grpc 1.50.0.pre1 → 1.51.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +131 -42
- data/include/grpc/event_engine/event_engine.h +10 -3
- data/include/grpc/event_engine/slice_buffer.h +17 -0
- data/include/grpc/grpc.h +0 -10
- data/include/grpc/impl/codegen/grpc_types.h +1 -5
- data/include/grpc/impl/codegen/port_platform.h +0 -3
- data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +19 -13
- data/src/core/ext/filters/channel_idle/channel_idle_filter.h +1 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +7 -5
- data/src/core/ext/filters/client_channel/client_channel.cc +120 -140
- data/src/core/ext/filters/client_channel/client_channel.h +3 -4
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +0 -2
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
- data/src/core/ext/filters/client_channel/client_channel_service_config.cc +153 -0
- data/src/core/ext/filters/client_channel/{resolver_result_parsing.h → client_channel_service_config.h} +26 -23
- data/src/core/ext/filters/client_channel/connector.h +1 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +20 -47
- data/src/core/ext/filters/client_channel/dynamic_filters.h +7 -8
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +3 -4
- data/src/core/ext/filters/client_channel/http_proxy.cc +0 -1
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +3 -4
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +8 -7
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +35 -44
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +3 -4
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +41 -29
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +9 -11
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +15 -12
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +8 -10
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +26 -27
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +7 -9
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +44 -26
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +17 -27
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_attributes.cc +42 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/{xds.h → xds_attributes.h} +15 -17
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +13 -7
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +48 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -126
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +364 -0
- data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +9 -9
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +23 -32
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +22 -23
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +50 -52
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +2 -4
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -3
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +34 -26
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +3 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -7
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +63 -46
- data/src/core/ext/filters/client_channel/retry_filter.cc +80 -102
- data/src/core/ext/filters/client_channel/retry_service_config.cc +192 -234
- data/src/core/ext/filters/client_channel/retry_service_config.h +20 -23
- data/src/core/ext/filters/client_channel/retry_throttle.cc +8 -8
- data/src/core/ext/filters/client_channel/retry_throttle.h +8 -7
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
- data/src/core/ext/filters/client_channel/subchannel.cc +21 -25
- data/src/core/ext/filters/client_channel/subchannel.h +2 -2
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +11 -12
- data/src/core/ext/filters/deadline/deadline_filter.cc +13 -14
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +1 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +0 -4
- data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.cc +118 -0
- data/src/core/ext/filters/fault_injection/{service_config_parser.h → fault_injection_service_config_parser.h} +20 -12
- data/src/core/ext/filters/http/client/http_client_filter.cc +16 -16
- data/src/core/ext/filters/http/client_authority_filter.cc +1 -1
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +13 -13
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +34 -34
- data/src/core/ext/filters/http/server/http_server_filter.cc +26 -25
- data/src/core/ext/filters/message_size/message_size_filter.cc +86 -117
- data/src/core/ext/filters/message_size/message_size_filter.h +22 -15
- data/src/core/ext/filters/rbac/rbac_filter.cc +12 -12
- data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +728 -530
- data/src/core/ext/filters/rbac/rbac_service_config_parser.h +4 -3
- data/src/core/ext/filters/server_config_selector/server_config_selector.h +1 -1
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -7
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +17 -21
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +57 -72
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +5 -5
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +212 -253
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +42 -11
- data/src/core/ext/transport/chttp2/transport/flow_control.h +4 -3
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +16 -15
- data/src/core/ext/transport/chttp2/transport/frame_data.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +13 -13
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +10 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +15 -17
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +5 -4
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +1 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +31 -39
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +7 -6
- data/src/core/ext/transport/chttp2/transport/internal.h +24 -8
- data/src/core/ext/transport/chttp2/transport/parsing.cc +51 -52
- data/src/core/ext/transport/chttp2/transport/varint.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/varint.h +11 -8
- data/src/core/ext/transport/chttp2/transport/writing.cc +16 -16
- data/src/core/ext/transport/inproc/inproc_transport.cc +97 -115
- data/src/core/ext/xds/certificate_provider_store.cc +4 -4
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +4 -7
- data/src/core/ext/xds/xds_api.cc +15 -68
- data/src/core/ext/xds/xds_api.h +3 -7
- data/src/core/ext/xds/xds_bootstrap.h +0 -1
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +3 -12
- data/src/core/ext/xds/xds_bootstrap_grpc.h +16 -1
- data/src/core/ext/xds/xds_certificate_provider.cc +22 -25
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +0 -1
- data/src/core/ext/xds/xds_client.cc +122 -90
- data/src/core/ext/xds/xds_client.h +7 -2
- data/src/core/ext/xds/xds_client_grpc.cc +5 -24
