grpc 1.50.0.pre1 → 1.51.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +131 -42
- data/include/grpc/event_engine/event_engine.h +10 -3
- data/include/grpc/event_engine/slice_buffer.h +17 -0
- data/include/grpc/grpc.h +0 -10
- data/include/grpc/impl/codegen/grpc_types.h +1 -5
- data/include/grpc/impl/codegen/port_platform.h +0 -3
- data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +19 -13
- data/src/core/ext/filters/channel_idle/channel_idle_filter.h +1 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +7 -5
- data/src/core/ext/filters/client_channel/client_channel.cc +120 -140
- data/src/core/ext/filters/client_channel/client_channel.h +3 -4
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +0 -2
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
- data/src/core/ext/filters/client_channel/client_channel_service_config.cc +153 -0
- data/src/core/ext/filters/client_channel/{resolver_result_parsing.h → client_channel_service_config.h} +26 -23
- data/src/core/ext/filters/client_channel/connector.h +1 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +20 -47
- data/src/core/ext/filters/client_channel/dynamic_filters.h +7 -8
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +3 -4
- data/src/core/ext/filters/client_channel/http_proxy.cc +0 -1
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +3 -4
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +8 -7
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +35 -44
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +3 -4
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +41 -29
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +9 -11
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +15 -12
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +8 -10
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +26 -27
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +7 -9
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +44 -26
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +17 -27
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_attributes.cc +42 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/{xds.h → xds_attributes.h} +15 -17
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +13 -7
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +48 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -126
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +364 -0
- data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +9 -9
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +23 -32
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +22 -23
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +50 -52
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +2 -4
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -3
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +34 -26
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +3 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -7
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +63 -46
- data/src/core/ext/filters/client_channel/retry_filter.cc +80 -102
- data/src/core/ext/filters/client_channel/retry_service_config.cc +192 -234
- data/src/core/ext/filters/client_channel/retry_service_config.h +20 -23
- data/src/core/ext/filters/client_channel/retry_throttle.cc +8 -8
- data/src/core/ext/filters/client_channel/retry_throttle.h +8 -7
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
- data/src/core/ext/filters/client_channel/subchannel.cc +21 -25
- data/src/core/ext/filters/client_channel/subchannel.h +2 -2
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +11 -12
- data/src/core/ext/filters/deadline/deadline_filter.cc +13 -14
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +1 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +0 -4
- data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.cc +118 -0
- data/src/core/ext/filters/fault_injection/{service_config_parser.h → fault_injection_service_config_parser.h} +20 -12
- data/src/core/ext/filters/http/client/http_client_filter.cc +16 -16
- data/src/core/ext/filters/http/client_authority_filter.cc +1 -1
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +13 -13
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +34 -34
- data/src/core/ext/filters/http/server/http_server_filter.cc +26 -25
- data/src/core/ext/filters/message_size/message_size_filter.cc +86 -117
- data/src/core/ext/filters/message_size/message_size_filter.h +22 -15
- data/src/core/ext/filters/rbac/rbac_filter.cc +12 -12
- data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +728 -530
- data/src/core/ext/filters/rbac/rbac_service_config_parser.h +4 -3
- data/src/core/ext/filters/server_config_selector/server_config_selector.h +1 -1
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -7
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +17 -21
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +57 -72
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +5 -5
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +212 -253
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +42 -11
- data/src/core/ext/transport/chttp2/transport/flow_control.h +4 -3
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +16 -15
- data/src/core/ext/transport/chttp2/transport/frame_data.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +13 -13
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +10 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +15 -17
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +5 -4
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +1 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +31 -39
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +7 -6
- data/src/core/ext/transport/chttp2/transport/internal.h +24 -8
- data/src/core/ext/transport/chttp2/transport/parsing.cc +51 -52
- data/src/core/ext/transport/chttp2/transport/varint.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/varint.h +11 -8
- data/src/core/ext/transport/chttp2/transport/writing.cc +16 -16
- data/src/core/ext/transport/inproc/inproc_transport.cc +97 -115
- data/src/core/ext/xds/certificate_provider_store.cc +4 -4
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +4 -7
- data/src/core/ext/xds/xds_api.cc +15 -68
- data/src/core/ext/xds/xds_api.h +3 -7
- data/src/core/ext/xds/xds_bootstrap.h +0 -1
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +3 -12
- data/src/core/ext/xds/xds_bootstrap_grpc.h +16 -1
- data/src/core/ext/xds/xds_certificate_provider.cc +22 -25
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +0 -1
- data/src/core/ext/xds/xds_client.cc +122 -90
- data/src/core/ext/xds/xds_client.h +7 -2
- data/src/core/ext/xds/xds_client_grpc.cc +5 -24
- data/src/core/ext/xds/xds_cluster.cc +291 -183
