grpc 1.60.0 → 1.61.0.pre2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +208 -165
- data/include/grpc/event_engine/event_engine.h +59 -12
- data/include/grpc/event_engine/internal/memory_allocator_impl.h +6 -0
- data/include/grpc/event_engine/internal/slice_cast.h +12 -0
- data/include/grpc/event_engine/memory_allocator.h +3 -1
- data/include/grpc/event_engine/slice.h +5 -0
- data/include/grpc/grpc_security.h +22 -1
- data/include/grpc/impl/call.h +29 -0
- data/include/grpc/impl/channel_arg_names.h +12 -1
- data/include/grpc/impl/slice_type.h +1 -1
- data/include/grpc/module.modulemap +1 -0
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +54 -7
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +20 -6
- data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +10 -13
- data/src/core/ext/filters/channel_idle/channel_idle_filter.h +18 -10
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +326 -0
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.h +143 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -2
- data/src/core/ext/filters/client_channel/client_channel.cc +32 -6
- data/src/core/ext/filters/client_channel/client_channel_internal.h +2 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +54 -21
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +2 -1
- data/src/core/ext/filters/client_channel/lb_policy/endpoint_list.cc +12 -15
- data/src/core/ext/filters/client_channel/lb_policy/endpoint_list.h +8 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +139 -92
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +9 -4
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +9 -4
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +10 -11
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +94 -93
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +5 -3
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +12 -15
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +38 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +25 -28
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +10 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +37 -35
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +504 -461
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +232 -122
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +642 -251
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.h +2 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +7 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +2 -1
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +6 -8
- data/src/core/ext/filters/client_channel/resolver/xds/xds_dependency_manager.cc +1031 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_dependency_manager.h +277 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +128 -270
- data/src/core/ext/filters/client_channel/resolver/xds/{xds_resolver.h → xds_resolver_attributes.h} +5 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver_trace.cc +25 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver_trace.h +30 -0
- data/src/core/ext/filters/client_channel/retry_filter.cc +1 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +35 -17
- data/src/core/ext/filters/deadline/deadline_filter.cc +12 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +17 -13
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +13 -4
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -32
- data/src/core/ext/filters/http/client/http_client_filter.h +10 -5
- data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
- data/src/core/ext/filters/http/client_authority_filter.h +12 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +42 -20
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +55 -80
- data/src/core/ext/filters/http/message_compress/compression_filter.h +54 -12
- data/src/core/ext/filters/http/message_compress/legacy_compression_filter.cc +325 -0
- data/src/core/ext/filters/http/message_compress/legacy_compression_filter.h +139 -0
- data/src/core/ext/filters/http/server/http_server_filter.cc +41 -41
- data/src/core/ext/filters/http/server/http_server_filter.h +11 -4
- data/src/core/ext/filters/message_size/message_size_filter.cc +56 -76
- data/src/core/ext/filters/message_size/message_size_filter.h +35 -23
- data/src/core/ext/filters/rbac/rbac_filter.cc +15 -11
- data/src/core/ext/filters/rbac/rbac_filter.h +11 -4
