grpc 1.35.0.pre1 → 1.37.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +121 -89
- data/include/grpc/grpc.h +15 -1
- data/include/grpc/grpc_security.h +16 -11
- data/include/grpc/impl/codegen/port_platform.h +2 -0
- data/src/core/ext/filters/client_channel/client_channel.cc +359 -331
- data/src/core/ext/filters/client_channel/client_channel.h +0 -2
- data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -1
- data/src/core/ext/filters/client_channel/config_selector.h +9 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +9 -4
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -10
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy.cc +3 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +23 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +27 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +289 -170
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -25
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +232 -110
- data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
- data/src/core/ext/filters/client_channel/resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver.h +1 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +36 -45
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +34 -50
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +16 -14
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +18 -15
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +377 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +307 -155
- data/src/core/ext/filters/client_channel/server_address.cc +9 -0
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +69 -146
- data/src/core/ext/filters/client_channel/subchannel.h +63 -95
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +16 -2
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +10 -8
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +1 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +500 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +189 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
- data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +3 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +1 -1
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +3 -2
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +490 -178
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +1 -1
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +39 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +12 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +5 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1459 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +350 -0
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1348 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +6 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +25 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +488 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +141 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +452 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +57 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +150 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +268 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +78 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +281 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +113 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +19 -21
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +64 -51
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +93 -0
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +323 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +90 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +124 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +33 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +77 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +383 -0
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +10 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +753 -724
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +120 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +76 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +371 -377
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +130 -0
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +8 -7
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +9 -9
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +44 -0
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/xds_api.cc +2149 -666
- data/src/core/ext/xds/xds_api.h +321 -119
- data/src/core/ext/xds/xds_bootstrap.cc +80 -45
- data/src/core/ext/xds/xds_bootstrap.h +17 -5
- data/src/core/ext/xds/xds_certificate_provider.cc +180 -74
- data/src/core/ext/xds/xds_certificate_provider.h +83 -44
- data/src/core/ext/xds/xds_client.cc +181 -34
- data/src/core/ext/xds/xds_client.h +29 -0
- data/src/core/ext/xds/xds_client_stats.cc +2 -1
- data/src/core/ext/xds/xds_client_stats.h +2 -2
- data/src/core/ext/xds/xds_http_fault_filter.cc +226 -0
- data/src/core/ext/xds/xds_http_fault_filter.h +63 -0
- data/src/core/ext/xds/xds_http_filters.cc +114 -0
- data/src/core/ext/xds/xds_http_filters.h +130 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +425 -24
- data/src/core/lib/channel/channel_stack.cc +12 -0
- data/src/core/lib/channel/channel_stack.h +7 -0
- data/src/core/lib/channel/channelz.cc +92 -4
- data/src/core/lib/channel/channelz.h +30 -1
- data/src/core/lib/channel/channelz_registry.cc +14 -0
- data/src/core/lib/channel/handshaker.cc +2 -44
- data/src/core/lib/channel/handshaker.h +1 -18
- data/src/core/lib/channel/status_util.cc +12 -2
- data/src/core/lib/channel/status_util.h +5 -0
- data/src/core/lib/gpr/log.cc +6 -1
- data/src/core/lib/gpr/sync_abseil.cc +3 -6
- data/src/core/lib/gpr/sync_windows.cc +2 -2
- data/src/core/lib/gprpp/atomic.h +3 -3
- data/src/core/lib/gprpp/dual_ref_counted.h +3 -3
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/ref_counted.h +1 -1
- data/src/core/lib/gprpp/ref_counted_ptr.h +2 -0
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/thd.h +1 -1
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli_security_connector.cc +2 -2
- data/src/core/lib/iomgr/buffer_list.h +1 -1
- data/src/core/lib/iomgr/cfstream_handle.cc +2 -2
- data/src/core/lib/iomgr/error.h +1 -1
- data/src/core/lib/iomgr/ev_apple.cc +11 -8
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +3 -3
- data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -4
- data/src/core/lib/iomgr/ev_posix.cc +3 -3
- data/src/core/lib/iomgr/exec_ctx.cc +6 -2
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/resource_quota.cc +1 -1
- data/src/core/lib/iomgr/sockaddr_utils.cc +121 -1
- data/src/core/lib/iomgr/sockaddr_utils.h +25 -0
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +5 -8
- data/src/core/lib/iomgr/tcp_uv.cc +2 -2
- data/src/core/lib/iomgr/timer_generic.cc +2 -2
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -1
- data/src/core/lib/matchers/matchers.cc +339 -0
- data/src/core/lib/matchers/matchers.h +160 -0
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/credentials.h +2 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +2 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -6
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +0 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -3
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +128 -59
