grpc 1.55.0 → 1.56.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +102 -68
- data/include/grpc/event_engine/event_engine.h +4 -3
- data/include/grpc/grpc_audit_logging.h +96 -0
- data/include/grpc/grpc_security.h +19 -0
- data/include/grpc/module.modulemap +2 -0
- data/include/grpc/support/json.h +218 -0
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +5 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -0
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +4 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +86 -104
- data/src/core/ext/filters/client_channel/client_channel.h +6 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +19 -18
- data/src/core/ext/filters/client_channel/client_channel_internal.h +16 -21
- data/src/core/ext/filters/client_channel/config_selector.h +9 -24
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +3 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +5 -4
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +2 -7
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +53 -21
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +23 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -6
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +16 -7
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +18 -1
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +12 -9
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +76 -6
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +42 -40
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +4 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +52 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +14 -16
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -43
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +7 -12
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +12 -19
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +35 -33
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +29 -4
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +28 -27
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +163 -46
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +16 -1
- data/src/core/ext/filters/client_channel/retry_service_config.cc +1 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +10 -40
- data/src/core/ext/filters/client_channel/subchannel.cc +10 -196
- data/src/core/ext/filters/client_channel/subchannel.h +3 -43
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +5 -5
- data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +100 -6
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -8
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +3 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +16 -1
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +46 -95
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.cc +176 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +325 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +567 -543
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +150 -9
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +46 -32
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +18 -5
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -15
- data/src/core/ext/transport/chttp2/transport/parsing.cc +12 -12
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +11 -2
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +15 -0
- data/src/core/ext/xds/certificate_provider_store.cc +4 -9
- data/src/core/ext/xds/certificate_provider_store.h +1 -1
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +30 -42
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +14 -9
- data/src/core/ext/xds/xds_api.cc +9 -6
- data/src/core/ext/xds/xds_api.h +3 -2
- data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
- data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +21 -9
- data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -0
- data/src/core/ext/xds/xds_client.cc +5 -4
- data/src/core/ext/xds/xds_client_stats.h +1 -1
- data/src/core/ext/xds/xds_cluster.cc +20 -19
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +11 -8
- data/src/core/ext/xds/xds_common_types.cc +3 -1
- data/src/core/ext/xds/xds_http_fault_filter.cc +16 -13
- data/src/core/ext/xds/xds_http_fault_filter.h +2 -1
- data/src/core/ext/xds/xds_http_filters.h +4 -2
- data/src/core/ext/xds/xds_http_rbac_filter.cc +154 -67
- data/src/core/ext/xds/xds_http_rbac_filter.h +2 -1
- data/src/core/ext/xds/xds_http_stateful_session_filter.cc +15 -11
- data/src/core/ext/xds/xds_http_stateful_session_filter.h +2 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +22 -16
- data/src/core/ext/xds/xds_listener.cc +1 -0
- data/src/core/ext/xds/xds_route_config.cc +40 -3
- data/src/core/ext/xds/xds_routing.cc +2 -2
- data/src/core/ext/xds/xds_transport_grpc.cc +3 -1
- data/src/core/lib/avl/avl.h +5 -0
- data/src/core/lib/backoff/random_early_detection.h +5 -0
- data/src/core/lib/channel/channel_args.cc +80 -22
- data/src/core/lib/channel/channel_args.h +34 -1
- data/src/core/lib/channel/channel_trace.cc +16 -12
- data/src/core/lib/channel/channelz.cc +159 -132
- data/src/core/lib/channel/channelz.h +42 -35
- data/src/core/lib/channel/channelz_registry.cc +23 -20
- data/src/core/lib/channel/connected_channel.cc +17 -6
- data/src/core/lib/channel/promise_based_filter.cc +0 -4
- data/src/core/lib/channel/promise_based_filter.h +2 -0
- data/src/core/lib/compression/compression_internal.cc +2 -5
- data/src/core/lib/config/config_vars.cc +20 -18
- data/src/core/lib/config/config_vars.h +4 -4
- data/src/core/lib/config/load_config.cc +13 -0
- data/src/core/lib/config/load_config.h +6 -0
- data/src/core/lib/debug/event_log.h +1 -1
- data/src/core/lib/debug/stats_data.h +1 -1
- data/src/core/lib/debug/trace.cc +24 -55
- data/src/core/lib/debug/trace.h +3 -1
- data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
- data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
- data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
- data/src/core/lib/event_engine/default_event_engine.cc +13 -1
- data/src/core/lib/event_engine/default_event_engine_factory.cc +14 -2
- data/src/core/lib/event_engine/poller.h +2 -2
- data/src/core/lib/event_engine/posix.h +4 -0
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +7 -18
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +9 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +33 -19
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +2 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +33 -4
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +10 -8
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -1
- data/src/core/lib/event_engine/shim.cc +7 -1
- data/src/core/lib/event_engine/{thread_pool.cc → thread_pool/original_thread_pool.cc} +28 -25
- data/src/core/lib/event_engine/{thread_pool.h → thread_pool/original_thread_pool.h} +11 -15
- data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
- data/src/core/lib/event_engine/{executor/executor.h → thread_pool/thread_pool_factory.cc} +17 -15
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
- data/src/core/lib/event_engine/windows/iocp.cc +4 -3
- data/src/core/lib/event_engine/windows/iocp.h +3 -3
- data/src/core/lib/event_engine/windows/win_socket.cc +6 -6
- data/src/core/lib/event_engine/windows/win_socket.h +4 -4
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +11 -10
- data/src/core/lib/event_engine/windows/windows_endpoint.h +3 -2
- data/src/core/lib/event_engine/windows/windows_engine.cc +19 -17
- data/src/core/lib/event_engine/windows/windows_engine.h +6 -6
- data/src/core/lib/event_engine/windows/windows_listener.cc +3 -3
- data/src/core/lib/event_engine/windows/windows_listener.h +3 -2
- data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
- data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
- data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
- data/src/core/lib/experiments/config.cc +38 -7
- data/src/core/lib/experiments/config.h +16 -0
- data/src/core/lib/experiments/experiments.cc +67 -20
- data/src/core/lib/experiments/experiments.h +27 -21
- data/src/core/lib/gpr/log_internal.h +55 -0
- data/src/core/lib/gprpp/crash.cc +10 -0
- data/src/core/lib/gprpp/crash.h +3 -0
- data/src/core/lib/gprpp/per_cpu.cc +33 -0
- data/src/core/lib/gprpp/per_cpu.h +29 -6
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +10 -8
- data/src/core/lib/iomgr/ev_apple.cc +12 -12
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +10 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +15 -1
- data/src/core/lib/iomgr/iocp_windows.cc +24 -3
- data/src/core/lib/iomgr/iocp_windows.h +11 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -2
- data/src/core/lib/iomgr/socket_windows.cc +61 -7
- data/src/core/lib/iomgr/socket_windows.h +9 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -3
- data/src/core/lib/iomgr/tcp_server_posix.cc +182 -119
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +21 -0
- data/src/core/lib/iomgr/tcp_server_windows.cc +1 -1
- data/src/core/lib/json/json.h +2 -166
- data/src/core/lib/json/json_object_loader.cc +8 -9
- data/src/core/lib/json/json_object_loader.h +25 -18
- data/src/core/lib/json/json_reader.cc +13 -6
- data/src/core/lib/json/json_util.cc +6 -11
- data/src/core/lib/json/json_writer.cc +7 -8
- data/src/core/lib/load_balancing/lb_policy.h +13 -0
- data/src/core/lib/load_balancing/lb_policy_registry.cc +2 -1
- data/src/core/lib/matchers/matchers.cc +3 -4
- data/src/core/lib/matchers/matchers.h +2 -1
- data/src/core/lib/promise/activity.cc +5 -0