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +25 -13
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +47 -50
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +21 -4
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -2
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +11 -2
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +67 -145
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +3 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +21 -82
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -8
- data/src/core/ext/transport/chttp2/transport/frame.cc +506 -0
- data/src/core/ext/transport/chttp2/transport/frame.h +214 -0
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +33 -79
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +4 -7
- data/src/core/ext/transport/chttp2/transport/http2_settings.cc +122 -32
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +142 -37
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -22
- data/src/core/ext/transport/chttp2/transport/parsing.cc +23 -37
- data/src/core/ext/transport/chttp2/transport/writing.cc +26 -58
- data/src/core/ext/transport/inproc/inproc_transport.cc +172 -13
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb.h +712 -0
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.c +151 -0
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.h +33 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.c +133 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.h +50 -0
- data/src/core/ext/xds/certificate_provider_store.cc +2 -1
- data/src/core/ext/xds/certificate_provider_store.h +0 -5
- data/src/core/ext/xds/xds_api.cc +31 -18
- data/src/core/ext/xds/xds_api.h +2 -2
- data/src/core/ext/xds/xds_bootstrap.h +3 -0
- data/src/core/ext/xds/xds_certificate_provider.cc +88 -287
- data/src/core/ext/xds/xds_certificate_provider.h +44 -111
- data/src/core/ext/xds/xds_client.cc +420 -414
- data/src/core/ext/xds/xds_client.h +31 -22
- data/src/core/ext/xds/xds_client_grpc.cc +3 -1
- data/src/core/ext/xds/xds_cluster.cc +104 -11
- data/src/core/ext/xds/xds_cluster.h +9 -1
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +9 -5
- data/src/core/ext/xds/xds_common_types.cc +14 -10
- data/src/core/ext/xds/xds_endpoint.cc +9 -4
- data/src/core/ext/xds/xds_endpoint.h +5 -1
- data/src/core/ext/xds/xds_health_status.cc +12 -2
- data/src/core/ext/xds/xds_health_status.h +4 -2
- data/src/core/ext/xds/xds_http_rbac_filter.cc +5 -3
- data/src/core/ext/xds/xds_listener.cc +14 -8
- data/src/core/ext/xds/xds_resource_type_impl.h +6 -4
- data/src/core/ext/xds/xds_route_config.cc +34 -22
- data/src/core/ext/xds/xds_route_config.h +1 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +61 -57
- data/src/core/ext/xds/xds_transport.h +3 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +47 -50
- data/src/core/ext/xds/xds_transport_grpc.h +4 -0
- data/src/core/lib/channel/call_tracer.cc +12 -0
- data/src/core/lib/channel/call_tracer.h +17 -3
- data/src/core/lib/channel/channel_args.cc +24 -14
- data/src/core/lib/channel/channel_args.h +74 -13
- data/src/core/lib/channel/channel_stack.cc +27 -0
- data/src/core/lib/channel/channel_stack.h +10 -10
- data/src/core/lib/channel/connected_channel.cc +64 -18
- data/src/core/lib/channel/promise_based_filter.h +1041 -1
- data/src/core/lib/channel/server_call_tracer_filter.cc +43 -35
- data/src/core/lib/compression/compression_internal.cc +0 -3
- data/src/core/lib/event_engine/ares_resolver.cc +35 -14
- data/src/core/lib/event_engine/ares_resolver.h +9 -10
- data/src/core/lib/event_engine/cf_engine/dns_service_resolver.cc +8 -1
- data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.cc +132 -0
- data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +61 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +52 -36
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +4 -9
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +11 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +9 -2
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +7 -0
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +17 -27
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +0 -3
- data/src/core/lib/event_engine/ref_counted_dns_resolver_interface.h +55 -0
- data/src/core/lib/event_engine/windows/native_windows_dns_resolver.cc +114 -0
