grpc 1.60.0 → 1.61.0.pre2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (277) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +208 -165
  3. data/include/grpc/event_engine/event_engine.h +59 -12
  4. data/include/grpc/event_engine/internal/memory_allocator_impl.h +6 -0
  5. data/include/grpc/event_engine/internal/slice_cast.h +12 -0
  6. data/include/grpc/event_engine/memory_allocator.h +3 -1
  7. data/include/grpc/event_engine/slice.h +5 -0
  8. data/include/grpc/grpc_security.h +22 -1
  9. data/include/grpc/impl/call.h +29 -0
  10. data/include/grpc/impl/channel_arg_names.h +12 -1
  11. data/include/grpc/impl/slice_type.h +1 -1
  12. data/include/grpc/module.modulemap +1 -0
  13. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +54 -7
  14. data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +20 -6
  15. data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +10 -13
  16. data/src/core/ext/filters/channel_idle/channel_idle_filter.h +18 -10
  17. data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +326 -0
  18. data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.h +143 -0
  19. data/src/core/ext/filters/client_channel/backend_metric.cc +2 -2
  20. data/src/core/ext/filters/client_channel/client_channel.cc +32 -6
  21. data/src/core/ext/filters/client_channel/client_channel_internal.h +2 -0
  22. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +1 -1
  23. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +54 -21
  24. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +3 -2
  25. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +2 -1
  26. data/src/core/ext/filters/client_channel/lb_policy/endpoint_list.cc +12 -15
  27. data/src/core/ext/filters/client_channel/lb_policy/endpoint_list.h +8 -5
  28. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +139 -92
  29. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +9 -4
  30. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +9 -4
  31. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +10 -11
  32. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +94 -93
  33. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +5 -3
  34. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +12 -15
  35. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +38 -16
  36. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +25 -28
  37. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +10 -10
  38. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +37 -35
  39. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -9
  40. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +504 -461
  41. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +232 -122
  42. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +8 -6
  43. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +642 -251
  44. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.h +2 -6
  45. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +7 -8
  46. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +2 -1
  47. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +3 -1
  48. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +2 -2
  49. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +2 -2
  50. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +6 -8
  51. data/src/core/ext/filters/client_channel/resolver/xds/xds_dependency_manager.cc +1031 -0
  52. data/src/core/ext/filters/client_channel/resolver/xds/xds_dependency_manager.h +277 -0
  53. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +128 -270
  54. data/src/core/ext/filters/client_channel/resolver/xds/{xds_resolver.h → xds_resolver_attributes.h} +5 -4
  55. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver_trace.cc +25 -0
  56. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver_trace.h +30 -0
  57. data/src/core/ext/filters/client_channel/retry_filter.cc +1 -0
  58. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +35 -17
  59. data/src/core/ext/filters/deadline/deadline_filter.cc +12 -0
  60. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +17 -13
  61. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +13 -4
  62. data/src/core/ext/filters/http/client/http_client_filter.cc +23 -32
  63. data/src/core/ext/filters/http/client/http_client_filter.h +10 -5
  64. data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
  65. data/src/core/ext/filters/http/client_authority_filter.h +12 -4
  66. data/src/core/ext/filters/http/http_filters_plugin.cc +42 -20
  67. data/src/core/ext/filters/http/message_compress/compression_filter.cc +55 -80
  68. data/src/core/ext/filters/http/message_compress/compression_filter.h +54 -12
  69. data/src/core/ext/filters/http/message_compress/legacy_compression_filter.cc +325 -0
  70. data/src/core/ext/filters/http/message_compress/legacy_compression_filter.h +139 -0
  71. data/src/core/ext/filters/http/server/http_server_filter.cc +41 -41
  72. data/src/core/ext/filters/http/server/http_server_filter.h +11 -4
  73. data/src/core/ext/filters/message_size/message_size_filter.cc +56 -76
  74. data/src/core/ext/filters/message_size/message_size_filter.h +35 -23
  75. data/src/core/ext/filters/rbac/rbac_filter.cc +15 -11
  76. data/src/core/ext/filters/rbac/rbac_filter.h +11 -4
  77. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +25 -13
  78. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +47 -50
  79. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +21 -4
  80. data/src/core/ext/transport/chttp2/alpn/alpn.cc +1 -1
  81. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -2
  82. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +11 -2
  83. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +67 -145
  84. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +3 -3