- data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +9 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +32 -14
- data/src/core/lib/security/transport/security_handshaker.cc +33 -5
- data/src/core/lib/security/transport/server_auth_filter.cc +7 -0
- data/src/core/lib/slice/slice_intern.cc +5 -6
- data/src/core/lib/surface/channel.h +3 -3
- data/src/core/lib/surface/completion_queue.cc +1 -1
- data/src/core/lib/surface/init.cc +13 -15
- data/src/core/lib/surface/lame_client.cc +38 -19
- data/src/core/lib/surface/lame_client.h +4 -3
- data/src/core/lib/surface/server.cc +43 -36
- data/src/core/lib/surface/server.h +76 -14
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/lib/transport/metadata_batch.cc +27 -0
- data/src/core/lib/transport/metadata_batch.h +14 -0
- data/src/core/plugin_registry/grpc_plugin_registry.cc +12 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +18 -24
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +16 -21
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
- data/src/core/tsi/fake_transport_security.cc +11 -2
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
- data/src/core/tsi/ssl_transport_security.cc +0 -3
- data/src/core/tsi/ssl_transport_security.h +0 -3
- data/src/ruby/ext/grpc/extconf.rb +9 -1
- data/src/ruby/ext/grpc/rb_channel.c +10 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.c +11 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
- data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
- data/src/ruby/ext/grpc/rb_grpc.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -1
- data/src/ruby/ext/grpc/rb_server.c +13 -1
- data/src/ruby/ext/grpc/rb_server_credentials.c +19 -3
- data/src/ruby/ext/grpc/rb_server_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +215 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +35 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +169 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.h +35 -0
- data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
- data/src/ruby/spec/call_spec.rb +1 -1
- data/src/ruby/spec/channel_credentials_spec.rb +32 -0
- data/src/ruby/spec/channel_spec.rb +17 -6
- data/src/ruby/spec/client_auth_spec.rb +27 -1
- data/src/ruby/spec/errors_spec.rb +1 -1
- data/src/ruby/spec/generic/active_call_spec.rb +2 -2
- data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
- data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
- data/src/ruby/spec/server_credentials_spec.rb +25 -0
- data/src/ruby/spec/server_spec.rb +22 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +715 -713
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +21 -13
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +135 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -29
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +22 -17
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +19 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +67 -33
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -99
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +362 -50
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
- data/third_party/xxhash/xxhash.h +5443 -0
- metadata +140 -84
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
- data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
- data/src/core/lib/security/authorization/authorization_engine.h +0 -84
- data/src/core/lib/security/authorization/evaluate_args.cc +0 -148
- data/src/core/lib/security/authorization/evaluate_args.h +0 -59
- data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -44
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -69
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -97
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -57
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -504
- data/third_party/upb/upb/json_decode.c +0 -1443
- data/third_party/upb/upb/json_decode.h +0 -23
- data/third_party/upb/upb/json_encode.c +0 -713
- data/third_party/upb/upb/json_encode.h +0 -36
|
@@ -0,0 +1,130 @@
|
|
|
1
|
+
//
|
|
2
|
+
// Copyright 2021 gRPC authors.
|
|
3
|
+
//
|
|
4
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
|
+
// you may not use this file except in compliance with the License.
|
|
6
|
+
// You may obtain a copy of the License at
|
|
7
|
+
//
|
|
8
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
9
|
+
//
|
|
10
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
11
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
12
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
13
|
+
// See the License for the specific language governing permissions and
|
|
14
|
+
// limitations under the License.
|
|
15
|
+
//
|
|
16
|
+
|
|
17
|
+
#ifndef GRPC_CORE_EXT_XDS_XDS_HTTP_FILTERS_H
|
|
18
|
+
#define GRPC_CORE_EXT_XDS_XDS_HTTP_FILTERS_H
|
|
19
|
+
|
|
20
|
+
#include <grpc/support/port_platform.h>
|
|
21
|
+
|
|
22
|
+
#include <memory>
|
|
23
|
+
#include <set>
|
|
24
|
+
#include <string>
|
|
25
|
+
|
|
26
|
+
#include "absl/status/statusor.h"
|
|
27
|
+
#include "absl/strings/str_cat.h"
|
|
28
|
+
#include "absl/strings/string_view.h"
|
|
29
|
+
#include "google/protobuf/any.upb.h"
|
|
30
|
+
#include "upb/def.h"
|
|
31
|
+
|
|
32
|
+
#include <grpc/grpc.h>
|
|
33
|
+
|
|
34
|
+
#include "src/core/lib/channel/channel_stack.h"
|
|
35
|
+
#include "src/core/lib/json/json.h"
|
|
36
|
+
|
|
37
|
+
namespace grpc_core {
|
|
38
|
+
|
|
39
|
+
extern const char* kXdsHttpRouterFilterConfigName;
|
|
40
|
+
|
|
41
|
+
class XdsHttpFilterImpl {
|
|
42
|
+
public:
|
|
43
|
+
struct FilterConfig {
|
|
44
|
+
absl::string_view config_proto_type_name;
|
|
45
|
+
Json config;
|
|
46
|
+
|
|
47
|
+
bool operator==(const FilterConfig& other) const {
|
|
48
|
+
return config_proto_type_name == other.config_proto_type_name &&
|
|
49
|
+
config == other.config;
|
|
50
|
+
}
|
|
51
|
+
std::string ToString() const {
|
|
52
|
+
return absl::StrCat("{config_proto_type_name=", config_proto_type_name,
|
|
53
|
+
" config=", config.Dump(), "}");
|
|
54
|
+
}
|
|
55
|
+
};
|
|
56
|
+
|
|
57
|
+
// Service config data for the filter, returned by GenerateServiceConfig().
|
|
58
|
+
struct ServiceConfigJsonEntry {
|
|
59
|
+
// The top-level field name in the method config.
|
|
60
|
+
// Filter implementations should use their primary config proto type
|
|
61
|
+
// name for this.
|
|
62
|
+
// The value of this field in the method config will be a JSON array,
|
|
63
|
+
// which will be populated with the elements returned by each filter
|
|
64
|
+
// instance.
|
|
65
|
+
std::string service_config_field_name;
|
|
66
|
+
// The element to add to the JSON array.
|
|
67
|
+
std::string element;
|
|
68
|
+
};
|
|
69
|
+
|
|
70
|
+
virtual ~XdsHttpFilterImpl() = default;
|
|
71
|
+
|
|
72
|
+
// Loads the proto message into the upb symtab.
|
|
73
|
+
virtual void PopulateSymtab(upb_symtab* symtab) const = 0;
|
|
74
|
+
|
|
75
|
+
// Generates a Config from the xDS filter config proto.
|
|
76
|
+
// Used for the top-level config in the HCM HTTP filter list.
|
|
77
|
+
virtual absl::StatusOr<FilterConfig> GenerateFilterConfig(
|
|
78
|
+
upb_strview serialized_filter_config, upb_arena* arena) const = 0;
|
|
79
|
+
|
|
80
|
+
// Generates a Config from the xDS filter config proto.
|
|
81
|
+
// Used for the typed_per_filter_config override in VirtualHost and Route.
