDS_BOOTSTRAP_CONFIG"));
|
|
197
|
+
if (env_config != nullptr) {
|
|
198
|
+
return ParseJsonAndCreate(client, tracer, env_config.get(),
|
|
199
|
+
"GRPC_XDS_BOOTSTRAP_CONFIG env var", error);
|
|
200
|
+
}
|
|
201
|
+
// Finally, try fallback config.
|
|
202
|
+
if (fallback_config != nullptr) {
|
|
203
|
+
return ParseJsonAndCreate(client, tracer, fallback_config,
|
|
204
|
+
"fallback config", error);
|
|
205
|
+
}
|
|
206
|
+
// No bootstrap config found.
|
|
207
|
+
*error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
208
|
+
"Environment variables GRPC_XDS_BOOTSTRAP or GRPC_XDS_BOOTSTRAP_CONFIG "
|
|
209
|
+
"not defined");
|
|
210
|
+
return nullptr;
|
|
211
|
+
}
|
|
212
|
+
|
|
180
213
|
XdsBootstrap::XdsBootstrap(Json json, grpc_error** error) {
|
|
181
214
|
if (json.type() != Json::Type::OBJECT) {
|
|
182
215
|
*error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
@@ -205,6 +238,16 @@ XdsBootstrap::XdsBootstrap(Json json, grpc_error** error) {
|
|
|
205
238
|
if (parse_error != GRPC_ERROR_NONE) error_list.push_back(parse_error);
|
|
206
239
|
}
|
|
207
240
|
}
|
|
241
|
+
it = json.mutable_object()->find("server_listener_resource_name_template");
|
|
242
|
+
if (it != json.mutable_object()->end()) {
|
|
243
|
+
if (it->second.type() != Json::Type::STRING) {
|
|
244
|
+
error_list.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
245
|
+
"\"server_listener_resource_name_template\" field is not a string"));
|
|
246
|
+
} else {
|
|
247
|
+
server_listener_resource_name_template_ =
|
|
248
|
+
std::move(*it->second.mutable_string_value());
|
|
249
|
+
}
|
|
250
|
+
}
|
|
208
251
|
if (XdsSecurityEnabled()) {
|
|
209
252
|
it = json.mutable_object()->find("certificate_providers");
|
|
210
253
|
if (it != json.mutable_object()->end()) {
|
|
@@ -357,15 +400,7 @@ grpc_error* XdsBootstrap::ParseServerFeaturesArray(Json* json,
|
|
|
357
400
|
Json& child = json->mutable_array()->at(i);
|
|
358
401
|
if (child.type() == Json::Type::STRING &&
|
|
359
402
|
child.string_value() == "xds_v3") {
|
|
360
|
-
|
|
361
|
-
// are sure that the v3 code actually works.
|
|
362
|
-
grpc_core::UniquePtr<char> enable_str(
|
|
363
|
-
gpr_getenv("GRPC_XDS_EXPERIMENTAL_V3_SUPPORT"));
|
|
364
|
-
bool enabled = false;
|
|
365
|
-
if (gpr_parse_bool_value(enable_str.get(), &enabled) && enabled) {
|
|
366
|
-
server->server_features.insert(
|
|
367
|
-
std::move(*child.mutable_string_value()));
|
|
368
|
-
}
|
|
403
|
+
server->server_features.insert(std::move(*child.mutable_string_value()));
|
|
369
404
|
}
|
|
370
405
|
}
|
|
371
406
|
return GRPC_ERROR_CREATE_FROM_VECTOR(
|
|
@@ -436,13 +471,13 @@ grpc_error* XdsBootstrap::ParseLocality(Json* json) {
|
|
|
436
471
|
node_->locality_zone = std::move(*it->second.mutable_string_value());
|
|
437
472
|
}
|
|
438
473
|
}
|
|
439
|
-
it = json->mutable_object()->find("
|
|
474
|
+
it = json->mutable_object()->find("sub_zone");
|
|
440
475
|
if (it != json->mutable_object()->end()) {
|
|
441
476
|
if (it->second.type() != Json::Type::STRING) {
|
|
442
477
|
error_list.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
443
|
-
"\"
|
|
478
|
+
"\"sub_zone\" field is not a string"));
|
|
444
479
|
} else {
|
|
445
|
-
node_->
|
|
480
|
+
node_->locality_sub_zone = std::move(*it->second.mutable_string_value());
|
|
446
481
|
}
|
|
447
482
|
}
|
|
448
483
|
return GRPC_ERROR_CREATE_FROM_VECTOR("errors parsing \"locality\" object",
|
|
@@ -54,7 +54,7 @@ class XdsBootstrap {
|
|
|
54
54
|
std::string cluster;
|
|
55
55
|
std::string locality_region;
|
|
56
56
|
std::string locality_zone;
|
|
57
|
-
std::string
|
|
57
|
+
std::string locality_sub_zone;
|
|
58
58
|
Json metadata;
|
|
59
59
|
};
|
|
60
60
|
|
|
@@ -67,11 +67,19 @@ class XdsBootstrap {
|
|
|
67
67
|
bool ShouldUseV3() const;
|
|
68
68
|
};
|
|
69
69
|
|
|
70
|
+
// Creates bootstrap object, obtaining the bootstrap JSON as appropriate
|
|
71
|
+
// for the environment:
|
|
72
|
+
// - If the GRPC_XDS_BOOTSTRAP env var is set, reads the file it specifies
|
|
73
|
+
// to obtain the bootstrap JSON.