  85. data/src/core/ext/transport/chttp2/transport/flow_control.cc +21 -82
  86. data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -8
  87. data/src/core/ext/transport/chttp2/transport/frame.cc +506 -0
  88. data/src/core/ext/transport/chttp2/transport/frame.h +214 -0
  89. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +1 -1
  90. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +33 -79
  91. data/src/core/ext/transport/chttp2/transport/frame_settings.h +4 -7
  92. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +122 -32
  93. data/src/core/ext/transport/chttp2/transport/http2_settings.h +142 -37
  94. data/src/core/ext/transport/chttp2/transport/internal.h +1 -22
  95. data/src/core/ext/transport/chttp2/transport/parsing.cc +23 -37
  96. data/src/core/ext/transport/chttp2/transport/writing.cc +26 -58
  97. data/src/core/ext/transport/inproc/inproc_transport.cc +172 -13
  98. data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb.h +712 -0
  99. data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.c +151 -0
  100. data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.h +33 -0
  101. data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.c +133 -0
  102. data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.h +50 -0
  103. data/src/core/ext/xds/certificate_provider_store.cc +2 -1
  104. data/src/core/ext/xds/certificate_provider_store.h +0 -5
  105. data/src/core/ext/xds/xds_api.cc +31 -18
  106. data/src/core/ext/xds/xds_api.h +2 -2
  107. data/src/core/ext/xds/xds_bootstrap.h +3 -0
  108. data/src/core/ext/xds/xds_certificate_provider.cc +88 -287
  109. data/src/core/ext/xds/xds_certificate_provider.h +44 -111
  110. data/src/core/ext/xds/xds_client.cc +420 -414
  111. data/src/core/ext/xds/xds_client.h +31 -22
  112. data/src/core/ext/xds/xds_client_grpc.cc +3 -1
  113. data/src/core/ext/xds/xds_cluster.cc +104 -11
  114. data/src/core/ext/xds/xds_cluster.h +9 -1
  115. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +9 -5
  116. data/src/core/ext/xds/xds_common_types.cc +14 -10
  117. data/src/core/ext/xds/xds_endpoint.cc +9 -4
  118. data/src/core/ext/xds/xds_endpoint.h +5 -1
  119. data/src/core/ext/xds/xds_health_status.cc +12 -2
  120. data/src/core/ext/xds/xds_health_status.h +4 -2
  121. data/src/core/ext/xds/xds_http_rbac_filter.cc +5 -3
  122. data/src/core/ext/xds/xds_listener.cc +14 -8
  123. data/src/core/ext/xds/xds_resource_type_impl.h +6 -4
  124. data/src/core/ext/xds/xds_route_config.cc +34 -22
  125. data/src/core/ext/xds/xds_route_config.h +1 -0
  126. data/src/core/ext/xds/xds_server_config_fetcher.cc +61 -57
  127. data/src/core/ext/xds/xds_transport.h +3 -0
  128. data/src/core/ext/xds/xds_transport_grpc.cc +47 -50
  129. data/src/core/ext/xds/xds_transport_grpc.h +4 -0
  130. data/src/core/lib/channel/call_tracer.cc +12 -0
  131. data/src/core/lib/channel/call_tracer.h +17 -3
  132. data/src/core/lib/channel/channel_args.cc +24 -14
  133. data/src/core/lib/channel/channel_args.h +74 -13
  134. data/src/core/lib/channel/channel_stack.cc +27 -0
  135. data/src/core/lib/channel/channel_stack.h +10 -10
  136. data/src/core/lib/channel/connected_channel.cc +64 -18
  137. data/src/core/lib/channel/promise_based_filter.h +1041 -1
  138. data/src/core/lib/channel/server_call_tracer_filter.cc +43 -35
  139. data/src/core/lib/compression/compression_internal.cc +0 -3
  140. data/src/core/lib/event_engine/ares_resolver.cc +35 -14
  141. data/src/core/lib/event_engine/ares_resolver.h +9 -10
  142. data/src/core/lib/event_engine/cf_engine/dns_service_resolver.cc +8 -1
  143. data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.cc +132 -0
  144. data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +61 -0
  145. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +52 -36
  146. data/src/core/lib/event_engine/posix_engine/posix_engine.h +4 -9
  147. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +11 -3
  148. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +9 -2
  149. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +7 -0
  150. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +17 -27
  151. data/src/core/lib/event_engine/posix_engine/timer_manager.h +0 -3
  152. data/src/core/lib/event_engine/ref_counted_dns_resolver_interface.h +55 -0
  153. data/src/core/lib/event_engine/windows/native_windows_dns_resolver.cc +114 -0
  154. data/src/core/lib/event_engine/windows/native_windows_dns_resolver.h +51 -0
  155. data/src/core/lib/event_engine/windows/windows_engine.cc +7 -7
  156. data/src/core/lib/experiments/config.cc +13 -0
  157. data/src/core/lib/experiments/config.h +3 -0
  158. data/src/core/lib/experiments/experiments.cc +245 -366
  159. data/src/core/lib/experiments/experiments.h +50 -156
  160. data/src/core/lib/gprpp/debug_location.h +13 -0
  161. data/src/core/lib/gprpp/dual_ref_counted.h +36 -7
  162. data/src/core/lib/gprpp/orphanable.h +27 -0
  163. data/src/core/lib/gprpp/ref_counted.h +63 -22
  164. data/src/core/lib/gprpp/ref_counted_ptr.h +70 -27
  165. data/src/core/lib/gprpp/ref_counted_string.h +13 -0
  166. data/src/core/lib/gprpp/status_helper.cc +1 -2
  167. data/src/core/lib/iomgr/combiner.cc +15 -51
  168. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +31 -0
  169. data/src/core/lib/iomgr/event_engine_shims/endpoint.h +16 -0
  170. data/src/core/lib/iomgr/tcp_client_posix.cc +4 -3
  171. data/src/core/lib/load_balancing/lb_policy.h +1 -1
  172. data/src/core/lib/promise/activity.cc +17 -2
  173. data/src/core/lib/promise/activity.h +5 -4
  174. data/src/core/lib/promise/all_ok.h +80 -0
  175. data/src/core/lib/promise/detail/join_state.h +2077 -0
  176. data/src/core/lib/promise/detail/promise_factory.h +1 -0
  177. data/src/core/lib/promise/detail/promise_like.h +8 -1
