grpc 1.46.3-x86_64-linux → 1.47.0-x86_64-linux

data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc

@@ -21,6 +21,8 @@
 #include "absl/strings/str_join.h"
 #include "absl/strings/str_replace.h"
 
+#include <grpc/support/string_util.h>
+
 #include "src/core/lib/gpr/env.h"
 #include "src/core/lib/http/httpcli_ssl_credentials.h"
 
@@ -119,6 +121,12 @@ AwsExternalAccountCredentials::AwsExternalAccountCredentials(
     return;
   }
   regional_cred_verification_url_ = it->second.string_value();
+  it =
+      options.credential_source.object_value().find("imdsv2_session_token_url");
+  if (it != options.credential_source.object_value().end() &&
+      it->second.type() == Json::Type::STRING) {
+    imdsv2_session_token_url_ = it->second.string_value();
+  }
 }
 
 void AwsExternalAccountCredentials::RetrieveSubjectToken(
@@ -133,6 +141,62 @@ void AwsExternalAccountCredentials::RetrieveSubjectToken(
   }
   ctx_ = ctx;
   cb_ = cb;
+  if (!imdsv2_session_token_url_.empty()) {
+    RetrieveImdsV2SessionToken();
+  } else if (signer_ != nullptr) {
+    BuildSubjectToken();
+  } else {
+    RetrieveRegion();
+  }
+}
+
+void AwsExternalAccountCredentials::RetrieveImdsV2SessionToken() {
+  absl::StatusOr<URI> uri = URI::Parse(imdsv2_session_token_url_);
+  if (!uri.ok()) {
+    return;
+  }
+  grpc_http_header* headers =
+      static_cast<grpc_http_header*>(gpr_malloc(sizeof(grpc_http_header)));
+  headers[0].key = gpr_strdup("x-aws-ec2-metadata-token-ttl-seconds");
+  headers[0].value = gpr_strdup("300");
+  grpc_http_request request;
+  memset(&request, 0, sizeof(grpc_http_request));
+  request.hdr_count = 1;
+  request.hdrs = headers;
+  grpc_http_response_destroy(&ctx_->response);
+  ctx_->response = {};
+  GRPC_CLOSURE_INIT(&ctx_->closure, OnRetrieveImdsV2SessionToken, this,
+                    nullptr);
+  RefCountedPtr<grpc_channel_credentials> http_request_creds;
+  if (uri->scheme() == "http") {
+    http_request_creds = RefCountedPtr<grpc_channel_credentials>(
+        grpc_insecure_credentials_create());
+  } else {
+    http_request_creds = CreateHttpRequestSSLCredentials();
+  }
+  http_request_ =
+      HttpRequest::Put(std::move(*uri), nullptr /* channel args */,
+                       ctx_->pollent, &request, ctx_->deadline, &ctx_->closure,
+                       &ctx_->response, std::move(http_request_creds));
+  http_request_->Start();
+  grpc_http_request_destroy(&request);
+}
+
+void AwsExternalAccountCredentials::OnRetrieveImdsV2SessionToken(
+    void* arg, grpc_error_handle error) {
+  AwsExternalAccountCredentials* self =
+      static_cast<AwsExternalAccountCredentials*>(arg);
+  self->OnRetrieveImdsV2SessionTokenInternal(GRPC_ERROR_REF(error));
+}
+
+void AwsExternalAccountCredentials::OnRetrieveImdsV2SessionTokenInternal(
+    grpc_error_handle error) {
+  if (error != GRPC_ERROR_NONE) {
+    FinishRetrieveSubjectToken("", error);
+    return;
+  }
+  imdsv2_session_token_ =
+      std::string(ctx_->response.body, ctx_->response.body_length);
   if (signer_ != nullptr) {
     BuildSubjectToken();
   } else {
@@ -140,6 +204,20 @@ void AwsExternalAccountCredentials::RetrieveSubjectToken(
   }
 }
 