|
|
74
|
+
// - Otherwise, if the GRPC_XDS_BOOTSTRAP_CONFIG env var is set, reads the
|
|
75
|
+
// content of that env var to obtain the bootstrap JSON.
|
|
76
|
+
// - Otherwise, the JSON will be read from fallback_config (if non-null).
|
|
70
77
|
// If *error is not GRPC_ERROR_NONE after returning, then there was an
|
|
71
|
-
// error reading the file.
|
|
72
|
-
static std::unique_ptr<XdsBootstrap>
|
|
73
|
-
|
|
74
|
-
|
|
78
|
+
// error (e.g., no config found or error reading the file).
|
|
79
|
+
static std::unique_ptr<XdsBootstrap> Create(XdsClient* client,
|
|
80
|
+
TraceFlag* tracer,
|
|
81
|
+
const char* fallback_config,
|
|
82
|
+
grpc_error** error);
|
|
75
83
|
|
|
76
84
|
// Do not instantiate directly -- use ReadFromFile() above instead.
|
|
77
85
|
XdsBootstrap(Json json, grpc_error** error);
|
|
@@ -80,6 +88,9 @@ class XdsBootstrap {
|
|
|
80
88
|
// add support for fallback for the xds channel.
|
|
81
89
|
const XdsServer& server() const { return servers_[0]; }
|
|
82
90
|
const Node* node() const { return node_.get(); }
|
|
91
|
+
const std::string& server_listener_resource_name_template() const {
|
|
92
|
+
return server_listener_resource_name_template_;
|
|
93
|
+
}
|
|
83
94
|
|
|
84
95
|
const CertificateProviderStore::PluginDefinitionMap& certificate_providers()
|
|
85
96
|
const {
|
|
@@ -100,6 +111,7 @@ class XdsBootstrap {
|
|
|
100
111
|
|
|
101
112
|
absl::InlinedVector<XdsServer, 1> servers_;
|
|
102
113
|
std::unique_ptr<Node> node_;
|
|
114
|
+
std::string server_listener_resource_name_template_;
|
|
103
115
|
CertificateProviderStore::PluginDefinitionMap certificate_providers_;
|
|
104
116
|
};
|
|
105
117
|
|
|
@@ -37,15 +37,16 @@ class RootCertificatesWatcher
|
|
|
37
37
|
// presently, the watcher is immediately deleted when
|
|
38
38
|
// CancelTlsCertificatesWatch() is called, but that can potentially change in
|
|
39
39
|
// the future.
