RubyGems - grpc - Versions diffs - 1.50.0 → 1.51.0 - Mend

grpc 1.50.0 → 1.51.0

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (459) hide show

data/src/core/lib/security/authorization/matchers.cc CHANGED Viewed

@@ -21,7 +21,6 @@
 #include <algorithm>
 #include <string>
-#include "absl/memory/memory.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/string_view.h"
@@ -39,38 +38,40 @@ std::unique_ptr<AuthorizationMatcher> AuthorizationMatcher::Create(
   switch (permission.type) {
     case Rbac::Permission::RuleType::kAnd: {
       std::vector<std::unique_ptr<AuthorizationMatcher>> matchers;
+      matchers.reserve(permission.permissions.size());
       for (const auto& rule : permission.permissions) {
         matchers.push_back(AuthorizationMatcher::Create(std::move(*rule)));
       }
-      return absl::make_unique<AndAuthorizationMatcher>(std::move(matchers));
+      return std::make_unique<AndAuthorizationMatcher>(std::move(matchers));
     }
     case Rbac::Permission::RuleType::kOr: {
       std::vector<std::unique_ptr<AuthorizationMatcher>> matchers;
+      matchers.reserve(permission.permissions.size());
       for (const auto& rule : permission.permissions) {
         matchers.push_back(AuthorizationMatcher::Create(std::move(*rule)));
       }
-      return absl::make_unique<OrAuthorizationMatcher>(std::move(matchers));
+      return std::make_unique<OrAuthorizationMatcher>(std::move(matchers));
     }
     case Rbac::Permission::RuleType::kNot:
-      return absl::make_unique<NotAuthorizationMatcher>(
+      return std::make_unique<NotAuthorizationMatcher>(
           AuthorizationMatcher::Create(std::move(*permission.permissions[0])));
     case Rbac::Permission::RuleType::kAny:
-      return absl::make_unique<AlwaysAuthorizationMatcher>();
+      return std::make_unique<AlwaysAuthorizationMatcher>();
     case Rbac::Permission::RuleType::kHeader:
-      return absl::make_unique<HeaderAuthorizationMatcher>(
+      return std::make_unique<HeaderAuthorizationMatcher>(
           std::move(permission.header_matcher));
     case Rbac::Permission::RuleType::kPath:
-      return absl::make_unique<PathAuthorizationMatcher>(
+      return std::make_unique<PathAuthorizationMatcher>(
           std::move(permission.string_matcher));
     case Rbac::Permission::RuleType::kDestIp:
-      return absl::make_unique<IpAuthorizationMatcher>(
+      return std::make_unique<IpAuthorizationMatcher>(
           IpAuthorizationMatcher::Type::kDestIp, std::move(permission.ip));
     case Rbac::Permission::RuleType::kDestPort:
-      return absl::make_unique<PortAuthorizationMatcher>(permission.port);
+      return std::make_unique<PortAuthorizationMatcher>(permission.port);
     case Rbac::Permission::RuleType::kMetadata:
-      return absl::make_unique<MetadataAuthorizationMatcher>(permission.invert);
+      return std::make_unique<MetadataAuthorizationMatcher>(permission.invert);
     case Rbac::Permission::RuleType::kReqServerName:
-      return absl::make_unique<ReqServerNameAuthorizationMatcher>(
+      return std::make_unique<ReqServerNameAuthorizationMatcher>(
           std::move(permission.string_matcher));
   }
   return nullptr;
@@ -81,44 +82,46 @@ std::unique_ptr<AuthorizationMatcher> AuthorizationMatcher::Create(
   switch (principal.type) {
     case Rbac::Principal::RuleType::kAnd: {
       std::vector<std::unique_ptr<AuthorizationMatcher>> matchers;
+      matchers.reserve(principal.principals.size());
       for (const auto& id : principal.principals) {
         matchers.push_back(AuthorizationMatcher::Create(std::move(*id)));
       }
-      return absl::make_unique<AndAuthorizationMatcher>(std::move(matchers));
+      return std::make_unique<AndAuthorizationMatcher>(std::move(matchers));
     }
     case Rbac::Principal::RuleType::kOr: {
       std::vector<std::unique_ptr<AuthorizationMatcher>> matchers;
+      matchers.reserve(principal.principals.size());
       for (const auto& id : principal.principals) {
         matchers.push_back(AuthorizationMatcher::Create(std::move(*id)));
       }
-      return absl::make_unique<OrAuthorizationMatcher>(std::move(matchers));
+      return std::make_unique<OrAuthorizationMatcher>(std::move(matchers));
     }
     case Rbac::Principal::RuleType::kNot:
-      return absl::make_unique<NotAuthorizationMatcher>(
+      return std::make_unique<NotAuthorizationMatcher>(
           AuthorizationMatcher::Create(std::move(*principal.principals[0])));
     case Rbac::Principal::RuleType::kAny:
-      return absl::make_unique<AlwaysAuthorizationMatcher>();
+      return std::make_unique<AlwaysAuthorizationMatcher>();
     case Rbac::Principal::RuleType::kPrincipalName:
-      return absl::make_unique<AuthenticatedAuthorizationMatcher>(
+      return std::make_unique<AuthenticatedAuthorizationMatcher>(
           std::move(principal.string_matcher));
     case Rbac::Principal::RuleType::kSourceIp:
-      return absl::make_unique<IpAuthorizationMatcher>(
+      return std::make_unique<IpAuthorizationMatcher>(
           IpAuthorizationMatcher::Type::kSourceIp, std::move(principal.ip));
     case Rbac::Principal::RuleType::kDirectRemoteIp:
-      return absl::make_unique<IpAuthorizationMatcher>(
+      return std::make_unique<IpAuthorizationMatcher>(
           IpAuthorizationMatcher::Type::kDirectRemoteIp,
           std::move(principal.ip));
     case Rbac::Principal::RuleType::kRemoteIp:
-      return absl::make_unique<IpAuthorizationMatcher>(
+      return std::make_unique<IpAuthorizationMatcher>(
           IpAuthorizationMatcher::Type::kRemoteIp, std::move(principal.ip));
     case Rbac::Principal::RuleType::kHeader:
-      return absl::make_unique<HeaderAuthorizationMatcher>(
+      return std::make_unique<HeaderAuthorizationMatcher>(
           std::move(principal.header_matcher));
     case Rbac::Principal::RuleType::kPath:
-      return absl::make_unique<PathAuthorizationMatcher>(
+      return std::make_unique<PathAuthorizationMatcher>(
           std::move(principal.string_matcher.value()));
     case Rbac::Principal::RuleType::kMetadata:
-      return absl::make_unique<MetadataAuthorizationMatcher>(principal.invert);
+      return std::make_unique<MetadataAuthorizationMatcher>(principal.invert);
   }
   return nullptr;
 }