+void AwsExternalAccountCredentials::AddMetadataRequestHeaders(
+    grpc_http_request* request) {
+  if (!imdsv2_session_token_.empty()) {
+    GPR_ASSERT(request->hdr_count == 0);
+    GPR_ASSERT(request->hdrs == nullptr);
+    grpc_http_header* headers =
+        static_cast<grpc_http_header*>(gpr_malloc(sizeof(grpc_http_header)));
+    headers[0].key = gpr_strdup("x-aws-ec2-metadata-token");
+    headers[0].value = gpr_strdup(imdsv2_session_token_.c_str());
+    request->hdr_count = 1;
+    request->hdrs = headers;
+  }
+}
+
 void AwsExternalAccountCredentials::RetrieveRegion() {
   UniquePtr<char> region_from_env(gpr_getenv(kRegionEnvVar));
   if (region_from_env == nullptr) {
@@ -165,6 +243,7 @@ void AwsExternalAccountCredentials::RetrieveRegion() {
   memset(&request, 0, sizeof(grpc_http_request));
   grpc_http_response_destroy(&ctx_->response);
   ctx_->response = {};
+  AddMetadataRequestHeaders(&request);
   GRPC_CLOSURE_INIT(&ctx_->closure, OnRetrieveRegion, this, nullptr);
   RefCountedPtr<grpc_channel_credentials> http_request_creds;
   if (uri->scheme() == "http") {
@@ -217,6 +296,7 @@ void AwsExternalAccountCredentials::RetrieveRoleName() {
   memset(&request, 0, sizeof(grpc_http_request));
   grpc_http_response_destroy(&ctx_->response);
   ctx_->response = {};
+  AddMetadataRequestHeaders(&request);
   GRPC_CLOSURE_INIT(&ctx_->closure, OnRetrieveRoleName, this, nullptr);
   // TODO(ctiller): use the caller's resource quota.
   RefCountedPtr<grpc_channel_credentials> http_request_creds;
@@ -282,6 +362,7 @@ void AwsExternalAccountCredentials::RetrieveSigningKeys() {
   memset(&request, 0, sizeof(grpc_http_request));
   grpc_http_response_destroy(&ctx_->response);
   ctx_->response = {};
+  AddMetadataRequestHeaders(&request);
   GRPC_CLOSURE_INIT(&ctx_->closure, OnRetrieveSigningKeys, this, nullptr);
   // TODO(ctiller): use the caller's resource quota.
   RefCountedPtr<grpc_channel_credentials> http_request_creds;

data/src/core/lib/security/credentials/external/aws_external_account_credentials.h

@@ -43,6 +43,10 @@ class AwsExternalAccountCredentials final : public ExternalAccountCredentials {
   static void OnRetrieveRegion(void* arg, grpc_error_handle error);
   void OnRetrieveRegionInternal(grpc_error_handle error);
 
+  void RetrieveImdsV2SessionToken();
+  static void OnRetrieveImdsV2SessionToken(void* arg, grpc_error_handle error);
+  void OnRetrieveImdsV2SessionTokenInternal(grpc_error_handle error);
+
   void RetrieveRoleName();
   static void OnRetrieveRoleName(void* arg, grpc_error_handle error);
   void OnRetrieveRoleNameInternal(grpc_error_handle error);
@@ -55,6 +59,8 @@ class AwsExternalAccountCredentials final : public ExternalAccountCredentials {
   void FinishRetrieveSubjectToken(std::string subject_token,
                                   grpc_error_handle error);
 
+  void AddMetadataRequestHeaders(grpc_http_request* request);
+
   std::string audience_;
   OrphanablePtr<HttpRequest> http_request_;
 
@@ -62,6 +68,7 @@ class AwsExternalAccountCredentials final : public ExternalAccountCredentials {
   std::string region_url_;
   std::string url_;
   std::string regional_cred_verification_url_;
+  std::string imdsv2_session_token_url_;
 
   // Information required by request signer
   std::string region_;
@@ -69,6 +76,7 @@ class AwsExternalAccountCredentials final : public ExternalAccountCredentials {
   std::string access_key_id_;
   std::string secret_access_key_;
   std::string token_;
+  std::string imdsv2_session_token_;
 
   std::unique_ptr<AwsRequestSigner> signer_;
   std::string cred_verification_url_;

data/src/core/lib/security/credentials/external/external_account_credentials.cc

@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
+
 #include <grpc/support/port_platform.h>
 