|
|
82
|
+
virtual absl::StatusOr<FilterConfig> GenerateFilterConfigOverride(
|
|
83
|
+
upb_strview serialized_filter_config, upb_arena* arena) const = 0;
|
|
84
|
+
|
|
85
|
+
// C-core channel filter implementation.
|
|
86
|
+
virtual const grpc_channel_filter* channel_filter() const = 0;
|
|
87
|
+
|
|
88
|
+
// Modifies channel args that may affect service config parsing (not
|
|
89
|
+
// visible to the channel as a whole).
|
|
90
|
+
// Takes ownership of args. Caller takes ownership of return value.
|
|
91
|
+
virtual grpc_channel_args* ModifyChannelArgs(grpc_channel_args* args) const {
|
|
92
|
+
return args;
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
// Function to convert the Configs into a JSON string to be added to the
|
|
96
|
+
// per-method part of the service config.
|
|
97
|
+
// The hcm_filter_config comes from the HttpConnectionManager config.
|
|
98
|
+
// The filter_config_override comes from the first of the ClusterWeight,
|
|
99
|
+
// Route, or VirtualHost entries that it is found in, or null if
|
|
100
|
+
// there is no override in any of those locations.
|
|
101
|
+
virtual absl::StatusOr<ServiceConfigJsonEntry> GenerateServiceConfig(
|
|
102
|
+
const FilterConfig& hcm_filter_config,
|
|
103
|
+
const FilterConfig* filter_config_override) const = 0;
|
|
104
|
+
|
|
105
|
+
// Returns true if the filter is supported on clients; false otherwise
|
|
106
|
+
virtual bool IsSupportedOnClients() const = 0;
|
|
107
|
+
|
|
108
|
+
// Returns true if the filter is supported on servers; false otherwise
|
|
109
|
+
virtual bool IsSupportedOnServers() const = 0;
|
|
110
|
+
};
|
|
111
|
+
|
|
112
|
+
class XdsHttpFilterRegistry {
|
|
113
|
+
public:
|
|
114
|
+
static void RegisterFilter(
|
|
115
|
+
std::unique_ptr<XdsHttpFilterImpl> filter,
|
|
116
|
+
const std::set<absl::string_view>& config_proto_type_names);
|
|
117
|
+
|
|
118
|
+
static const XdsHttpFilterImpl* GetFilterForType(
|
|
119
|
+
absl::string_view proto_type_name);
|
|
120
|
+
|
|
121
|
+
static void PopulateSymtab(upb_symtab* symtab);
|
|
122
|
+
|
|
123
|
+
// Global init and shutdown.
|
|
124
|
+
static void Init();
|
|
125
|
+
static void Shutdown();
|
|
126
|
+
};
|
|
127
|
+
|
|
128
|
+
} // namespace grpc_core
|
|
129
|
+
|
|
130
|
+
#endif /* GRPC_CORE_EXT_XDS_XDS_HTTP_FILTERS_H */
|
|
@@ -18,32 +18,342 @@
|
|
|
18
18
|
|
|
19
19
|
#include <grpc/support/port_platform.h>
|
|
20
20
|
|
|
21
|
+
#include "absl/strings/str_replace.h"
|
|
22
|
+
|
|
23
|
+
#include "src/core/ext/xds/xds_certificate_provider.h"
|
|
21
24
|
#include "src/core/ext/xds/xds_client.h"
|
|
25
|
+
#include "src/core/lib/channel/channel_args.h"
|
|
26
|
+
#include "src/core/lib/gprpp/host_port.h"
|
|
27
|
+
#include "src/core/lib/iomgr/sockaddr.h"
|
|
28
|
+
#include "src/core/lib/iomgr/sockaddr_utils.h"
|
|
29
|
+
#include "src/core/lib/iomgr/socket_utils.h"
|
|
30
|
+
#include "src/core/lib/security/credentials/xds/xds_credentials.h"
|
|
22
31
|
#include "src/core/lib/surface/api_trace.h"
|
|
23
32
|
#include "src/core/lib/surface/server.h"
|
|
33
|
+
#include "src/core/lib/uri/uri_parser.h"
|
|
24
34
|
|
|
25
35
|
namespace grpc_core {
|
|
36
|
+
|
|
37
|
+
TraceFlag grpc_xds_server_config_fetcher_trace(false,
|
|
38
|
+
"xds_server_config_fetcher");
|
|
39
|
+
|
|
26
40
|
namespace {
|
|
27
41
|
|
|
42
|
+
class FilterChainMatchManager
|
|
43
|
+
: public grpc_server_config_fetcher::ConnectionManager {
|
|
44
|
+
public:
|
|
45
|
+
FilterChainMatchManager(
|
|
46
|
+
RefCountedPtr<XdsClient> xds_client,
|
|
47
|
+
XdsApi::LdsUpdate::FilterChainMap filter_chain_map,
|
|
48
|
+
absl::optional<XdsApi::LdsUpdate::FilterChainData> default_filter_chain)
|
|
49
|
+
: xds_client_(xds_client),
|
|
50
|
+
filter_chain_map_(std::move(filter_chain_map)),
|
|
51
|
+
default_filter_chain_(std::move(default_filter_chain)) {}
|
|
52
|
+
|
|
53
|
+
absl::StatusOr<grpc_channel_args*> UpdateChannelArgsForConnection(
|
|
54
|
+
grpc_channel_args* args, grpc_endpoint* tcp) override;
|
|
55
|
+
|
|
56
|
+
const XdsApi::LdsUpdate::FilterChainMap& filter_chain_map() const {
|
|
57
|
+
return filter_chain_map_;
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
const absl::optional<XdsApi::LdsUpdate::FilterChainData>&
|
|
61
|
+
default_filter_chain() const {
|
|
62
|
+
return default_filter_chain_;
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
private:
|
|
66
|
+
struct CertificateProviders {
|
|
67
|
+
// We need to save our own refs to the root and instance certificate
|
|
68
|
+
// providers since the xds certificate provider just stores a ref to their
|
|
69
|
+
// distributors.