  178. data/src/core/lib/promise/detail/seq_state.h +3458 -150
  179. data/src/core/lib/promise/detail/status.h +42 -5
  180. data/src/core/lib/promise/for_each.h +13 -1
  181. data/src/core/lib/promise/if.h +4 -0
  182. data/src/core/lib/promise/latch.h +6 -3
  183. data/src/core/lib/promise/party.cc +33 -31
  184. data/src/core/lib/promise/party.h +142 -6
  185. data/src/core/lib/promise/poll.h +39 -13
  186. data/src/core/lib/promise/promise.h +4 -0
  187. data/src/core/lib/promise/seq.h +107 -7
  188. data/src/core/lib/promise/status_flag.h +196 -0
  189. data/src/core/lib/promise/try_join.h +132 -0
  190. data/src/core/lib/promise/try_seq.h +132 -10
  191. data/src/core/lib/resolver/endpoint_addresses.cc +0 -1
  192. data/src/core/lib/resolver/endpoint_addresses.h +48 -0
  193. data/src/core/lib/resource_quota/arena.h +2 -2
  194. data/src/core/lib/resource_quota/memory_quota.cc +57 -8
  195. data/src/core/lib/resource_quota/memory_quota.h +6 -0
  196. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -11
  197. data/src/core/lib/security/authorization/grpc_server_authz_filter.h +14 -5
  198. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +4 -0
  199. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +4 -0
  200. data/src/core/lib/security/credentials/external/external_account_credentials.cc +28 -20
  201. data/src/core/lib/security/credentials/external/external_account_credentials.h +4 -0
  202. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +4 -0
  203. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -0
  204. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +4 -0
  205. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +4 -0
  206. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -1
  207. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -3
  208. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +12 -0
  209. data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.cc +22 -5
  210. data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.h +1 -5
  211. data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -0
  212. data/src/core/lib/security/credentials/xds/xds_credentials.cc +21 -28
  213. data/src/core/lib/security/credentials/xds/xds_credentials.h +2 -4
  214. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +4 -3
  215. data/src/core/lib/security/transport/auth_filters.h +71 -4
  216. data/src/core/lib/security/transport/client_auth_filter.cc +2 -4
  217. data/src/core/lib/security/transport/legacy_server_auth_filter.cc +244 -0
  218. data/src/core/lib/security/transport/server_auth_filter.cc +70 -90
  219. data/src/core/lib/slice/slice_buffer.h +3 -0
  220. data/src/core/lib/surface/builtins.cc +1 -1
  221. data/src/core/lib/surface/call.cc +683 -196
  222. data/src/core/lib/surface/call.h +26 -13
  223. data/src/core/lib/surface/call_trace.cc +42 -1
  224. data/src/core/lib/surface/channel.cc +0 -1
  225. data/src/core/lib/surface/channel.h +0 -6
  226. data/src/core/lib/surface/channel_init.h +26 -0
  227. data/src/core/lib/surface/init.cc +14 -8
  228. data/src/core/lib/surface/server.cc +256 -237
  229. data/src/core/lib/surface/server.h +26 -54
  230. data/src/core/lib/surface/version.cc +2 -2
  231. data/src/core/lib/surface/wait_for_cq_end_op.h +94 -0
  232. data/src/core/lib/transport/call_final_info.cc +38 -0
  233. data/src/core/lib/transport/call_final_info.h +54 -0
  234. data/src/core/lib/transport/connectivity_state.cc +3 -2
  235. data/src/core/lib/transport/connectivity_state.h +4 -0
  236. data/src/core/lib/transport/metadata_batch.h +4 -4
  237. data/src/core/lib/transport/transport.cc +70 -19
  238. data/src/core/lib/transport/transport.h +395 -25
  239. data/src/core/plugin_registry/grpc_plugin_registry.cc +3 -0
  240. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +0 -3
  241. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
  242. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
  243. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -1
  244. data/src/core/tsi/ssl_transport_security.cc +65 -43
  245. data/src/ruby/ext/grpc/rb_channel_args.c +3 -1
  246. data/src/ruby/ext/grpc/rb_grpc.c +0 -1
  247. data/src/ruby/ext/grpc/rb_grpc.h +0 -2
  248. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
  249. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
  250. data/src/ruby/lib/grpc/version.rb +1 -1
  251. data/third_party/upb/upb/reflection/def_pool.h +2 -2
  252. data/third_party/zlib/adler32.c +5 -27
  253. data/third_party/zlib/compress.c +5 -16
  254. data/third_party/zlib/crc32.c +86 -162
  255. data/third_party/zlib/deflate.c +233 -336
  256. data/third_party/zlib/deflate.h +8 -8
  257. data/third_party/zlib/gzguts.h +11 -12
  258. data/third_party/zlib/infback.c +7 -23
  259. data/third_party/zlib/inffast.c +1 -4
  260. data/third_party/zlib/inffast.h +1 -1
  261. data/third_party/zlib/inflate.c +30 -99
  262. data/third_party/zlib/inftrees.c +6 -11
  263. data/third_party/zlib/inftrees.h +3 -3
  264. data/third_party/zlib/trees.c +224 -302
  265. data/third_party/zlib/uncompr.c +4 -12
  266. data/third_party/zlib/zconf.h +6 -2
  267. data/third_party/zlib/zlib.h +191 -188
  268. data/third_party/zlib/zutil.c +16 -44
  269. data/third_party/zlib/zutil.h +10 -10
  270. metadata +35 -13
  271. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +0 -1173
  272. data/src/core/lib/event_engine/memory_allocator.cc +0 -74
  273. data/src/core/lib/transport/pid_controller.cc +0 -51
  274. data/src/core/lib/transport/pid_controller.h +0 -116
  275. data/third_party/upb/upb/collections/array.h +0 -17
  276. data/third_party/upb/upb/collections/map.h +0 -17
  277. data/third_party/upb/upb/upb.hpp +0 -18
@@ -23,8 +23,11 @@
23
23
 