 #include "src/core/lib/security/credentials/external/external_account_credentials.h"
@@ -25,6 +26,8 @@
 #include "absl/time/clock.h"
 #include "absl/time/time.h"
 
+#include <grpc/support/string_util.h>
+
 #include "src/core/lib/http/httpcli_ssl_credentials.h"
 #include "src/core/lib/http/parser.h"
 #include "src/core/lib/security/credentials/external/aws_external_account_credentials.h"

data/src/core/lib/security/credentials/external/url_external_account_credentials.cc

@@ -21,6 +21,8 @@
 #include "absl/strings/str_format.h"
 #include "absl/strings/str_split.h"
 
+#include <grpc/support/string_util.h>
+
 #include "src/core/lib/http/httpcli_ssl_credentials.h"
 #include "src/core/lib/transport/error_utils.h"
 

data/src/core/lib/security/credentials/fake/fake_credentials.cc

@@ -35,6 +35,7 @@
 /* -- Fake transport security credentials. -- */
 
 namespace {
+
 class grpc_fake_channel_credentials final : public grpc_channel_credentials {
  public:
   grpc_core::RefCountedPtr<grpc_channel_security_connector>
@@ -46,7 +47,10 @@ class grpc_fake_channel_credentials final : public grpc_channel_credentials {
         this->Ref(), std::move(call_creds), target, args);
   }
 
-  const char* type() const override { return "Fake"; }
+  grpc_core::UniqueTypeName type() const override {
+    static grpc_core::UniqueTypeName::Factory kFactory("Fake");
+    return kFactory.Create();
+  }
 
  private:
   int cmp_impl(const grpc_channel_credentials* other) const override {
@@ -63,7 +67,10 @@ class grpc_fake_server_credentials final : public grpc_server_credentials {
     return grpc_fake_server_security_connector_create(this->Ref());
   }
 
-  const char* type() const override { return "Fake"; }
+  grpc_core::UniqueTypeName type() const override {
+    static grpc_core::UniqueTypeName::Factory kFactory("Fake");
+    return kFactory.Create();
+  }
 };
 }  // namespace
 
@@ -101,7 +108,10 @@ grpc_md_only_test_credentials::GetRequestMetadata(
   return grpc_core::Immediate(std::move(initial_metadata));
 }
 
-const char* grpc_md_only_test_credentials::Type() { return "MdOnlyTest"; }
+grpc_core::UniqueTypeName grpc_md_only_test_credentials::Type() {
+  static grpc_core::UniqueTypeName::Factory kFactory("MdOnlyTest");
+  return kFactory.Create();
+}
 
 grpc_call_credentials* grpc_md_only_test_credentials_create(
     const char* md_key, const char* md_value) {

data/src/core/lib/security/credentials/fake/fake_credentials.h

@@ -70,9 +70,9 @@ class grpc_md_only_test_credentials : public grpc_call_credentials {
 
   std::string debug_string() override { return "MD only Test Credentials"; }
 
-  static const char* Type();
+  static grpc_core::UniqueTypeName Type();
 
-  const char* type() const override { return Type(); }
+  grpc_core::UniqueTypeName type() const override { return Type(); }
 
  private:
   int cmp_impl(const grpc_call_credentials* other) const override {

data/src/core/lib/security/credentials/google_default/google_default_credentials.cc

@@ -49,6 +49,7 @@
 #include "src/core/lib/slice/slice_internal.h"
 #include "src/core/lib/slice/slice_string_helpers.h"
 #include "src/core/lib/surface/api_trace.h"
+#include "src/core/lib/uri/uri_parser.h"
 
 using grpc_core::Json;
 