|
|
70
|
+
RefCountedPtr<grpc_tls_certificate_provider> root;
|
|
71
|
+
RefCountedPtr<grpc_tls_certificate_provider> instance;
|
|
72
|
+
RefCountedPtr<XdsCertificateProvider> xds;
|
|
73
|
+
};
|
|
74
|
+
|
|
75
|
+
absl::StatusOr<RefCountedPtr<XdsCertificateProvider>>
|
|
76
|
+
CreateOrGetXdsCertificateProviderFromFilterChainData(
|
|
77
|
+
const XdsApi::LdsUpdate::FilterChainData* filter_chain);
|
|
78
|
+
|
|
79
|
+
const RefCountedPtr<XdsClient> xds_client_;
|
|
80
|
+
const XdsApi::LdsUpdate::FilterChainMap filter_chain_map_;
|
|
81
|
+
const absl::optional<XdsApi::LdsUpdate::FilterChainData>
|
|
82
|
+
default_filter_chain_;
|
|
83
|
+
Mutex mu_;
|
|
84
|
+
std::map<const XdsApi::LdsUpdate::FilterChainData*, CertificateProviders>
|
|
85
|
+
certificate_providers_map_ ABSL_GUARDED_BY(mu_);
|
|
86
|
+
};
|
|
87
|
+
|
|
88
|
+
bool IsLoopbackIp(const grpc_resolved_address* address) {
|
|
89
|
+
const grpc_sockaddr* sock_addr =
|
|
90
|
+
reinterpret_cast<const grpc_sockaddr*>(&address->addr);
|
|
91
|
+
if (sock_addr->sa_family == GRPC_AF_INET) {
|
|
92
|
+
const grpc_sockaddr_in* addr4 =
|
|
93
|
+
reinterpret_cast<const grpc_sockaddr_in*>(sock_addr);
|
|
94
|
+
if (addr4->sin_addr.s_addr == grpc_htonl(INADDR_LOOPBACK)) {
|
|
95
|
+
return true;
|
|
96
|
+
}
|
|
97
|
+
} else if (sock_addr->sa_family == GRPC_AF_INET6) {
|
|
98
|
+
const grpc_sockaddr_in6* addr6 =
|
|
99
|
+
reinterpret_cast<const grpc_sockaddr_in6*>(sock_addr);
|
|
100
|
+
if (memcmp(&addr6->sin6_addr, &in6addr_loopback,
|
|
101
|
+
sizeof(in6addr_loopback)) == 0) {
|
|
102
|
+
return true;
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
return false;
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
const XdsApi::LdsUpdate::FilterChainData* FindFilterChainDataForSourcePort(
|
|
109
|
+
const XdsApi::LdsUpdate::FilterChainMap::SourcePortsMap& source_ports_map,
|
|
110
|
+
absl::string_view port_str) {
|
|
111
|
+
int port = 0;
|
|
112
|
+
if (!absl::SimpleAtoi(port_str, &port)) return nullptr;
|
|
113
|
+
auto it = source_ports_map.find(port);
|
|
114
|
+
if (it != source_ports_map.end()) {
|
|
115
|
+
return it->second.data.get();
|
|
116
|
+
}
|
|
117
|
+
// Search for the catch-all port 0 since we didn't get a direct match
|
|
118
|
+
it = source_ports_map.find(0);
|
|
119
|
+
if (it != source_ports_map.end()) {
|
|
120
|
+
return it->second.data.get();
|
|
121
|
+
}
|
|
122
|
+
return nullptr;
|
|
123
|
+
}
|
|
124
|
+
|
|
125
|
+
const XdsApi::LdsUpdate::FilterChainData* FindFilterChainDataForSourceIp(
|
|
126
|
+
const XdsApi::LdsUpdate::FilterChainMap::SourceIpVector& source_ip_vector,
|
|
127
|
+
const grpc_resolved_address* source_ip, absl::string_view port) {
|
|
128
|
+
const XdsApi::LdsUpdate::FilterChainMap::SourceIp* best_match = nullptr;
|
|
129
|
+
for (const auto& entry : source_ip_vector) {
|
|
130
|
+
// Special case for catch-all
|
|
131
|
+
if (!entry.prefix_range.has_value()) {
|
|
132
|
+
if (best_match == nullptr) {
|
|
133
|
+
best_match = &entry;
|
|
134
|
+
}
|
|
135
|
+
continue;
|
|
136
|
+
}
|
|
137
|
+
if (best_match != nullptr && best_match->prefix_range.has_value() &&
|
|
138
|
+
best_match->prefix_range->prefix_len >=
|
|
139
|
+
entry.prefix_range->prefix_len) {
|
|
140
|
+
continue;
|
|
141
|
+
}
|
|
142
|
+
if (grpc_sockaddr_match_subnet(source_ip, &entry.prefix_range->address,
|
|
143
|
+
entry.prefix_range->prefix_len)) {
|
|
144
|
+
best_match = &entry;
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
if (best_match == nullptr) return nullptr;
|
|
148
|
+
return FindFilterChainDataForSourcePort(best_match->ports_map, port);
|
|
149
|
+
}
|
|
150
|
+
|
|
151
|
+
const XdsApi::LdsUpdate::FilterChainData* FindFilterChainDataForSourceType(
|
|
152
|
+
const XdsApi::LdsUpdate::FilterChainMap::ConnectionSourceTypesArray&
|
|
153
|
+
source_types_array,
|
|
154
|
+
grpc_endpoint* tcp, absl::string_view destination_ip) {
|
|
155
|
+
auto source_uri = URI::Parse(grpc_endpoint_get_peer(tcp));
|
|
156
|
+
if (!source_uri.ok() ||
|
|
157
|
+