- data/src/core/ext/xds/xds_cluster.cc +291 -183
- data/src/core/ext/xds/xds_cluster.h +11 -15
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +32 -29
- data/src/core/ext/xds/xds_cluster_specifier_plugin.h +35 -16
- data/src/core/ext/xds/xds_common_types.cc +208 -141
- data/src/core/ext/xds/xds_common_types.h +19 -13
- data/src/core/ext/xds/xds_endpoint.cc +214 -129
- data/src/core/ext/xds/xds_endpoint.h +4 -7
- data/src/core/ext/xds/xds_http_fault_filter.cc +56 -43
- data/src/core/ext/xds/xds_http_fault_filter.h +13 -21
- data/src/core/ext/xds/xds_http_filters.cc +60 -73
- data/src/core/ext/xds/xds_http_filters.h +67 -19
- data/src/core/ext/xds/xds_http_rbac_filter.cc +152 -207
- data/src/core/ext/xds/xds_http_rbac_filter.h +12 -15
- data/src/core/ext/xds/xds_lb_policy_registry.cc +122 -169
- data/src/core/ext/xds/xds_lb_policy_registry.h +10 -11
- data/src/core/ext/xds/xds_listener.cc +459 -417
- data/src/core/ext/xds/xds_listener.h +43 -47
- data/src/core/ext/xds/xds_resource_type.h +3 -11
- data/src/core/ext/xds/xds_resource_type_impl.h +8 -13
- data/src/core/ext/xds/xds_route_config.cc +94 -80
- data/src/core/ext/xds/xds_route_config.h +10 -10
- data/src/core/ext/xds/xds_routing.cc +2 -1
- data/src/core/ext/xds/xds_routing.h +2 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +109 -94
- data/src/core/ext/xds/xds_transport_grpc.cc +4 -5
- data/src/core/lib/address_utils/parse_address.cc +11 -10
- data/src/core/lib/channel/channel_args.h +16 -1
- data/src/core/lib/channel/channel_stack.cc +23 -20
- data/src/core/lib/channel/channel_stack.h +17 -4
- data/src/core/lib/channel/channel_stack_builder.cc +4 -7
- data/src/core/lib/channel/channel_stack_builder.h +14 -6
- data/src/core/lib/channel/channel_stack_builder_impl.cc +25 -7
- data/src/core/lib/channel/channel_stack_builder_impl.h +2 -0
- data/src/core/lib/channel/channel_trace.cc +4 -5
- data/src/core/lib/channel/channelz.cc +1 -1
- data/src/core/lib/channel/connected_channel.cc +695 -35
- data/src/core/lib/channel/connected_channel.h +0 -4
- data/src/core/lib/channel/promise_based_filter.cc +1004 -140
- data/src/core/lib/channel/promise_based_filter.h +364 -87
- data/src/core/lib/compression/message_compress.cc +5 -5
- data/src/core/lib/debug/event_log.cc +88 -0
- data/src/core/lib/debug/event_log.h +81 -0
- data/src/core/lib/debug/histogram_view.cc +69 -0
- data/src/core/lib/{slice/slice_refcount.cc → debug/histogram_view.h} +15 -13
- data/src/core/lib/debug/stats.cc +22 -119
- data/src/core/lib/debug/stats.h +29 -35
- data/src/core/lib/debug/stats_data.cc +224 -73
- data/src/core/lib/debug/stats_data.h +263 -122
- data/src/core/lib/event_engine/common_closures.h +71 -0
- data/src/core/lib/event_engine/default_event_engine.cc +38 -15
- data/src/core/lib/event_engine/default_event_engine.h +15 -3
- data/src/core/lib/event_engine/default_event_engine_factory.cc +2 -4
- data/src/core/lib/event_engine/memory_allocator.cc +1 -1
- data/src/core/lib/event_engine/poller.h +10 -4
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +618 -0
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +129 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +901 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +97 -0
- data/src/core/lib/event_engine/posix_engine/event_poller.h +111 -0
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +74 -0
- data/src/core/lib/event_engine/{executor/threaded_executor.cc → posix_engine/event_poller_posix_default.h} +13 -16
- data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +77 -0
- data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +179 -0
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +267 -0
- data/src/core/lib/event_engine/posix_engine/lockfree_event.h +73 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +1270 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +682 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +453 -18
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +148 -24
- data/src/core/lib/event_engine/posix_engine/posix_engine_closure.h +80 -0
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +1081 -0
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +361 -0
- data/src/core/lib/event_engine/posix_engine/timer.h +9 -8
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +57 -194
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +21 -49
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +301 -0
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +179 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +126 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +45 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +151 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +45 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +76 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +67 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +37 -0
- data/src/core/lib/event_engine/slice.cc +7 -6
- data/src/core/lib/event_engine/slice_buffer.cc +2 -2
- data/src/core/lib/event_engine/thread_pool.cc +106 -25
- data/src/core/lib/event_engine/thread_pool.h +32 -9
- data/src/core/lib/event_engine/windows/win_socket.cc +7 -7
- data/src/core/lib/event_engine/windows/windows_engine.cc +18 -12
- data/src/core/lib/event_engine/windows/windows_engine.h +8 -4
- data/src/core/lib/experiments/config.cc +1 -1
- data/src/core/lib/experiments/experiments.cc +13 -2
- data/src/core/lib/experiments/experiments.h +8 -1
- data/src/core/lib/gpr/cpu_linux.cc +6 -2
- data/src/core/lib/gpr/log_linux.cc +3 -4
- data/src/core/lib/gpr/string.h +1 -1
- data/src/core/lib/gpr/tmpfile_posix.cc +3 -2
- data/src/core/lib/gprpp/load_file.cc +75 -0
- data/src/core/lib/gprpp/load_file.h +33 -0
- data/src/core/lib/gprpp/per_cpu.h +46 -0
- data/src/core/lib/gprpp/stat_posix.cc +5 -4
- data/src/core/lib/gprpp/stat_windows.cc +3 -2
- data/src/core/lib/gprpp/status_helper.h +1 -3
- data/src/core/lib/gprpp/strerror.cc +41 -0
- data/src/core/{ext/xds/xds_resource_type.cc → lib/gprpp/strerror.h} +9 -13
- data/src/core/lib/gprpp/thd_windows.cc +1 -2
- data/src/core/lib/gprpp/time.cc +3 -4
- data/src/core/lib/gprpp/time.h +13 -2
- data/src/core/lib/gprpp/validation_errors.h +18 -1
- data/src/core/lib/http/httpcli.cc +40 -44
- data/src/core/lib/http/httpcli.h +6 -5
- data/src/core/lib/http/httpcli_security_connector.cc +4 -6
- data/src/core/lib/http/parser.cc +54 -65
- data/src/core/lib/iomgr/buffer_list.cc +105 -116
- data/src/core/lib/iomgr/buffer_list.h +60 -44
- data/src/core/lib/iomgr/call_combiner.cc +11 -10
- data/src/core/lib/iomgr/call_combiner.h +3 -4
- data/src/core/lib/iomgr/cfstream_handle.cc +13 -16
- data/src/core/lib/iomgr/closure.h +49 -5
- data/src/core/lib/iomgr/combiner.cc +2 -2