- data/src/core/ext/xds/xds_cluster.h +11 -15
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +32 -29
- data/src/core/ext/xds/xds_cluster_specifier_plugin.h +35 -16
- data/src/core/ext/xds/xds_common_types.cc +208 -141
- data/src/core/ext/xds/xds_common_types.h +19 -13
- data/src/core/ext/xds/xds_endpoint.cc +214 -129
- data/src/core/ext/xds/xds_endpoint.h +4 -7
- data/src/core/ext/xds/xds_http_fault_filter.cc +56 -43
- data/src/core/ext/xds/xds_http_fault_filter.h +13 -21
- data/src/core/ext/xds/xds_http_filters.cc +60 -73
- data/src/core/ext/xds/xds_http_filters.h +67 -19
- data/src/core/ext/xds/xds_http_rbac_filter.cc +152 -207
- data/src/core/ext/xds/xds_http_rbac_filter.h +12 -15
- data/src/core/ext/xds/xds_lb_policy_registry.cc +122 -169
- data/src/core/ext/xds/xds_lb_policy_registry.h +10 -11
- data/src/core/ext/xds/xds_listener.cc +459 -417
- data/src/core/ext/xds/xds_listener.h +43 -47
- data/src/core/ext/xds/xds_resource_type.h +3 -11
- data/src/core/ext/xds/xds_resource_type_impl.h +8 -13
- data/src/core/ext/xds/xds_route_config.cc +94 -80
- data/src/core/ext/xds/xds_route_config.h +10 -10
- data/src/core/ext/xds/xds_routing.cc +2 -1
- data/src/core/ext/xds/xds_routing.h +2 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +109 -94
- data/src/core/ext/xds/xds_transport_grpc.cc +4 -5
- data/src/core/lib/address_utils/parse_address.cc +11 -10
- data/src/core/lib/channel/channel_args.h +16 -1
- data/src/core/lib/channel/channel_stack.cc +23 -20
- data/src/core/lib/channel/channel_stack.h +17 -4
- data/src/core/lib/channel/channel_stack_builder.cc +4 -7
- data/src/core/lib/channel/channel_stack_builder.h +14 -6
- data/src/core/lib/channel/channel_stack_builder_impl.cc +25 -7
- data/src/core/lib/channel/channel_stack_builder_impl.h +2 -0
- data/src/core/lib/channel/channel_trace.cc +4 -5
- data/src/core/lib/channel/channelz.cc +1 -1
- data/src/core/lib/channel/connected_channel.cc +695 -35
- data/src/core/lib/channel/connected_channel.h +0 -4
- data/src/core/lib/channel/promise_based_filter.cc +1004 -140
- data/src/core/lib/channel/promise_based_filter.h +364 -87
- data/src/core/lib/compression/message_compress.cc +5 -5
- data/src/core/lib/debug/event_log.cc +88 -0
- data/src/core/lib/debug/event_log.h +81 -0
- data/src/core/lib/debug/histogram_view.cc +69 -0
- data/src/core/lib/{slice/slice_refcount.cc → debug/histogram_view.h} +15 -13
- data/src/core/lib/debug/stats.cc +22 -119
- data/src/core/lib/debug/stats.h +29 -35
- data/src/core/lib/debug/stats_data.cc +224 -73
- data/src/core/lib/debug/stats_data.h +263 -122
- data/src/core/lib/event_engine/common_closures.h +71 -0
- data/src/core/lib/event_engine/default_event_engine.cc +38 -15
- data/src/core/lib/event_engine/default_event_engine.h +15 -3
- data/src/core/lib/event_engine/default_event_engine_factory.cc +2 -4
- data/src/core/lib/event_engine/memory_allocator.cc +1 -1
- data/src/core/lib/event_engine/poller.h +10 -4
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +618 -0
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +129 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +901 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +97 -0
- data/src/core/lib/event_engine/posix_engine/event_poller.h +111 -0
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +74 -0
- data/src/core/lib/event_engine/{executor/threaded_executor.cc → posix_engine/event_poller_posix_default.h} +13 -16
- data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +77 -0
- data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +179 -0
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +267 -0
- data/src/core/lib/event_engine/posix_engine/lockfree_event.h +73 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +1270 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +682 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +453 -18
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +148 -24
- data/src/core/lib/event_engine/posix_engine/posix_engine_closure.h +80 -0
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +1081 -0
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +361 -0
- data/src/core/lib/event_engine/posix_engine/timer.h +9 -8
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +57 -194
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +21 -49
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +301 -0
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +179 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +126 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +45 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +151 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +45 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +76 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +67 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +37 -0
- data/src/core/lib/event_engine/slice.cc +7 -6
- data/src/core/lib/event_engine/slice_buffer.cc +2 -2
- data/src/core/lib/event_engine/thread_pool.cc +106 -25
- data/src/core/lib/event_engine/thread_pool.h +32 -9
- data/src/core/lib/event_engine/windows/win_socket.cc +7 -7
- data/src/core/lib/event_engine/windows/windows_engine.cc +18 -12
- data/src/core/lib/event_engine/windows/windows_engine.h +8 -4
- data/src/core/lib/experiments/config.cc +1 -1
- data/src/core/lib/experiments/experiments.cc +13 -2
- data/src/core/lib/experiments/experiments.h +8 -1
- data/src/core/lib/gpr/cpu_linux.cc +6 -2
- data/src/core/lib/gpr/log_linux.cc +3 -4
- data/src/core/lib/gpr/string.h +1 -1
- data/src/core/lib/gpr/tmpfile_posix.cc +3 -2
- data/src/core/lib/gprpp/load_file.cc +75 -0
- data/src/core/lib/gprpp/load_file.h +33 -0
- data/src/core/lib/gprpp/per_cpu.h +46 -0
- data/src/core/lib/gprpp/stat_posix.cc +5 -4
- data/src/core/lib/gprpp/stat_windows.cc +3 -2
- data/src/core/lib/gprpp/status_helper.h +1 -3
- data/src/core/lib/gprpp/strerror.cc +41 -0
- data/src/core/{ext/xds/xds_resource_type.cc → lib/gprpp/strerror.h} +9 -13
- data/src/core/lib/gprpp/thd_windows.cc +1 -2
- data/src/core/lib/gprpp/time.cc +3 -4
- data/src/core/lib/gprpp/time.h +13 -2
- data/src/core/lib/gprpp/validation_errors.h +18 -1
- data/src/core/lib/http/httpcli.cc +40 -44
- data/src/core/lib/http/httpcli.h +6 -5
- data/src/core/lib/http/httpcli_security_connector.cc +4 -6
- data/src/core/lib/http/parser.cc +54 -65
- data/src/core/lib/iomgr/buffer_list.cc +105 -116
- data/src/core/lib/iomgr/buffer_list.h +60 -44
- data/src/core/lib/iomgr/call_combiner.cc +11 -10
- data/src/core/lib/iomgr/call_combiner.h +3 -4
- data/src/core/lib/iomgr/cfstream_handle.cc +13 -16
- data/src/core/lib/iomgr/closure.h +49 -5
- data/src/core/lib/iomgr/combiner.cc +2 -2
- data/src/core/lib/iomgr/endpoint.h +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +26 -25