- data/src/core/lib/promise/activity.h +10 -0
- data/src/core/lib/promise/detail/promise_factory.h +1 -1
- data/src/core/lib/promise/party.cc +31 -13
- data/src/core/lib/promise/party.h +11 -2
- data/src/core/lib/promise/pipe.h +9 -2
- data/src/core/lib/promise/prioritized_race.h +95 -0
- data/src/core/lib/promise/sleep.cc +2 -1
- data/src/core/lib/resolver/server_address.cc +0 -8
- data/src/core/lib/resolver/server_address.h +0 -6
- data/src/core/lib/resource_quota/memory_quota.cc +7 -7
- data/src/core/lib/resource_quota/memory_quota.h +1 -2
- data/src/core/lib/security/authorization/audit_logging.cc +98 -0
- data/src/core/lib/security/authorization/audit_logging.h +73 -0
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -2
- data/src/core/lib/security/authorization/grpc_authorization_engine.h +18 -1
- data/src/core/lib/security/authorization/rbac_policy.cc +36 -4
- data/src/core/lib/security/authorization/rbac_policy.h +19 -2
- data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
- data/src/core/lib/security/authorization/stdout_logger.h +61 -0
- data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +8 -4
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +14 -8
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +19 -12
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +4 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +1 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +15 -14
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +4 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +1 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +1 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +8 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +5 -1
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +2 -1
- data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +1 -1
- data/src/core/lib/security/util/json_util.cc +1 -0
- data/src/core/lib/service_config/service_config_call_data.h +49 -20
- data/src/core/lib/service_config/service_config_impl.cc +2 -1
- data/src/core/lib/surface/call.cc +38 -23
- data/src/core/lib/surface/completion_queue.cc +6 -2
- data/src/core/lib/surface/validate_metadata.cc +37 -22
- data/src/core/lib/surface/validate_metadata.h +13 -3
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +15 -12
- data/src/core/lib/transport/batch_builder.h +39 -35
- data/src/core/plugin_registry/grpc_plugin_registry.cc +0 -2
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
- data/src/core/tsi/ssl_transport_security.cc +5 -2
- data/src/core/tsi/ssl_transport_security.h +13 -1
- data/src/ruby/ext/grpc/extconf.rb +8 -9
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +3 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +7 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +5 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +31 -22
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_openbsd.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +18 -6
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +15 -7
- data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +24 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +74 -74
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +11 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +12 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +14 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +23 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +2 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +115 -133
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +57 -47
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +21 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +5 -288
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +143 -83
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +95 -183
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +71 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +33 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +162 -6
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +18 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +18 -11
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +6 -13
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +18 -14
- data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +77 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +218 -44
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +588 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +27 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +17 -39
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +39 -48
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +0 -140
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +72 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +33 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +3 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +14 -46
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +5 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +6 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +32 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +0 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +28 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +2 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +91 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +149 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +774 -615
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +42 -10
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +11 -6
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -4
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +24 -16
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +65 -18
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +37 -18
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +187 -193
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +13 -129
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +85 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +17 -4
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +5 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -2
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
- data/third_party/cares/cares/include/ares.h +23 -1
- data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
- data/third_party/cares/cares/include/ares_rules.h +2 -2
- data/third_party/cares/cares/include/ares_version.h +3 -3
- data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
- data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
- data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
- data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
- data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
- data/third_party/cares/cares/src/lib/ares_data.c +16 -0
- data/third_party/cares/cares/src/lib/ares_data.h +7 -0
- data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
- data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
- data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
- data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
- data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
- data/third_party/cares/cares/src/lib/ares_init.c +97 -485
- data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
- data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
- data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
- data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
- data/third_party/cares/cares/src/lib/ares_private.h +30 -16
- data/third_party/cares/cares/src/lib/ares_process.c +55 -16
- data/third_party/cares/cares/src/lib/ares_query.c +1 -35
- data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
- data/third_party/cares/cares/src/lib/ares_send.c +5 -7
- data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
- data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
- data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
- data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
- data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
- metadata +50 -12
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -175
- data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
- data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
@@ -24,21 +24,21 @@
|
|
24
24
|
#include <algorithm>
|
25
25
|
#include <memory>
|
26
26
|
#include <new>
|
27
|
+
#include <string>
|
27
28
|
#include <utility>
|
28
29
|
|
29
30
|
#include "absl/status/statusor.h"
|
30
31
|
#include "absl/strings/cord.h"
|
31
32
|
#include "absl/strings/str_cat.h"
|
32
33
|
#include "absl/strings/string_view.h"
|
34
|
+
#include "absl/types/optional.h"
|
33
35
|
|
34
36
|
#include <grpc/grpc.h>
|
35
37
|
#include <grpc/slice.h>
|
36
38
|
#include <grpc/status.h>
|
37
39
|
#include <grpc/support/log.h>
|
38
40
|
|
39
|
-
#include "src/core/ext/filters/client_channel/health/health_check_client.h"
|
40
41
|
#include "src/core/ext/filters/client_channel/subchannel_pool_interface.h"
|
41
|
-
#include "src/core/ext/filters/client_channel/subchannel_stream_client.h"
|
42
42
|
#include "src/core/lib/address_utils/sockaddr_utils.h"
|
43
43
|
#include "src/core/lib/backoff/backoff.h"
|
44
44
|
#include "src/core/lib/channel/channel_args.h"
|
@@ -374,176 +374,6 @@ void Subchannel::ConnectivityStateWatcherList::NotifyLocked(
|
|
374
374
|
}
|
375
375
|
}
|
376
376
|
|
377
|
-
//
|
378
|
-
// Subchannel::HealthWatcherMap::HealthWatcher
|
379
|
-
//
|
380
|
-
|
381
|
-
// State needed for tracking the connectivity state with a particular
|
382
|
-
// health check service name.