- data/src/core/lib/iomgr/endpoint.h +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +26 -25
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
- data/src/core/lib/iomgr/error.cc +27 -42
- data/src/core/lib/iomgr/error.h +22 -152
- data/src/core/lib/iomgr/ev_apple.cc +4 -4
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +26 -25
- data/src/core/lib/iomgr/ev_poll_posix.cc +27 -31
- data/src/core/lib/iomgr/exec_ctx.cc +3 -4
- data/src/core/lib/iomgr/exec_ctx.h +2 -3
- data/src/core/lib/iomgr/executor.cc +1 -2
- data/src/core/lib/iomgr/internal_errqueue.cc +3 -1
- data/src/core/lib/iomgr/iocp_windows.cc +1 -0
- data/src/core/lib/iomgr/iomgr_posix.cc +2 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +2 -1
- data/src/core/lib/iomgr/iomgr_windows.cc +2 -1
- data/src/core/lib/iomgr/load_file.cc +5 -9
- data/src/core/lib/iomgr/lockfree_event.cc +10 -10
- data/src/core/lib/iomgr/pollset_windows.cc +4 -4
- data/src/core/lib/iomgr/python_util.h +2 -2
- data/src/core/lib/iomgr/resolve_address.cc +8 -3
- data/src/core/lib/iomgr/resolve_address.h +3 -4
- data/src/core/lib/iomgr/resolve_address_impl.h +1 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +14 -25
- data/src/core/lib/iomgr/resolve_address_posix.h +1 -2
- data/src/core/lib/iomgr/resolve_address_windows.cc +14 -17
- data/src/core/lib/iomgr/resolve_address_windows.h +1 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +30 -29
- data/src/core/lib/iomgr/socket_utils_posix.cc +1 -0
- data/src/core/lib/iomgr/socket_utils_posix.h +2 -2
- data/src/core/lib/iomgr/socket_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +6 -10
- data/src/core/lib/iomgr/tcp_client_posix.cc +31 -35
- data/src/core/lib/iomgr/tcp_client_windows.cc +8 -12
- data/src/core/lib/iomgr/tcp_posix.cc +92 -108
- data/src/core/lib/iomgr/tcp_server_posix.cc +34 -34
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +18 -21
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +12 -13
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +1 -1
- data/src/core/lib/iomgr/tcp_server_windows.cc +26 -29
- data/src/core/lib/iomgr/tcp_windows.cc +27 -34
- data/src/core/lib/iomgr/timer.h +8 -8
- data/src/core/lib/iomgr/timer_generic.cc +9 -15
- data/src/core/lib/iomgr/unix_sockets_posix.cc +2 -4
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +4 -3
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +10 -8
- data/src/core/lib/json/json_channel_args.h +42 -0
- data/src/core/lib/json/json_object_loader.cc +7 -2
- data/src/core/lib/json/json_object_loader.h +22 -0
- data/src/core/lib/json/json_util.cc +5 -5
- data/src/core/lib/json/json_util.h +4 -4
- data/src/core/lib/load_balancing/lb_policy.cc +1 -1
- data/src/core/lib/load_balancing/lb_policy.h +4 -0
- data/src/core/lib/load_balancing/subchannel_interface.h +0 -7
- data/src/core/lib/matchers/matchers.cc +3 -4
- data/src/core/lib/promise/activity.cc +16 -2
- data/src/core/lib/promise/activity.h +38 -15
- data/src/core/lib/promise/arena_promise.h +80 -51
- data/src/core/lib/promise/context.h +13 -6
- data/src/core/lib/promise/detail/basic_seq.h +9 -28
- data/src/core/lib/promise/detail/promise_factory.h +58 -10
- data/src/core/lib/promise/detail/status.h +28 -0
- data/src/core/lib/promise/detail/switch.h +1455 -0
- data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +3 -1
- data/src/core/lib/promise/for_each.h +129 -0
- data/src/core/lib/promise/loop.h +7 -5
- data/src/core/lib/promise/map_pipe.h +87 -0
- data/src/core/lib/promise/pipe.cc +19 -0
- data/src/core/lib/promise/pipe.h +505 -0
- data/src/core/lib/promise/poll.h +13 -0
- data/src/core/lib/promise/seq.h +3 -5
- data/src/core/lib/promise/sleep.cc +5 -4
- data/src/core/lib/promise/sleep.h +1 -2
- data/src/core/lib/promise/try_concurrently.h +341 -0
- data/src/core/lib/promise/try_seq.h +10 -13
- data/src/core/lib/resolver/server_address.cc +1 -0
- data/src/core/lib/resolver/server_address.h +1 -3
- data/src/core/lib/resource_quota/api.cc +0 -1
- data/src/core/lib/resource_quota/arena.cc +19 -0
- data/src/core/lib/resource_quota/arena.h +89 -0
- data/src/core/lib/resource_quota/memory_quota.cc +1 -0
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +1 -3
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +4 -2
- data/src/core/lib/security/authorization/matchers.cc +25 -22
- data/src/core/lib/security/authorization/rbac_policy.cc +2 -3
- data/src/core/lib/security/context/security_context.h +10 -0
- data/src/core/lib/security/credentials/channel_creds_registry_init.cc +3 -4
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +77 -55
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +4 -3
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +40 -51
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +17 -21
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +21 -25
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +27 -24
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +1 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +1 -1
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +24 -30
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +6 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +3 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +19 -27
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +4 -11
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +29 -41
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +1 -1
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +6 -11
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +8 -15
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +2 -6
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +1 -4
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +7 -11
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +9 -14
- data/src/core/lib/security/security_connector/ssl_utils.cc +5 -7
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +21 -27
- data/src/core/lib/security/transport/client_auth_filter.cc +1 -1
- data/src/core/lib/security/transport/secure_endpoint.cc +26 -28
- data/src/core/lib/security/transport/security_handshaker.cc +53 -53
- data/src/core/lib/security/transport/server_auth_filter.cc +21 -21
- data/src/core/lib/security/transport/tsi_error.cc +6 -3
- data/src/core/lib/security/util/json_util.cc +4 -5
- data/src/core/lib/service_config/service_config.h +1 -1
- data/src/core/lib/service_config/service_config_impl.cc +111 -158
- data/src/core/lib/service_config/service_config_impl.h +14 -17
- data/src/core/lib/service_config/service_config_parser.cc +14 -31
- data/src/core/lib/service_config/service_config_parser.h +14 -10
- data/src/core/lib/slice/b64.cc +2 -2
- data/src/core/lib/slice/slice.cc +7 -1