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
- data/src/core/lib/iomgr/error.cc +27 -42
- data/src/core/lib/iomgr/error.h +22 -152
- data/src/core/lib/iomgr/ev_apple.cc +4 -4
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +26 -25
- data/src/core/lib/iomgr/ev_poll_posix.cc +27 -31
- data/src/core/lib/iomgr/exec_ctx.cc +3 -4
- data/src/core/lib/iomgr/exec_ctx.h +2 -3
- data/src/core/lib/iomgr/executor.cc +1 -2
- data/src/core/lib/iomgr/internal_errqueue.cc +3 -1
- data/src/core/lib/iomgr/iocp_windows.cc +1 -0
- data/src/core/lib/iomgr/iomgr_posix.cc +2 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +2 -1
- data/src/core/lib/iomgr/iomgr_windows.cc +2 -1
- data/src/core/lib/iomgr/load_file.cc +5 -9
- data/src/core/lib/iomgr/lockfree_event.cc +10 -10
- data/src/core/lib/iomgr/pollset_windows.cc +4 -4
- data/src/core/lib/iomgr/python_util.h +2 -2
- data/src/core/lib/iomgr/resolve_address.cc +8 -3
- data/src/core/lib/iomgr/resolve_address.h +3 -4
- data/src/core/lib/iomgr/resolve_address_impl.h +1 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +14 -25
- data/src/core/lib/iomgr/resolve_address_posix.h +1 -2
- data/src/core/lib/iomgr/resolve_address_windows.cc +14 -17
- data/src/core/lib/iomgr/resolve_address_windows.h +1 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +30 -29
- data/src/core/lib/iomgr/socket_utils_posix.cc +1 -0
- data/src/core/lib/iomgr/socket_utils_posix.h +2 -2
- data/src/core/lib/iomgr/socket_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +6 -10
- data/src/core/lib/iomgr/tcp_client_posix.cc +31 -35
- data/src/core/lib/iomgr/tcp_client_windows.cc +8 -12
- data/src/core/lib/iomgr/tcp_posix.cc +92 -108
- data/src/core/lib/iomgr/tcp_server_posix.cc +34 -34
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +18 -21
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +12 -13
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +1 -1
- data/src/core/lib/iomgr/tcp_server_windows.cc +26 -29
- data/src/core/lib/iomgr/tcp_windows.cc +27 -34
- data/src/core/lib/iomgr/timer.h +8 -8
- data/src/core/lib/iomgr/timer_generic.cc +9 -15
- data/src/core/lib/iomgr/unix_sockets_posix.cc +2 -4
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +4 -3
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +10 -8
- data/src/core/lib/json/json_channel_args.h +42 -0
- data/src/core/lib/json/json_object_loader.cc +7 -2
- data/src/core/lib/json/json_object_loader.h +22 -0
- data/src/core/lib/json/json_util.cc +5 -5
- data/src/core/lib/json/json_util.h +4 -4
- data/src/core/lib/load_balancing/lb_policy.cc +1 -1
- data/src/core/lib/load_balancing/lb_policy.h +4 -0
- data/src/core/lib/load_balancing/subchannel_interface.h +0 -7
- data/src/core/lib/matchers/matchers.cc +3 -4
- data/src/core/lib/promise/activity.cc +16 -2
- data/src/core/lib/promise/activity.h +38 -15
- data/src/core/lib/promise/arena_promise.h +80 -51
- data/src/core/lib/promise/context.h +13 -6
- data/src/core/lib/promise/detail/basic_seq.h +9 -28
- data/src/core/lib/promise/detail/promise_factory.h +58 -10
- data/src/core/lib/promise/detail/status.h +28 -0
- data/src/core/lib/promise/detail/switch.h +1455 -0
- data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +3 -1
- data/src/core/lib/promise/for_each.h +129 -0
- data/src/core/lib/promise/loop.h +7 -5
- data/src/core/lib/promise/map_pipe.h +87 -0
- data/src/core/lib/promise/pipe.cc +19 -0
- data/src/core/lib/promise/pipe.h +505 -0
- data/src/core/lib/promise/poll.h +13 -0
- data/src/core/lib/promise/seq.h +3 -5
- data/src/core/lib/promise/sleep.cc +5 -4
- data/src/core/lib/promise/sleep.h +1 -2
- data/src/core/lib/promise/try_concurrently.h +341 -0
- data/src/core/lib/promise/try_seq.h +10 -13
- data/src/core/lib/resolver/server_address.cc +1 -0
- data/src/core/lib/resolver/server_address.h +1 -3
- data/src/core/lib/resource_quota/api.cc +0 -1
- data/src/core/lib/resource_quota/arena.cc +19 -0
- data/src/core/lib/resource_quota/arena.h +89 -0
- data/src/core/lib/resource_quota/memory_quota.cc +1 -0
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +1 -3
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +4 -2
- data/src/core/lib/security/authorization/matchers.cc +25 -22
- data/src/core/lib/security/authorization/rbac_policy.cc +2 -3
- data/src/core/lib/security/context/security_context.h +10 -0
- data/src/core/lib/security/credentials/channel_creds_registry_init.cc +3 -4
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +77 -55
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +4 -3
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +40 -51
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +17 -21
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +21 -25
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +27 -24
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +1 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +1 -1
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +24 -30
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +6 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +3 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +19 -27
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +4 -11
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +29 -41
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +1 -1
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +6 -11
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +8 -15
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +2 -6
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +1 -4
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +7 -11
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +9 -14
- data/src/core/lib/security/security_connector/ssl_utils.cc +5 -7
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +21 -27
- data/src/core/lib/security/transport/client_auth_filter.cc +1 -1
- data/src/core/lib/security/transport/secure_endpoint.cc +26 -28
- data/src/core/lib/security/transport/security_handshaker.cc +53 -53
- data/src/core/lib/security/transport/server_auth_filter.cc +21 -21
- data/src/core/lib/security/transport/tsi_error.cc +6 -3
- data/src/core/lib/security/util/json_util.cc +4 -5
- data/src/core/lib/service_config/service_config.h +1 -1
- data/src/core/lib/service_config/service_config_impl.cc +111 -158
- data/src/core/lib/service_config/service_config_impl.h +14 -17
- data/src/core/lib/service_config/service_config_parser.cc +14 -31
- data/src/core/lib/service_config/service_config_parser.h +14 -10
- data/src/core/lib/slice/b64.cc +2 -2
- data/src/core/lib/slice/slice.cc +7 -1
- data/src/core/lib/slice/slice.h +19 -6
- data/src/core/lib/slice/slice_buffer.cc +13 -14
- data/src/core/lib/slice/slice_internal.h +13 -21