@@ -83,6 +84,21 @@ struct metadata_server_detector {
   int success;
   grpc_http_response response;
 };
+
+namespace {
+
+bool IsXdsNonCfeCluster(const char* xds_cluster) {
+  if (xds_cluster == nullptr) return false;
+  if (absl::StartsWith(xds_cluster, "google_cfe_")) return false;
+  if (!absl::StartsWith(xds_cluster, "xdstp:")) return true;
+  auto uri = grpc_core::URI::Parse(xds_cluster);
+  if (!uri.ok()) return true;  // Shouldn't happen, but assume ALTS.
+  return !absl::StartsWith(uri->path(),
+                           "/envoy.config.cluster.v3.Cluster/google_cfe_");
+}
+
+}  // namespace
+
 grpc_core::RefCountedPtr<grpc_channel_security_connector>
 grpc_google_default_channel_credentials::create_security_connector(
     grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
@@ -94,8 +110,7 @@ grpc_google_default_channel_credentials::create_security_connector(
       args, GRPC_ARG_ADDRESS_IS_BACKEND_FROM_GRPCLB_LOAD_BALANCER, false);
   const char* xds_cluster =
       grpc_channel_args_find_string(args, GRPC_ARG_XDS_CLUSTER_NAME);
-  const bool is_xds_non_cfe_cluster =
-      xds_cluster != nullptr && !absl::StartsWith(xds_cluster, "google_cfe_");
+  const bool is_xds_non_cfe_cluster = IsXdsNonCfeCluster(xds_cluster);
   const bool use_alts = is_grpclb_load_balancer ||
                         is_backend_from_grpclb_load_balancer ||
                         is_xds_non_cfe_cluster;
@@ -125,21 +140,16 @@ grpc_google_default_channel_credentials::create_security_connector(
   return sc;
 }
 
-grpc_channel_args* grpc_google_default_channel_credentials::update_arguments(
-    grpc_channel_args* args) {
-  grpc_channel_args* updated = args;
-  if (grpc_channel_args_find(args, GRPC_ARG_DNS_ENABLE_SRV_QUERIES) ==
-      nullptr) {
-    grpc_arg new_srv_arg = grpc_channel_arg_integer_create(
-        const_cast<char*>(GRPC_ARG_DNS_ENABLE_SRV_QUERIES), true);
-    updated = grpc_channel_args_copy_and_add(args, &new_srv_arg, 1);
-    grpc_channel_args_destroy(args);
-  }
-  return updated;
+grpc_core::ChannelArgs
+grpc_google_default_channel_credentials::update_arguments(
+    grpc_core::ChannelArgs args) {
+  return args.SetIfUnset(GRPC_ARG_DNS_ENABLE_SRV_QUERIES, true);
 }
 
-const char* grpc_google_default_channel_credentials::type() const {
-  return "GoogleDefault";
+grpc_core::UniqueTypeName grpc_google_default_channel_credentials::type()
+    const {
+  static grpc_core::UniqueTypeName::Factory kFactory("GoogleDefault");
+  return kFactory.Create();
 }
 
 static void on_metadata_server_detection_http_response(

data/src/core/lib/security/credentials/google_default/google_default_credentials.h

@@ -56,9 +56,9 @@ class grpc_google_default_channel_credentials
       const char* target, const grpc_channel_args* args,
       grpc_channel_args** new_args) override;
 
-  grpc_channel_args* update_arguments(grpc_channel_args* args) override;
+  grpc_core::ChannelArgs update_arguments(grpc_core::ChannelArgs args) override;
 
-  const char* type() const override;
+  grpc_core::UniqueTypeName type() const override;
 
   const grpc_channel_credentials* alts_creds() const {
     return alts_creds_.get();

data/src/core/lib/security/credentials/iam/iam_credentials.cc

@@ -56,7 +56,10 @@ grpc_google_iam_credentials::grpc_google_iam_credentials(
           "GoogleIAMCredentials{Token:%s,AuthoritySelector:%s}",
           token != nullptr ? "present" : "absent", authority_selector)) {}
 
-const char* grpc_google_iam_credentials::Type() { return "Iam"; }
+grpc_core::UniqueTypeName grpc_google_iam_credentials::Type() {
+  static grpc_core::UniqueTypeName::Factory kFactory("Iam");
+  return kFactory.Create();
+}
 
 grpc_call_credentials* grpc_google_iam_credentials_create(
     const char* token, const char* authority_selector, void* reserved) {

data/src/core/lib/security/credentials/iam/iam_credentials.h

@@ -36,9 +36,9 @@ class grpc_google_iam_credentials : public grpc_call_credentials {
 
   std::string debug_string() override { return debug_string_; }
 
-  static const char* Type();
+  static grpc_core::UniqueTypeName Type();
 