data/src/core/lib/security/authorization/rbac_policy.cc CHANGED Viewed

@@ -19,7 +19,6 @@
 #include <algorithm>
 #include <utility>
-#include "absl/memory/memory.h"
 #include "absl/strings/str_format.h"
 #include "absl/strings/str_join.h"
@@ -99,7 +98,7 @@ Rbac::Permission Rbac::Permission::MakeNotPermission(Permission permission) {
   Permission not_permission;
   not_permission.type = Permission::RuleType::kNot;
   not_permission.permissions.push_back(
-      absl::make_unique<Rbac::Permission>(std::move(permission)));
+      std::make_unique<Rbac::Permission>(std::move(permission)));
   return not_permission;
 }
@@ -271,7 +270,7 @@ Rbac::Principal Rbac::Principal::MakeNotPrincipal(Principal principal) {
   Principal not_principal;
   not_principal.type = Principal::RuleType::kNot;
   not_principal.principals.push_back(
-      absl::make_unique<Rbac::Principal>(std::move(principal)));
+      std::make_unique<Rbac::Principal>(std::move(principal)));
   return not_principal;
 }

data/src/core/lib/security/context/security_context.h CHANGED Viewed

@@ -23,6 +23,7 @@
 #include <stddef.h>
+#include <memory>
 #include <utility>
 #include "absl/strings/string_view.h"
@@ -64,6 +65,11 @@ struct grpc_auth_context
     : public grpc_core::RefCounted<grpc_auth_context,
                                    grpc_core::NonPolymorphicRefCount> {
  public:
+  // Base class for all extensions to inherit from.
+  class Extension {
+   public:
+    virtual ~Extension() = default;
+  };
   explicit grpc_auth_context(
       grpc_core::RefCountedPtr<grpc_auth_context> chained)
       : grpc_core::RefCounted<grpc_auth_context,
@@ -105,6 +111,9 @@ struct grpc_auth_context
   void set_peer_identity_property_name(const char* name) {
     peer_identity_property_name_ = name;
   }
+  void set_extension(std::unique_ptr<Extension> extension) {
+    extension_ = std::move(extension);
+  }
   void ensure_capacity();
   void add_property(const char* name, const char* value, size_t value_length);
@@ -114,6 +123,7 @@ struct grpc_auth_context
   grpc_core::RefCountedPtr<grpc_auth_context> chained_;
   grpc_auth_property_array properties_;
   const char* peer_identity_property_name_ = nullptr;
+  std::unique_ptr<Extension> extension_;
 };
 /* --- grpc_security_context_extension ---

data/src/core/lib/security/credentials/channel_creds_registry_init.cc CHANGED Viewed

@@ -20,7 +20,6 @@
 #include <memory>
-#include "absl/memory/memory.h"
 #include "absl/strings/string_view.h"
 #include <grpc/grpc.h>
@@ -71,11 +70,11 @@ class FakeChannelCredsFactory : public ChannelCredsFactory<> {
 void RegisterChannelDefaultCreds(CoreConfiguration::Builder* builder) {
   builder->channel_creds_registry()->RegisterChannelCredsFactory(
-      absl::make_unique<GoogleDefaultChannelCredsFactory>());
+      std::make_unique<GoogleDefaultChannelCredsFactory>());
   builder->channel_creds_registry()->RegisterChannelCredsFactory(
-      absl::make_unique<InsecureChannelCredsFactory>());
+      std::make_unique<InsecureChannelCredsFactory>());
   builder->channel_creds_registry()->RegisterChannelCredsFactory(
-      absl::make_unique<FakeChannelCredsFactory>());
+      std::make_unique<FakeChannelCredsFactory>());
 }
 }  // namespace grpc_core

data/src/core/lib/security/credentials/composite/composite_credentials.cc CHANGED Viewed

@@ -21,6 +21,7 @@
 #include "src/core/lib/security/credentials/composite/composite_credentials.h"
 #include <cstring>
+#include <memory>
 #include <vector>
 #include "absl/strings/str_cat.h"
@@ -33,7 +34,6 @@
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/promise/try_seq.h"
 #include "src/core/lib/surface/api_trace.h"
-#include "src/core/lib/transport/transport.h"
 //
 // grpc_composite_channel_credentials