- data/src/core/lib/slice/slice_refcount.h +34 -19
- data/src/core/lib/surface/byte_buffer.cc +3 -4
- data/src/core/lib/surface/byte_buffer_reader.cc +4 -4
- data/src/core/lib/surface/call.cc +1366 -239
- data/src/core/lib/surface/call.h +44 -0
- data/src/core/lib/surface/call_details.cc +3 -3
- data/src/core/lib/surface/call_trace.cc +113 -0
- data/src/core/lib/surface/call_trace.h +30 -0
- data/src/core/lib/surface/channel.cc +44 -49
- data/src/core/lib/surface/channel.h +9 -1
- data/src/core/lib/surface/channel_ping.cc +1 -1
- data/src/core/lib/surface/channel_stack_type.cc +4 -0
- data/src/core/lib/surface/channel_stack_type.h +2 -0
- data/src/core/lib/surface/completion_queue.cc +38 -52
- data/src/core/lib/surface/init.cc +8 -39
- data/src/core/lib/surface/init_internally.h +8 -0
- data/src/core/lib/surface/lame_client.cc +10 -8
- data/src/core/lib/surface/server.cc +48 -70
- data/src/core/lib/surface/server.h +3 -4
- data/src/core/lib/surface/validate_metadata.cc +11 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/connectivity_state.cc +2 -2
- data/src/core/lib/transport/error_utils.cc +34 -28
- data/src/core/lib/transport/error_utils.h +3 -3
- data/src/core/lib/transport/handshaker.cc +14 -14
- data/src/core/lib/transport/handshaker.h +1 -1
- data/src/core/lib/transport/handshaker_factory.h +26 -0
- data/src/core/lib/transport/handshaker_registry.cc +8 -2
- data/src/core/lib/transport/handshaker_registry.h +3 -4
- data/src/core/lib/transport/http_connect_handshaker.cc +23 -24
- data/src/core/lib/transport/metadata_batch.h +17 -1
- data/src/core/lib/transport/parsed_metadata.cc +2 -6
- data/src/core/lib/transport/tcp_connect_handshaker.cc +15 -20
- data/src/core/lib/transport/transport.cc +63 -17
- data/src/core/lib/transport/transport.h +64 -68
- data/src/core/lib/transport/transport_impl.h +1 -1
- data/src/core/lib/transport/transport_op_string.cc +7 -6
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -10
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -14
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +10 -10
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +8 -8
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +2 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +7 -7
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +7 -6
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +1 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +5 -5
- data/src/core/tsi/fake_transport_security.cc +3 -3
- data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc +7 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +6 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +0 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +0 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/channel_spec.rb +0 -43
- data/src/ruby/spec/generic/active_call_spec.rb +12 -3
- data/third_party/abseil-cpp/absl/cleanup/cleanup.h +140 -0
- data/third_party/abseil-cpp/absl/cleanup/internal/cleanup.h +100 -0
- data/third_party/zlib/compress.c +3 -3
- data/third_party/zlib/crc32.c +21 -12
- data/third_party/zlib/deflate.c +112 -106
- data/third_party/zlib/deflate.h +2 -2
- data/third_party/zlib/gzlib.c +1 -1
- data/third_party/zlib/gzread.c +3 -5
- data/third_party/zlib/gzwrite.c +1 -1
- data/third_party/zlib/infback.c +10 -7
- data/third_party/zlib/inflate.c +5 -2
- data/third_party/zlib/inftrees.c +2 -2
- data/third_party/zlib/inftrees.h +1 -1
- data/third_party/zlib/trees.c +61 -62
- data/third_party/zlib/uncompr.c +2 -2
- data/third_party/zlib/zconf.h +16 -3
- data/third_party/zlib/zlib.h +10 -10
- data/third_party/zlib/zutil.c +9 -7
- data/third_party/zlib/zutil.h +1 -0
- metadata +57 -20
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +0 -188
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +0 -187
- data/src/core/lib/event_engine/executor/threaded_executor.h +0 -44
- data/src/core/lib/gpr/murmur_hash.cc +0 -82
- data/src/core/lib/gpr/murmur_hash.h +0 -29
- data/src/core/lib/gpr/tls.h +0 -156
- data/src/core/lib/promise/call_push_pull.h +0 -148
- data/src/core/lib/slice/slice_api.cc +0 -39
- data/src/core/lib/slice/slice_buffer_api.cc +0 -35
- data/src/core/lib/slice/slice_refcount_base.h +0 -60
@@ -19,6 +19,7 @@
|
|
19
19
|
#include "src/core/ext/xds/xds_common_types.h"
|
20
20
|
|
21
21
|
#include <stddef.h>
|
22
|
+
#include <stdint.h>
|
22
23
|
|
23
24
|
#include <algorithm>
|
24
25
|
#include <map>
|
@@ -34,23 +35,47 @@
|
|
34
35
|
#include "envoy/type/matcher/v3/regex.upb.h"
|
35
36
|
#include "envoy/type/matcher/v3/string.upb.h"
|
36
37
|
#include "google/protobuf/any.upb.h"
|
38
|
+
#include "google/protobuf/struct.upb.h"
|
39
|
+
#include "google/protobuf/struct.upbdefs.h"
|
37
40
|
#include "google/protobuf/wrappers.upb.h"
|
38
|
-
#include "upb/
|
41
|
+
#include "upb/arena.h"
|
42
|
+
#include "upb/json_encode.h"
|
43
|
+
#include "upb/status.h"
|
44
|
+
#include "upb/upb.hpp"
|
39
45
|
#include "xds/type/v3/typed_struct.upb.h"
|
40
46
|
|
41
|
-
#include "src/core/ext/xds/certificate_provider_store.h"
|
42
47
|
#include "src/core/ext/xds/upb_utils.h"
|
43
48
|
#include "src/core/ext/xds/xds_bootstrap_grpc.h"
|
44
49
|
#include "src/core/ext/xds/xds_client.h"
|
45
50
|
|
46
51
|
namespace grpc_core {
|
47
52
|
|
53
|
+
//
|
54
|
+
// ParseDuration()
|
55
|
+
//
|
56
|
+
|
57
|
+
Duration ParseDuration(const google_protobuf_Duration* proto_duration,
|
58
|
+
ValidationErrors* errors) {
|
59
|
+
int64_t seconds = google_protobuf_Duration_seconds(proto_duration);
|
60
|
+
if (seconds < 0 || seconds > 315576000000) {
|
61
|
+
ValidationErrors::ScopedField field(errors, ".seconds");
|
62
|
+
errors->AddError("value must be in the range [0, 315576000000]");
|
63
|
+
}
|
64
|
+
int32_t nanos = google_protobuf_Duration_nanos(proto_duration);
|
65
|
+
if (nanos < 0 || nanos > 999999999) {
|
66
|
+
ValidationErrors::ScopedField field(errors, ".nanos");
|
67
|
+
errors->AddError("value must be in the range [0, 999999999]");
|
68
|
+
}
|
69
|
+
return Duration::FromSecondsAndNanoseconds(seconds, nanos);
|
70
|
+
}
|
71
|
+
|
48
72
|
//
|
49
73
|
// CommonTlsContext::CertificateValidationContext
|
50
74
|
//
|
51
75
|
|
52
76
|
std::string CommonTlsContext::CertificateValidationContext::ToString() const {
|
53
77
|
std::vector<std::string> contents;
|
78
|
+
contents.reserve(match_subject_alt_names.size());
|
54
79
|
for (const auto& match : match_subject_alt_names) {
|
55
80
|
contents.push_back(match.ToString());
|
56
81
|
}
|
@@ -114,68 +139,70 @@ namespace {
|
|
114
139
|
// same CertificateProviderPluginInstance struct since the fields are the same.
|
115
140
|
// TODO(yashykt): Remove this once we stop supporting the old way of fetching
|
116
141
|
// certificate provider instances.