24
24
  #include <set>
25
25
  #include <string>
26
+ #include <utility>
26
27
  #include <vector>
27
28
 
29
+ #include "absl/functional/function_ref.h"
30
+
28
31
  #include "src/core/lib/channel/channel_args.h"
29
32
  #include "src/core/lib/iomgr/resolved_address.h"
30
33
 
@@ -64,6 +67,9 @@ class EndpointAddresses {
64
67
  bool operator==(const EndpointAddresses& other) const {
65
68
  return Cmp(other) == 0;
66
69
  }
70
+ bool operator!=(const EndpointAddresses& other) const {
71
+ return Cmp(other) != 0;
72
+ }
67
73
  bool operator<(const EndpointAddresses& other) const {
68
74
  return Cmp(other) < 0;
69
75
  }
@@ -111,6 +117,48 @@ class EndpointAddressSet {
111
117
  std::set<grpc_resolved_address, ResolvedAddressLessThan> addresses_;
112
118
  };
113
119
 
120
+ // An iterator interface for endpoints.
121
+ class EndpointAddressesIterator {
122
+ public:
123
+ virtual ~EndpointAddressesIterator() = default;
124
+
125
+ // Invokes callback once for each endpoint.
126
+ virtual void ForEach(
127
+ absl::FunctionRef<void(const EndpointAddresses&)> callback) const = 0;
128
+ };
129
+
130
+ // Iterator over a fixed list of endpoints.
131
+ class EndpointAddressesListIterator : public EndpointAddressesIterator {
132
+ public:
133
+ explicit EndpointAddressesListIterator(EndpointAddressesList endpoints)
134
+ : endpoints_(std::move(endpoints)) {}
135
+
136
+ void ForEach(absl::FunctionRef<void(const EndpointAddresses&)> callback)
137
+ const override {
138
+ for (const auto& endpoint : endpoints_) {
139
+ callback(endpoint);
140
+ }
141
+ }
142
+
143
+ private:
144
+ EndpointAddressesList endpoints_;
145
+ };
146
+
147
+ // Iterator that returns only a single endpoint.
148
+ class SingleEndpointIterator : public EndpointAddressesIterator {
149
+ public:
150
+ explicit SingleEndpointIterator(EndpointAddresses endpoint)
151
+ : endpoint_(std::move(endpoint)) {}
152
+
153
+ void ForEach(absl::FunctionRef<void(const EndpointAddresses&)> callback)
154
+ const override {
155
+ callback(endpoint_);
156
+ }
157
+
158
+ private:
159
+ EndpointAddresses endpoint_;
160
+ };
161
+
114
162
  } // namespace grpc_core
115
163
 
116
164
  #endif // GRPC_SRC_CORE_LIB_RESOLVER_ENDPOINT_ADDRESSES_H
@@ -180,7 +180,7 @@ class Arena {
180
180
  template <typename T, typename... Args>
181
181
  T* New(Args&&... args) {
182
182
  T* t = static_cast<T*>(Alloc(sizeof(T)));
183
- Construct(t, std::forward<Args>(args)...);
183
+ new (t) T(std::forward<Args>(args)...);
184
184
  return t;
185
185
  }
186
186
 
@@ -333,7 +333,7 @@ class Arena {
333
333
  // value in Arena::PoolSizes, and so this may pessimize total
334
334
  // arena size.
335
335
  template <typename T, typename... Args>
336
- PoolPtr<T> MakePooled(Args&&... args) {
336
+ static PoolPtr<T> MakePooled(Args&&... args) {
337
337
  return PoolPtr<T>(new T(std::forward<Args>(args)...), PooledDeleter());
338
338
  }
339
339
 
@@ -20,11 +20,19 @@
20
20
 
21
21
  #include <algorithm>
22
22
  #include <atomic>
23
+ #include <cstddef>
24
+ #include <cstdint>
25
+ #include <cstdlib>
26
+ #include <memory>
23
27
  #include <tuple>
28
+ #include <utility>
24
29
 
25
30
  #include "absl/status/status.h"
26
31
  #include "absl/strings/str_cat.h"
27
32
 
33
+ #include <grpc/event_engine/internal/memory_allocator_impl.h>
34
+ #include <grpc/slice.h>
35
+
28
36
  #include "src/core/lib/debug/trace.h"
29
37
  #include "src/core/lib/gpr/useful.h"
30
38
  #include "src/core/lib/gprpp/mpscq.h"
@@ -34,6 +42,7 @@
34
42
  #include "src/core/lib/promise/race.h"
35
43
  #include "src/core/lib/promise/seq.h"
36
44
  #include "src/core/lib/resource_quota/trace.h"
45
+ #include "src/core/lib/slice/slice_refcount.h"
37
46
 
38
47
  namespace grpc_core {
39
48
 
@@ -90,6 +99,39 @@ class MemoryQuotaTracker {
90
99
  Mutex mu_;
91
100
  std::vector<std::weak_ptr<BasicMemoryQuota>> quotas_ ABSL_GUARDED_BY(mu_);
92
101
  };
102
+
103
+ // Reference count for a slice allocated by MemoryAllocator::MakeSlice.
104
+ // Takes care of releasing memory back when the slice is destroyed.
105
+ class SliceRefCount : public grpc_slice_refcount {
106
+ public:
107
+ SliceRefCount(
108
+ std::shared_ptr<
109
+ grpc_event_engine::experimental::internal::MemoryAllocatorImpl>
110
+ allocator,
111
+ size_t size)
112
+ : grpc_slice_refcount(Destroy),
113
+ allocator_(std::move(allocator)),
114
+ size_(size) {
115
+ // Nothing to do here.
116
+ }
117
+ ~SliceRefCount() {
118
+ allocator_->Release(size_);
119
+ allocator_.reset();
120
+ }
121
+
122
+ private:
123
+ static void Destroy(grpc_slice_refcount* p) {
124
+ auto* rc = static_cast<SliceRefCount*>(p);
125
+ rc->~SliceRefCount();
126
+ free(rc);
127
+ }
128
+
129
+ std::shared_ptr<
130
+ grpc_event_engine::experimental::internal::MemoryAllocatorImpl>
131
+ allocator_;
132
+ size_t size_;
133
+ };
134
+
93
135
  } // namespace
94
136
 
95
137
  //
@@ -337,6 +379,18 @@ void GrpcMemoryAllocatorImpl::Replenish() {
337
379
  free_bytes_.fetch_add(amount, std::memory_order_acq_rel);
338
380
  }
339
381
 