- data/src/core/lib/event_engine/windows/native_windows_dns_resolver.h +51 -0
- data/src/core/lib/event_engine/windows/windows_engine.cc +7 -7
- data/src/core/lib/experiments/config.cc +13 -0
- data/src/core/lib/experiments/config.h +3 -0
- data/src/core/lib/experiments/experiments.cc +245 -366
- data/src/core/lib/experiments/experiments.h +50 -156
- data/src/core/lib/gprpp/debug_location.h +13 -0
- data/src/core/lib/gprpp/dual_ref_counted.h +36 -7
- data/src/core/lib/gprpp/orphanable.h +27 -0
- data/src/core/lib/gprpp/ref_counted.h +63 -22
- data/src/core/lib/gprpp/ref_counted_ptr.h +70 -27
- data/src/core/lib/gprpp/ref_counted_string.h +13 -0
- data/src/core/lib/gprpp/status_helper.cc +1 -2
- data/src/core/lib/iomgr/combiner.cc +15 -51
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +31 -0
- data/src/core/lib/iomgr/event_engine_shims/endpoint.h +16 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +4 -3
- data/src/core/lib/load_balancing/lb_policy.h +1 -1
- data/src/core/lib/promise/activity.cc +17 -2
- data/src/core/lib/promise/activity.h +5 -4
- data/src/core/lib/promise/all_ok.h +80 -0
- data/src/core/lib/promise/detail/join_state.h +2077 -0
- data/src/core/lib/promise/detail/promise_factory.h +1 -0
- data/src/core/lib/promise/detail/promise_like.h +8 -1
- data/src/core/lib/promise/detail/seq_state.h +3458 -150
- data/src/core/lib/promise/detail/status.h +42 -5
- data/src/core/lib/promise/for_each.h +13 -1
- data/src/core/lib/promise/if.h +4 -0
- data/src/core/lib/promise/latch.h +6 -3
- data/src/core/lib/promise/party.cc +33 -31
- data/src/core/lib/promise/party.h +142 -6
- data/src/core/lib/promise/poll.h +39 -13
- data/src/core/lib/promise/promise.h +4 -0
- data/src/core/lib/promise/seq.h +107 -7
- data/src/core/lib/promise/status_flag.h +196 -0
- data/src/core/lib/promise/try_join.h +132 -0
- data/src/core/lib/promise/try_seq.h +132 -10
- data/src/core/lib/resolver/endpoint_addresses.cc +0 -1
- data/src/core/lib/resolver/endpoint_addresses.h +48 -0
- data/src/core/lib/resource_quota/arena.h +2 -2
- data/src/core/lib/resource_quota/memory_quota.cc +57 -8
- data/src/core/lib/resource_quota/memory_quota.h +6 -0
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -11
- data/src/core/lib/security/authorization/grpc_server_authz_filter.h +14 -5
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +4 -0
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +28 -20
- data/src/core/lib/security/credentials/external/external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +4 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +4 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +12 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.cc +22 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.h +1 -5
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +21 -28
- data/src/core/lib/security/credentials/xds/xds_credentials.h +2 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +4 -3
- data/src/core/lib/security/transport/auth_filters.h +71 -4
- data/src/core/lib/security/transport/client_auth_filter.cc +2 -4
- data/src/core/lib/security/transport/legacy_server_auth_filter.cc +244 -0
- data/src/core/lib/security/transport/server_auth_filter.cc +70 -90
- data/src/core/lib/slice/slice_buffer.h +3 -0
- data/src/core/lib/surface/builtins.cc +1 -1
- data/src/core/lib/surface/call.cc +683 -196
- data/src/core/lib/surface/call.h +26 -13
- data/src/core/lib/surface/call_trace.cc +42 -1
- data/src/core/lib/surface/channel.cc +0 -1
- data/src/core/lib/surface/channel.h +0 -6
- data/src/core/lib/surface/channel_init.h +26 -0
- data/src/core/lib/surface/init.cc +14 -8
- data/src/core/lib/surface/server.cc +256 -237
- data/src/core/lib/surface/server.h +26 -54
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/surface/wait_for_cq_end_op.h +94 -0
- data/src/core/lib/transport/call_final_info.cc +38 -0
- data/src/core/lib/transport/call_final_info.h +54 -0
- data/src/core/lib/transport/connectivity_state.cc +3 -2
- data/src/core/lib/transport/connectivity_state.h +4 -0
- data/src/core/lib/transport/metadata_batch.h +4 -4
- data/src/core/lib/transport/transport.cc +70 -19
- data/src/core/lib/transport/transport.h +395 -25
- data/src/core/plugin_registry/grpc_plugin_registry.cc +3 -0
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +0 -3