data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc CHANGED Viewed

@@ -22,7 +22,6 @@
 #include <map>
 #include <utility>
-#include "absl/memory/memory.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/str_cat.h"
@@ -38,6 +37,7 @@
 #include <grpc/support/string_util.h>
 #include "src/core/lib/gprpp/env.h"
+#include "src/core/lib/gprpp/host_port.h"
 #include "src/core/lib/http/httpcli_ssl_credentials.h"
 #include "src/core/lib/iomgr/closure.h"
 #include "src/core/lib/json/json.h"
@@ -48,6 +48,9 @@ namespace grpc_core {
 namespace {
+const char* awsEc2MetadataIpv4Address = "169.254.169.254";
+const char* awsEc2MetadataIpv6Address = "fd00:ec2::254";
 const char* kExpectedEnvironmentId = "aws1";
 const char* kRegionEnvVar = "AWS_REGION";
@@ -74,6 +77,15 @@ std::string UrlEncode(const absl::string_view& s) {
   return result;
 }
+bool ValidateAwsUrl(const std::string& urlString) {
+  absl::StatusOr<URI> url = URI::Parse(urlString);
+  if (!url.ok()) return false;
+  absl::string_view host;
+  absl::string_view port;
+  SplitHostPort(url->authority(), &host, &port);
+  return host == awsEc2MetadataIpv4Address || host == awsEc2MetadataIpv6Address;
+}
 }  // namespace
 RefCountedPtr<AwsExternalAccountCredentials>
@@ -82,7 +94,7 @@ AwsExternalAccountCredentials::Create(Options options,
                                       grpc_error_handle* error) {
   auto creds = MakeRefCounted<AwsExternalAccountCredentials>(
       std::move(options), std::move(scopes), error);
-  if (GRPC_ERROR_IS_NONE(*error)) {
+  if (error->ok()) {
     return creds;
   } else {
     return nullptr;
@@ -95,46 +107,53 @@ AwsExternalAccountCredentials::AwsExternalAccountCredentials(
   audience_ = options.audience;
   auto it = options.credential_source.object_value().find("environment_id");
   if (it == options.credential_source.object_value().end()) {
-    *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
-        "environment_id field not present.");
+    *error = GRPC_ERROR_CREATE("environment_id field not present.");
     return;
   }
   if (it->second.type() != Json::Type::STRING) {
-    *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
-        "environment_id field must be a string.");
+    *error = GRPC_ERROR_CREATE("environment_id field must be a string.");
     return;
   }
   if (it->second.string_value() != kExpectedEnvironmentId) {
-    *error =
-        GRPC_ERROR_CREATE_FROM_STATIC_STRING("environment_id does not match.");
+    *error = GRPC_ERROR_CREATE("environment_id does not match.");
     return;
   }
   it = options.credential_source.object_value().find("region_url");
   if (it == options.credential_source.object_value().end()) {
-    *error =
-        GRPC_ERROR_CREATE_FROM_STATIC_STRING("region_url field not present.");
+    *error = GRPC_ERROR_CREATE("region_url field not present.");
     return;
   }
   if (it->second.type() != Json::Type::STRING) {
-    *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
-        "region_url field must be a string.");
+    *error = GRPC_ERROR_CREATE("region_url field must be a string.");
     return;
   }
   region_url_ = it->second.string_value();
+  if (!ValidateAwsUrl(region_url_)) {
+    *error = GRPC_ERROR_CREATE(absl::StrFormat(
+        "Invalid host for region_url field, expecting %s or %s.",
+        awsEc2MetadataIpv4Address, awsEc2MetadataIpv6Address));
+    return;
+  }
   it = options.credential_source.object_value().find("url");
   if (it != options.credential_source.object_value().end() &&