- data/src/core/lib/slice/slice.h +19 -6
- data/src/core/lib/slice/slice_buffer.cc +13 -14
- data/src/core/lib/slice/slice_internal.h +13 -21
- data/src/core/lib/slice/slice_refcount.h +34 -19
- data/src/core/lib/surface/byte_buffer.cc +3 -4
- data/src/core/lib/surface/byte_buffer_reader.cc +4 -4
- data/src/core/lib/surface/call.cc +1366 -239
- data/src/core/lib/surface/call.h +44 -0
- data/src/core/lib/surface/call_details.cc +3 -3
- data/src/core/lib/surface/call_trace.cc +113 -0
- data/src/core/lib/surface/call_trace.h +30 -0
- data/src/core/lib/surface/channel.cc +44 -49
- data/src/core/lib/surface/channel.h +9 -1
- data/src/core/lib/surface/channel_ping.cc +1 -1
- data/src/core/lib/surface/channel_stack_type.cc +4 -0
- data/src/core/lib/surface/channel_stack_type.h +2 -0
- data/src/core/lib/surface/completion_queue.cc +38 -52
- data/src/core/lib/surface/init.cc +8 -39
- data/src/core/lib/surface/init_internally.h +8 -0
- data/src/core/lib/surface/lame_client.cc +10 -8
- data/src/core/lib/surface/server.cc +48 -70
- data/src/core/lib/surface/server.h +3 -4
- data/src/core/lib/surface/validate_metadata.cc +11 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/connectivity_state.cc +2 -2
- data/src/core/lib/transport/error_utils.cc +34 -28
- data/src/core/lib/transport/error_utils.h +3 -3
- data/src/core/lib/transport/handshaker.cc +14 -14
- data/src/core/lib/transport/handshaker.h +1 -1
- data/src/core/lib/transport/handshaker_factory.h +26 -0
- data/src/core/lib/transport/handshaker_registry.cc +8 -2
- data/src/core/lib/transport/handshaker_registry.h +3 -4
- data/src/core/lib/transport/http_connect_handshaker.cc +23 -24
- data/src/core/lib/transport/metadata_batch.h +17 -1
- data/src/core/lib/transport/parsed_metadata.cc +2 -6
- data/src/core/lib/transport/tcp_connect_handshaker.cc +15 -20
- data/src/core/lib/transport/transport.cc +63 -17
- data/src/core/lib/transport/transport.h +64 -68
- data/src/core/lib/transport/transport_impl.h +1 -1
- data/src/core/lib/transport/transport_op_string.cc +7 -6
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -10
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -14
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +10 -10
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +8 -8
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +2 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +7 -7
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +7 -6
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +1 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +5 -5
- data/src/core/tsi/fake_transport_security.cc +3 -3
- data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc +7 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +6 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +0 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +0 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/channel_spec.rb +0 -43
- data/src/ruby/spec/generic/active_call_spec.rb +12 -3
- data/third_party/abseil-cpp/absl/cleanup/cleanup.h +140 -0
- data/third_party/abseil-cpp/absl/cleanup/internal/cleanup.h +100 -0
- data/third_party/zlib/compress.c +3 -3
- data/third_party/zlib/crc32.c +21 -12
- data/third_party/zlib/deflate.c +112 -106
- data/third_party/zlib/deflate.h +2 -2
- data/third_party/zlib/gzlib.c +1 -1
- data/third_party/zlib/gzread.c +3 -5
- data/third_party/zlib/gzwrite.c +1 -1
- data/third_party/zlib/infback.c +10 -7
- data/third_party/zlib/inflate.c +5 -2
- data/third_party/zlib/inftrees.c +2 -2
- data/third_party/zlib/inftrees.h +1 -1
- data/third_party/zlib/trees.c +61 -62
- data/third_party/zlib/uncompr.c +2 -2
- data/third_party/zlib/zconf.h +16 -3
- data/third_party/zlib/zlib.h +10 -10
- data/third_party/zlib/zutil.c +9 -7
- data/third_party/zlib/zutil.h +1 -0
- metadata +57 -20
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +0 -188
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +0 -187
- data/src/core/lib/event_engine/executor/threaded_executor.h +0 -44
- data/src/core/lib/gpr/murmur_hash.cc +0 -82
- data/src/core/lib/gpr/murmur_hash.h +0 -29
- data/src/core/lib/gpr/tls.h +0 -156
- data/src/core/lib/promise/call_push_pull.h +0 -148
- data/src/core/lib/slice/slice_api.cc +0 -39
- data/src/core/lib/slice/slice_buffer_api.cc +0 -35
- data/src/core/lib/slice/slice_refcount_base.h +0 -60
@@ -21,7 +21,6 @@
|
|
21
21
|
#include <algorithm>
|
22
22
|
#include <string>
|
23
23
|
|
24
|
-
#include "absl/memory/memory.h"
|
25
24
|
#include "absl/status/status.h"
|
26
25
|
#include "absl/status/statusor.h"
|
27
26
|
#include "absl/strings/string_view.h"
|
@@ -39,38 +38,40 @@ std::unique_ptr<AuthorizationMatcher> AuthorizationMatcher::Create(
|
|
39
38
|
switch (permission.type) {
|
40
39
|
case Rbac::Permission::RuleType::kAnd: {
|
41
40
|
std::vector<std::unique_ptr<AuthorizationMatcher>> matchers;
|
41
|
+
matchers.reserve(permission.permissions.size());
|
42
42
|
for (const auto& rule : permission.permissions) {
|
43
43
|
matchers.push_back(AuthorizationMatcher::Create(std::move(*rule)));
|
44
44
|
}
|
45
|
-
return
|
45
|
+
return std::make_unique<AndAuthorizationMatcher>(std::move(matchers));
|
46
46
|
}
|
47
47
|
case Rbac::Permission::RuleType::kOr: {
|
48
48
|
std::vector<std::unique_ptr<AuthorizationMatcher>> matchers;
|
49
|
+
matchers.reserve(permission.permissions.size());
|
49
50
|
for (const auto& rule : permission.permissions) {
|
50
51
|
matchers.push_back(AuthorizationMatcher::Create(std::move(*rule)));
|
51
52
|
}
|
52
|
-
return
|
53
|
+
return std::make_unique<OrAuthorizationMatcher>(std::move(matchers));
|
53
54
|
}
|
54
55
|
case Rbac::Permission::RuleType::kNot:
|
55
|
-
return
|
56
|
+
return std::make_unique<NotAuthorizationMatcher>(
|
56
57
|
AuthorizationMatcher::Create(std::move(*permission.permissions[0])));
|
57
58
|
case Rbac::Permission::RuleType::kAny:
|
58
|
-
return
|
59
|
+
return std::make_unique<AlwaysAuthorizationMatcher>();
|
59
60
|
case Rbac::Permission::RuleType::kHeader:
|
60
|
-
return
|
61
|
+
return std::make_unique<HeaderAuthorizationMatcher>(
|
61
62
|
std::move(permission.header_matcher));
|
62
63
|
case Rbac::Permission::RuleType::kPath:
|
63
|
-
return
|
64
|
+
return std::make_unique<PathAuthorizationMatcher>(
|
64
65
|
std::move(permission.string_matcher));
|
65
66
|
case Rbac::Permission::RuleType::kDestIp:
|
66
|
-
return
|
67
|
+
return std::make_unique<IpAuthorizationMatcher>(
|
67
68
|
IpAuthorizationMatcher::Type::kDestIp, std::move(permission.ip));
|
68
69
|
case Rbac::Permission::RuleType::kDestPort:
|
69
|
-
return
|
70
|
+
return std::make_unique<PortAuthorizationMatcher>(permission.port);
|
70
71
|
case Rbac::Permission::RuleType::kMetadata:
|
71
|
-