382
+ grpc_slice GrpcMemoryAllocatorImpl::MakeSlice(MemoryRequest request) {
383
+ auto size = Reserve(request.Increase(sizeof(SliceRefCount)));
384
+ void* p = malloc(size);
385
+ new (p) SliceRefCount(shared_from_this(), size);
386
+ grpc_slice slice;
387
+ slice.refcount = static_cast<SliceRefCount*>(p);
388
+ slice.data.refcounted.bytes =
389
+ static_cast<uint8_t*>(p) + sizeof(SliceRefCount);
390
+ slice.data.refcounted.length = size - sizeof(SliceRefCount);
391
+ return slice;
392
+ }
393
+
340
394
  //
341
395
  // BasicMemoryQuota
342
396
  //
@@ -604,14 +658,9 @@ BasicMemoryQuota::PressureInfo BasicMemoryQuota::GetPressureInfo() {
604
658
  if (size < 1) return PressureInfo{1, 1, 1};
605
659
  PressureInfo pressure_info;
606
660
  pressure_info.instantaneous_pressure = std::max(0.0, (size - free) / size);
607
- if (IsMemoryPressureControllerEnabled()) {
608
- pressure_info.pressure_control_value =
609
- pressure_tracker_.AddSampleAndGetControlValue(
610
- pressure_info.instantaneous_pressure);
611
- } else {
612
- pressure_info.pressure_control_value =
613
- std::min(pressure_info.instantaneous_pressure, 1.0);
614
- }
661
+ pressure_info.pressure_control_value =
662
+ pressure_tracker_.AddSampleAndGetControlValue(
663
+ pressure_info.instantaneous_pressure);
615
664
  pressure_info.max_recommended_allocation_size = quota_size / 16;
616
665
  return pressure_info;
617
666
  }
@@ -400,6 +400,12 @@ class GrpcMemoryAllocatorImpl final : public EventEngineMemoryAllocatorImpl {
400
400
  // Returns the number of bytes reserved.
401
401
  size_t Reserve(MemoryRequest request) override;
402
402
 
403
+ /// Allocate a slice, using MemoryRequest to size the number of returned
404
+ /// bytes. For a variable length request, check the returned slice length to
405
+ /// verify how much memory was allocated. Takes care of reserving memory for
406
+ /// any relevant control structures also.
407
+ grpc_slice MakeSlice(MemoryRequest request) override;
408
+
403
409
  // Release some bytes that were previously reserved.
404
410
  void Release(size_t n) override {
405
411
  // Add the released memory to our free bytes counter... if this increases
@@ -39,6 +39,12 @@ namespace grpc_core {
39
39
 
40
40
  TraceFlag grpc_authz_trace(false, "grpc_authz_api");
41
41
 
42
+ const NoInterceptor GrpcServerAuthzFilter::Call::OnServerInitialMetadata;
43
+ const NoInterceptor GrpcServerAuthzFilter::Call::OnServerTrailingMetadata;
44
+ const NoInterceptor GrpcServerAuthzFilter::Call::OnClientToServerMessage;
45
+ const NoInterceptor GrpcServerAuthzFilter::Call::OnServerToClientMessage;
46
+ const NoInterceptor GrpcServerAuthzFilter::Call::OnFinalize;
47
+
42
48
  GrpcServerAuthzFilter::GrpcServerAuthzFilter(
43
49
  RefCountedPtr<grpc_auth_context> auth_context, grpc_endpoint* endpoint,
44
50
  RefCountedPtr<grpc_authorization_policy_provider> provider)
@@ -61,9 +67,8 @@ absl::StatusOr<GrpcServerAuthzFilter> GrpcServerAuthzFilter::Create(
61
67
  /*endpoint=*/nullptr, provider->Ref());
62
68
  }
63
69
 
64
- bool GrpcServerAuthzFilter::IsAuthorized(
65
- const ClientMetadataHandle& initial_metadata) {
66
- EvaluateArgs args(initial_metadata.get(), &per_channel_evaluate_args_);
70
+ bool GrpcServerAuthzFilter::IsAuthorized(ClientMetadata& initial_metadata) {
71
+ EvaluateArgs args(&initial_metadata, &per_channel_evaluate_args_);
67
72
  if (GRPC_TRACE_FLAG_ENABLED(grpc_authz_trace)) {
68
73
  gpr_log(GPR_DEBUG,
69
74
  "checking request: url_path=%s, transport_security_type=%s, "
@@ -105,17 +110,15 @@ bool GrpcServerAuthzFilter::IsAuthorized(
105
110
  return false;
106
111
  }
107
112
 
108
- ArenaPromise<ServerMetadataHandle> GrpcServerAuthzFilter::MakeCallPromise(
109
- CallArgs call_args, NextPromiseFactory next_promise_factory) {
110
- if (!IsAuthorized(call_args.client_initial_metadata)) {
111
- return ArenaPromise<ServerMetadataHandle>(
112
- Immediate(ServerMetadataFromStatus(absl::PermissionDeniedError(
113
- "Unauthorized RPC request rejected."))));
113
+ absl::Status GrpcServerAuthzFilter::Call::OnClientInitialMetadata(
114
+ ClientMetadata& md, GrpcServerAuthzFilter* filter) {
115
+ if (!filter->IsAuthorized(md)) {
116
+ return absl::PermissionDeniedError("Unauthorized RPC request rejected.");
114
117
  }
115
- return next_promise_factory(std::move(call_args));
118
+ return absl::OkStatus();
116
119
  }
117
120
 
118
- const grpc_channel_filter GrpcServerAuthzFilter::kFilterVtable =
121
+ const grpc_channel_filter GrpcServerAuthzFilter::kFilter =
119
122
  MakePromiseBasedFilter<GrpcServerAuthzFilter, FilterEndpoint::kServer>(
120
123
  "grpc-server-authz");
121
124
 
@@ -34,22 +34,31 @@
34
34
 
35
35
  namespace grpc_core {
36
36
 
37
- class GrpcServerAuthzFilter final : public ChannelFilter {
37
+ class GrpcServerAuthzFilter final
38
+ : public ImplementChannelFilter<GrpcServerAuthzFilter> {
38
39
  public:
39
- static const grpc_channel_filter kFilterVtable;
40
+ static const grpc_channel_filter kFilter;
40
41
 