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +65 -43
- data/src/ruby/ext/grpc/rb_channel_args.c +3 -1
- data/src/ruby/ext/grpc/rb_grpc.c +0 -1
- data/src/ruby/ext/grpc/rb_grpc.h +0 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/upb/upb/reflection/def_pool.h +2 -2
- data/third_party/zlib/adler32.c +5 -27
- data/third_party/zlib/compress.c +5 -16
- data/third_party/zlib/crc32.c +86 -162
- data/third_party/zlib/deflate.c +233 -336
- data/third_party/zlib/deflate.h +8 -8
- data/third_party/zlib/gzguts.h +11 -12
- data/third_party/zlib/infback.c +7 -23
- data/third_party/zlib/inffast.c +1 -4
- data/third_party/zlib/inffast.h +1 -1
- data/third_party/zlib/inflate.c +30 -99
- data/third_party/zlib/inftrees.c +6 -11
- data/third_party/zlib/inftrees.h +3 -3
- data/third_party/zlib/trees.c +224 -302
- data/third_party/zlib/uncompr.c +4 -12
- data/third_party/zlib/zconf.h +6 -2
- data/third_party/zlib/zlib.h +191 -188
- data/third_party/zlib/zutil.c +16 -44
- data/third_party/zlib/zutil.h +10 -10
- metadata +35 -13
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +0 -1173
- data/src/core/lib/event_engine/memory_allocator.cc +0 -74
- data/src/core/lib/transport/pid_controller.cc +0 -51
- data/src/core/lib/transport/pid_controller.h +0 -116
- data/third_party/upb/upb/collections/array.h +0 -17
- data/third_party/upb/upb/collections/map.h +0 -17
- data/third_party/upb/upb/upb.hpp +0 -18
@@ -23,8 +23,11 @@
|
|
23
23
|
|
24
24
|
#include <set>
|
25
25
|
#include <string>
|
26
|
+
#include <utility>
|
26
27
|
#include <vector>
|
27
28
|
|
29
|
+
#include "absl/functional/function_ref.h"
|
30
|
+
|
28
31
|
#include "src/core/lib/channel/channel_args.h"
|
29
32
|
#include "src/core/lib/iomgr/resolved_address.h"
|
30
33
|
|
@@ -64,6 +67,9 @@ class EndpointAddresses {
|
|
64
67
|
bool operator==(const EndpointAddresses& other) const {
|
65
68
|
return Cmp(other) == 0;
|
66
69
|
}
|
70
|
+
bool operator!=(const EndpointAddresses& other) const {
|
71
|
+
return Cmp(other) != 0;
|
72
|
+
}
|
67
73
|
bool operator<(const EndpointAddresses& other) const {
|
68
74
|
return Cmp(other) < 0;
|
69
75
|
}
|
@@ -111,6 +117,48 @@ class EndpointAddressSet {
|
|
111
117
|
std::set<grpc_resolved_address, ResolvedAddressLessThan> addresses_;
|
112
118
|
};
|
113
119
|
|
120
|
+
// An iterator interface for endpoints.
|
121
|
+
class EndpointAddressesIterator {
|
122
|
+
public:
|
123
|
+
virtual ~EndpointAddressesIterator() = default;
|
124
|
+
|
125
|
+
// Invokes callback once for each endpoint.
|
126
|
+
virtual void ForEach(
|
127
|
+
absl::FunctionRef<void(const EndpointAddresses&)> callback) const = 0;
|
128
|
+
};
|
129
|
+
|
130
|
+
// Iterator over a fixed list of endpoints.
|
131
|
+
class EndpointAddressesListIterator : public EndpointAddressesIterator {
|
132
|
+
public:
|
133
|
+
explicit EndpointAddressesListIterator(EndpointAddressesList endpoints)
|
134
|
+
: endpoints_(std::move(endpoints)) {}
|
135
|
+
|
136
|
+
void ForEach(absl::FunctionRef<void(const EndpointAddresses&)> callback)
|
137
|
+
const override {
|
138
|
+
for (const auto& endpoint : endpoints_) {
|
139
|
+
callback(endpoint);
|
140
|
+
}
|
141
|
+
}
|
142
|
+
|
143
|
+
private:
|
144
|
+
EndpointAddressesList endpoints_;
|
145
|
+
};
|
146
|
+
|
147
|
+
// Iterator that returns only a single endpoint.
|
148
|
+
class SingleEndpointIterator : public EndpointAddressesIterator {
|
149
|
+
public:
|
150
|
+
explicit SingleEndpointIterator(EndpointAddresses endpoint)
|
151
|
+
: endpoint_(std::move(endpoint)) {}
|
152
|
+
|
153
|
+
void ForEach(absl::FunctionRef<void(const EndpointAddresses&)> callback)
|
154
|
+
const override {
|
155
|
+
callback(endpoint_);
|
156
|
+
}
|
157
|
+
|
158
|
+
private:
|
159
|
+
EndpointAddresses endpoint_;
|
160
|
+
};
|
161
|
+
|
114
162
|
} // namespace grpc_core
|
115
163
|
|
116
164
|
#endif // GRPC_SRC_CORE_LIB_RESOLVER_ENDPOINT_ADDRESSES_H
|
@@ -180,7 +180,7 @@ class Arena {
|
|
180
180
|
template <typename T, typename... Args>
|
181
181
|
T* New(Args&&... args) {
|
182
182
|
T* t = static_cast<T*>(Alloc(sizeof(T)));
|
183
|
-
|
183
|
+
new (t) T(std::forward<Args>(args)...);
|
184
184
|
return t;
|
185
185
|
}
|
186
186
|
|
@@ -333,7 +333,7 @@ class Arena {
|
|
333
333
|
// value in Arena::PoolSizes, and so this may pessimize total
|
334
334
|
// arena size.