|
383
|
-
class Subchannel::HealthWatcherMap::HealthWatcher
|
384
|
-
: public AsyncConnectivityStateWatcherInterface {
|
385
|
-
public:
|
386
|
-
HealthWatcher(WeakRefCountedPtr<Subchannel> c,
|
387
|
-
std::string health_check_service_name)
|
388
|
-
: subchannel_(std::move(c)),
|
389
|
-
health_check_service_name_(std::move(health_check_service_name)),
|
390
|
-
state_(subchannel_->state_ == GRPC_CHANNEL_READY
|
391
|
-
? GRPC_CHANNEL_CONNECTING
|
392
|
-
: subchannel_->state_),
|
393
|
-
watcher_list_(subchannel_.get()) {
|
394
|
-
// If the subchannel is already connected, start health checking.
|
395
|
-
if (subchannel_->state_ == GRPC_CHANNEL_READY) StartHealthCheckingLocked();
|
396
|
-
}
|
397
|
-
|
398
|
-
~HealthWatcher() override {
|
399
|
-
subchannel_.reset(DEBUG_LOCATION, "health_watcher");
|
400
|
-
}
|
401
|
-
|
402
|
-
const std::string& health_check_service_name() const {
|
403
|
-
return health_check_service_name_;
|
404
|
-
}
|
405
|
-
|
406
|
-
grpc_connectivity_state state() const { return state_; }
|
407
|
-
|
408
|
-
void AddWatcherLocked(
|
409
|
-
RefCountedPtr<Subchannel::ConnectivityStateWatcherInterface> watcher) {
|
410
|
-
subchannel_->work_serializer_.Schedule(
|
411
|
-
[watcher = watcher->Ref(), state = state_, status = status_]() {
|
412
|
-
watcher->OnConnectivityStateChange(state, status);
|
413
|
-
},
|
414
|
-
DEBUG_LOCATION);
|
415
|
-
watcher_list_.AddWatcherLocked(std::move(watcher));
|
416
|
-
}
|
417
|
-
|
418
|
-
void RemoveWatcherLocked(
|
419
|
-
Subchannel::ConnectivityStateWatcherInterface* watcher) {
|
420
|
-
watcher_list_.RemoveWatcherLocked(watcher);
|
421
|
-
}
|
422
|
-
|
423
|
-
bool HasWatchers() const { return !watcher_list_.empty(); }
|
424
|
-
|
425
|
-
void NotifyLocked(grpc_connectivity_state state, const absl::Status& status)
|
426
|
-
ABSL_EXCLUSIVE_LOCKS_REQUIRED(subchannel_->mu_) {
|
427
|
-
if (state == GRPC_CHANNEL_READY) {
|
428
|
-
// If we had not already notified for CONNECTING state, do so now.
|
429
|
-
// (We may have missed this earlier, because if the transition
|
430
|
-
// from IDLE to CONNECTING to READY was too quick, the connected
|
431
|
-
// subchannel may not have sent us a notification for CONNECTING.)
|
432
|
-
if (state_ != GRPC_CHANNEL_CONNECTING) {
|
433
|
-
state_ = GRPC_CHANNEL_CONNECTING;
|
434
|
-
status_ = status;
|
435
|
-
watcher_list_.NotifyLocked(state_, status);
|
436
|
-
}
|
437
|
-
// If we've become connected, start health checking.
|
438
|
-
StartHealthCheckingLocked();
|
439
|
-
} else {
|
440
|
-
state_ = state;
|
441
|
-
status_ = status;
|
442
|
-
watcher_list_.NotifyLocked(state_, status);
|
443
|
-
// We're not connected, so stop health checking.
|
444
|
-
health_check_client_.reset();
|
445
|
-
}
|
446
|
-
}
|
447
|
-
|
448
|
-
void Orphan() override {
|
449
|
-
watcher_list_.Clear();
|
450
|
-
health_check_client_.reset();
|
451
|
-
Unref();
|
452
|
-
}
|
453
|
-
|
454
|
-
private:
|
455
|
-
void OnConnectivityStateChange(grpc_connectivity_state new_state,
|
456
|
-
const absl::Status& status) override {
|
457
|
-
{
|
458
|
-
MutexLock lock(&subchannel_->mu_);
|
459
|
-
if (new_state != GRPC_CHANNEL_SHUTDOWN &&
|
460
|
-
health_check_client_ != nullptr) {
|
461
|
-
state_ = new_state;
|
462
|
-
status_ = status;
|
463
|
-
watcher_list_.NotifyLocked(new_state, status);
|
464
|
-
}
|
465
|
-
}
|
466
|
-
// Drain any connectivity state notifications after releasing the mutex.