return
|
72
|
+
return std::make_unique<MetadataAuthorizationMatcher>(permission.invert);
|
72
73
|
case Rbac::Permission::RuleType::kReqServerName:
|
73
|
-
return
|
74
|
+
return std::make_unique<ReqServerNameAuthorizationMatcher>(
|
74
75
|
std::move(permission.string_matcher));
|
75
76
|
}
|
76
77
|
return nullptr;
|
@@ -81,44 +82,46 @@ std::unique_ptr<AuthorizationMatcher> AuthorizationMatcher::Create(
|
|
81
82
|
switch (principal.type) {
|
82
83
|
case Rbac::Principal::RuleType::kAnd: {
|
83
84
|
std::vector<std::unique_ptr<AuthorizationMatcher>> matchers;
|
85
|
+
matchers.reserve(principal.principals.size());
|
84
86
|
for (const auto& id : principal.principals) {
|
85
87
|
matchers.push_back(AuthorizationMatcher::Create(std::move(*id)));
|
86
88
|
}
|
87
|
-
return
|
89
|
+
return std::make_unique<AndAuthorizationMatcher>(std::move(matchers));
|
88
90
|
}
|
89
91
|
case Rbac::Principal::RuleType::kOr: {
|
90
92
|
std::vector<std::unique_ptr<AuthorizationMatcher>> matchers;
|
93
|
+
matchers.reserve(principal.principals.size());
|
91
94
|
for (const auto& id : principal.principals) {
|
92
95
|
matchers.push_back(AuthorizationMatcher::Create(std::move(*id)));
|
93
96
|
}
|
94
|
-
return
|
97
|
+
return std::make_unique<OrAuthorizationMatcher>(std::move(matchers));
|
95
98
|
}
|
96
99
|
case Rbac::Principal::RuleType::kNot:
|
97
|
-
return
|
100
|
+
return std::make_unique<NotAuthorizationMatcher>(
|
98
101
|
AuthorizationMatcher::Create(std::move(*principal.principals[0])));
|
99
102
|
case Rbac::Principal::RuleType::kAny:
|
100
|
-
return
|
103
|
+
return std::make_unique<AlwaysAuthorizationMatcher>();
|
101
104
|
case Rbac::Principal::RuleType::kPrincipalName:
|
102
|
-
return
|
105
|
+
return std::make_unique<AuthenticatedAuthorizationMatcher>(
|
103
106
|
std::move(principal.string_matcher));
|
104
107
|
case Rbac::Principal::RuleType::kSourceIp:
|
105
|
-
return
|
108
|
+
return std::make_unique<IpAuthorizationMatcher>(
|
106
109
|
IpAuthorizationMatcher::Type::kSourceIp, std::move(principal.ip));
|
107
110
|
case Rbac::Principal::RuleType::kDirectRemoteIp:
|
108
|
-
return
|
111
|
+
return std::make_unique<IpAuthorizationMatcher>(
|
109
112
|
IpAuthorizationMatcher::Type::kDirectRemoteIp,
|
110
113
|
std::move(principal.ip));
|
111
114
|
case Rbac::Principal::RuleType::kRemoteIp:
|
112
|
-
return
|
115
|
+
return std::make_unique<IpAuthorizationMatcher>(
|
113
116
|
IpAuthorizationMatcher::Type::kRemoteIp, std::move(principal.ip));
|
114
117
|
case Rbac::Principal::RuleType::kHeader:
|
115
|
-
return
|
118
|
+
return std::make_unique<HeaderAuthorizationMatcher>(
|
116
119
|
std::move(principal.header_matcher));
|
117
120
|
case Rbac::Principal::RuleType::kPath:
|
118
|
-
return
|
121
|
+
return std::make_unique<PathAuthorizationMatcher>(
|
119
122
|
std::move(principal.string_matcher.value()));
|
120
123
|
case Rbac::Principal::RuleType::kMetadata:
|
121
|
-
return
|
124
|
+
return std::make_unique<MetadataAuthorizationMatcher>(principal.invert);
|
122
125
|
}
|
123
126
|
return nullptr;
|
124
127
|
}
|
@@ -19,7 +19,6 @@
|
|
19
19
|
#include <algorithm>
|
20
20
|
#include <utility>
|
21
21
|
|
22
|
-
#include "absl/memory/memory.h"
|
23
22
|
#include "absl/strings/str_format.h"
|
24
23
|
#include "absl/strings/str_join.h"
|
25
24
|
|
@@ -99,7 +98,7 @@ Rbac::Permission Rbac::Permission::MakeNotPermission(Permission permission) {
|
|
99
98
|
Permission not_permission;
|
100
99
|
not_permission.type = Permission::RuleType::kNot;
|
101
100
|
not_permission.permissions.push_back(
|
102
|
-
|
101
|
+
std::make_unique<Rbac::Permission>(std::move(permission)));
|
103
102
|
return not_permission;
|
104
103
|
}
|
105
104
|
|
@@ -271,7 +270,7 @@ Rbac::Principal Rbac::Principal::MakeNotPrincipal(Principal principal) {
|
|
271
270
|
Principal not_principal;
|
272
271
|
not_principal.type = Principal::RuleType::kNot;
|
273
272
|
not_principal.principals.push_back(
|
274
|
-
|
273
|
+
std::make_unique<Rbac::Principal>(std::move(principal)));
|
275
274
|
return not_principal;
|
276
275
|
}
|
277
276
|
|
@@ -23,6 +23,7 @@
|
|
23
23
|
|
24
24
|
#include <stddef.h>
|
25
25
|
|
26
|
+
#include <memory>
|
26
27
|
#include <utility>
|
27
28
|
|
28
29
|
#include "absl/strings/string_view.h"
|
@@ -64,6 +65,11 @@ struct grpc_auth_context
|
|
64
65
|
: public grpc_core::RefCounted<grpc_auth_context,
|
65
66
|
grpc_core::NonPolymorphicRefCount> {
|
66
67
|
public:
|
68
|
+
// Base class for all extensions to inherit from.
|
69
|
+
class Extension {
|
70
|
+
public:
|
71
|
+
virtual ~Extension() = default;
|
72
|
+
};
|
67
73
|
explicit grpc_auth_context(
|
68
74
|
grpc_core::RefCountedPtr<grpc_auth_context> chained)
|
69
75
|
: grpc_core::RefCounted<grpc_auth_context,
|
@@ -105,6 +111,9 @@ struct grpc_auth_context
|
|
105
111
|
void set_peer_identity_property_name(const char* name) {
|
106
112
|
peer_identity_property_name_ = name;
|
107
113
|
}
|
114
|
+
void set_extension(std::unique_ptr<Extension> extension) {
|
115
|
+
extension_ = std::move(extension);
|
116
|
+
}
|
108
117
|
|
109
118
|
void ensure_capacity();
|
110
119
|
void add_property(const char* name, const char* value, size_t value_length);
|
@@ -114,6 +123,7 @@ struct grpc_auth_context
|
|
114
123
|
grpc_core::RefCountedPtr<grpc_auth_context> chained_;
|
115
124
|
grpc_auth_property_array properties_;
|
116
125
|
const char* peer_identity_property_name_ = nullptr;
|
126
|
+
std::unique_ptr<Extension> extension_;
|
117
127
|
};
|
118
128
|
|
119
129
|
/* --- grpc_security_context_extension ---
|
@@ -20,7 +20,6 @@
|
|
20
20
|
|
21
21
|
#include <memory>
|
22
22
|
|
23
|
-
#include "absl/memory/memory.h"
|
24
23
|
#include "absl/strings/string_view.h"
|
25
24
|
|
26
25
|
#include <grpc/grpc.h>
|
@@ -71,11 +70,11 @@ class FakeChannelCredsFactory : public ChannelCredsFactory<> {
|
|
71
70
|
|
72
71
|
void RegisterChannelDefaultCreds(CoreConfiguration::Builder* builder) {
|
73
72
|
builder->channel_creds_registry()->RegisterChannelCredsFactory(
|
74
|
-
|
73
|
+
std::make_unique<GoogleDefaultChannelCredsFactory>());
|
75
74
|
builder->channel_creds_registry()->RegisterChannelCredsFactory(
|
76
|
-
|
75
|
+
std::make_unique<InsecureChannelCredsFactory>());
|
77
76
|
builder->channel_creds_registry()->RegisterChannelCredsFactory(
|
78
|
-
|
77
|
+
std::make_unique<FakeChannelCredsFactory>());
|
79
78
|
}
|
80
79
|
|
81
80
|
} // namespace grpc_core
|
@@ -21,6 +21,7 @@
|
|
21
21
|
#include "src/core/lib/security/credentials/composite/composite_credentials.h"
|
22
22
|
|
23
23
|
#include <cstring>
|
24
|
+
#include <memory>
|
24
25
|
#include <vector>
|
25
26
|
|
26
27
|
#include "absl/strings/str_cat.h"
|
@@ -33,7 +34,6 @@