|
|
40
|
-
|
|
41
|
-
RefCountedPtr<grpc_tls_certificate_distributor> parent
|
|
42
|
-
|
|
40
|
+
RootCertificatesWatcher(
|
|
41
|
+
RefCountedPtr<grpc_tls_certificate_distributor> parent,
|
|
42
|
+
std::string cert_name)
|
|
43
|
+
: parent_(std::move(parent)), cert_name_(std::move(cert_name)) {}
|
|
43
44
|
|
|
44
45
|
void OnCertificatesChanged(absl::optional<absl::string_view> root_certs,
|
|
45
46
|
absl::optional<PemKeyCertPairList>
|
|
46
47
|
/* key_cert_pairs */) override {
|
|
47
48
|
if (root_certs.has_value()) {
|
|
48
|
-
parent_->SetKeyMaterials(
|
|
49
|
+
parent_->SetKeyMaterials(cert_name_, std::string(root_certs.value()),
|
|
49
50
|
absl::nullopt);
|
|
50
51
|
}
|
|
51
52
|
}
|
|
@@ -53,7 +54,7 @@ class RootCertificatesWatcher
|
|
|
53
54
|
void OnError(grpc_error* root_cert_error,
|
|
54
55
|
grpc_error* identity_cert_error) override {
|
|
55
56
|
if (root_cert_error != GRPC_ERROR_NONE) {
|
|
56
|
-
parent_->SetErrorForCert(
|
|
57
|
+
parent_->SetErrorForCert(cert_name_, root_cert_error /* pass the ref */,
|
|
57
58
|
absl::nullopt);
|
|
58
59
|
}
|
|
59
60
|
GRPC_ERROR_UNREF(identity_cert_error);
|
|
@@ -61,6 +62,7 @@ class RootCertificatesWatcher
|
|
|
61
62
|
|
|
62
63
|
private:
|
|
63
64
|
RefCountedPtr<grpc_tls_certificate_distributor> parent_;
|
|
65
|
+
std::string cert_name_;
|
|
64
66
|
};
|
|
65
67
|
|
|
66
68
|
class IdentityCertificatesWatcher
|
|
@@ -71,22 +73,23 @@ class IdentityCertificatesWatcher
|
|
|
71
73
|
// presently, the watcher is immediately deleted when
|
|
72
74
|
// CancelTlsCertificatesWatch() is called, but that can potentially change in
|
|
73
75
|
// the future.
|
|
74
|
-
|
|
75
|
-
RefCountedPtr<grpc_tls_certificate_distributor> parent
|
|
76
|
-
|
|
76
|
+
IdentityCertificatesWatcher(
|
|
77
|
+
RefCountedPtr<grpc_tls_certificate_distributor> parent,
|
|
78
|
+
std::string cert_name)
|
|
79
|
+
: parent_(std::move(parent)), cert_name_(std::move(cert_name)) {}
|
|
77
80
|
|
|
78
81
|
void OnCertificatesChanged(
|
|
79
82
|
absl::optional<absl::string_view> /* root_certs */,
|
|
80
83
|
absl::optional<PemKeyCertPairList> key_cert_pairs) override {
|
|
81
84
|
if (key_cert_pairs.has_value()) {
|
|
82
|
-
parent_->SetKeyMaterials(
|
|
85
|
+
parent_->SetKeyMaterials(cert_name_, absl::nullopt, key_cert_pairs);
|
|
83
86
|
}
|
|
84
87
|
}
|
|
85
88
|
|
|
86
89
|
void OnError(grpc_error* root_cert_error,
|
|
87
90
|
grpc_error* identity_cert_error) override {
|
|
88
91
|
if (identity_cert_error != GRPC_ERROR_NONE) {
|
|
89
|
-
parent_->SetErrorForCert(
|
|
92
|
+
parent_->SetErrorForCert(cert_name_, absl::nullopt,
|
|
90
93
|
identity_cert_error /* pass the ref */);
|
|
91
94
|
}
|
|
92
95
|
GRPC_ERROR_UNREF(root_cert_error);
|
|
@@ -94,34 +97,35 @@ class IdentityCertificatesWatcher
|
|
|
94
97
|
|
|
95
98
|
private:
|
|
96
99
|
RefCountedPtr<grpc_tls_certificate_distributor> parent_;
|
|
100
|
+
std::string cert_name_;
|
|
97
101
|
};
|
|
98
102
|
|
|
99
103
|
} // namespace
|
|
100
104
|
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
distributor_->SetWatchStatusCallback(
|
|
114
|
-
absl::bind_front(&XdsCertificateProvider::WatchStatusCallback, this));
|
|
105
|
+
//
|
|
106
|
+
// XdsCertificateProvider::ClusterCertificateState
|
|
107
|
+
//
|
|
108
|
+
|
|
109
|
+
XdsCertificateProvider::ClusterCertificateState::~ClusterCertificateState() {