|
467
|
-
subchannel_->work_serializer_.DrainQueue();
|
468
|
-
}
|
469
|
-
|
470
|
-
void StartHealthCheckingLocked()
|
471
|
-
ABSL_EXCLUSIVE_LOCKS_REQUIRED(subchannel_->mu_) {
|
472
|
-
GPR_ASSERT(health_check_client_ == nullptr);
|
473
|
-
health_check_client_ = MakeHealthCheckClient(
|
474
|
-
health_check_service_name_, subchannel_->connected_subchannel_,
|
475
|
-
subchannel_->pollset_set_, subchannel_->channelz_node_, Ref());
|
476
|
-
}
|
477
|
-
|
478
|
-
WeakRefCountedPtr<Subchannel> subchannel_;
|
479
|
-
std::string health_check_service_name_;
|
480
|
-
OrphanablePtr<SubchannelStreamClient> health_check_client_;
|
481
|
-
grpc_connectivity_state state_;
|
482
|
-
absl::Status status_;
|
483
|
-
ConnectivityStateWatcherList watcher_list_;
|
484
|
-
};
|
485
|
-
|
486
|
-
//
|
487
|
-
// Subchannel::HealthWatcherMap
|
488
|
-
//
|
489
|
-
|
490
|
-
void Subchannel::HealthWatcherMap::AddWatcherLocked(
|
491
|
-
WeakRefCountedPtr<Subchannel> subchannel,
|
492
|
-
const std::string& health_check_service_name,
|
493
|
-
RefCountedPtr<ConnectivityStateWatcherInterface> watcher) {
|
494
|
-
// If the health check service name is not already present in the map,
|
495
|
-
// add it.
|
496
|
-
auto it = map_.find(health_check_service_name);
|
497
|
-
HealthWatcher* health_watcher;
|
498
|
-
if (it == map_.end()) {
|
499
|
-
auto w = MakeOrphanable<HealthWatcher>(std::move(subchannel),
|
500
|
-
health_check_service_name);
|
501
|
-
health_watcher = w.get();
|
502
|
-
map_.emplace(health_check_service_name, std::move(w));
|
503
|
-
} else {
|
504
|
-
health_watcher = it->second.get();
|
505
|
-
}
|
506
|
-
// Add the watcher to the entry.
|
507
|
-
health_watcher->AddWatcherLocked(std::move(watcher));
|
508
|
-
}
|
509
|
-
|
510
|
-
void Subchannel::HealthWatcherMap::RemoveWatcherLocked(
|
511
|
-
const std::string& health_check_service_name,
|
512
|
-
ConnectivityStateWatcherInterface* watcher) {
|
513
|
-
auto it = map_.find(health_check_service_name);
|
514
|
-
GPR_ASSERT(it != map_.end());
|
515
|
-
it->second->RemoveWatcherLocked(watcher);
|
516
|
-
// If we just removed the last watcher for this service name, remove
|
517
|
-
// the map entry.
|
518
|
-
if (!it->second->HasWatchers()) map_.erase(it);
|
519
|
-
}
|
520
|
-
|
521
|
-
void Subchannel::HealthWatcherMap::NotifyLocked(grpc_connectivity_state state,
|
522
|
-
const absl::Status& status) {
|
523
|
-
for (const auto& p : map_) {
|
524
|
-
p.second->NotifyLocked(state, status);
|
525
|
-
}
|
526
|
-
}
|
527
|
-
|
528
|
-
grpc_connectivity_state
|
529
|
-
Subchannel::HealthWatcherMap::CheckConnectivityStateLocked(
|
530
|
-
Subchannel* subchannel, const std::string& health_check_service_name) {
|
531
|
-
auto it = map_.find(health_check_service_name);
|
532
|
-
if (it == map_.end()) {
|
533
|
-
// If the health check service name is not found in the map, we're
|
534
|
-
// not currently doing a health check for that service name. If the
|
535
|
-
// subchannel's state without health checking is READY, report
|
536
|
-
// CONNECTING, since that's what we'd be in as soon as we do start a
|
537
|
-
// watch. Otherwise, report the channel's state without health checking.
|
538
|
-
return subchannel->state_ == GRPC_CHANNEL_READY ? GRPC_CHANNEL_CONNECTING
|
539
|
-
: subchannel->state_;
|
540
|
-
}
|
541
|
-
HealthWatcher* health_watcher = it->second.get();
|
542
|
-
return health_watcher->state();
|
543
|
-
}
|
544
|
-
|
545
|
-
void Subchannel::HealthWatcherMap::ShutdownLocked() { map_.clear(); }
|
546
|
-
|
547
377
|
//
|
548
378
|
// Subchannel
|
549
379
|
//
|
@@ -689,7 +519,6 @@ channelz::SubchannelNode* Subchannel::channelz_node() {
|
|
689
519
|
}
|
690
520
|
|
691
521
|
void Subchannel::WatchConnectivityState(
|
692
|
-
const absl::optional<std::string>& health_check_service_name,
|
693
522
|
RefCountedPtr<ConnectivityStateWatcherInterface> watcher) {
|
694
523
|
{
|
695
524
|
MutexLock lock(&mu_);
|
@@ -697,25 +526,18 @@ void Subchannel::WatchConnectivityState(
|
|
697
526
|
if (interested_parties != nullptr) {
|
698
527
|
grpc_pollset_set_add_pollset_set(pollset_set_, interested_parties);
|
699
528
|
}
|
700
|
-
|
701
|
-
|
702
|
-
|
703
|
-
|
704
|
-
|
705
|
-
|
706
|
-
watcher_list_.AddWatcherLocked(std::move(watcher));
|
707
|
-
} else {
|
708
|
-
health_watcher_map_.AddWatcherLocked(
|
709
|
-
WeakRef(DEBUG_LOCATION, "health_watcher"), *health_check_service_name,
|
710
|
-
std::move(watcher));
|
711
|
-
}
|
529
|
+
work_serializer_.Schedule(
|
530
|
+
[watcher = watcher->Ref(), state = state_, status = status_]() {
|
531
|
+
watcher->OnConnectivityStateChange(state, status);
|
532
|
+
},
|
533
|
+
DEBUG_LOCATION);
|
534
|
+
watcher_list_.AddWatcherLocked(std::move(watcher));
|
712
535
|
}
|
713
536
|
// Drain any connectivity state notifications after releasing the mutex.