(source_uri->scheme() != "ipv4" && source_uri->scheme() != "ipv6")) {
|
|
158
|
+
return nullptr;
|
|
159
|
+
}
|
|
160
|
+
std::string host;
|
|
161
|
+
std::string port;
|
|
162
|
+
if (!SplitHostPort(source_uri->path(), &host, &port)) {
|
|
163
|
+
return nullptr;
|
|
164
|
+
}
|
|
165
|
+
grpc_resolved_address source_addr;
|
|
166
|
+
grpc_string_to_sockaddr(&source_addr, host.c_str(),
|
|
167
|
+
0 /* port doesn't matter here */);
|
|
168
|
+
// Use kAny only if kSameIporLoopback and kExternal are empty
|
|
169
|
+
if (source_types_array[static_cast<int>(
|
|
170
|
+
XdsApi::LdsUpdate::FilterChainMap::
|
|
171
|
+
ConnectionSourceType::kSameIpOrLoopback)]
|
|
172
|
+
.empty() &&
|
|
173
|
+
source_types_array[static_cast<int>(XdsApi::LdsUpdate::FilterChainMap::
|
|
174
|
+
ConnectionSourceType::kExternal)]
|
|
175
|
+
.empty()) {
|
|
176
|
+
return FindFilterChainDataForSourceIp(
|
|
177
|
+
source_types_array[static_cast<int>(
|
|
178
|
+
XdsApi::LdsUpdate::FilterChainMap::ConnectionSourceType::kAny)],
|
|
179
|
+
&source_addr, port);
|
|
180
|
+
}
|
|
181
|
+
if (IsLoopbackIp(&source_addr) || host == destination_ip) {
|
|
182
|
+
return FindFilterChainDataForSourceIp(
|
|
183
|
+
source_types_array[static_cast<int>(
|
|
184
|
+
XdsApi::LdsUpdate::FilterChainMap::ConnectionSourceType::
|
|
185
|
+
kSameIpOrLoopback)],
|
|
186
|
+
&source_addr, port);
|
|
187
|
+
} else {
|
|
188
|
+
return FindFilterChainDataForSourceIp(
|
|
189
|
+
source_types_array[static_cast<int>(
|
|
190
|
+
XdsApi::LdsUpdate::FilterChainMap::ConnectionSourceType::
|
|
191
|
+
kExternal)],
|
|
192
|
+
&source_addr, port);
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
|
|
196
|
+
const XdsApi::LdsUpdate::FilterChainData* FindFilterChainDataForDestinationIp(
|
|
197
|
+
const XdsApi::LdsUpdate::FilterChainMap::DestinationIpVector
|
|
198
|
+
destination_ip_vector,
|
|
199
|
+
grpc_endpoint* tcp) {
|
|
200
|
+
auto destination_uri = URI::Parse(grpc_endpoint_get_local_address(tcp));
|
|
201
|
+
if (!destination_uri.ok() || (destination_uri->scheme() != "ipv4" &&
|
|
202
|
+
destination_uri->scheme() != "ipv6")) {
|
|
203
|
+
return nullptr;
|
|
204
|
+
}
|
|
205
|
+
std::string host;
|
|
206
|
+
std::string port;
|
|
207
|
+
if (!SplitHostPort(destination_uri->path(), &host, &port)) {
|
|
208
|
+
return nullptr;
|
|
209
|
+
}
|
|
210
|
+
grpc_resolved_address destination_addr;
|
|
211
|
+
grpc_string_to_sockaddr(&destination_addr, host.c_str(),
|
|
212
|
+
0 /* port doesn't matter here */);
|
|
213
|
+
const XdsApi::LdsUpdate::FilterChainMap::DestinationIp* best_match = nullptr;
|
|
214
|
+
for (const auto& entry : destination_ip_vector) {
|
|
215
|
+
// Special case for catch-all
|
|
216
|
+
if (!entry.prefix_range.has_value()) {
|
|
217
|
+
if (best_match == nullptr) {
|
|
218
|
+
best_match = &entry;
|
|
219
|
+
}
|
|
220
|
+
continue;
|
|
221
|
+
}
|
|
222
|
+
if (best_match != nullptr && best_match->prefix_range.has_value() &&
|
|
223
|
+
best_match->prefix_range->prefix_len >=
|
|
224
|
+
entry.prefix_range->prefix_len) {
|
|
225
|
+
continue;
|
|
226
|
+
}
|
|
227
|
+
if (grpc_sockaddr_match_subnet(&destination_addr,
|
|
228
|
+
&entry.prefix_range->address,
|
|
229
|
+
entry.prefix_range->prefix_len)) {
|
|
230
|
+
best_match = &entry;
|
|
231
|
+
}
|
|
232
|
+
}
|
|
233
|
+
if (best_match == nullptr) return nullptr;
|
|
234
|
+
return FindFilterChainDataForSourceType(best_match->source_types_array, tcp,
|
|
235
|
+
host);
|
|
236
|
+
}
|
|
237
|
+
|
|
238
|
+
absl::StatusOr<RefCountedPtr<XdsCertificateProvider>>
|
|
239
|
+
FilterChainMatchManager::CreateOrGetXdsCertificateProviderFromFilterChainData(
|
|
240
|
+
const XdsApi::LdsUpdate::FilterChainData* filter_chain) {
|
|
241
|
+
MutexLock lock(&mu_);
|
|
242
|
+
auto it = certificate_providers_map_.find(filter_chain);
|
|
243
|
+
if (it != certificate_providers_map_.end()) {
|
|
244
|
+
return it->second.xds;
|
|
245
|
+
}
|
|
246
|
+
CertificateProviders certificate_providers;
|
|
247
|
+
// Configure root cert.