41
42
  static absl::StatusOr<GrpcServerAuthzFilter> Create(const ChannelArgs& args,
42
43
  ChannelFilter::Args);
43
44
 
44
- ArenaPromise<ServerMetadataHandle> MakeCallPromise(
45
- CallArgs call_args, NextPromiseFactory next_promise_factory) override;
45
+ class Call {
46
+ public:
47
+ absl::Status OnClientInitialMetadata(ClientMetadata& md,
48
+ GrpcServerAuthzFilter* filter);
49
+ static const NoInterceptor OnServerInitialMetadata;
50
+ static const NoInterceptor OnServerTrailingMetadata;
51
+ static const NoInterceptor OnClientToServerMessage;
52
+ static const NoInterceptor OnServerToClientMessage;
53
+ static const NoInterceptor OnFinalize;
54
+ };
46
55
 
47
56
  private:
48
57
  GrpcServerAuthzFilter(
49
58
  RefCountedPtr<grpc_auth_context> auth_context, grpc_endpoint* endpoint,
50
59
  RefCountedPtr<grpc_authorization_policy_provider> provider);
51
60
 
52
- bool IsAuthorized(const ClientMetadataHandle& initial_metadata);
61
+ bool IsAuthorized(ClientMetadata& initial_metadata);
53
62
 
54
63
  RefCountedPtr<grpc_auth_context> auth_context_;
55
64
  EvaluateArgs::PerChannelArgs per_channel_evaluate_args_;
@@ -525,4 +525,8 @@ void AwsExternalAccountCredentials::FinishRetrieveSubjectToken(
525
525
  }
526
526
  }
527
527
 
528
+ absl::string_view AwsExternalAccountCredentials::CredentialSourceType() {
529
+ return "aws";
530
+ }
531
+
528
532
  } // namespace grpc_core
@@ -24,6 +24,8 @@
24
24
  #include <string>
25
25
  #include <vector>
26
26
 
27
+ #include "absl/strings/string_view.h"
28
+
27
29
  #include "src/core/lib/gprpp/orphanable.h"
28
30
  #include "src/core/lib/gprpp/ref_counted_ptr.h"
29
31
  #include "src/core/lib/http/httpcli.h"
@@ -72,6 +74,8 @@ class AwsExternalAccountCredentials final : public ExternalAccountCredentials {
72
74
 
73
75
  void AddMetadataRequestHeaders(grpc_http_request* request);
74
76
 
77
+ absl::string_view CredentialSourceType() override;
78
+
75
79
  std::string audience_;
76
80
  OrphanablePtr<HttpRequest> http_request_;
77
81
 
@@ -26,6 +26,7 @@
26
26
 
27
27
  #include "absl/status/status.h"
28
28
  #include "absl/status/statusor.h"
29
+ #include "absl/strings/escaping.h"
29
30
  #include "absl/strings/match.h"
30
31
  #include "absl/strings/numbers.h"
31
32
  #include "absl/strings/str_cat.h"
@@ -53,7 +54,6 @@
53
54
  #include "src/core/lib/security/credentials/external/file_external_account_credentials.h"
54
55
  #include "src/core/lib/security/credentials/external/url_external_account_credentials.h"
55
56
  #include "src/core/lib/security/util/json_util.h"
56
- #include "src/core/lib/slice/b64.h"
57
57
  #include "src/core/lib/uri/uri_parser.h"
58
58
 
59
59
  #define EXTERNAL_ACCOUNT_CREDENTIALS_GRANT_TYPE \
@@ -271,6 +271,20 @@ std::string ExternalAccountCredentials::debug_string() {
271
271
  grpc_oauth2_token_fetcher_credentials::debug_string());
272
272
  }
273
273
 
274
+ std::string ExternalAccountCredentials::MetricsHeaderValue() {
275
+ return absl::StrFormat(
276
+ "gl-cpp/unknown auth/%s google-byoid-sdk source/%s sa-impersonation/%v "
277
+ "config-lifetime/%v",
278
+ grpc_version_string(), CredentialSourceType(),
279
+ !options_.service_account_impersonation_url.empty(),
280
+ options_.service_account_impersonation.token_lifetime_seconds !=
281
+ IMPERSONATED_CRED_DEFAULT_LIFETIME_IN_SECONDS);
282
+ }
283
+
284
+ absl::string_view ExternalAccountCredentials::CredentialSourceType() {
285
+ return "unknown";
286
+ }
287
+
274
288
  // The token fetching flow:
275
289
  // 1. Retrieve subject token - Subclass's RetrieveSubjectToken() gets called
276
290
  // and the subject token is received in OnRetrieveSubjectTokenInternal().
@@ -317,27 +331,21 @@ void ExternalAccountCredentials::ExchangeToken(
317
331
  }
318
332
  grpc_http_request request;
319
333
  memset(&request, 0, sizeof(grpc_http_request));
320
- grpc_http_header* headers = nullptr;
321
- if (!options_.client_id.empty() && !options_.client_secret.empty()) {
322
- request.hdr_count = 2;
323
- headers = static_cast<grpc_http_header*>(
324
- gpr_malloc(sizeof(grpc_http_header) * request.hdr_count));
325
- headers[0].key = gpr_strdup("Content-Type");
326
- headers[0].value = gpr_strdup("application/x-www-form-urlencoded");
334
+ const bool add_authorization_header =
335
+ !options_.client_id.empty() && !options_.client_secret.empty();
336
+ request.hdr_count = add_authorization_header ? 3 : 2;
337
+ auto* headers = static_cast<grpc_http_header*>(
338
+ gpr_malloc(sizeof(grpc_http_header) * request.hdr_count));
339
+ headers[0].key = gpr_strdup("Content-Type");
340
+ headers[0].value = gpr_strdup("application/x-www-form-urlencoded");
341
+ headers[1].key = gpr_strdup("x-goog-api-client");
342
+ headers[1].value = gpr_strdup(MetricsHeaderValue().c_str());
343
+ if (add_authorization_header) {
327
344
  std::string raw_cred =
328
345
  absl::StrFormat("%s:%s", options_.client_id, options_.client_secret);
329
- char* encoded_cred =
330
- grpc_base64_encode(raw_cred.c_str(), raw_cred.length(), 0, 0);
331
- std::string str = absl::StrFormat("Basic %s", std::string(encoded_cred));
332
- headers[1].key = gpr_strdup("Authorization");
333
- headers[1].value = gpr_strdup(str.c_str());
334
- gpr_free(encoded_cred);
335
- } else {
336
- request.hdr_count = 1;
337
- headers = static_cast<grpc_http_header*>(
338
- gpr_malloc(sizeof(grpc_http_header) * request.hdr_count));
339
- headers[0].key = gpr_strdup("Content-Type");
340
- headers[0].value = gpr_strdup("application/x-www-form-urlencoded");
346
+ std::string str = absl::StrFormat("Basic %s", absl::Base64Escape(raw_cred));
347
+ headers[2].key = gpr_strdup("Authorization");
348
+ headers[2].value = gpr_strdup(str.c_str());
341
349
  }
342
350
  request.hdrs = headers;
343
351
  std::vector<std::string> body_parts;
@@ -101,6 +101,10 @@ class ExternalAccountCredentials
101
101
  HTTPRequestContext* ctx, const Options& options,
102
102
  std::function<void(std::string, grpc_error_handle)> cb) = 0;
103
103
 