       it->second.type() == Json::Type::STRING) {
     url_ = it->second.string_value();
+    if (!ValidateAwsUrl(url_)) {
+      *error = GRPC_ERROR_CREATE(absl::StrFormat(
+          "Invalid host for url field, expecting %s or %s.",
+          awsEc2MetadataIpv4Address, awsEc2MetadataIpv6Address));
+      return;
+    }
   }
   it = options.credential_source.object_value().find(
       "regional_cred_verification_url");
   if (it == options.credential_source.object_value().end()) {
-    *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
-        "regional_cred_verification_url field not present.");
+    *error =
+        GRPC_ERROR_CREATE("regional_cred_verification_url field not present.");
     return;
   }
   if (it->second.type() != Json::Type::STRING) {
-    *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+    *error = GRPC_ERROR_CREATE(
         "regional_cred_verification_url field must be a string.");
     return;
   }
@@ -144,6 +163,13 @@ AwsExternalAccountCredentials::AwsExternalAccountCredentials(
   if (it != options.credential_source.object_value().end() &&
       it->second.type() == Json::Type::STRING) {
     imdsv2_session_token_url_ = it->second.string_value();
+    if (!ValidateAwsUrl(imdsv2_session_token_url_)) {
+      *error = GRPC_ERROR_CREATE(absl::StrFormat(
+          "Invalid host for imdsv2_session_token_url field, expecting %s or "
+          "%s.",
+          awsEc2MetadataIpv4Address, awsEc2MetadataIpv6Address));
+      return;
+    }
   }
 }
@@ -153,7 +179,7 @@ void AwsExternalAccountCredentials::RetrieveSubjectToken(
   if (ctx == nullptr) {
     FinishRetrieveSubjectToken(
         "",
-        GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+        GRPC_ERROR_CREATE(
             "Missing HTTPRequestContext to start subject token retrieval."));
     return;
   }
@@ -204,12 +230,12 @@ void AwsExternalAccountCredentials::OnRetrieveImdsV2SessionToken(
     void* arg, grpc_error_handle error) {
   AwsExternalAccountCredentials* self =
       static_cast<AwsExternalAccountCredentials*>(arg);
-  self->OnRetrieveImdsV2SessionTokenInternal(GRPC_ERROR_REF(error));
+  self->OnRetrieveImdsV2SessionTokenInternal(error);
 }
 void AwsExternalAccountCredentials::OnRetrieveImdsV2SessionTokenInternal(
     grpc_error_handle error) {
-  if (!GRPC_ERROR_IS_NONE(error)) {
+  if (!error.ok()) {
     FinishRetrieveSubjectToken("", error);
     return;
   }
@@ -253,8 +279,8 @@ void AwsExternalAccountCredentials::RetrieveRegion() {
   absl::StatusOr<URI> uri = URI::Parse(region_url_);
   if (!uri.ok()) {
     FinishRetrieveSubjectToken(
-        "", GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrFormat(
-                "Invalid region url. %s", uri.status().ToString())));
+        "", GRPC_ERROR_CREATE(absl::StrFormat("Invalid region url. %s",
+                                              uri.status().ToString())));
     return;
   }
   grpc_http_request request;
@@ -282,12 +308,12 @@ void AwsExternalAccountCredentials::OnRetrieveRegion(void* arg,
                                                      grpc_error_handle error) {
   AwsExternalAccountCredentials* self =
       static_cast<AwsExternalAccountCredentials*>(arg);
-  self->OnRetrieveRegionInternal(GRPC_ERROR_REF(error));
+  self->OnRetrieveRegionInternal(error);
 }
 void AwsExternalAccountCredentials::OnRetrieveRegionInternal(
     grpc_error_handle error) {
-  if (!GRPC_ERROR_IS_NONE(error)) {
+  if (!error.ok()) {
     FinishRetrieveSubjectToken("", error);