|
|
110
|
+
if (root_cert_watcher_ != nullptr) {
|
|
111
|
+
root_cert_distributor_->CancelTlsCertificatesWatch(root_cert_watcher_);
|
|
112
|
+
}
|
|
113
|
+
if (identity_cert_watcher_ != nullptr) {
|
|
114
|
+
identity_cert_distributor_->CancelTlsCertificatesWatch(
|
|
115
|
+
identity_cert_watcher_);
|
|
116
|
+
}
|
|
115
117
|
}
|
|
116
118
|
|
|
117
|
-
XdsCertificateProvider
|
|
118
|
-
|
|
119
|
+
bool XdsCertificateProvider::ClusterCertificateState::IsSafeToRemove() const {
|
|
120
|
+
return !watching_root_certs_ && !watching_identity_certs_ &&
|
|
121
|
+
root_cert_distributor_ == nullptr &&
|
|
122
|
+
identity_cert_distributor_ == nullptr;
|
|
119
123
|
}
|
|
120
124
|
|
|
121
|
-
void XdsCertificateProvider::
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
+
void XdsCertificateProvider::ClusterCertificateState::
|
|
126
|
+
UpdateRootCertNameAndDistributor(
|
|
127
|
+
const std::string& cert_name, absl::string_view root_cert_name,
|
|
128
|
+
RefCountedPtr<grpc_tls_certificate_distributor> root_cert_distributor) {
|
|
125
129
|
if (root_cert_name_ == root_cert_name &&
|
|
126
130
|
root_cert_distributor_ == root_cert_distributor) {
|
|
127
131
|
return;
|
|
@@ -133,10 +137,10 @@ void XdsCertificateProvider::UpdateRootCertNameAndDistributor(
|
|
|
133
137
|
root_cert_distributor_->CancelTlsCertificatesWatch(root_cert_watcher_);
|
|
134
138
|
}
|
|
135
139
|
if (root_cert_distributor != nullptr) {
|
|
136
|
-
UpdateRootCertWatcher(root_cert_distributor.get());
|
|
140
|
+
UpdateRootCertWatcher(cert_name, root_cert_distributor.get());
|
|
137
141
|
} else {
|
|
138
142
|
root_cert_watcher_ = nullptr;
|
|
139
|
-
distributor_->SetErrorForCert(
|
|
143
|
+
xds_certificate_provider_->distributor_->SetErrorForCert(
|
|
140
144
|
"",
|
|
141
145
|
GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
142
146
|
"No certificate provider available for root certificates"),
|
|
@@ -147,10 +151,11 @@ void XdsCertificateProvider::UpdateRootCertNameAndDistributor(
|
|
|
147
151
|
root_cert_distributor_ = std::move(root_cert_distributor);
|
|
148
152
|
}
|
|
149
153
|
|
|
150
|
-
void XdsCertificateProvider::
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
+
void XdsCertificateProvider::ClusterCertificateState::
|
|
155
|
+
UpdateIdentityCertNameAndDistributor(
|
|
156
|
+
const std::string& cert_name, absl::string_view identity_cert_name,
|
|
157
|
+
RefCountedPtr<grpc_tls_certificate_distributor>
|
|
158
|
+
identity_cert_distributor) {
|
|
154
159
|
if (identity_cert_name_ == identity_cert_name &&
|
|
155
160
|
identity_cert_distributor_ == identity_cert_distributor) {
|
|
156
161
|
return;
|
|
@@ -163,10 +168,10 @@ void XdsCertificateProvider::UpdateIdentityCertNameAndDistributor(
|
|
|
163
168
|
identity_cert_watcher_);
|
|
164
169
|
}
|
|
165
170
|
if (identity_cert_distributor != nullptr) {
|
|
166
|
-
UpdateIdentityCertWatcher(identity_cert_distributor.get());
|
|
171
|
+
UpdateIdentityCertWatcher(cert_name, identity_cert_distributor.get());
|
|
167
172
|
} else {
|
|
168
173
|
identity_cert_watcher_ = nullptr;
|
|
169
|
-
distributor_->SetErrorForCert(
|
|
174
|
+
xds_certificate_provider_->distributor_->SetErrorForCert(
|
|
170
175
|
"", absl::nullopt,
|
|
171
176
|
GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
172
177
|
"No certificate provider available for identity certificates"));