104
+ virtual absl::string_view CredentialSourceType();
105
+
106
+ std::string MetricsHeaderValue();
107
+
104
108
  private:
105
109
  // This method implements the common token fetch logic and it will be called
106
110
  // when grpc_oauth2_token_fetcher_credentials request a new access token.
@@ -137,4 +137,8 @@ void FileExternalAccountCredentials::RetrieveSubjectToken(
137
137
  cb(std::string(content), absl::OkStatus());
138
138
  }
139
139
 
140
+ absl::string_view FileExternalAccountCredentials::CredentialSourceType() {
141
+ return "file";
142
+ }
143
+
140
144
  } // namespace grpc_core
@@ -23,6 +23,8 @@
23
23
  #include <string>
24
24
  #include <vector>
25
25
 
26
+ #include "absl/strings/string_view.h"
27
+
26
28
  #include "src/core/lib/gprpp/ref_counted_ptr.h"
27
29
  #include "src/core/lib/iomgr/error.h"
28
30
  #include "src/core/lib/security/credentials/external/external_account_credentials.h"
@@ -44,6 +46,8 @@ class FileExternalAccountCredentials final : public ExternalAccountCredentials {
44
46
  HTTPRequestContext* ctx, const Options& options,
45
47
  std::function<void(std::string, grpc_error_handle)> cb) override;
46
48
 
49
+ absl::string_view CredentialSourceType() override;
50
+
47
51
  // Fields of credential source
48
52
  std::string file_;
49
53
  std::string format_type_;
@@ -240,4 +240,8 @@ void UrlExternalAccountCredentials::FinishRetrieveSubjectToken(
240
240
  }
241
241
  }
242
242
 
243
+ absl::string_view UrlExternalAccountCredentials::CredentialSourceType() {
244
+ return "url";
245
+ }
246
+
243
247
  } // namespace grpc_core
@@ -24,6 +24,8 @@
24
24
  #include <string>
25
25
  #include <vector>
26
26
 
27
+ #include "absl/strings/string_view.h"
28
+
27
29
  #include "src/core/lib/gprpp/orphanable.h"
28
30
  #include "src/core/lib/gprpp/ref_counted_ptr.h"
29
31
  #include "src/core/lib/http/httpcli.h"
@@ -48,6 +50,8 @@ class UrlExternalAccountCredentials final : public ExternalAccountCredentials {
48
50
  HTTPRequestContext* ctx, const Options& options,
49
51
  std::function<void(std::string, grpc_error_handle)> cb) override;
50
52
 
53
+ absl::string_view CredentialSourceType() override;
54
+
51
55
  static void OnRetrieveSubjectToken(void* arg, grpc_error_handle error);
52
56
  void OnRetrieveSubjectTokenInternal(grpc_error_handle error);
53
57
 
@@ -152,7 +152,8 @@ grpc_plugin_credentials::GetRequestMetadata(
152
152
 
153
153
  // Create pending_request object.
154
154
  auto request = grpc_core::MakeRefCounted<PendingRequest>(
155
- Ref(), std::move(initial_metadata), args);
155
+ RefAsSubclass<grpc_plugin_credentials>(), std::move(initial_metadata),
156
+ args);
156
157
  // Invoke the plugin. The callback holds a ref to us.
157
158
  if (GRPC_TRACE_FLAG_ENABLED(grpc_plugin_credentials_trace)) {
158
159
  gpr_log(GPR_INFO, "plugin_credentials[%p]: request %p: invoking plugin",
@@ -39,7 +39,6 @@
39
39
  #include "src/core/lib/gprpp/sync.h"
40
40
  #include "src/core/lib/gprpp/thd.h"
41
41
  #include "src/core/lib/gprpp/unique_type_name.h"
42
- #include "src/core/lib/iomgr/iomgr_fwd.h"
43
42
  #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h"
44
43
  #include "src/core/lib/security/security_connector/ssl_utils.h"
45
44
 
@@ -55,8 +54,6 @@
55
54
  struct grpc_tls_certificate_provider
56
55
  : public grpc_core::RefCounted<grpc_tls_certificate_provider> {
57
56
  public:
58
- virtual grpc_pollset_set* interested_parties() const { return nullptr; }
59
-
60
57
  virtual grpc_core::RefCountedPtr<grpc_tls_certificate_distributor>
61
58
  distributor() const = 0;
62
59
 