|
714
537
|
work_serializer_.DrainQueue();
|
715
538
|
}
|
716
539
|
|
717
540
|
void Subchannel::CancelConnectivityStateWatch(
|
718
|
-
const absl::optional<std::string>& health_check_service_name,
|
719
541
|
ConnectivityStateWatcherInterface* watcher) {
|
720
542
|
{
|
721
543
|
MutexLock lock(&mu_);
|
@@ -723,12 +545,7 @@ void Subchannel::CancelConnectivityStateWatch(
|
|
723
545
|
if (interested_parties != nullptr) {
|
724
546
|
grpc_pollset_set_del_pollset_set(pollset_set_, interested_parties);
|
725
547
|
}
|
726
|
-
|
727
|
-
watcher_list_.RemoveWatcherLocked(watcher);
|
728
|
-
} else {
|
729
|
-
health_watcher_map_.RemoveWatcherLocked(*health_check_service_name,
|
730
|
-
watcher);
|
731
|
-
}
|
548
|
+
watcher_list_.RemoveWatcherLocked(watcher);
|
732
549
|
}
|
733
550
|
// Drain any connectivity state notifications after releasing the mutex.
|
734
551
|
// (Shouldn't actually be necessary in this case, but better safe than sorry.)
|
@@ -778,7 +595,6 @@ void Subchannel::Orphan() {
|
|
778
595
|
shutdown_ = true;
|
779
596
|
connector_.reset();
|
780
597
|
connected_subchannel_.reset();
|
781
|
-
health_watcher_map_.ShutdownLocked();
|
782
598
|
}
|
783
599
|
// Drain any connectivity state notifications after releasing the mutex.
|
784
600
|
work_serializer_.DrainQueue();
|
@@ -828,10 +644,8 @@ void Subchannel::SetConnectivityStateLocked(grpc_connectivity_state state,
|
|
828
644
|
ConnectivityStateName(state),
|
829
645
|
status.ok() ? "" : absl::StrCat(": ", status_.ToString()))));
|
830
646
|
}
|
831
|
-
// Notify
|
647
|
+
// Notify watchers.
|
832
648
|
watcher_list_.NotifyLocked(state, status_);
|
833
|
-
// Notify health watchers.
|
834
|
-
health_watcher_map_.NotifyLocked(state, status_);
|
835
649
|
}
|
836
650
|
|
837
651
|
void Subchannel::OnRetryTimer() {
|
@@ -24,11 +24,9 @@
|
|
24
24
|
#include <functional>
|
25
25
|
#include <map>
|
26
26
|
#include <memory>
|
27
|
-
#include <string>
|
28
27
|
|
29
28
|
#include "absl/base/thread_annotations.h"
|
30
29
|
#include "absl/status/status.h"
|
31
|
-
#include "absl/types/optional.h"
|
32
30
|
|
33
31
|
#include <grpc/event_engine/event_engine.h>
|
34
32
|
#include <grpc/impl/connectivity_state.h>
|
@@ -221,15 +219,13 @@ class Subchannel : public DualRefCounted<Subchannel> {
|
|
221
219
|
// The watcher will be destroyed either when the subchannel is
|
222
220
|
// destroyed or when CancelConnectivityStateWatch() is called.
|
223
221
|
void WatchConnectivityState(
|
224
|
-
const absl::optional<std::string>& health_check_service_name,
|
225
222
|
RefCountedPtr<ConnectivityStateWatcherInterface> watcher)
|
226
223
|
ABSL_LOCKS_EXCLUDED(mu_);
|
227
224
|
|
228
225
|
// Cancels a connectivity state watch.
|
229
226
|
// If the watcher has already been destroyed, this is a no-op.
|
230
|
-
void CancelConnectivityStateWatch(
|
231
|
-
|
232
|
-
ConnectivityStateWatcherInterface* watcher) ABSL_LOCKS_EXCLUDED(mu_);
|
227
|
+
void CancelConnectivityStateWatch(ConnectivityStateWatcherInterface* watcher)
|
228
|
+
ABSL_LOCKS_EXCLUDED(mu_);
|
233
229
|
|
234
230
|
RefCountedPtr<ConnectedSubchannel> connected_subchannel()
|
235
231
|
ABSL_LOCKS_EXCLUDED(mu_) {
|
@@ -296,40 +292,6 @@ class Subchannel : public DualRefCounted<Subchannel> {
|
|
296
292
|
watchers_;
|
297
293
|
};
|
298
294
|
|
299
|
-
// A map that tracks ConnectivityStateWatcherInterfaces using a particular
|
300
|
-
// health check service name.
|
301
|
-
//
|
302
|
-
// There is one entry in the map for each health check service name.
|
303
|
-
// Entries exist only as long as there are watchers using the
|
304
|
-
// corresponding service name.
|
305
|
-
//
|
306
|
-
// A health check client is maintained only while the subchannel is in
|
307
|
-
// state READY.
|
308
|
-
class HealthWatcherMap {
|
309
|
-
public:
|
310
|
-
void AddWatcherLocked(
|
311
|
-
WeakRefCountedPtr<Subchannel> subchannel,
|
312
|
-
const std::string& health_check_service_name,
|
313
|
-
RefCountedPtr<ConnectivityStateWatcherInterface> watcher);
|
314
|
-
void RemoveWatcherLocked(const std::string& health_check_service_name,
|
315
|
-
ConnectivityStateWatcherInterface* watcher);
|
316
|
-
|
317
|
-
// Notifies the watcher when the subchannel's state changes.