|
|
@@ -176,42 +181,45 @@ void XdsCertificateProvider::UpdateIdentityCertNameAndDistributor(
|
|
|
176
181
|
identity_cert_distributor_ = std::move(identity_cert_distributor);
|
|
177
182
|
}
|
|
178
183
|
|
|
179
|
-
void XdsCertificateProvider::
|
|
180
|
-
std::
|
|
181
|
-
|
|
182
|
-
|
|
184
|
+
void XdsCertificateProvider::ClusterCertificateState::UpdateRootCertWatcher(
|
|
185
|
+
const std::string& cert_name,
|
|
186
|
+
grpc_tls_certificate_distributor* root_cert_distributor) {
|
|
187
|
+
auto watcher = absl::make_unique<RootCertificatesWatcher>(
|
|
188
|
+
xds_certificate_provider_->distributor_, cert_name);
|
|
189
|
+
root_cert_watcher_ = watcher.get();
|
|
190
|
+
root_cert_distributor->WatchTlsCertificates(std::move(watcher),
|
|
191
|
+
root_cert_name_, absl::nullopt);
|
|
183
192
|
}
|
|
184
193
|
|
|
185
|
-
void XdsCertificateProvider::
|
|
186
|
-
|
|
187
|
-
|
|
194
|
+
void XdsCertificateProvider::ClusterCertificateState::UpdateIdentityCertWatcher(
|
|
195
|
+
const std::string& cert_name,
|
|
196
|
+
grpc_tls_certificate_distributor* identity_cert_distributor) {
|
|
197
|
+
auto watcher = absl::make_unique<IdentityCertificatesWatcher>(
|
|
198
|
+
xds_certificate_provider_->distributor_, cert_name);
|
|
199
|
+
identity_cert_watcher_ = watcher.get();
|
|
200
|
+
identity_cert_distributor->WatchTlsCertificates(
|
|
201
|
+
std::move(watcher), absl::nullopt, identity_cert_name_);
|
|
202
|
+
}
|
|
203
|
+
|
|
204
|
+
void XdsCertificateProvider::ClusterCertificateState::WatchStatusCallback(
|
|
205
|
+
const std::string& cert_name, bool root_being_watched,
|
|
206
|
+
bool identity_being_watched) {
|
|
188
207
|
// We aren't specially handling the case where root_cert_distributor is same
|
|
189
208
|
// as identity_cert_distributor. Always using two separate watchers
|
|
190
209
|
// irrespective of the fact results in a straightforward design, and using a
|
|
191
210
|
// single watcher does not seem to provide any benefit other than cutting down
|
|
192
211
|
// on the number of callbacks.
|
|
193
|
-
MutexLock lock(&mu_);
|
|
194
|
-
if (!cert_name.empty()) {
|
|
195
|
-
grpc_error* error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
|
196
|
-
absl::StrCat("Illegal certificate name: \'", cert_name,
|
|
197
|
-
"\'. Should be empty.")
|
|
198
|
-
.c_str());
|
|
199
|
-
distributor_->SetErrorForCert(cert_name, GRPC_ERROR_REF(error),
|
|
200
|
-
GRPC_ERROR_REF(error));
|
|
201
|
-
GRPC_ERROR_UNREF(error);
|
|
202
|
-
return;
|
|
203
|
-
}
|
|
204
212
|
if (root_being_watched && !watching_root_certs_) {
|
|
205
213
|
// We need to start watching root certs.
|
|
206
214
|
watching_root_certs_ = true;
|
|
207
215
|
if (root_cert_distributor_ == nullptr) {
|
|
208
|
-
distributor_->SetErrorForCert(
|
|
209
|
-
|
|
216
|
+
xds_certificate_provider_->distributor_->SetErrorForCert(
|
|
217
|
+
cert_name,
|
|
210
218
|
GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
211
219
|
"No certificate provider available for root certificates"),
|
|
212
220
|
absl::nullopt);
|
|
213
221
|
} else {
|
|
214
|
-
UpdateRootCertWatcher(root_cert_distributor_.get());
|
|
222
|
+
UpdateRootCertWatcher(cert_name, root_cert_distributor_.get());
|
|
215
223
|
}
|
|
216
224
|
} else if (!root_being_watched && watching_root_certs_) {
|
|
217
225
|
// We need to cancel root certs watch.