|
|
33
34
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
34
35
|
#include "src/core/lib/promise/try_seq.h"
|
35
36
|
#include "src/core/lib/surface/api_trace.h"
|
36
|
-
#include "src/core/lib/transport/transport.h"
|
37
37
|
|
38
38
|
//
|
39
39
|
// grpc_composite_channel_credentials
|
@@ -22,7 +22,6 @@
|
|
22
22
|
#include <map>
|
23
23
|
#include <utility>
|
24
24
|
|
25
|
-
#include "absl/memory/memory.h"
|
26
25
|
#include "absl/status/status.h"
|
27
26
|
#include "absl/status/statusor.h"
|
28
27
|
#include "absl/strings/str_cat.h"
|
@@ -38,6 +37,7 @@
|
|
38
37
|
#include <grpc/support/string_util.h>
|
39
38
|
|
40
39
|
#include "src/core/lib/gprpp/env.h"
|
40
|
+
#include "src/core/lib/gprpp/host_port.h"
|
41
41
|
#include "src/core/lib/http/httpcli_ssl_credentials.h"
|
42
42
|
#include "src/core/lib/iomgr/closure.h"
|
43
43
|
#include "src/core/lib/json/json.h"
|
@@ -48,6 +48,9 @@ namespace grpc_core {
|
|
48
48
|
|
49
49
|
namespace {
|
50
50
|
|
51
|
+
const char* awsEc2MetadataIpv4Address = "169.254.169.254";
|
52
|
+
const char* awsEc2MetadataIpv6Address = "fd00:ec2::254";
|
53
|
+
|
51
54
|
const char* kExpectedEnvironmentId = "aws1";
|
52
55
|
|
53
56
|
const char* kRegionEnvVar = "AWS_REGION";
|
@@ -74,6 +77,15 @@ std::string UrlEncode(const absl::string_view& s) {
|
|
74
77
|
return result;
|
75
78
|
}
|
76
79
|
|
80
|
+
bool ValidateAwsUrl(const std::string& urlString) {
|
81
|
+
absl::StatusOr<URI> url = URI::Parse(urlString);
|
82
|
+
if (!url.ok()) return false;
|
83
|
+
absl::string_view host;
|
84
|
+
absl::string_view port;
|
85
|
+
SplitHostPort(url->authority(), &host, &port);
|
86
|
+
return host == awsEc2MetadataIpv4Address || host == awsEc2MetadataIpv6Address;
|
87
|
+
}
|
88
|
+
|
77
89
|
} // namespace
|
78
90
|
|
79
91
|
RefCountedPtr<AwsExternalAccountCredentials>
|
@@ -82,7 +94,7 @@ AwsExternalAccountCredentials::Create(Options options,
|
|
82
94
|
grpc_error_handle* error) {
|
83
95
|
auto creds = MakeRefCounted<AwsExternalAccountCredentials>(
|
84
96
|
std::move(options), std::move(scopes), error);
|
85
|
-
if (
|
97
|
+
if (error->ok()) {
|
86
98
|
return creds;
|
87
99
|
} else {
|
88
100
|
return nullptr;
|
@@ -95,46 +107,53 @@ AwsExternalAccountCredentials::AwsExternalAccountCredentials(
|
|
95
107
|
audience_ = options.audience;
|
96
108
|
auto it = options.credential_source.object_value().find("environment_id");
|
97
109
|
if (it == options.credential_source.object_value().end()) {
|
98
|
-
*error =
|
99
|
-
"environment_id field not present.");
|
110
|
+
*error = GRPC_ERROR_CREATE("environment_id field not present.");
|
100
111
|
return;
|
101
112
|
}
|
102
113
|
if (it->second.type() != Json::Type::STRING) {
|
103
|
-
*error =
|
104
|
-
"environment_id field must be a string.");
|
114
|
+
*error = GRPC_ERROR_CREATE("environment_id field must be a string.");
|
105
115
|
return;
|
106
116
|
}
|
107
117
|
if (it->second.string_value() != kExpectedEnvironmentId) {
|
108
|
-
*error =
|
109
|
-
GRPC_ERROR_CREATE_FROM_STATIC_STRING("environment_id does not match.");
|
118
|
+
*error = GRPC_ERROR_CREATE("environment_id does not match.");
|
110
119
|
return;
|
111
120
|
}
|
112
121
|
it = options.credential_source.object_value().find("region_url");
|
113
122
|
if (it == options.credential_source.object_value().end()) {
|
114
|
-
*error =
|
115
|
-
GRPC_ERROR_CREATE_FROM_STATIC_STRING("region_url field not present.");
|
123
|
+
*error = GRPC_ERROR_CREATE("region_url field not present.");
|
116
124
|
return;
|
117
125
|
}
|
118
126
|
if (it->second.type() != Json::Type::STRING) {
|
119
|
-
*error =
|
120
|
-
"region_url field must be a string.");
|
127
|
+
*error = GRPC_ERROR_CREATE("region_url field must be a string.");
|
121
128
|
return;
|
122
129
|
}
|
123
130
|
region_url_ = it->second.string_value();
|
131
|
+
if (!ValidateAwsUrl(region_url_)) {
|
132
|
+
*error = GRPC_ERROR_CREATE(absl::StrFormat(
|
133
|
+
"Invalid host for region_url field, expecting %s or %s.",
|
134
|
+
awsEc2MetadataIpv4Address, awsEc2MetadataIpv6Address));
|
135
|
+
return;
|
136
|
+
}
|
124
137
|
it = options.credential_source.object_value().find("url");
|
125
138
|
if (it != options.credential_source.object_value().end() &&
|
126
139
|
it->second.type() == Json::Type::STRING) {
|
127
140
|
url_ = it->second.string_value();
|
141
|
+
if (!ValidateAwsUrl(url_)) {
|
142
|
+
*error = GRPC_ERROR_CREATE(absl::StrFormat(
|
143
|
+
"Invalid host for url field, expecting %s or %s.",
|
144
|
+
awsEc2MetadataIpv4Address, awsEc2MetadataIpv6Address));
|
145
|
+
return;
|
146
|
+
}
|
128
147
|
}
|
129
148
|
it = options.credential_source.object_value().find(
|
130
149
|
"regional_cred_verification_url");
|
131
150
|
if (it == options.credential_source.object_value().end()) {
|
132
|
-
*error =
|
133
|
-
"regional_cred_verification_url field not present.");
|
151
|
+
*error =
|
152
|
+
GRPC_ERROR_CREATE("regional_cred_verification_url field not present.");
|
134
153
|
return;
|
135
154
|
}
|
136
155
|
if (it->second.type() != Json::Type::STRING) {
|
137
|
-
*error =
|
156
|
+
*error = GRPC_ERROR_CREATE(
|
138
157
|
"regional_cred_verification_url field must be a string.");
|
139
158
|
return;
|
140
159
|
}
|
@@ -144,6 +163,13 @@ AwsExternalAccountCredentials::AwsExternalAccountCredentials(
|
|
144
163
|
if (it != options.credential_source.object_value().end() &&
|
145
164
|
it->second.type() == Json::Type::STRING) {
|
146
165
|
imdsv2_session_token_url_ = it->second.string_value();
|
166
|
+
if (!ValidateAwsUrl(imdsv2_session_token_url_)) {
|
167
|
+
*error = GRPC_ERROR_CREATE(absl::StrFormat(
|
168
|
+
"Invalid host for imdsv2_session_token_url field, expecting %s or "
|
169
|
+
"%s.",
|
170
|
+
awsEc2MetadataIpv4Address, awsEc2MetadataIpv6Address));
|
171
|
+
return;
|
172
|
+
}
|
147
173
|
}
|
148
174
|
}
|
149
175
|
|
@@ -153,7 +179,7 @@ void AwsExternalAccountCredentials::RetrieveSubjectToken(
|
|
153
179
|
if (ctx == nullptr) {
|
154
180
|
FinishRetrieveSubjectToken(
|
155
181
|
"",
|
156
|
-
|
182
|
+
GRPC_ERROR_CREATE(
|
157
183
|
"Missing HTTPRequestContext to start subject token retrieval."));
|
158
184
|
return;
|
159
185
|
}
|
@@ -204,12 +230,12 @@ void AwsExternalAccountCredentials::OnRetrieveImdsV2SessionToken(
|
|
204
230
|
void* arg, grpc_error_handle error) {
|
205
231
|
AwsExternalAccountCredentials* self =
|
206
232
|
static_cast<AwsExternalAccountCredentials*>(arg);
|
207
|
-
self->OnRetrieveImdsV2SessionTokenInternal(
|
233
|
+
self->OnRetrieveImdsV2SessionTokenInternal(error);
|
208
234
|
}
|
209
235
|
|
210
236
|
void AwsExternalAccountCredentials::OnRetrieveImdsV2SessionTokenInternal(
|
211
237
|
grpc_error_handle error) {
|
212
|
-
if (!