|
318
|
-
void NotifyLocked(grpc_connectivity_state state, const absl::Status& status)
|
319
|
-
ABSL_EXCLUSIVE_LOCKS_REQUIRED(&Subchannel::mu_);
|
320
|
-
|
321
|
-
grpc_connectivity_state CheckConnectivityStateLocked(
|
322
|
-
Subchannel* subchannel, const std::string& health_check_service_name)
|
323
|
-
ABSL_EXCLUSIVE_LOCKS_REQUIRED(&Subchannel::mu_);
|
324
|
-
|
325
|
-
void ShutdownLocked();
|
326
|
-
|
327
|
-
private:
|
328
|
-
class HealthWatcher;
|
329
|
-
|
330
|
-
std::map<std::string, OrphanablePtr<HealthWatcher>> map_;
|
331
|
-
};
|
332
|
-
|
333
295
|
class ConnectedSubchannelStateWatcher;
|
334
296
|
|
335
297
|
// Sets the subchannel's connectivity state to \a state.
|
@@ -382,10 +344,8 @@ class Subchannel : public DualRefCounted<Subchannel> {
|
|
382
344
|
// - TRANSIENT_FAILURE: connection attempt failed, retry timer pending
|
383
345
|
grpc_connectivity_state state_ ABSL_GUARDED_BY(mu_) = GRPC_CHANNEL_IDLE;
|
384
346
|
absl::Status status_ ABSL_GUARDED_BY(mu_);
|
385
|
-
// The list of
|
347
|
+
// The list of connectivity state watchers.
|
386
348
|
ConnectivityStateWatcherList watcher_list_ ABSL_GUARDED_BY(mu_);
|
387
|
-
// The map of watchers with health check service names.
|
388
|
-
HealthWatcherMap health_watcher_map_ ABSL_GUARDED_BY(mu_);
|
389
349
|
// Used for sending connectivity state notifications.
|
390
350
|
WorkSerializer work_serializer_;
|
391
351
|
|
@@ -49,7 +49,7 @@
|
|
49
49
|
#include "src/core/lib/promise/latch.h"
|
50
50
|
#include "src/core/lib/promise/pipe.h"
|
51
51
|
#include "src/core/lib/promise/poll.h"
|
52
|
-
#include "src/core/lib/promise/
|
52
|
+
#include "src/core/lib/promise/prioritized_race.h"
|
53
53
|
#include "src/core/lib/resource_quota/arena.h"
|
54
54
|
#include "src/core/lib/slice/slice_buffer.h"
|
55
55
|
#include "src/core/lib/surface/call.h"
|
@@ -273,8 +273,8 @@ ArenaPromise<ServerMetadataHandle> ClientCompressionFilter::MakeCallPromise(
|
|
273
273
|
return std::move(*r);
|
274
274
|
});
|
275
275
|
// Run the next filter, and race it with getting an error from decompression.
|
276
|
-
return
|
277
|
-
|
276
|
+
return PrioritizedRace(decompress_err->Wait(),
|
277
|
+
next_promise_factory(std::move(call_args)));
|
278
278
|
}
|
279
279
|
|
280
280
|
ArenaPromise<ServerMetadataHandle> ServerCompressionFilter::MakeCallPromise(
|
@@ -316,8 +316,8 @@ ArenaPromise<ServerMetadataHandle> ServerCompressionFilter::MakeCallPromise(
|
|
316
316
|
return CompressMessage(std::move(message), *compression_algorithm);
|
317
317
|
});
|
318
318
|
// Run the next filter, and race it with getting an error from decompression.
|
319
|
-
return
|
320
|
-
|
319
|
+
return PrioritizedRace(decompress_err->Wait(),
|
320
|
+
next_promise_factory(std::move(call_args)));
|
321
321
|
}
|
322
322
|
|
323
323
|
} // namespace grpc_core
|
@@ -20,21 +20,29 @@
|
|
20
20
|
|
21
21
|
#include <cstdint>
|
22
22
|
#include <map>
|
23
|
+
#include <memory>
|
23
24
|
#include <string>
|
24
25
|
|
25
26
|
#include "absl/status/status.h"
|
26
27
|
#include "absl/status/statusor.h"
|
28
|
+
#include "absl/strings/str_cat.h"
|
27
29
|
#include "absl/types/optional.h"
|
28
30
|
|
31
|
+
#include <grpc/grpc_audit_logging.h>
|
32
|
+
|
29
33
|
#include "src/core/lib/channel/channel_args.h"
|
30
34
|
#include "src/core/lib/json/json_args.h"
|
31
35
|
#include "src/core/lib/json/json_object_loader.h"
|
32
36
|
#include "src/core/lib/matchers/matchers.h"
|
37
|
+
#include "src/core/lib/security/authorization/audit_logging.h"
|
33
38
|
|
34
39
|
namespace grpc_core {
|
35
40
|
|
36
41
|
namespace {
|
37
42
|
|
43
|
+
using experimental::AuditLoggerFactory;
|
44
|
+
using experimental::AuditLoggerRegistry;
|
45
|
+
|
38
46
|
// RbacConfig: one or more RbacPolicy structs
|
39
47
|
struct RbacConfig {
|
40
48
|
// RbacPolicy: optional Rules
|
@@ -179,20 +187,40 @@ struct RbacConfig {
|
|
179
187
|
static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
|
180
188
|
};
|
181
189
|
|
190
|
+
// AuditLogger: the name of logger and its config in json
|
191
|
+
struct AuditLogger {
|
192
|
+
std::string name;
|
193
|
+
Json::Object config;
|
194
|
+
|
195
|
+
AuditLogger() = default;
|
196
|
+
AuditLogger(const AuditLogger&) = delete;
|
197
|
+
AuditLogger& operator=(const AuditLogger&) = delete;
|
198
|
+
AuditLogger(AuditLogger&&) = default;
|
199
|
+
AuditLogger& operator=(AuditLogger&&) = default;
|
200
|
+
|
201
|
+
static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
|
202
|
+
void JsonPostLoad(const Json&, const JsonArgs&,
|
203
|
+
ValidationErrors* errors);
|
204
|
+
};
|
205
|
+
|
182
206
|
int action;
|
183
207
|
std::map<std::string, Policy> policies;
|
208
|
+
// Defaults to kNone since its json field is optional.