|
|
248
|
+
absl::string_view root_provider_instance_name =
|
|
249
|
+
filter_chain->downstream_tls_context.common_tls_context
|
|
250
|
+
.combined_validation_context
|
|
251
|
+
.validation_context_certificate_provider_instance.instance_name;
|
|
252
|
+
absl::string_view root_provider_cert_name =
|
|
253
|
+
filter_chain->downstream_tls_context.common_tls_context
|
|
254
|
+
.combined_validation_context
|
|
255
|
+
.validation_context_certificate_provider_instance.certificate_name;
|
|
256
|
+
if (!root_provider_instance_name.empty()) {
|
|
257
|
+
certificate_providers.root =
|
|
258
|
+
xds_client_->certificate_provider_store()
|
|
259
|
+
.CreateOrGetCertificateProvider(root_provider_instance_name);
|
|
260
|
+
if (certificate_providers.root == nullptr) {
|
|
261
|
+
return absl::NotFoundError(
|
|
262
|
+
absl::StrCat("Certificate provider instance name: \"",
|
|
263
|
+
root_provider_instance_name, "\" not recognized."));
|
|
264
|
+
}
|
|
265
|
+
}
|
|
266
|
+
// Configure identity cert.
|
|
267
|
+
absl::string_view identity_provider_instance_name =
|
|
268
|
+
filter_chain->downstream_tls_context.common_tls_context
|
|
269
|
+
.tls_certificate_certificate_provider_instance.instance_name;
|
|
270
|
+
absl::string_view identity_provider_cert_name =
|
|
271
|
+
filter_chain->downstream_tls_context.common_tls_context
|
|
272
|
+
.tls_certificate_certificate_provider_instance.certificate_name;
|
|
273
|
+
if (!identity_provider_instance_name.empty()) {
|
|
274
|
+
certificate_providers.instance =
|
|
275
|
+
xds_client_->certificate_provider_store()
|
|
276
|
+
.CreateOrGetCertificateProvider(identity_provider_instance_name);
|
|
277
|
+
if (certificate_providers.instance == nullptr) {
|
|
278
|
+
return absl::NotFoundError(
|
|
279
|
+
absl::StrCat("Certificate provider instance name: \"",
|
|
280
|
+
identity_provider_instance_name, "\" not recognized."));
|
|
281
|
+
}
|
|
282
|
+
}
|
|
283
|
+
certificate_providers.xds = MakeRefCounted<XdsCertificateProvider>();
|
|
284
|
+
certificate_providers.xds->UpdateRootCertNameAndDistributor(
|
|
285
|
+
"", root_provider_cert_name,
|
|
286
|
+
certificate_providers.root == nullptr
|
|
287
|
+
? nullptr
|
|
288
|
+
: certificate_providers.root->distributor());
|
|
289
|
+
certificate_providers.xds->UpdateIdentityCertNameAndDistributor(
|
|
290
|
+
"", identity_provider_cert_name,
|
|
291
|
+
certificate_providers.instance == nullptr
|
|
292
|
+
? nullptr
|
|
293
|
+
: certificate_providers.instance->distributor());
|
|
294
|
+
certificate_providers.xds->UpdateRequireClientCertificate(
|
|
295
|
+
"", filter_chain->downstream_tls_context.require_client_certificate);
|
|
296
|
+
auto xds_certificate_provider = certificate_providers.xds;
|
|
297
|
+
certificate_providers_map_.emplace(filter_chain,
|
|
298
|
+
std::move(certificate_providers));
|
|
299
|
+
return xds_certificate_provider;
|
|
300
|
+
}
|
|
301
|
+
|
|
302
|
+
absl::StatusOr<grpc_channel_args*>
|
|
303
|
+
FilterChainMatchManager::UpdateChannelArgsForConnection(grpc_channel_args* args,
|
|
304
|
+
grpc_endpoint* tcp) {
|
|
305
|
+
const auto* filter_chain = FindFilterChainDataForDestinationIp(
|
|
306
|
+
filter_chain_map_.destination_ip_vector, tcp);
|
|
307
|
+
if (filter_chain == nullptr && default_filter_chain_.has_value()) {
|
|
308
|
+
filter_chain = &default_filter_chain_.value();
|
|
309
|
+
}
|
|
310
|
+
if (filter_chain == nullptr) {
|
|
311
|
+
grpc_channel_args_destroy(args);
|
|
312
|
+
return absl::UnavailableError("No matching filter chain found");
|
|
313
|
+
}
|
|
314
|
+
// Nothing to update if credentials are not xDS.
|
|
315
|
+
grpc_server_credentials* server_creds =
|
|
316
|
+
grpc_find_server_credentials_in_args(args);
|
|
317
|
+
if (server_creds == nullptr || server_creds->type() != kCredentialsTypeXds) {
|
|
318
|
+
return args;
|
|
319
|
+
}
|
|
320
|
+
absl::StatusOr<RefCountedPtr<XdsCertificateProvider>> result =
|
|
321
|
+
CreateOrGetXdsCertificateProviderFromFilterChainData(filter_chain);
|
|
322
|
+
if (!result.ok()) {
|
|
323
|
+
grpc_channel_args_destroy(args);
|
|
324
|
+
return result.status();
|
|
325
|
+
}
|
|
326
|
+
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider =
|
|
327
|
+
std::move(*result);
|
|
328
|
+
GPR_ASSERT(xds_certificate_provider != nullptr);
|
|
329
|
+
grpc_arg arg_to_add = xds_certificate_provider->MakeChannelArg();
|
|
330
|
+
grpc_channel_args* updated_args =
|
|
331
|
+
grpc_channel_args_copy_and_add(args, &arg_to_add, 1);
|
|
332
|
+
grpc_channel_args_destroy(args);
|
|
333
|
+
return updated_args;
|
|
334
|
+
}
|
|
335
|
+
|
|
28
336
|
class XdsServerConfigFetcher : public grpc_server_config_fetcher {
|
|
29
337
|
public:
|
|
30
|
-
explicit XdsServerConfigFetcher(RefCountedPtr<XdsClient> xds_client
|
|
31
|
-
|
|
338
|
+
explicit XdsServerConfigFetcher(RefCountedPtr<XdsClient> xds_client,
|
|
339
|
+
grpc_server_xds_status_notifier notifier)
|
|
340
|
+
: xds_client_(std::move(xds_client)), serving_status_notifier_(notifier) {
|
|
32
341
|
GPR_ASSERT(xds_client_ != nullptr);
|
|
33
342
|
}
|
|
34
343
|
|
|
35
|
-
void StartWatch(std::string listening_address,
|
|
344
|
+
void StartWatch(std::string listening_address, grpc_channel_args* args,
|
|
36
345
|