@@ -149,3 +149,15 @@ void grpc_tls_credentials_options_set_crl_provider(
149
149
  GPR_ASSERT(options != nullptr);
150
150
  options->set_crl_provider(provider);
151
151
  }
152
+
153
+ void grpc_tls_credentials_options_set_min_tls_version(
154
+ grpc_tls_credentials_options* options, grpc_tls_version min_tls_version) {
155
+ GPR_ASSERT(options != nullptr);
156
+ options->set_min_tls_version(min_tls_version);
157
+ }
158
+
159
+ void grpc_tls_credentials_options_set_max_tls_version(
160
+ grpc_tls_credentials_options* options, grpc_tls_version max_tls_version) {
161
+ GPR_ASSERT(options != nullptr);
162
+ options->set_max_tls_version(max_tls_version);
163
+ }
@@ -148,8 +148,7 @@ absl::StatusOr<std::shared_ptr<CrlProvider>> CreateDirectoryReloaderCrlProvider(
148
148
  return absl::InvalidArgumentError("Refresh duration minimum is 60 seconds");
149
149
  }
150
150
  auto provider = std::make_shared<DirectoryReloaderCrlProvider>(
151
- refresh_duration, reload_error_callback,
152
- grpc_event_engine::experimental::GetDefaultEventEngine(),
151
+ refresh_duration, reload_error_callback, /*event_engine=*/nullptr,
153
152
  MakeDirectoryReader(directory));
154
153
  // This could be slow to do at startup, but we want to
155
154
  // make sure it's done before the provider is used.
@@ -157,10 +156,28 @@ absl::StatusOr<std::shared_ptr<CrlProvider>> CreateDirectoryReloaderCrlProvider(
157
156
  return provider;
158
157
  }
159
158
 
159
+ DirectoryReloaderCrlProvider::DirectoryReloaderCrlProvider(
160
+ std::chrono::seconds duration, std::function<void(absl::Status)> callback,
161
+ std::shared_ptr<grpc_event_engine::experimental::EventEngine> event_engine,
162
+ std::shared_ptr<DirectoryReader> directory_impl)
163
+ : refresh_duration_(Duration::FromSecondsAsDouble(duration.count())),
164
+ reload_error_callback_(std::move(callback)),
165
+ crl_directory_(std::move(directory_impl)) {
166
+ // Must be called before `GetDefaultEventEngine`
167
+ grpc_init();
168
+ if (event_engine == nullptr) {
169
+ event_engine_ = grpc_event_engine::experimental::GetDefaultEventEngine();
170
+ } else {
171
+ event_engine_ = std::move(event_engine);
172
+ }
173
+ }
174
+
160
175
  DirectoryReloaderCrlProvider::~DirectoryReloaderCrlProvider() {
161
176
  if (refresh_handle_.has_value()) {
162
177
  event_engine_->Cancel(refresh_handle_.value());
163
178
  }
179
+ // Call here because we call grpc_init in the constructor
180
+ grpc_shutdown();
164
181
  }
165
182
 
166
183
  void DirectoryReloaderCrlProvider::UpdateAndStartTimer() {
@@ -209,9 +226,9 @@ absl::Status DirectoryReloaderCrlProvider::Update() {
209
226
  // in-place updated in crls_.
210
227
  for (auto& kv : new_crls) {
211
228
  std::shared_ptr<Crl>& crl = kv.second;
212
- // It's not safe to say crl->Issuer() on the LHS and std::move(crl) on the
213
- // RHS, because C++ does not guarantee which of those will be executed
214
- // first.
229
+ // It's not safe to say crl->Issuer() on the LHS and std::move(crl) on
230
+ // the RHS, because C++ does not guarantee which of those will be
231
+ // executed first.
215
232
  std::string issuer(crl->Issuer());
216
233
  crls_[std::move(issuer)] = std::move(crl);
217
234
  }
@@ -98,11 +98,7 @@ class DirectoryReloaderCrlProvider
98
98
  std::chrono::seconds duration, std::function<void(absl::Status)> callback,
99
99
  std::shared_ptr<grpc_event_engine::experimental::EventEngine>
100
100
  event_engine,
101
- std::shared_ptr<DirectoryReader> directory_impl)
102
- : refresh_duration_(Duration::FromSecondsAsDouble(duration.count())),
103
- reload_error_callback_(std::move(callback)),
104
- event_engine_(std::move(event_engine)),
105
- crl_directory_(std::move(directory_impl)) {}
101
+ std::shared_ptr<DirectoryReader> directory_impl);
106
102
 
107
103
  ~DirectoryReloaderCrlProvider() override;
108
104
  std::shared_ptr<Crl> GetCrl(const CertificateInfo& certificate_info) override;
@@ -46,6 +46,22 @@ bool CredentialOptionSanityCheck(grpc_tls_credentials_options* options,
46
46
  gpr_log(GPR_ERROR, "TLS credentials options is nullptr.");
47
47
  return false;
48
48
  }
49
+ // In this case, there will be non-retriable handshake errors.
50
+ if (options->min_tls_version() > options->max_tls_version()) {
51
+ gpr_log(GPR_ERROR, "TLS min version must not be higher than max version.");
52
+ grpc_tls_credentials_options_destroy(options);
53
+ return false;
54
+ }
55
+ if (options->max_tls_version() > grpc_tls_version::TLS1_3) {
56
+ gpr_log(GPR_ERROR, "TLS max version must not be higher than v1.3.");
57
+ grpc_tls_credentials_options_destroy(options);
58
+ return false;
59
+ }
60
+ if (options->min_tls_version() < grpc_tls_version::TLS1_2) {
61
+ gpr_log(GPR_ERROR, "TLS min version must not be lower than v1.2.");
62
+ grpc_tls_credentials_options_destroy(options);
63
+ return false;
64
+ }
49
65
  if (!options->crl_directory().empty() && options->crl_provider() != nullptr) {
50
66
  gpr_log(GPR_ERROR,
51
67
  "Setting crl_directory and crl_provider not supported. Using the "