|
209
|
+
Rbac::AuditCondition audit_condition = Rbac::AuditCondition::kNone;
|
210
|
+
std::vector<std::unique_ptr<AuditLoggerFactory::Config>> logger_configs;
|
184
211
|
|
185
|
-
Rules()
|
212
|
+
Rules() {}
|
186
213
|
Rules(const Rules&) = delete;
|
187
214
|
Rules& operator=(const Rules&) = delete;
|
188
215
|
Rules(Rules&&) = default;
|
189
216
|
Rules& operator=(Rules&&) = default;
|
190
217
|
|
191
|
-
Rbac TakeAsRbac();
|
218
|
+
Rbac TakeAsRbac(std::string name);
|
192
219
|
static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
|
193
220
|
void JsonPostLoad(const Json&, const JsonArgs&, ValidationErrors* errors);
|
194
221
|
};
|
195
222
|
|
223
|
+
std::string name;
|
196
224
|
absl::optional<Rules> rules;
|
197
225
|
|
198
226
|
Rbac TakeAsRbac();
|
@@ -715,21 +743,51 @@ const JsonLoaderInterface* RbacConfig::RbacPolicy::Rules::Policy::JsonLoader(
|
|
715
743
|
return loader;
|
716
744
|
}
|
717
745
|
|
746
|
+
//
|
747
|
+
// RbacConfig::RbacPolicy::Rules::AuditLogger
|
748
|
+
//
|
749
|
+
|
750
|
+
const JsonLoaderInterface*
|
751
|
+
RbacConfig::RbacPolicy::Rules::AuditLogger::JsonLoader(const JsonArgs&) {
|
752
|
+
// All fields handled in JsonPostLoad().
|
753
|
+
static const auto* loader = JsonObjectLoader<AuditLogger>().Finish();
|
754
|
+
return loader;
|
755
|
+
}
|
756
|
+
|
757
|
+
void RbacConfig::RbacPolicy::Rules::AuditLogger::JsonPostLoad(
|
758
|
+
const Json& json, const JsonArgs& args, ValidationErrors* errors) {
|
759
|
+
// Should have exactly one field as the logger name.
|
760
|
+
if (json.object().size() != 1) {
|
761
|
+
errors->AddError("audit logger should have exactly one field");
|
762
|
+
return;
|
763
|
+
}
|
764
|
+
name = json.object().begin()->first;
|
765
|
+
auto config_or =
|
766
|
+
LoadJsonObjectField<Json::Object>(json.object(), args, name, errors);
|
767
|
+
if (config_or.has_value()) {
|
768
|
+
config = std::move(*config_or);
|
769
|
+
}
|
770
|
+
}
|
771
|
+
|
718
772
|
//
|
719
773
|
// RbacConfig::RbacPolicy::Rules
|
720
774
|
//
|
721
775
|
|
722
|
-
Rbac RbacConfig::RbacPolicy::Rules::TakeAsRbac() {
|
776
|
+
Rbac RbacConfig::RbacPolicy::Rules::TakeAsRbac(std::string name) {
|
723
777
|
Rbac rbac;
|
778
|
+
rbac.name = std::move(name);
|
724
779
|
rbac.action = static_cast<Rbac::Action>(action);
|
780
|
+
rbac.audit_condition = audit_condition;
|
725
781
|
for (auto& p : policies) {
|
726
782
|
rbac.policies.emplace(p.first, p.second.TakeAsRbacPolicy());
|
727
783
|
}
|
784
|
+
rbac.logger_configs = std::move(logger_configs);
|
728
785
|
return rbac;
|
729
786
|
}
|
730
787
|
|
731
788
|
const JsonLoaderInterface* RbacConfig::RbacPolicy::Rules::JsonLoader(
|
732
789
|
const JsonArgs&) {
|
790
|
+
// Audit logger configs handled in post load.
|
733
791
|
static const auto* loader = JsonObjectLoader<Rules>()
|
734
792
|
.Field("action", &Rules::action)
|
735
793
|
.OptionalField("policies", &Rules::policies)
|
@@ -737,7 +795,8 @@ const JsonLoaderInterface* RbacConfig::RbacPolicy::Rules::JsonLoader(
|
|
737
795
|
return loader;
|
738
796
|
}
|
739
797
|
|
740
|
-
void RbacConfig::RbacPolicy::Rules::JsonPostLoad(const Json
|
798
|
+
void RbacConfig::RbacPolicy::Rules::JsonPostLoad(const Json& json,
|
799
|
+
const JsonArgs& args,
|
741
800
|
ValidationErrors* errors) {
|
742
801
|
// Validate action field.
|
743
802
|
auto rbac_action = static_cast<Rbac::Action>(action);
|
@@ -746,6 +805,40 @@ void RbacConfig::RbacPolicy::Rules::JsonPostLoad(const Json&, const JsonArgs&,
|
|
746
805
|
ValidationErrors::ScopedField field(errors, ".action");
|
747
806
|
errors->AddError("unknown action");
|
748
807
|
}
|
808
|
+
// Parse and validate audit_condition field.
|
809
|
+
auto condition = LoadJsonObjectField<int>(json.object(), args,
|
810
|
+
"audit_condition", errors, false);
|
811
|
+
if (condition.has_value()) {
|
812
|
+
switch (*condition) {
|
813
|
+
case static_cast<int>(Rbac::AuditCondition::kNone):
|
814
|
+
case static_cast<int>(Rbac::AuditCondition::kOnAllow):
|
815
|
+
case static_cast<int>(Rbac::AuditCondition::kOnDeny):
|
816
|
+
case static_cast<int>(Rbac::AuditCondition::kOnDenyAndAllow):
|
817
|
+
audit_condition = static_cast<Rbac::AuditCondition>(*condition);
|
818
|
+
break;
|
819
|
+
default: {
|
820
|
+
ValidationErrors::ScopedField field(errors, ".audit_condition");
|
821
|
+
errors->AddError("unknown audit condition");
|
822
|
+
}
|
823
|
+
}
|
824
|
+
}
|
825
|
+
// Parse and validate audit logger configs.