|
238
|
+
if (!error.ok()) {
|
213
239
|
FinishRetrieveSubjectToken("", error);
|
214
240
|
return;
|
215
241
|
}
|
@@ -253,8 +279,8 @@ void AwsExternalAccountCredentials::RetrieveRegion() {
|
|
253
279
|
absl::StatusOr<URI> uri = URI::Parse(region_url_);
|
254
280
|
if (!uri.ok()) {
|
255
281
|
FinishRetrieveSubjectToken(
|
256
|
-
"",
|
257
|
-
|
282
|
+
"", GRPC_ERROR_CREATE(absl::StrFormat("Invalid region url. %s",
|
283
|
+
uri.status().ToString())));
|
258
284
|
return;
|
259
285
|
}
|
260
286
|
grpc_http_request request;
|
@@ -282,12 +308,12 @@ void AwsExternalAccountCredentials::OnRetrieveRegion(void* arg,
|
|
282
308
|
grpc_error_handle error) {
|
283
309
|
AwsExternalAccountCredentials* self =
|
284
310
|
static_cast<AwsExternalAccountCredentials*>(arg);
|
285
|
-
self->OnRetrieveRegionInternal(
|
311
|
+
self->OnRetrieveRegionInternal(error);
|
286
312
|
}
|
287
313
|
|
288
314
|
void AwsExternalAccountCredentials::OnRetrieveRegionInternal(
|
289
315
|
grpc_error_handle error) {
|
290
|
-
if (!
|
316
|
+
if (!error.ok()) {
|
291
317
|
FinishRetrieveSubjectToken("", error);
|
292
318
|
return;
|
293
319
|
}
|
@@ -306,7 +332,7 @@ void AwsExternalAccountCredentials::RetrieveRoleName() {
|
|
306
332
|
absl::StatusOr<URI> uri = URI::Parse(url_);
|
307
333
|
if (!uri.ok()) {
|
308
334
|
FinishRetrieveSubjectToken(
|
309
|
-
"",
|
335
|
+
"", GRPC_ERROR_CREATE(
|
310
336
|
absl::StrFormat("Invalid url: %s.", uri.status().ToString())));
|
311
337
|
return;
|
312
338
|
}
|
@@ -336,12 +362,12 @@ void AwsExternalAccountCredentials::OnRetrieveRoleName(
|
|
336
362
|
void* arg, grpc_error_handle error) {
|
337
363
|
AwsExternalAccountCredentials* self =
|
338
364
|
static_cast<AwsExternalAccountCredentials*>(arg);
|
339
|
-
self->OnRetrieveRoleNameInternal(
|
365
|
+
self->OnRetrieveRoleNameInternal(error);
|
340
366
|
}
|
341
367
|
|
342
368
|
void AwsExternalAccountCredentials::OnRetrieveRoleNameInternal(
|
343
369
|
grpc_error_handle error) {
|
344
|
-
if (!
|
370
|
+
if (!error.ok()) {
|
345
371
|
FinishRetrieveSubjectToken("", error);
|
346
372
|
return;
|
347
373
|
}
|
@@ -363,16 +389,16 @@ void AwsExternalAccountCredentials::RetrieveSigningKeys() {
|
|
363
389
|
}
|
364
390
|
if (role_name_.empty()) {
|
365
391
|
FinishRetrieveSubjectToken(
|
366
|
-
"",
|
367
|
-
|
392
|
+
"",
|
393
|
+
GRPC_ERROR_CREATE("Missing role name when retrieving signing keys."));
|
368
394
|
return;
|
369
395
|
}
|
370
396
|
std::string url_with_role_name = absl::StrCat(url_, "/", role_name_);
|
371
397
|
absl::StatusOr<URI> uri = URI::Parse(url_with_role_name);
|
372
398
|
if (!uri.ok()) {
|
373
399
|
FinishRetrieveSubjectToken(
|
374
|
-
"",
|
375
|
-
|
400
|
+
"", GRPC_ERROR_CREATE(absl::StrFormat("Invalid url with role name: %s.",
|
401
|
+
uri.status().ToString())));
|
376
402
|
return;
|
377
403
|
}
|
378
404
|
grpc_http_request request;
|
@@ -401,12 +427,12 @@ void AwsExternalAccountCredentials::OnRetrieveSigningKeys(
|
|
401
427
|
void* arg, grpc_error_handle error) {
|
402
428
|
AwsExternalAccountCredentials* self =
|
403
429
|
static_cast<AwsExternalAccountCredentials*>(arg);
|
404
|
-
self->OnRetrieveSigningKeysInternal(
|
430
|
+
self->OnRetrieveSigningKeysInternal(error);
|
405
431
|
}
|
406
432
|
|
407
433
|
void AwsExternalAccountCredentials::OnRetrieveSigningKeysInternal(
|
408
434
|
grpc_error_handle error) {
|
409
|
-
if (!