std::unique_ptr<grpc_server_config_fetcher::WatcherInterface>
|
|
37
346
|
watcher) override {
|
|
38
347
|
grpc_server_config_fetcher::WatcherInterface* watcher_ptr = watcher.get();
|
|
39
|
-
auto listener_watcher =
|
|
40
|
-
|
|
348
|
+
auto listener_watcher = absl::make_unique<ListenerWatcher>(
|
|
349
|
+
std::move(watcher), args, xds_client_, serving_status_notifier_,
|
|
350
|
+
listening_address);
|
|
41
351
|
auto* listener_watcher_ptr = listener_watcher.get();
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
352
|
+
listening_address = absl::StrReplaceAll(
|
|
353
|
+
xds_client_->bootstrap().server_listener_resource_name_template(),
|
|
354
|
+
{{"%s", listening_address}});
|
|
355
|
+
xds_client_->WatchListenerData(listening_address,
|
|
356
|
+
std::move(listener_watcher));
|
|
47
357
|
MutexLock lock(&mu_);
|
|
48
358
|
auto& watcher_state = watchers_[watcher_ptr];
|
|
49
359
|
watcher_state.listening_address = listening_address;
|
|
@@ -73,32 +383,112 @@ class XdsServerConfigFetcher : public grpc_server_config_fetcher {
|
|
|
73
383
|
public:
|
|
74
384
|
explicit ListenerWatcher(
|
|
75
385
|
std::unique_ptr<grpc_server_config_fetcher::WatcherInterface>
|
|
76
|
-
server_config_watcher
|
|
77
|
-
|
|
386
|
+
server_config_watcher,
|
|
387
|
+
grpc_channel_args* args, RefCountedPtr<XdsClient> xds_client,
|
|
388
|
+
grpc_server_xds_status_notifier serving_status_notifier,
|
|
389
|
+
std::string listening_address)
|
|
390
|
+
: server_config_watcher_(std::move(server_config_watcher)),
|
|
391
|
+
args_(args),
|
|
392
|
+
xds_client_(std::move(xds_client)),
|
|
393
|
+
serving_status_notifier_(serving_status_notifier),
|
|
394
|
+
listening_address_(std::move(listening_address)) {}
|
|
395
|
+
|
|
396
|
+
~ListenerWatcher() override { grpc_channel_args_destroy(args_); }
|
|
397
|
+
|
|
398
|
+
// Deleted due to special handling required for args_. Copy the channel args
|
|
399
|
+
// if we ever need these.
|
|
400
|
+
ListenerWatcher(const ListenerWatcher&) = delete;
|
|
401
|
+
ListenerWatcher& operator=(const ListenerWatcher&) = delete;
|
|
78
402
|
|
|
79
403
|
void OnListenerChanged(XdsApi::LdsUpdate listener) override {
|
|
80
|
-
|
|
81
|
-
|
|
404
|
+
if (GRPC_TRACE_FLAG_ENABLED(grpc_xds_server_config_fetcher_trace)) {
|
|
405
|
+
gpr_log(
|
|
406
|
+
GPR_INFO,
|
|
407
|
+
"[ListenerWatcher %p] Received LDS update from xds client %p: %s",
|
|
408
|
+
this, xds_client_.get(), listener.ToString().c_str());
|
|
409
|
+
}
|
|
410
|
+
if (listener.address != listening_address_) {
|
|
411
|
+
OnFatalError(absl::FailedPreconditionError(
|
|
412
|
+
"Address in LDS update does not match listening address"));
|
|
413
|
+
return;
|
|
414
|
+
}
|
|
415
|
+
if (filter_chain_match_manager_ == nullptr) {
|
|
416
|
+
if (serving_status_notifier_.on_serving_status_change != nullptr) {
|
|
417
|
+
serving_status_notifier_.on_serving_status_change(
|
|
418
|
+
serving_status_notifier_.user_data, listening_address_.c_str(),
|
|
419
|
+
GRPC_STATUS_OK, "");
|
|
420
|
+
} else {
|
|
421
|
+
gpr_log(GPR_INFO,
|
|
422
|
+
"xDS Listener resource obtained; will start serving on %s",
|
|
423
|
+
listening_address_.c_str());
|
|
424
|
+
}
|
|
425
|
+
}
|
|
426
|
+
if (filter_chain_match_manager_ == nullptr ||
|
|
427
|
+
!(listener.filter_chain_map ==
|
|
428
|
+
filter_chain_match_manager_->filter_chain_map() &&
|
|
429
|
+
listener.default_filter_chain ==
|
|
430
|
+
filter_chain_match_manager_->default_filter_chain())) {
|
|
431
|
+
filter_chain_match_manager_ = MakeRefCounted<FilterChainMatchManager>(
|
|
432
|
+
xds_client_, std::move(listener.filter_chain_map),
|
|
433
|
+
std::move(listener.default_filter_chain));
|
|
434
|
+
server_config_watcher_->UpdateConnectionManager(
|
|
435
|
+
filter_chain_match_manager_);
|
|
436
|
+
}
|
|
82
437
|
}
|
|
83
438
|
|
|
84
439
|
void OnError(grpc_error* error) override {
|
|
85
|
-
|
|
86
|
-
|
|
440
|
+
if (filter_chain_match_manager_ != nullptr) {
|
|
441
|
+
gpr_log(GPR_ERROR,
|
|
442
|
+
"ListenerWatcher:%p XdsClient reports error: %s for %s; "
|
|
443
|
+
"ignoring in favor of existing resource",
|
|
444
|
+
this, grpc_error_string(error), listening_address_.c_str());
|
|
445
|
+
} else {
|
|
446
|
+
if (serving_status_notifier_.on_serving_status_change != nullptr) {
|
|
447
|
+
serving_status_notifier_.on_serving_status_change(
|
|
448
|
+
serving_status_notifier_.user_data, listening_address_.c_str(),
|
|
449
|
+
GRPC_STATUS_UNAVAILABLE, grpc_error_string(error));
|
|
450
|
+
} else {
|
|
451
|
+
gpr_log(
|
|
452
|
+
GPR_ERROR,
|
|
453
|
+
"ListenerWatcher:%p error obtaining xDS Listener resource: %s; "
|
|
454
|
+
"not serving on %s",
|
|
455
|
+
this, grpc_error_string(error), listening_address_.c_str());
|
|
456
|
+
}
|
|
457
|
+
}
|
|
87
458
|
GRPC_ERROR_UNREF(error);
|
|
88
|
-
|
|
459
|
+
}
|
|
460
|
+
|
|
461
|
+
void OnFatalError(absl::Status status) {
|
|
462
|
+
gpr_log(
|
|
463
|
+
GPR_ERROR,
|
|
464
|
+
"ListenerWatcher:%p Encountered fatal error %s; not serving on %s",
|
|
465
|
+
this, status.ToString().c_str(), listening_address_.c_str());
|
|
466
|
+
if (filter_chain_match_manager_ != nullptr) {
|
|
467
|
+
// The server has started listening already, so we need to gracefully
|
|
468
|
+
// stop serving.