|
117
|
-
|
142
|
+
CommonTlsContext::CertificateProviderPluginInstance
|
118
143
|
CertificateProviderInstanceParse(
|
119
144
|
const XdsResourceType::DecodeContext& context,
|
120
145
|
const envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CertificateProviderInstance*
|
121
|
-
certificate_provider_instance_proto
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
UpbStringToStdString(
|
128
|
-
envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CertificateProviderInstance_certificate_name(
|
129
|
-
certificate_provider_instance_proto))};
|
146
|
+
certificate_provider_instance_proto,
|
147
|
+
ValidationErrors* errors) {
|
148
|
+
CommonTlsContext::CertificateProviderPluginInstance cert_provider;
|
149
|
+
cert_provider.instance_name = UpbStringToStdString(
|
150
|
+
envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CertificateProviderInstance_instance_name(
|
151
|
+
certificate_provider_instance_proto));
|
130
152
|
const auto& bootstrap =
|
131
153
|
static_cast<const GrpcXdsBootstrap&>(context.client->bootstrap());
|
132
|
-
if (bootstrap.certificate_providers().find(
|
133
|
-
certificate_provider_plugin_instance.instance_name) ==
|
154
|
+
if (bootstrap.certificate_providers().find(cert_provider.instance_name) ==
|
134
155
|
bootstrap.certificate_providers().end()) {
|
135
|
-
|
136
|
-
|
137
|
-
|
156
|
+
ValidationErrors::ScopedField field(errors, ".instance_name");
|
157
|
+
errors->AddError(
|
158
|
+
absl::StrCat("unrecognized certificate provider instance name: ",
|
159
|
+
cert_provider.instance_name));
|
138
160
|
}
|
139
|
-
|
161
|
+
cert_provider.certificate_name = UpbStringToStdString(
|
162
|
+
envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CertificateProviderInstance_certificate_name(
|
163
|
+
certificate_provider_instance_proto));
|
164
|
+
return cert_provider;
|
140
165
|
}
|
141
166
|
|
142
|
-
|
167
|
+
CommonTlsContext::CertificateProviderPluginInstance
|
143
168
|
CertificateProviderPluginInstanceParse(
|
144
169
|
const XdsResourceType::DecodeContext& context,
|
145
170
|
const envoy_extensions_transport_sockets_tls_v3_CertificateProviderPluginInstance*
|
146
|
-
certificate_provider_plugin_instance_proto
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
UpbStringToStdString(
|
153
|
-
envoy_extensions_transport_sockets_tls_v3_CertificateProviderPluginInstance_certificate_name(
|
154
|
-
certificate_provider_plugin_instance_proto))};
|
171
|
+
certificate_provider_plugin_instance_proto,
|
172
|
+
ValidationErrors* errors) {
|
173
|
+
CommonTlsContext::CertificateProviderPluginInstance cert_provider;
|
174
|
+
cert_provider.instance_name = UpbStringToStdString(
|
175
|
+
envoy_extensions_transport_sockets_tls_v3_CertificateProviderPluginInstance_instance_name(
|
176
|
+
certificate_provider_plugin_instance_proto));
|
155
177
|
const auto& bootstrap =
|
156
178
|
static_cast<const GrpcXdsBootstrap&>(context.client->bootstrap());
|
157
|
-
if (bootstrap.certificate_providers().find(
|
158
|
-
certificate_provider_plugin_instance.instance_name) ==
|
179
|
+
if (bootstrap.certificate_providers().find(cert_provider.instance_name) ==
|
159
180
|
bootstrap.certificate_providers().end()) {
|
160
|
-
|
161
|
-
|
162
|
-
|
181
|
+
ValidationErrors::ScopedField field(errors, ".instance_name");
|
182
|
+
errors->AddError(
|
183
|
+
absl::StrCat("unrecognized certificate provider instance name: ",
|
184
|
+
cert_provider.instance_name));
|
163
185
|
}
|
164
|
-
|
186
|
+
cert_provider.certificate_name = UpbStringToStdString(
|
187
|
+
envoy_extensions_transport_sockets_tls_v3_CertificateProviderPluginInstance_certificate_name(
|
188
|
+
certificate_provider_plugin_instance_proto));
|
189
|
+
return cert_provider;
|
165
190
|
}
|
166
191
|
|
167
|
-
|
192
|
+
CommonTlsContext::CertificateValidationContext
|
168
193
|
CertificateValidationContextParse(
|
169
194
|
const XdsResourceType::DecodeContext& context,
|
170
195
|
const envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext*
|
171
|
-
certificate_validation_context_proto
|
172
|
-
|
196
|
+
certificate_validation_context_proto,
|
197
|
+
ValidationErrors* errors) {
|
173
198
|
CommonTlsContext::CertificateValidationContext certificate_validation_context;
|
174
199
|
size_t len = 0;
|
175
200
|
auto* subject_alt_names_matchers =
|
176
201
|
envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_match_subject_alt_names(
|
177
202
|
certificate_validation_context_proto, &len);
|
178
203
|
for (size_t i = 0; i < len; ++i) {
|
204
|
+
ValidationErrors::ScopedField field(
|
205
|
+
errors, absl::StrCat(".match_subject_alt_names[", i, "]"));
|
179
206
|
StringMatcher::Type type;
|
180
207
|
std::string matcher;
|
181
208
|
if (envoy_type_matcher_v3_StringMatcher_has_exact(
|
@@ -207,7 +234,7 @@ CertificateValidationContextParse(
|
|
207
234
|
matcher = UpbStringToStdString(
|
208
235
|
envoy_type_matcher_v3_RegexMatcher_regex(regex_matcher));
|
209
236
|
} else {
|
210
|
-
errors
|
237
|
+
errors->AddError("invalid StringMatcher specified");
|
211
238
|
continue;
|
212
239
|
}
|
213
240
|
bool ignore_case = envoy_type_matcher_v3_StringMatcher_ignore_case(
|
@@ -216,13 +243,12 @@ CertificateValidationContextParse(
|
|
216
243
|
StringMatcher::Create(type, matcher,
|
217
244
|
/*case_sensitive=*/!ignore_case);
|
218
245
|
if (!string_matcher.ok()) {
|
219
|
-
errors.
|
220
|
-
absl::StrCat("string matcher: ", string_matcher.status().message()));
|
246
|
+
errors->AddError(string_matcher.status().message());
|
221
247
|
continue;
|
222
248
|
}
|
223
249
|
if (type == StringMatcher::Type::kSafeRegex && ignore_case) {
|
224
|
-
errors.
|
225
|
-
|
250
|
+
ValidationErrors::ScopedField field(errors, ".ignore_case");
|
251
|
+
errors->AddError("not supported for regex matcher");
|
226
252
|
continue;
|
227
253
|
}
|
228
254
|
certificate_validation_context.match_subject_alt_names.push_back(
|
@@ -232,58 +258,51 @@ CertificateValidationContextParse(
|
|
232
258
|
envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_ca_certificate_provider_instance(
|
233
259
|
certificate_validation_context_proto);
|
234
260
|
if (ca_certificate_provider_instance != nullptr) {
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
certificate_validation_context.ca_certificate_provider_instance =
|
241
|
-
std::move(*certificate_provider_instance);
|
242
|
-
}
|
261
|
+
ValidationErrors::ScopedField field(errors,
|
262
|
+
".ca_certificate_provider_instance");
|
263
|
+
certificate_validation_context.ca_certificate_provider_instance =
|
264
|
+
CertificateProviderPluginInstanceParse(
|
265
|
+
context, ca_certificate_provider_instance, errors);
|
243
266
|
}
|
244
267
|
if (envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_verify_certificate_spki(
|
245
268
|
certificate_validation_context_proto, nullptr) != nullptr) {
|
246
|
-
errors.