|
826
|
+
auto configs = LoadJsonObjectField<std::vector<AuditLogger>>(
|
827
|
+
json.object(), args, "audit_loggers", errors, false);
|
828
|
+
if (configs.has_value()) {
|
829
|
+
for (size_t i = 0; i < configs->size(); ++i) {
|
830
|
+
auto& logger = (*configs)[i];
|
831
|
+
auto config = AuditLoggerRegistry::ParseConfig(
|
832
|
+
logger.name, Json::FromObject(std::move(logger.config)));
|
833
|
+
if (!config.ok()) {
|
834
|
+
ValidationErrors::ScopedField field(
|
835
|
+
errors, absl::StrCat(".audit_loggers[", i, "]"));
|
836
|
+
errors->AddError(config.status().message());
|
837
|
+
continue;
|
838
|
+
}
|
839
|
+
logger_configs.push_back(std::move(*config));
|
840
|
+
}
|
841
|
+
}
|
749
842
|
}
|
750
843
|
|
751
844
|
//
|
@@ -756,14 +849,15 @@ Rbac RbacConfig::RbacPolicy::TakeAsRbac() {
|
|
756
849
|
if (!rules.has_value()) {
|
757
850
|
// No enforcing to be applied. An empty deny policy with an empty map
|
758
851
|
// is equivalent to no enforcing.
|
759
|
-
return Rbac(Rbac::Action::kDeny, {});
|
852
|
+
return Rbac(std::move(name), Rbac::Action::kDeny, {});
|
760
853
|
}
|
761
|
-
return rules->TakeAsRbac();
|
854
|
+
return rules->TakeAsRbac(std::move(name));
|
762
855
|
}
|
763
856
|
|
764
857
|
const JsonLoaderInterface* RbacConfig::RbacPolicy::JsonLoader(const JsonArgs&) {
|
765
858
|
static const auto* loader = JsonObjectLoader<RbacPolicy>()
|
766
859
|
.OptionalField("rules", &RbacPolicy::rules)
|
860
|
+
.Field("filter_name", &RbacPolicy::name)
|
767
861
|
.Finish();
|
768
862
|
return loader;
|
769
863
|
}
|
@@ -38,6 +38,7 @@
|
|
38
38
|
#include "src/core/lib/promise/context.h"
|
39
39
|
#include "src/core/lib/promise/promise.h"
|
40
40
|
#include "src/core/lib/resource_quota/arena.h"
|
41
|
+
#include "src/core/lib/service_config/service_config.h"
|
41
42
|
#include "src/core/lib/service_config/service_config_call_data.h"
|
42
43
|
#include "src/core/lib/transport/transport.h"
|
43
44
|
|
@@ -139,14 +140,11 @@ ArenaPromise<ServerMetadataHandle> ServerConfigSelectorFilter::MakeCallPromise(
|
|
139
140
|
absl::UnavailableError(StatusToString(call_config.status()))));
|
140
141
|
return std::move(r);
|
141
142
|
}
|
142
|
-
auto
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
ctx.destroy = [](void* p) {
|
148
|
-
static_cast<ServiceConfigCallData*>(p)->~ServiceConfigCallData();
|
149
|
-
};
|
143
|
+
auto* service_config_call_data =
|
144
|
+
GetContext<Arena>()->New<ServiceConfigCallData>(
|
145
|
+
GetContext<Arena>(), GetContext<grpc_call_context_element>());
|
146
|
+
service_config_call_data->SetServiceConfig(
|
147
|
+
std::move(call_config->service_config), call_config->method_configs);
|
150
148
|
return next_promise_factory(std::move(call_args));
|
151
149
|
}
|
152
150
|
|
@@ -59,7 +59,7 @@ namespace grpc_core {
|
|
59
59
|
|
60
60
|
TraceFlag grpc_stateful_session_filter_trace(false, "stateful_session_filter");
|
61
61
|
|
62
|
-
UniqueTypeName
|
62
|
+
UniqueTypeName XdsOverrideHostAttribute::TypeName() {
|
63
63
|
static UniqueTypeName::Factory kFactory("xds_override_host");
|
64
64
|
return kFactory.Create();
|
65
65
|
}
|
@@ -160,8 +160,8 @@ ArenaPromise<ServerMetadataHandle> StatefulSessionFilter::MakeCallPromise(
|
|
160
160
|
}
|
161
161
|
// We have a valid cookie, so add the call attribute to be used by the
|
162
162
|
// xds_override_host LB policy.
|
163
|
-
service_config_call_data->SetCallAttribute(
|
164
|
-
|
163
|
+
service_config_call_data->SetCallAttribute(
|
164
|
+
GetContext<Arena>()->New<XdsOverrideHostAttribute>(*cookie_value));
|
165
165
|
}
|
166
166
|
// Intercept server initial metadata.
|
167
167
|
call_args.server_initial_metadata->InterceptAndMap(
|
@@ -30,11 +30,26 @@
|
|
30
30
|
#include "src/core/lib/channel/promise_based_filter.h"
|
31
31
|
#include "src/core/lib/gprpp/unique_type_name.h"
|
32
32
|
#include "src/core/lib/promise/arena_promise.h"
|
33
|
+
#include "src/core/lib/service_config/service_config_call_data.h"
|
33
34
|
#include "src/core/lib/transport/transport.h"
|
34
35
|
|
35
36
|
namespace grpc_core {
|
36
37
|
|
37
|
-
|
38
|
+
class XdsOverrideHostAttribute
|
39
|
+
: public ServiceConfigCallData::CallAttributeInterface {
|
40
|
+
public:
|
41
|
+
static UniqueTypeName TypeName();
|
42
|
+
|
43
|
+
explicit XdsOverrideHostAttribute(absl::string_view host_name)
|
44
|
+
: host_name_(host_name) {}
|
45
|
+
|
46
|
+
absl::string_view host_name() const { return host_name_; }
|
47
|
+
|
48
|
+
private:
|
49
|
+
UniqueTypeName type() const override { return TypeName(); }
|
50
|
+
|
51
|
+
absl::string_view host_name_;
|
52
|
+
};
|
38
53
|
|
39
54
|
// A filter to provide cookie-based stateful session affinity.
|
40
55
|
class StatefulSessionFilter : public ChannelFilter {
|