|
|
469
|
+
server_config_watcher_->StopServing();
|
|
470
|
+
filter_chain_match_manager_.reset();
|
|
471
|
+
}
|
|
472
|
+
if (serving_status_notifier_.on_serving_status_change != nullptr) {
|
|
473
|
+
serving_status_notifier_.on_serving_status_change(
|
|
474
|
+
serving_status_notifier_.user_data, listening_address_.c_str(),
|
|
475
|
+
static_cast<grpc_status_code>(status.raw_code()),
|
|
476
|
+
std::string(status.message()).c_str());
|
|
477
|
+
}
|
|
89
478
|
}
|
|
90
479
|
|
|
91
480
|
void OnResourceDoesNotExist() override {
|
|
92
|
-
|
|
93
|
-
"ListenerWatcher:%p XdsClient reports requested listener does "
|
|
94
|
-
"not exist",
|
|
95
|
-
this);
|
|
96
|
-
// TODO(yashykt): We might want to bubble this error to the application.
|
|
481
|
+
OnFatalError(absl::NotFoundError("Requested listener does not exist"));
|
|
97
482
|
}
|
|
98
483
|
|
|
99
484
|
private:
|
|
100
485
|
std::unique_ptr<grpc_server_config_fetcher::WatcherInterface>
|
|
101
486
|
server_config_watcher_;
|
|
487
|
+
grpc_channel_args* args_;
|
|
488
|
+
RefCountedPtr<XdsClient> xds_client_;
|
|
489
|
+
grpc_server_xds_status_notifier serving_status_notifier_;
|
|
490
|
+
std::string listening_address_;
|
|
491
|
+
RefCountedPtr<FilterChainMatchManager> filter_chain_match_manager_;
|
|
102
492
|
};
|
|
103
493
|
|
|
104
494
|
struct WatcherState {
|
|
@@ -107,6 +497,7 @@ class XdsServerConfigFetcher : public grpc_server_config_fetcher {
|
|
|
107
497
|
};
|
|
108
498
|
|
|
109
499
|
RefCountedPtr<XdsClient> xds_client_;
|
|
500
|
+
grpc_server_xds_status_notifier serving_status_notifier_;
|
|
110
501
|
Mutex mu_;
|
|
111
502
|
std::map<grpc_server_config_fetcher::WatcherInterface*, WatcherState>
|
|
112
503
|
watchers_;
|
|
@@ -115,7 +506,8 @@ class XdsServerConfigFetcher : public grpc_server_config_fetcher {
|
|
|
115
506
|
} // namespace
|
|
116
507
|
} // namespace grpc_core
|
|
117
508
|
|
|
118
|
-
grpc_server_config_fetcher* grpc_server_config_fetcher_xds_create(
|
|
509
|
+
grpc_server_config_fetcher* grpc_server_config_fetcher_xds_create(
|
|
510
|
+
grpc_server_xds_status_notifier notifier) {
|
|
119
511
|
grpc_core::ApplicationCallbackExecCtx callback_exec_ctx;
|
|
120
512
|
grpc_core::ExecCtx exec_ctx;
|
|
121
513
|
GRPC_API_TRACE("grpc_server_config_fetcher_xds_create()", 0, ());
|
|
@@ -125,7 +517,16 @@ grpc_server_config_fetcher* grpc_server_config_fetcher_xds_create() {
|
|
|
125
517
|
if (error != GRPC_ERROR_NONE) {
|
|
126
518
|
gpr_log(GPR_ERROR, "Failed to create xds client: %s",
|
|
127
519
|
grpc_error_string(error));
|
|
520
|
+
GRPC_ERROR_UNREF(error);
|
|
521
|
+
return nullptr;
|
|
522
|
+
}
|
|
523
|
+
if (xds_client->bootstrap()
|
|
524
|
+
.server_listener_resource_name_template()
|
|
525
|
+
.empty()) {
|
|
526
|
+
gpr_log(GPR_ERROR,
|
|
527
|
+
"server_listener_resource_name_template not provided in bootstrap "
|
|
528
|
+
"file.");
|
|
128
529
|
return nullptr;
|
|
129
530
|
}
|
|
130
|
-
return new grpc_core::XdsServerConfigFetcher(std::move(xds_client));
|
|
531
|
+
return new grpc_core::XdsServerConfigFetcher(std::move(xds_client), notifier);
|
|
131
532
|
}
|