|
247
|
-
|
269
|
+
ValidationErrors::ScopedField field(errors, ".verify_certificate_spki");
|
270
|
+
errors->AddError("feature unsupported");
|
248
271
|
}
|
249
272
|
if (envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_verify_certificate_hash(
|
250
273
|
certificate_validation_context_proto, nullptr) != nullptr) {
|
251
|
-
errors.
|
252
|
-
|
274
|
+
ValidationErrors::ScopedField field(errors, ".verify_certificate_hash");
|
275
|
+
errors->AddError("feature unsupported");
|
253
276
|
}
|
254
277
|
auto* require_signed_certificate_timestamp =
|
255
278
|
envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_require_signed_certificate_timestamp(
|
256
279
|
certificate_validation_context_proto);
|
257
280
|
if (require_signed_certificate_timestamp != nullptr &&
|
258
281
|
google_protobuf_BoolValue_value(require_signed_certificate_timestamp)) {
|
259
|
-
|
260
|
-
|
261
|
-
|
282
|
+
ValidationErrors::ScopedField field(
|
283
|
+
errors, ".require_signed_certificate_timestamp");
|
284
|
+
errors->AddError("feature unsupported");
|
262
285
|
}
|
263
286
|
if (envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_has_crl(
|
264
287
|
certificate_validation_context_proto)) {
|
265
|
-
errors.
|
288
|
+
ValidationErrors::ScopedField field(errors, ".crl");
|
289
|
+
errors->AddError("feature unsupported");
|
266
290
|
}
|
267
291
|
if (envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_has_custom_validator_config(
|
268
292
|
certificate_validation_context_proto)) {
|
269
|
-
errors.
|
270
|
-
|
271
|
-
}
|
272
|
-
if (!errors.empty()) {
|
273
|
-
return absl::InvalidArgumentError(
|
274
|
-
absl::StrCat("Errors parsing CertificateValidationContext: ",
|
275
|
-
absl::StrJoin(errors, "; ")));
|
293
|
+
ValidationErrors::ScopedField field(errors, ".custom_validator_config");
|
294
|
+
errors->AddError("feature unsupported");
|
276
295
|
}
|
277
296
|
return certificate_validation_context;
|
278
297
|
}
|
279
298
|
|
280
299
|
} // namespace
|
281
300
|
|
282
|
-
|
301
|
+
CommonTlsContext CommonTlsContext::Parse(
|
283
302
|
const XdsResourceType::DecodeContext& context,
|
284
303
|
const envoy_extensions_transport_sockets_tls_v3_CommonTlsContext*
|
285
|
-
common_tls_context_proto
|
286
|
-
|
304
|
+
common_tls_context_proto,
|
305
|
+
ValidationErrors* errors) {
|
287
306
|
CommonTlsContext common_tls_context;
|
288
307
|
// The validation context is derived from the oneof in
|
289
308
|
// 'validation_context_type'. 'validation_context_sds_secret_config' is not
|
@@ -292,18 +311,16 @@ absl::StatusOr<CommonTlsContext> CommonTlsContext::Parse(
|
|
292
311
|
envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_combined_validation_context(
|
293
312
|
common_tls_context_proto);
|
294
313
|
if (combined_validation_context != nullptr) {
|
314
|
+
ValidationErrors::ScopedField field(errors, ".combined_validation_context");
|
295
315
|
auto* default_validation_context =
|
296
316
|
envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CombinedCertificateValidationContext_default_validation_context(
|
297
317
|
combined_validation_context);
|
298
318
|
if (default_validation_context != nullptr) {
|
299
|
-
|
300
|
-
|
301
|
-
|
302
|
-
|
303
|
-
|
304
|
-
common_tls_context.certificate_validation_context =
|
305
|
-
std::move(*certificate_validation_context);
|
306
|
-
}
|
319
|
+
ValidationErrors::ScopedField field(errors,
|
320
|
+
".default_validation_context");
|
321
|
+
common_tls_context.certificate_validation_context =
|
322
|
+
CertificateValidationContextParse(context, default_validation_context,
|
323
|
+
errors);
|
307
324
|
}
|
308
325
|
// If after parsing default_validation_context,
|
309
326
|
// common_tls_context->certificate_validation_context.ca_certificate_provider_instance
|
@@ -312,55 +329,44 @@ absl::StatusOr<CommonTlsContext> CommonTlsContext::Parse(
|
|
312
329
|
// 'combined_validation_context'. Note that this way of fetching root
|
313
330
|
// certificates is deprecated and will be removed in the future.
|
314
331
|
// TODO(yashykt): Remove this once it's no longer needed.