-  const char* type() const override { return Type(); }
+  grpc_core::UniqueTypeName type() const override { return Type(); }
 
  private:
   int cmp_impl(const grpc_call_credentials* other) const override {

data/src/core/lib/security/credentials/insecure/insecure_credentials.cc

@@ -33,7 +33,10 @@ InsecureCredentials::create_security_connector(
       Ref(), std::move(request_metadata_creds));
 }
 
-const char* InsecureCredentials::Type() { return "Insecure"; }
+UniqueTypeName InsecureCredentials::Type() {
+  static UniqueTypeName::Factory kFactory("Insecure");
+  return kFactory.Create();
+}
 
 int InsecureCredentials::cmp_impl(
     const grpc_channel_credentials* /* other */) const {
@@ -47,7 +50,10 @@ InsecureServerCredentials::create_security_connector(
   return MakeRefCounted<InsecureServerSecurityConnector>(Ref());
 }
 
-const char* InsecureServerCredentials::Type() { return "Insecure"; }
+UniqueTypeName InsecureServerCredentials::Type() {
+  static auto* kFactory = new UniqueTypeName::Factory("Insecure");
+  return kFactory->Create();
+}
 
 }  // namespace grpc_core
 

data/src/core/lib/security/credentials/insecure/insecure_credentials.h

@@ -34,9 +34,9 @@ class InsecureCredentials final : public grpc_channel_credentials {
       const char* /* target_name */, const grpc_channel_args* /* args */,
       grpc_channel_args** /* new_args */) override;
 
-  static const char* Type();
+  static UniqueTypeName Type();
 
-  const char* type() const override { return Type(); }
+  UniqueTypeName type() const override { return Type(); }
 
  private:
   int cmp_impl(const grpc_channel_credentials* other) const override;
@@ -47,9 +47,9 @@ class InsecureServerCredentials final : public grpc_server_credentials {
   RefCountedPtr<grpc_server_security_connector> create_security_connector(
       const grpc_channel_args* /* args */) override;
 
-  static const char* Type();
+  static UniqueTypeName Type();
 
-  const char* type() const override { return Type(); }
+  UniqueTypeName type() const override { return Type(); }
 };
 
 }  // namespace grpc_core

data/src/core/lib/security/credentials/jwt/jwt_credentials.cc

@@ -118,8 +118,9 @@ grpc_service_account_jwt_access_credentials::
   gpr_mu_init(&cache_mu_);
 }
 
-const char* grpc_service_account_jwt_access_credentials::Type() {
-  return "Jwt";
+grpc_core::UniqueTypeName grpc_service_account_jwt_access_credentials::Type() {
+  static grpc_core::UniqueTypeName::Factory kFactory("Jwt");
+  return kFactory.Create();
 }
 
 grpc_core::RefCountedPtr<grpc_call_credentials>

data/src/core/lib/security/credentials/jwt/jwt_credentials.h

@@ -52,9 +52,9 @@ class grpc_service_account_jwt_access_credentials
             static_cast<int64_t>(gpr_timespec_to_micros(jwt_lifetime_)))));
   };
 
-  static const char* Type();
+  static grpc_core::UniqueTypeName Type();
 
-  const char* type() const override { return Type(); }
+  grpc_core::UniqueTypeName type() const override { return Type(); }
 
  private:
   int cmp_impl(const grpc_call_credentials* other) const override {

data/src/core/lib/security/credentials/local/local_credentials.cc

@@ -36,7 +36,10 @@ grpc_local_credentials::create_security_connector(
       this->Ref(), std::move(request_metadata_creds), args, target_name);
 }
 
-const char* grpc_local_credentials::type() const { return "Local"; }
+grpc_core::UniqueTypeName grpc_local_credentials::type() const {
+  static grpc_core::UniqueTypeName::Factory kFactory("Local");
+  return kFactory.Create();
+}
 
 grpc_core::RefCountedPtr<grpc_server_security_connector>
 grpc_local_server_credentials::create_security_connector(
@@ -44,7 +47,10 @@ grpc_local_server_credentials::create_security_connector(
   return grpc_local_server_security_connector_create(this->Ref());
 }
 