|
435
|
+
if (!error.ok()) {
|
410
436
|
FinishRetrieveSubjectToken("", error);
|
411
437
|
return;
|
412
438
|
}
|
@@ -415,16 +441,15 @@ void AwsExternalAccountCredentials::OnRetrieveSigningKeysInternal(
|
|
415
441
|
auto json = Json::Parse(response_body);
|
416
442
|
if (!json.ok()) {
|
417
443
|
FinishRetrieveSubjectToken(
|
418
|
-
"",
|
444
|
+
"", GRPC_ERROR_CREATE(
|
419
445
|
absl::StrCat("Invalid retrieve signing keys response: ",
|
420
446
|
json.status().ToString())));
|
421
447
|
return;
|
422
448
|
}
|
423
449
|
if (json->type() != Json::Type::OBJECT) {
|
424
|
-
FinishRetrieveSubjectToken(
|
425
|
-
|
426
|
-
|
427
|
-
"JSON type is not object"));
|
450
|
+
FinishRetrieveSubjectToken(
|
451
|
+
"", GRPC_ERROR_CREATE("Invalid retrieve signing keys response: "
|
452
|
+
"JSON type is not object"));
|
428
453
|
return;
|
429
454
|
}
|
430
455
|
auto it = json->object_value().find("AccessKeyId");
|
@@ -433,7 +458,7 @@ void AwsExternalAccountCredentials::OnRetrieveSigningKeysInternal(
|
|
433
458
|
access_key_id_ = it->second.string_value();
|
434
459
|
} else {
|
435
460
|
FinishRetrieveSubjectToken(
|
436
|
-
"",
|
461
|
+
"", GRPC_ERROR_CREATE(absl::StrFormat(
|
437
462
|
"Missing or invalid AccessKeyId in %s.", response_body)));
|
438
463
|
return;
|
439
464
|
}
|
@@ -443,7 +468,7 @@ void AwsExternalAccountCredentials::OnRetrieveSigningKeysInternal(
|
|
443
468
|
secret_access_key_ = it->second.string_value();
|
444
469
|
} else {
|
445
470
|
FinishRetrieveSubjectToken(
|
446
|
-
"",
|
471
|
+
"", GRPC_ERROR_CREATE(absl::StrFormat(
|
447
472
|
"Missing or invalid SecretAccessKey in %s.", response_body)));
|
448
473
|
return;
|
449
474
|
}
|
@@ -453,38 +478,35 @@ void AwsExternalAccountCredentials::OnRetrieveSigningKeysInternal(
|
|
453
478
|
token_ = it->second.string_value();
|
454
479
|
} else {
|
455
480
|
FinishRetrieveSubjectToken(
|
456
|
-
"",
|
457
|
-
|
481
|
+
"", GRPC_ERROR_CREATE(absl::StrFormat("Missing or invalid Token in %s.",
|
482
|
+
response_body)));
|
458
483
|
return;
|
459
484
|
}
|
460
485
|
BuildSubjectToken();
|
461
486
|
}
|
462
487
|
|
463
488
|
void AwsExternalAccountCredentials::BuildSubjectToken() {
|
464
|
-
grpc_error_handle error
|
489
|
+
grpc_error_handle error;
|
465
490
|
if (signer_ == nullptr) {
|
466
491
|
cred_verification_url_ = absl::StrReplaceAll(
|
467
492
|
regional_cred_verification_url_, {{"{region}", region_}});
|
468
|
-
signer_ =
|
493
|
+
signer_ = std::make_unique<AwsRequestSigner>(
|
469
494
|
access_key_id_, secret_access_key_, token_, "POST",
|
470
495
|
cred_verification_url_, region_, "",
|
471
496
|
std::map<std::string, std::string>(), &error);
|
472
|
-
if (!
|
497
|
+
if (!error.ok()) {
|
473
498
|
FinishRetrieveSubjectToken(
|
474
|
-
"",
|
499
|
+
"", GRPC_ERROR_CREATE_REFERENCING(
|
475
500
|
"Creating aws request signer failed.", &error, 1));
|
476
|
-
GRPC_ERROR_UNREF(error);
|
477
501
|
return;
|
478
502
|
}
|
479
503
|
}
|
480
504
|
auto signed_headers = signer_->GetSignedRequestHeaders();
|
481
|
-
if (!
|
482
|
-
FinishRetrieveSubjectToken(
|
483
|
-
|
484
|
-
|
485
|
-
|
486
|
-
&error, 1));
|
487
|
-
GRPC_ERROR_UNREF(error);
|
505
|
+
if (!error.ok()) {
|
506
|
+
FinishRetrieveSubjectToken(
|
507
|
+
"", GRPC_ERROR_CREATE_REFERENCING("Invalid getting signed request"
|
508
|
+
"headers.",
|
509
|
+
&error, 1));
|
488
510
|
return;
|
489
511
|
}
|
490
512
|
// Construct subject token
|
@@ -503,7 +525,7 @@ void AwsExternalAccountCredentials::BuildSubjectToken() {
|
|
503
525
|
{"headers", Json(headers)}};
|
504
526
|
Json subject_token_json(object);
|
505
527
|
std::string subject_token = UrlEncode(subject_token_json.Dump());
|
506
|
-
FinishRetrieveSubjectToken(subject_token,
|
528
|
+
FinishRetrieveSubjectToken(subject_token, absl::OkStatus());
|
507
529
|
}
|
508
530
|
|
509
531
|
void AwsExternalAccountCredentials::FinishRetrieveSubjectToken(
|
@@ -514,10 +536,10 @@ void AwsExternalAccountCredentials::FinishRetrieveSubjectToken(
|
|
514
536
|
auto cb = cb_;
|
515
537
|
cb_ = nullptr;
|
516
538
|
// Invoke the callback.
|
517
|
-
if (!
|
539
|
+
if (!error.ok()) {
|
518
540
|
cb("", error);
|
519
541
|
} else {
|
520
|
-
cb(subject_token,
|
542
|
+
cb(subject_token, absl::OkStatus());
|
521
543
|
}
|
522
544
|
}
|
523
545
|
|
@@ -88,7 +88,7 @@ AwsRequestSigner::AwsRequestSigner(
|
|
88
88
|
auto date_it = additional_headers_.find("date");
|
89
89
|
if (amz_date_it != additional_headers_.end() &&
|
90
90
|
date_it != additional_headers_.end()) {
|
91
|
-
*error =
|
91
|
+
*error = GRPC_ERROR_CREATE(
|
92
92
|
"Only one of {date, x-amz-date} can be specified, not both.");
|
93
93
|
return;
|
94
94
|
}
|
@@ -99,7 +99,7 @@ AwsRequestSigner::AwsRequestSigner(
|
|
99
99
|
std::string err_str;
|
100
100
|
if (!absl::ParseTime(kDateFormat, date_it->second, &request_date,
|
101
101
|
&err_str)) {
|
102
|
-
*error =
|
102
|
+
*error = GRPC_ERROR_CREATE(err_str.c_str());
|
103
103
|
return;
|
104
104
|
}
|
105
105
|
static_request_date_ =
|
@@ -107,7 +107,7 @@ AwsRequestSigner::AwsRequestSigner(
|
|
107
107
|
}
|
108
108
|
absl::StatusOr<URI> tmp_url = URI::Parse(url);
|
109
109
|
if (!tmp_url.ok()) {
|
110
|
-
*error =
|
110
|
+
*error = GRPC_ERROR_CREATE("Invalid Aws request url.");
|
111
111
|
return;
|
112
112
|
}
|
113
113
|
url_ = tmp_url.value();
|
@@ -170,6 +170,7 @@ std::map<std::string, std::string> AwsRequestSigner::GetSignedRequestHeaders() {
|
|
170
170
|
canonical_request_vector.emplace_back("\n");
|
171
171
|
// 5. SignedHeaders
|
172
172
|
std::vector<absl::string_view> signed_headers_vector;
|
173
|
+
signed_headers_vector.reserve(request_headers_.size());
|
173
174
|
for (const auto& header : request_headers_) {
|
174
175
|
signed_headers_vector.emplace_back(header.first);
|
175
176
|
}
|