|
315
|
-
auto* validation_context_certificate_provider_instance =
|
332
|
+
const auto* validation_context_certificate_provider_instance =
|
316
333
|
envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CombinedCertificateValidationContext_validation_context_certificate_provider_instance(
|
317
334
|
combined_validation_context);
|
318
335
|
if (common_tls_context.certificate_validation_context
|
319
336
|
.ca_certificate_provider_instance.Empty() &&
|
320
337
|
validation_context_certificate_provider_instance != nullptr) {
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
|
325
|
-
|
326
|
-
common_tls_context.certificate_validation_context
|
327
|
-
.ca_certificate_provider_instance =
|
328
|
-
std::move(*certificate_provider_instance);
|
329
|
-
}
|
338
|
+
ValidationErrors::ScopedField field(
|
339
|
+
errors, ".validation_context_certificate_provider_instance");
|
340
|
+
common_tls_context.certificate_validation_context
|
341
|
+
.ca_certificate_provider_instance = CertificateProviderInstanceParse(
|
342
|
+
context, validation_context_certificate_provider_instance, errors);
|
330
343
|
}
|
331
344
|
} else {
|
332
345
|
auto* validation_context =
|
333
346
|
envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_validation_context(
|
334
347
|
common_tls_context_proto);
|
335
348
|
if (validation_context != nullptr) {
|
336
|
-
|
337
|
-
|
338
|
-
|
339
|
-
|
340
|
-
} else {
|
341
|
-
common_tls_context.certificate_validation_context =
|
342
|
-
std::move(*certificate_validation_context);
|
343
|
-
}
|
349
|
+
ValidationErrors::ScopedField field(errors, ".validation_context");
|
350
|
+
common_tls_context.certificate_validation_context =
|
351
|
+
CertificateValidationContextParse(context, validation_context,
|
352
|
+
errors);
|
344
353
|
} else if (
|
345
354
|
envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_validation_context_sds_secret_config(
|
346
355
|
common_tls_context_proto)) {
|
347
|
-
|
356
|
+
ValidationErrors::ScopedField field(
|
357
|
+
errors, ".validation_context_sds_secret_config");
|
358
|
+
errors->AddError("feature unsupported");
|
348
359
|
}
|
349
360
|
}
|
350
361
|
auto* tls_certificate_provider_instance =
|
351
362
|
envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_tls_certificate_provider_instance(
|
352
363
|
common_tls_context_proto);
|
353
364
|
if (tls_certificate_provider_instance != nullptr) {
|
354
|
-
|
365
|
+
ValidationErrors::ScopedField field(errors,
|
366
|
+
".tls_certificate_provider_instance");
|
367
|
+
common_tls_context.tls_certificate_provider_instance =
|
355
368
|
CertificateProviderPluginInstanceParse(
|
356
|
-
context, tls_certificate_provider_instance);
|
357
|
-
if (!certificate_provider_plugin_instance.ok()) {
|
358
|
-
errors.emplace_back(
|
359
|
-
certificate_provider_plugin_instance.status().message());
|
360
|
-
} else {
|
361
|
-
common_tls_context.tls_certificate_provider_instance =
|
362
|
-
std::move(*certificate_provider_plugin_instance);
|
363
|
-
}
|
369
|
+
context, tls_certificate_provider_instance, errors);
|
364
370
|
} else {
|
365
371
|
// Fall back onto 'tls_certificate_certificate_provider_instance'. Note that
|
366
372
|
// this way of fetching identity certificates is deprecated and will be
|
@@ -370,65 +376,126 @@ absl::StatusOr<CommonTlsContext> CommonTlsContext::Parse(
|
|
370
376
|
envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_tls_certificate_certificate_provider_instance(
|
371
377
|
common_tls_context_proto);
|
372
378
|
if (tls_certificate_certificate_provider_instance != nullptr) {
|
373
|
-
|
374
|
-
|
375
|
-
|
376
|
-
|
377
|
-
|
378
|
-
common_tls_context.tls_certificate_provider_instance =
|
379
|
-
std::move(*certificate_provider_instance);
|
380
|
-
}
|
379
|
+
ValidationErrors::ScopedField field(
|
380
|
+
errors, ".tls_certificate_certificate_provider_instance");
|
381
|
+
common_tls_context.tls_certificate_provider_instance =
|
382
|
+
CertificateProviderInstanceParse(
|
383
|
+
context, tls_certificate_certificate_provider_instance, errors);
|
381
384
|
} else {
|
382
385
|
if (envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_tls_certificates(
|
383
386
|
common_tls_context_proto)) {
|
384
|
-
errors.
|
387
|
+
ValidationErrors::ScopedField field(errors, ".tls_certificates");
|
388
|
+
errors->AddError("feature unsupported");
|
385
389
|
}
|
386
390
|
if (envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_tls_certificate_sds_secret_configs(
|
387
391
|
common_tls_context_proto)) {
|
388
|
-
|
392
|
+
ValidationErrors::ScopedField field(
|
393
|
+
errors, ".tls_certificate_sds_secret_configs");
|
394
|
+
errors->AddError("feature unsupported");
|
389
395
|
}
|
390
396
|
}
|
391
397
|
}
|
392
398
|
if (envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_tls_params(
|
393
399
|
common_tls_context_proto)) {
|
394
|
-
errors.
|
400
|
+
ValidationErrors::ScopedField field(errors, ".tls_params");
|
401
|
+
errors->AddError("feature unsupported");
|
395
402
|
}
|
396
403
|
if (envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_custom_handshaker(
|
397
404
|
common_tls_context_proto)) {
|
398
|
-
errors.
|
405
|
+
ValidationErrors::ScopedField field(errors, ".custom_handshaker");
|
406
|
+
errors->AddError("feature unsupported");
|
399
407
|
}
|
400
|
-
|
408
|
+
return common_tls_context;
|
409
|
+
}
|
410
|
+
|
411
|
+
//
|
412
|
+
// ExtractXdsExtension
|
413
|
+
//
|
414
|
+
|
415
|
+
namespace {
|
416
|
+
|
417
|
+
absl::StatusOr<Json> ParseProtobufStructToJson(
|
418
|
+
const XdsResourceType::DecodeContext& context,
|
419
|
+
const google_protobuf_Struct* resource) {
|
420
|
+
upb::Status status;
|
421
|
+
const auto* msg_def = google_protobuf_Struct_getmsgdef(context.symtab);
|
422
|
+
size_t json_size = upb_JsonEncode(resource, msg_def, context.symtab, 0,
|
423
|
+
nullptr, 0, status.ptr());
|
424
|
+
if (json_size == static_cast<size_t>(-1)) {
|
401
425
|
return absl::InvalidArgumentError(
|
402
|
-
absl::StrCat("
|
403
|
-
|
426
|
+
absl::StrCat("error encoding google::Protobuf::Struct as JSON: ",
|
427
|
+
upb_Status_ErrorMessage(status.ptr())));
|
404
428
|
}
|
405
|
-
|
429
|
+
void* buf = upb_Arena_Malloc(context.arena, json_size + 1);
|
430
|
+
upb_JsonEncode(resource, msg_def, context.symtab, 0,
|
431
|
+
reinterpret_cast<char*>(buf), json_size + 1, status.ptr());
|
432
|
+
auto json = Json::Parse(reinterpret_cast<char*>(buf));
|
433
|
+
if (!json.ok()) {
|
434
|
+
// This should never happen.