-const char* grpc_local_server_credentials::type() const { return "Local"; }
+grpc_core::UniqueTypeName grpc_local_server_credentials::type() const {
+  static grpc_core::UniqueTypeName::Factory kFactory("Local");
+  return kFactory.Create();
+}
 
 grpc_local_credentials::grpc_local_credentials(
     grpc_local_connect_type connect_type)

data/src/core/lib/security/credentials/local/local_credentials.h

@@ -37,7 +37,7 @@ class grpc_local_credentials final : public grpc_channel_credentials {
       const char* target_name, const grpc_channel_args* args,
       grpc_channel_args** new_args) override;
 
-  const char* type() const override;
+  grpc_core::UniqueTypeName type() const override;
 
   grpc_local_connect_type connect_type() const { return connect_type_; }
 
@@ -60,7 +60,7 @@ class grpc_local_server_credentials final : public grpc_server_credentials {
   grpc_core::RefCountedPtr<grpc_server_security_connector>
   create_security_connector(const grpc_channel_args* /* args */) override;
 
-  const char* type() const override;
+  grpc_core::UniqueTypeName type() const override;
 
   grpc_local_connect_type connect_type() const { return connect_type_; }
 

data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc

@@ -38,7 +38,6 @@
 #include <grpc/support/string_util.h>
 
 #include "src/core/lib/gpr/string.h"
-#include "src/core/lib/gprpp/capture.h"
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/http/httpcli_ssl_credentials.h"
 #include "src/core/lib/iomgr/error.h"
@@ -347,8 +346,9 @@ std::string grpc_oauth2_token_fetcher_credentials::debug_string() {
   return "OAuth2TokenFetcherCredentials";
 }
 
-const char* grpc_oauth2_token_fetcher_credentials::type() const {
-  return "Oauth2";
+grpc_core::UniqueTypeName grpc_oauth2_token_fetcher_credentials::type() const {
+  static grpc_core::UniqueTypeName::Factory kFactory("Oauth2");
+  return kFactory.Create();
 }
 
 //
@@ -476,8 +476,9 @@ std::string grpc_google_refresh_token_credentials::debug_string() {
                          grpc_oauth2_token_fetcher_credentials::debug_string());
 }
 
-const char* grpc_google_refresh_token_credentials::type() const {
-  return "GoogleRefreshToken";
+grpc_core::UniqueTypeName grpc_google_refresh_token_credentials::type() const {
+  static grpc_core::UniqueTypeName::Factory kFactory("GoogleRefreshToken");
+  return kFactory.Create();
 }
 
 static std::string create_loggable_refresh_token(
@@ -713,7 +714,10 @@ grpc_access_token_credentials::GetRequestMetadata(
   return grpc_core::Immediate(std::move(initial_metadata));
 }
 
-const char* grpc_access_token_credentials::Type() { return "AccessToken"; }
+grpc_core::UniqueTypeName grpc_access_token_credentials::Type() {
+  static grpc_core::UniqueTypeName::Factory kFactory("AccessToken");
+  return kFactory.Create();
+}
 
 grpc_access_token_credentials::grpc_access_token_credentials(
     const char* access_token)

data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h

@@ -102,7 +102,7 @@ class grpc_oauth2_token_fetcher_credentials : public grpc_call_credentials {
                         grpc_error_handle error);
   std::string debug_string() override;
 
-  const char* type() const override;
+  grpc_core::UniqueTypeName type() const override;
 
  protected:
   virtual void fetch_oauth2(grpc_credentials_metadata_request* req,
@@ -138,7 +138,7 @@ class grpc_google_refresh_token_credentials final
 
   std::string debug_string() override;
 
-  const char* type() const override;
+  grpc_core::UniqueTypeName type() const override;
 
  protected:
   void fetch_oauth2(grpc_credentials_metadata_request* req,
@@ -162,9 +162,9 @@ class grpc_access_token_credentials final : public grpc_call_credentials {
 
   std::string debug_string() override;
 
-  static const char* Type();
+  static grpc_core::UniqueTypeName Type();
 
-  const char* type() const override { return Type(); }
+  grpc_core::UniqueTypeName type() const override { return Type(); }
 
  private:
   int cmp_impl(const grpc_call_credentials* other) const override {

data/src/core/lib/security/credentials/plugin/plugin_credentials.cc

@@ -60,7 +60,10 @@ std::string grpc_plugin_credentials::debug_string() {
   return debug_str;
 }
 