|
|
@@ -225,12 +233,12 @@ void XdsCertificateProvider::WatchStatusCallback(std::string cert_name,
|
|
|
225
233
|
if (identity_being_watched && !watching_identity_certs_) {
|
|
226
234
|
watching_identity_certs_ = true;
|
|
227
235
|
if (identity_cert_distributor_ == nullptr) {
|
|
228
|
-
distributor_->SetErrorForCert(
|
|
229
|
-
|
|
236
|
+
xds_certificate_provider_->distributor_->SetErrorForCert(
|
|
237
|
+
cert_name, absl::nullopt,
|
|
230
238
|
GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
231
239
|
"No certificate provider available for identity certificates"));
|
|
232
240
|
} else {
|
|
233
|
-
UpdateIdentityCertWatcher(identity_cert_distributor_.get());
|
|
241
|
+
UpdateIdentityCertWatcher(cert_name, identity_cert_distributor_.get());
|
|
234
242
|
}
|
|
235
243
|
} else if (!identity_being_watched && watching_identity_certs_) {
|
|
236
244
|
watching_identity_certs_ = false;
|
|
@@ -243,20 +251,118 @@ void XdsCertificateProvider::WatchStatusCallback(std::string cert_name,
|
|
|
243
251
|
}
|
|
244
252
|
}
|
|
245
253
|
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
254
|
+
//
|
|
255
|
+
// XdsCertificateProvider
|
|
256
|
+
//
|
|
257
|
+
|
|
258
|
+
XdsCertificateProvider::XdsCertificateProvider()
|
|
259
|
+
: distributor_(MakeRefCounted<grpc_tls_certificate_distributor>()) {
|
|
260
|
+
distributor_->SetWatchStatusCallback(
|
|
261
|
+
absl::bind_front(&XdsCertificateProvider::WatchStatusCallback, this));
|
|
252
262
|
}
|
|
253
263
|
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
264
|
+
XdsCertificateProvider::~XdsCertificateProvider() {
|
|
265
|
+
distributor_->SetWatchStatusCallback(nullptr);
|
|
266
|
+
}
|
|
267
|
+
|
|
268
|
+
bool XdsCertificateProvider::ProvidesRootCerts(const std::string& cert_name) {
|
|
269
|
+
MutexLock lock(&mu_);
|
|
270
|
+
auto it = certificate_state_map_.find(cert_name);
|
|
271
|
+
if (it == certificate_state_map_.end()) return false;
|
|
272
|
+
return it->second->ProvidesRootCerts();
|
|
273
|
+
}
|
|
274
|
+
|
|
275
|
+
void XdsCertificateProvider::UpdateRootCertNameAndDistributor(
|
|
276
|
+
const std::string& cert_name, absl::string_view root_cert_name,
|
|
277
|
+
RefCountedPtr<grpc_tls_certificate_distributor> root_cert_distributor) {
|
|
278
|
+
MutexLock lock(&mu_);
|
|
279
|
+
auto it = certificate_state_map_.find(cert_name);
|
|
280
|
+
if (it == certificate_state_map_.end()) {
|
|
281
|
+
it = certificate_state_map_
|
|
282
|
+
.emplace(cert_name,
|
|
283
|
+
absl::make_unique<ClusterCertificateState>(this))
|
|
284
|
+
.first;
|
|
285
|
+
}
|
|
286
|
+
it->second->UpdateRootCertNameAndDistributor(cert_name, root_cert_name,
|
|
287
|
+
root_cert_distributor);
|
|
288
|
+
// Delete unused entries.