|
435
|
+
return absl::InternalError(
|
436
|
+
absl::StrCat("error parsing JSON form of google::Protobuf::Struct "
|
437
|
+
"produced by upb library: ",
|
438
|
+
json.status().ToString()));
|
439
|
+
}
|
440
|
+
return std::move(*json);
|
406
441
|
}
|
407
442
|
|
408
|
-
|
443
|
+
} // namespace
|
444
|
+
|
445
|
+
absl::optional<XdsExtension> ExtractXdsExtension(
|
409
446
|
const XdsResourceType::DecodeContext& context,
|
410
|
-
const google_protobuf_Any* any) {
|
411
|
-
|
412
|
-
|
413
|
-
|
414
|
-
result.type == "type.googleapis.com/udpa.type.v1.TypedStruct") {
|
415
|
-
upb_StringView any_value = google_protobuf_Any_value(any);
|
416
|
-
result.typed_struct = xds_type_v3_TypedStruct_parse(
|
417
|
-
any_value.data, any_value.size, context.arena);
|
418
|
-
if (result.typed_struct == nullptr) {
|
419
|
-
return absl::InvalidArgumentError(
|
420
|
-
"could not parse TypedStruct from extension");
|
421
|
-
}
|
422
|
-
result.type =
|
423
|
-
UpbStringToAbsl(xds_type_v3_TypedStruct_type_url(result.typed_struct));
|
447
|
+
const google_protobuf_Any* any, ValidationErrors* errors) {
|
448
|
+
if (any == nullptr) {
|
449
|
+
errors->AddError("field not present");
|
450
|
+
return absl::nullopt;
|
424
451
|
}
|
425
|
-
|
426
|
-
|
427
|
-
|
428
|
-
|
452
|
+
XdsExtension extension;
|
453
|
+
auto strip_type_prefix = [&]() {
|
454
|
+
ValidationErrors::ScopedField field(errors, ".type_url");
|
455
|
+
if (extension.type.empty()) {
|
456
|
+
errors->AddError("field not present");
|
457
|
+
return;
|
458
|
+
}
|
459
|
+
size_t pos = extension.type.rfind('/');
|
460
|
+
if (pos == absl::string_view::npos || pos == extension.type.size() - 1) {
|
461
|
+
errors->AddError(absl::StrCat("invalid value \"", extension.type, "\""));
|
462
|
+
} else {
|
463
|
+
extension.type = extension.type.substr(pos + 1);
|
464
|
+
}
|
465
|
+
};
|
466
|
+
extension.type = UpbStringToAbsl(google_protobuf_Any_type_url(any));
|
467
|
+
strip_type_prefix();
|
468
|
+
extension.validation_fields.emplace_back(
|
469
|
+
errors, absl::StrCat(".value[", extension.type, "]"));
|
470
|
+
absl::string_view any_value = UpbStringToAbsl(google_protobuf_Any_value(any));
|
471
|
+
if (extension.type == "xds.type.v3.TypedStruct" ||
|
472
|
+
extension.type == "udpa.type.v1.TypedStruct") {
|
473
|
+
const auto* typed_struct = xds_type_v3_TypedStruct_parse(
|
474
|
+
any_value.data(), any_value.size(), context.arena);
|
475
|
+
if (typed_struct == nullptr) {
|
476
|
+
errors->AddError("could not parse");
|
477
|
+
return absl::nullopt;
|
478
|
+
}
|
479
|
+
extension.type =
|
480
|
+
UpbStringToAbsl(xds_type_v3_TypedStruct_type_url(typed_struct));
|
481
|
+
strip_type_prefix();
|
482
|
+
extension.validation_fields.emplace_back(
|
483
|
+
errors, absl::StrCat(".value[", extension.type, "]"));
|
484
|
+
auto* protobuf_struct = xds_type_v3_TypedStruct_value(typed_struct);
|
485
|
+
if (protobuf_struct == nullptr) {
|
486
|
+
extension.value = Json::Object(); // Default to empty object.
|
487
|
+
} else {
|
488
|
+
auto json = ParseProtobufStructToJson(context, protobuf_struct);
|
489
|
+
if (!json.ok()) {
|
490
|
+
errors->AddError(json.status().message());
|
491
|
+
return absl::nullopt;
|
492
|
+
}
|
493
|
+
extension.value = std::move(*json);
|
494
|
+
}
|
495
|
+
} else {
|
496
|
+
extension.value = any_value;
|
429
497
|
}
|
430
|
-
|
431
|
-
return result;
|
498
|
+
return std::move(extension);
|
432
499
|
}
|
433
500
|
|
434
501
|
} // namespace grpc_core
|
@@ -22,24 +22,23 @@
|
|
22
22
|
#include <string>
|
23
23
|
#include <vector>
|
24
24
|
|
25
|
-
#include "absl/status/statusor.h"
|
26
25
|
#include "absl/strings/string_view.h"
|
26
|
+
#include "absl/types/optional.h"
|
27
|
+
#include "absl/types/variant.h"
|
27
28
|
#include "envoy/extensions/transport_sockets/tls/v3/tls.upb.h"
|
28
29
|
#include "google/protobuf/any.upb.h"
|
29
30
|
#include "google/protobuf/duration.upb.h"
|
30
|
-
#include "xds/type/v3/typed_struct.upb.h"
|
31
31
|
|
32
32
|
#include "src/core/ext/xds/xds_resource_type.h"
|
33
33
|
#include "src/core/lib/gprpp/time.h"
|
34
|
+
#include "src/core/lib/gprpp/validation_errors.h"
|
35
|
+
#include "src/core/lib/json/json.h"
|
34
36
|
#include "src/core/lib/matchers/matchers.h"
|
35
37
|
|
36
38
|
namespace grpc_core {
|
37
39
|
|
38
|
-
|
39
|
-
|
40
|
-
google_protobuf_Duration_seconds(proto_duration),
|
41
|
-
google_protobuf_Duration_nanos(proto_duration));
|
42
|
-
}
|
40
|
+
Duration ParseDuration(const google_protobuf_Duration* proto_duration,
|
41
|
+
ValidationErrors* errors);
|
43
42
|
|
44
43
|
struct CommonTlsContext {
|
45
44
|
struct CertificateProviderPluginInstance {
|
@@ -82,20 +81,27 @@ struct CommonTlsContext {
|
|
82
81
|
std::string ToString() const;
|
83
82
|
bool Empty() const;
|
84
83
|
|
85
|
-
static
|
84
|
+
static CommonTlsContext Parse(
|
86
85
|
const XdsResourceType::DecodeContext& context,
|
87
86
|
const envoy_extensions_transport_sockets_tls_v3_CommonTlsContext*
|
88
|
-
common_tls_context_proto
|
87
|
+
common_tls_context_proto,
|
88
|
+
ValidationErrors* errors);
|
89
89
|
};
|
90
90
|
|
91
|
-
struct
|
91
|
+
struct XdsExtension {
|
92
|
+
// The type, either from the top level or from inside the TypedStruct.
|
92
93
|
absl::string_view type;
|
93
|
-
|
94
|
+
// A Json object for a TypedStruct, or the serialized config otherwise.
|
95
|
+
absl::variant<absl::string_view /*serialized_value*/, Json /*typed_struct*/>
|
96
|
+
value;
|
97
|
+
// Validation fields that need to stay in scope until we're done
|
98
|
+
// processing the extension.
|
99
|
+
std::vector<ValidationErrors::ScopedField> validation_fields;
|
94
100
|
};
|
95
101
|
|
96
|
-
absl::
|
102
|
+
absl::optional<XdsExtension> ExtractXdsExtension(
|
97
103
|
const XdsResourceType::DecodeContext& context,
|
98
|
-
const google_protobuf_Any* any);
|
104
|
+
const google_protobuf_Any* any, ValidationErrors* errors);
|
99
105
|
|
100
106
|
} // namespace grpc_core
|
101
107
|
|