     return;
   }
@@ -306,7 +332,7 @@ void AwsExternalAccountCredentials::RetrieveRoleName() {
   absl::StatusOr<URI> uri = URI::Parse(url_);
   if (!uri.ok()) {
     FinishRetrieveSubjectToken(
-        "", GRPC_ERROR_CREATE_FROM_CPP_STRING(
+        "", GRPC_ERROR_CREATE(
                 absl::StrFormat("Invalid url: %s.", uri.status().ToString())));
     return;
   }
@@ -336,12 +362,12 @@ void AwsExternalAccountCredentials::OnRetrieveRoleName(
     void* arg, grpc_error_handle error) {
   AwsExternalAccountCredentials* self =
       static_cast<AwsExternalAccountCredentials*>(arg);
-  self->OnRetrieveRoleNameInternal(GRPC_ERROR_REF(error));
+  self->OnRetrieveRoleNameInternal(error);
 }
 void AwsExternalAccountCredentials::OnRetrieveRoleNameInternal(
     grpc_error_handle error) {
-  if (!GRPC_ERROR_IS_NONE(error)) {
+  if (!error.ok()) {
     FinishRetrieveSubjectToken("", error);
     return;
   }
@@ -363,16 +389,16 @@ void AwsExternalAccountCredentials::RetrieveSigningKeys() {
   }
   if (role_name_.empty()) {
     FinishRetrieveSubjectToken(
-        "", GRPC_ERROR_CREATE_FROM_STATIC_STRING(
-                "Missing role name when retrieving signing keys."));
+        "",
+        GRPC_ERROR_CREATE("Missing role name when retrieving signing keys."));
     return;
   }
   std::string url_with_role_name = absl::StrCat(url_, "/", role_name_);
   absl::StatusOr<URI> uri = URI::Parse(url_with_role_name);
   if (!uri.ok()) {
     FinishRetrieveSubjectToken(
-        "", GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrFormat(
-                "Invalid url with role name: %s.", uri.status().ToString())));
+        "", GRPC_ERROR_CREATE(absl::StrFormat("Invalid url with role name: %s.",
+                                              uri.status().ToString())));
     return;
   }
   grpc_http_request request;
@@ -401,12 +427,12 @@ void AwsExternalAccountCredentials::OnRetrieveSigningKeys(
     void* arg, grpc_error_handle error) {
   AwsExternalAccountCredentials* self =
       static_cast<AwsExternalAccountCredentials*>(arg);
-  self->OnRetrieveSigningKeysInternal(GRPC_ERROR_REF(error));
+  self->OnRetrieveSigningKeysInternal(error);
 }
 void AwsExternalAccountCredentials::OnRetrieveSigningKeysInternal(
     grpc_error_handle error) {
-  if (!GRPC_ERROR_IS_NONE(error)) {
+  if (!error.ok()) {
     FinishRetrieveSubjectToken("", error);
     return;
   }
@@ -415,16 +441,15 @@ void AwsExternalAccountCredentials::OnRetrieveSigningKeysInternal(
   auto json = Json::Parse(response_body);
   if (!json.ok()) {
     FinishRetrieveSubjectToken(
-        "", GRPC_ERROR_CREATE_FROM_CPP_STRING(
+        "", GRPC_ERROR_CREATE(
                 absl::StrCat("Invalid retrieve signing keys response: ",
                              json.status().ToString())));
     return;
   }
   if (json->type() != Json::Type::OBJECT) {
-    FinishRetrieveSubjectToken("",
-                               GRPC_ERROR_CREATE_FROM_STATIC_STRING(
-                                   "Invalid retrieve signing keys response: "
-                                   "JSON type is not object"));
+    FinishRetrieveSubjectToken(
+        "", GRPC_ERROR_CREATE("Invalid retrieve signing keys response: "
+                              "JSON type is not object"));
     return;
   }
   auto it = json->object_value().find("AccessKeyId");
@@ -433,7 +458,7 @@ void AwsExternalAccountCredentials::OnRetrieveSigningKeysInternal(
     access_key_id_ = it->second.string_value();
   } else {
     FinishRetrieveSubjectToken(