|
|
289
|
+
if (it->second->IsSafeToRemove()) certificate_state_map_.erase(it);
|
|
290
|
+
}
|
|
291
|
+
|
|
292
|
+
bool XdsCertificateProvider::ProvidesIdentityCerts(
|
|
293
|
+
const std::string& cert_name) {
|
|
294
|
+
MutexLock lock(&mu_);
|
|
295
|
+
auto it = certificate_state_map_.find(cert_name);
|
|
296
|
+
if (it == certificate_state_map_.end()) return false;
|
|
297
|
+
return it->second->ProvidesIdentityCerts();
|
|
298
|
+
}
|
|
299
|
+
|
|
300
|
+
void XdsCertificateProvider::UpdateIdentityCertNameAndDistributor(
|
|
301
|
+
const std::string& cert_name, absl::string_view identity_cert_name,
|
|
302
|
+
RefCountedPtr<grpc_tls_certificate_distributor> identity_cert_distributor) {
|
|
303
|
+
MutexLock lock(&mu_);
|
|
304
|
+
auto it = certificate_state_map_.find(cert_name);
|
|
305
|
+
if (it == certificate_state_map_.end()) {
|
|
306
|
+
it = certificate_state_map_
|
|
307
|
+
.emplace(cert_name,
|
|
308
|
+
absl::make_unique<ClusterCertificateState>(this))
|
|
309
|
+
.first;
|
|
310
|
+
}
|
|
311
|
+
it->second->UpdateIdentityCertNameAndDistributor(
|
|
312
|
+
cert_name, identity_cert_name, identity_cert_distributor);
|
|
313
|
+
// Delete unused entries.
|
|
314
|
+
if (it->second->IsSafeToRemove()) certificate_state_map_.erase(it);
|
|
315
|
+
}
|
|
316
|
+
|
|
317
|
+
bool XdsCertificateProvider::GetRequireClientCertificate(
|
|
318
|
+
const std::string& cert_name) {
|
|
319
|
+
MutexLock lock(&mu_);
|
|
320
|
+
auto it = certificate_state_map_.find(cert_name);
|
|
321
|
+
if (it == certificate_state_map_.end()) return false;
|
|
322
|
+
return it->second->require_client_certificate();
|
|
323
|
+
}
|
|
324
|
+
|
|
325
|
+
void XdsCertificateProvider::UpdateRequireClientCertificate(
|
|
326
|
+
const std::string& cert_name, bool require_client_certificate) {
|
|
327
|
+
MutexLock lock(&mu_);
|
|
328
|
+
auto it = certificate_state_map_.find(cert_name);
|
|
329
|
+
if (it == certificate_state_map_.end()) return;
|
|
330
|
+
it->second->set_require_client_certificate(require_client_certificate);
|
|
331
|
+
}
|
|
332
|
+
|
|
333
|
+
std::vector<StringMatcher> XdsCertificateProvider::GetSanMatchers(
|
|
334
|
+
const std::string& cluster) {
|
|
335
|
+
MutexLock lock(&san_matchers_mu_);
|
|
336
|
+
auto it = san_matcher_map_.find(cluster);
|
|
337
|
+
if (it == san_matcher_map_.end()) return {};
|
|
338
|
+
return it->second;
|
|
339
|
+
}
|
|
340
|
+
|
|
341
|
+
void XdsCertificateProvider::UpdateSubjectAlternativeNameMatchers(
|
|
342
|
+
const std::string& cluster, std::vector<StringMatcher> matchers) {
|
|
343
|
+
MutexLock lock(&san_matchers_mu_);
|
|
344
|
+
if (matchers.empty()) {
|
|
345
|
+
san_matcher_map_.erase(cluster);
|
|
346
|
+
} else {
|
|
347
|
+
san_matcher_map_[cluster] = std::move(matchers);
|
|
348
|
+
}
|
|
349
|
+
}
|
|
350
|
+
|
|
351
|
+
void XdsCertificateProvider::WatchStatusCallback(std::string cert_name,
|
|
352
|
+
bool root_being_watched,
|
|
353
|
+
bool identity_being_watched) {
|
|
354
|
+
MutexLock lock(&mu_);
|
|
355
|
+
auto it = certificate_state_map_.find(cert_name);
|
|
356
|
+
if (it == certificate_state_map_.end()) {
|
|
357
|
+
it = certificate_state_map_
|
|
358
|
+
.emplace(cert_name,
|
|
359
|
+
absl::make_unique<ClusterCertificateState>(this))
|
|
360
|
+
.first;
|
|
361
|
+
}
|
|
362
|
+
it->second->WatchStatusCallback(cert_name, root_being_watched,
|
|
363
|
+
identity_being_watched);
|
|
364
|
+
// Delete unused entries.
|
|
365
|
+
if (it->second->IsSafeToRemove()) certificate_state_map_.erase(it);
|
|
260
366
|
}
|
|
261
367
|
|
|
262
368
|
namespace {
|