-const char* grpc_plugin_credentials::type() const { return "Plugin"; }
+grpc_core::UniqueTypeName grpc_plugin_credentials::type() const {
+  static grpc_core::UniqueTypeName::Factory kFactory("Plugin");
+  return kFactory.Create();
+}
 
 absl::StatusOr<grpc_core::ClientMetadataHandle>
 grpc_plugin_credentials::PendingRequest::ProcessPluginResult(

data/src/core/lib/security/credentials/plugin/plugin_credentials.h

@@ -41,7 +41,7 @@ struct grpc_plugin_credentials final : public grpc_call_credentials {
 
   std::string debug_string() override;
 
-  const char* type() const override;
+  grpc_core::UniqueTypeName type() const override;
 
  private:
   class PendingRequest : public grpc_core::RefCounted<PendingRequest> {

data/src/core/lib/security/credentials/ssl/ssl_credentials.cc

@@ -82,7 +82,10 @@ grpc_ssl_credentials::create_security_connector(
   return sc;
 }
 
-const char* grpc_ssl_credentials::Type() { return "Ssl"; }
+grpc_core::UniqueTypeName grpc_ssl_credentials::Type() {
+  static grpc_core::UniqueTypeName::Factory kFactory("Ssl");
+  return kFactory.Create();
+}
 
 void grpc_ssl_credentials::build_config(
     const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
@@ -186,7 +189,10 @@ grpc_ssl_server_credentials::create_security_connector(
   return grpc_ssl_server_security_connector_create(this->Ref());
 }
 
-const char* grpc_ssl_server_credentials::Type() { return "Ssl"; }
+grpc_core::UniqueTypeName grpc_ssl_server_credentials::Type() {
+  static grpc_core::UniqueTypeName::Factory kFactory("Ssl");
+  return kFactory.Create();
+}
 
 tsi_ssl_pem_key_cert_pair* grpc_convert_grpc_to_tsi_cert_pairs(
     const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,

data/src/core/lib/security/credentials/ssl/ssl_credentials.h

@@ -37,9 +37,9 @@ class grpc_ssl_credentials : public grpc_channel_credentials {
       const char* target, const grpc_channel_args* args,
       grpc_channel_args** new_args) override;
 
-  static const char* Type();
+  static grpc_core::UniqueTypeName Type();
 
-  const char* type() const override { return Type(); }
+  grpc_core::UniqueTypeName type() const override { return Type(); }
 
   // TODO(mattstev): Plumb to wrapped languages. Until then, setting the TLS
   // version should be done for testing purposes only.
@@ -80,9 +80,9 @@ class grpc_ssl_server_credentials final : public grpc_server_credentials {
   grpc_core::RefCountedPtr<grpc_server_security_connector>
   create_security_connector(const grpc_channel_args* /* args */) override;
 
-  static const char* Type();
+  static grpc_core::UniqueTypeName Type();
 
-  const char* type() const override { return Type(); }
+  grpc_core::UniqueTypeName type() const override { return Type(); }
 
   bool has_cert_config_fetcher() const {
     return certificate_config_fetcher_.cb != nullptr;

data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc

@@ -85,6 +85,11 @@ StaticDataCertificateProvider::~StaticDataCertificateProvider() {
   distributor_->SetWatchStatusCallback(nullptr);
 }
 
+UniqueTypeName StaticDataCertificateProvider::type() const {
+  static UniqueTypeName::Factory kFactory("StaticData");
+  return kFactory.Create();
+}
+
 namespace {
 
 gpr_timespec TimeoutSecondsToDeadline(int64_t seconds) {
@@ -177,6 +182,11 @@ FileWatcherCertificateProvider::~FileWatcherCertificateProvider() {
   refresh_thread_.Join();
 }
 
+UniqueTypeName FileWatcherCertificateProvider::type() const {
+  static UniqueTypeName::Factory kFactory("FileWatcher");
+  return kFactory.Create();
+}
+
 void FileWatcherCertificateProvider::ForceUpdate() {
   absl::optional<std::string> root_certificate;
   absl::optional<PemKeyCertPairList> pem_key_cert_pairs;