-        "", GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrFormat(
+        "", GRPC_ERROR_CREATE(absl::StrFormat(
                 "Missing or invalid AccessKeyId in %s.", response_body)));
     return;
   }
@@ -443,7 +468,7 @@ void AwsExternalAccountCredentials::OnRetrieveSigningKeysInternal(
     secret_access_key_ = it->second.string_value();
   } else {
     FinishRetrieveSubjectToken(
-        "", GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrFormat(
+        "", GRPC_ERROR_CREATE(absl::StrFormat(
                 "Missing or invalid SecretAccessKey in %s.", response_body)));
     return;
   }
@@ -453,38 +478,35 @@ void AwsExternalAccountCredentials::OnRetrieveSigningKeysInternal(
     token_ = it->second.string_value();
   } else {
     FinishRetrieveSubjectToken(
-        "", GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrFormat(
-                "Missing or invalid Token in %s.", response_body)));
+        "", GRPC_ERROR_CREATE(absl::StrFormat("Missing or invalid Token in %s.",
+                                              response_body)));
     return;
   }
   BuildSubjectToken();
 }
 void AwsExternalAccountCredentials::BuildSubjectToken() {
-  grpc_error_handle error = GRPC_ERROR_NONE;
+  grpc_error_handle error;
   if (signer_ == nullptr) {
     cred_verification_url_ = absl::StrReplaceAll(
         regional_cred_verification_url_, {{"{region}", region_}});
-    signer_ = absl::make_unique<AwsRequestSigner>(
+    signer_ = std::make_unique<AwsRequestSigner>(
         access_key_id_, secret_access_key_, token_, "POST",
         cred_verification_url_, region_, "",
         std::map<std::string, std::string>(), &error);
-    if (!GRPC_ERROR_IS_NONE(error)) {
+    if (!error.ok()) {
       FinishRetrieveSubjectToken(
-          "", GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING(
+          "", GRPC_ERROR_CREATE_REFERENCING(
                   "Creating aws request signer failed.", &error, 1));
-      GRPC_ERROR_UNREF(error);
       return;
     }
   }
   auto signed_headers = signer_->GetSignedRequestHeaders();
-  if (!GRPC_ERROR_IS_NONE(error)) {
-    FinishRetrieveSubjectToken("",
-                               GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING(
-                                   "Invalid getting signed request"
-                                   "headers.",
-                                   &error, 1));
-    GRPC_ERROR_UNREF(error);
+  if (!error.ok()) {
+    FinishRetrieveSubjectToken(
+        "", GRPC_ERROR_CREATE_REFERENCING("Invalid getting signed request"
+                                          "headers.",
+                                          &error, 1));
     return;
   }
   // Construct subject token
@@ -503,7 +525,7 @@ void AwsExternalAccountCredentials::BuildSubjectToken() {
                       {"headers", Json(headers)}};
   Json subject_token_json(object);
   std::string subject_token = UrlEncode(subject_token_json.Dump());
-  FinishRetrieveSubjectToken(subject_token, GRPC_ERROR_NONE);
+  FinishRetrieveSubjectToken(subject_token, absl::OkStatus());
 }
 void AwsExternalAccountCredentials::FinishRetrieveSubjectToken(
@@ -514,10 +536,10 @@ void AwsExternalAccountCredentials::FinishRetrieveSubjectToken(
   auto cb = cb_;
   cb_ = nullptr;
   // Invoke the callback.
-  if (!GRPC_ERROR_IS_NONE(error)) {
+  if (!error.ok()) {
     cb("", error);
   } else {
-    cb(subject_token, GRPC_ERROR_NONE);
+    cb(subject_token, absl::OkStatus());
   }
 }

data/src/core/lib/security/credentials/external/aws_request_signer.cc CHANGED Viewed

@@ -88,7 +88,7 @@ AwsRequestSigner::AwsRequestSigner(
   auto date_it = additional_headers_.find("date");
   if (amz_date_it != additional_headers_.end() &&
       date_it != additional_headers_.end()) {
-    *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+    *error = GRPC_ERROR_CREATE(
         "Only one of {date, x-amz-date} can be specified, not both.");
     return;
   }
@@ -99,7 +99,7 @@ AwsRequestSigner::AwsRequestSigner(
     std::string err_str;
     if (!absl::ParseTime(kDateFormat, date_it->second, &request_date,
                          &err_str)) {
-      *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(err_str.c_str());
+      *error = GRPC_ERROR_CREATE(err_str.c_str());
       return;
     }
     static_request_date_ =
@@ -107,7 +107,7 @@ AwsRequestSigner::AwsRequestSigner(
   }
   absl::StatusOr<URI> tmp_url = URI::Parse(url);
   if (!tmp_url.ok()) {
-    *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("Invalid Aws request url.");
+    *error = GRPC_ERROR_CREATE("Invalid Aws request url.");
     return;
   }
   url_ = tmp_url.value();
@@ -170,6 +170,7 @@ std::map<std::string, std::string> AwsRequestSigner::GetSignedRequestHeaders() {
   canonical_request_vector.emplace_back("\n");
   // 5. SignedHeaders
   std::vector<absl::string_view> signed_headers_vector;
+  signed_headers_vector.reserve(request_headers_.size());
   for (const auto& header : request_headers_) {
     signed_headers_vector.emplace_back(header.first);
   }