|
335
335
|
template <typename T, typename... Args>
|
336
|
-
PoolPtr<T> MakePooled(Args&&... args) {
|
336
|
+
static PoolPtr<T> MakePooled(Args&&... args) {
|
337
337
|
return PoolPtr<T>(new T(std::forward<Args>(args)...), PooledDeleter());
|
338
338
|
}
|
339
339
|
|
@@ -20,11 +20,19 @@
|
|
20
20
|
|
21
21
|
#include <algorithm>
|
22
22
|
#include <atomic>
|
23
|
+
#include <cstddef>
|
24
|
+
#include <cstdint>
|
25
|
+
#include <cstdlib>
|
26
|
+
#include <memory>
|
23
27
|
#include <tuple>
|
28
|
+
#include <utility>
|
24
29
|
|
25
30
|
#include "absl/status/status.h"
|
26
31
|
#include "absl/strings/str_cat.h"
|
27
32
|
|
33
|
+
#include <grpc/event_engine/internal/memory_allocator_impl.h>
|
34
|
+
#include <grpc/slice.h>
|
35
|
+
|
28
36
|
#include "src/core/lib/debug/trace.h"
|
29
37
|
#include "src/core/lib/gpr/useful.h"
|
30
38
|
#include "src/core/lib/gprpp/mpscq.h"
|
@@ -34,6 +42,7 @@
|
|
34
42
|
#include "src/core/lib/promise/race.h"
|
35
43
|
#include "src/core/lib/promise/seq.h"
|
36
44
|
#include "src/core/lib/resource_quota/trace.h"
|
45
|
+
#include "src/core/lib/slice/slice_refcount.h"
|
37
46
|
|
38
47
|
namespace grpc_core {
|
39
48
|
|
@@ -90,6 +99,39 @@ class MemoryQuotaTracker {
|
|
90
99
|
Mutex mu_;
|
91
100
|
std::vector<std::weak_ptr<BasicMemoryQuota>> quotas_ ABSL_GUARDED_BY(mu_);
|
92
101
|
};
|
102
|
+
|
103
|
+
// Reference count for a slice allocated by MemoryAllocator::MakeSlice.
|
104
|
+
// Takes care of releasing memory back when the slice is destroyed.
|
105
|
+
class SliceRefCount : public grpc_slice_refcount {
|
106
|
+
public:
|
107
|
+
SliceRefCount(
|
108
|
+
std::shared_ptr<
|
109
|
+
grpc_event_engine::experimental::internal::MemoryAllocatorImpl>
|
110
|
+
allocator,
|
111
|
+
size_t size)
|
112
|
+
: grpc_slice_refcount(Destroy),
|
113
|
+
allocator_(std::move(allocator)),
|
114
|
+
size_(size) {
|
115
|
+
// Nothing to do here.
|
116
|
+
}
|
117
|
+
~SliceRefCount() {
|
118
|
+
allocator_->Release(size_);
|
119
|
+
allocator_.reset();
|
120
|
+
}
|
121
|
+
|
122
|
+
private:
|
123
|
+
static void Destroy(grpc_slice_refcount* p) {
|
124
|
+
auto* rc = static_cast<SliceRefCount*>(p);
|
125
|
+
rc->~SliceRefCount();
|
126
|
+
free(rc);
|
127
|
+
}
|
128
|
+
|
129
|
+
std::shared_ptr<
|
130
|
+
grpc_event_engine::experimental::internal::MemoryAllocatorImpl>
|
131
|
+
allocator_;
|
132
|
+
size_t size_;
|
133
|
+
};
|
134
|
+
|
93
135
|
} // namespace
|
94
136
|
|
95
137
|
//
|
@@ -337,6 +379,18 @@ void GrpcMemoryAllocatorImpl::Replenish() {
|
|
337
379
|
free_bytes_.fetch_add(amount, std::memory_order_acq_rel);
|
338
380
|
}
|
339
381
|
|
382
|
+
grpc_slice GrpcMemoryAllocatorImpl::MakeSlice(MemoryRequest request) {
|
383
|
+
auto size = Reserve(request.Increase(sizeof(SliceRefCount)));
|
384
|
+
void* p = malloc(size);
|
385
|
+
new (p) SliceRefCount(shared_from_this(), size);
|
386
|
+
grpc_slice slice;
|
387
|
+
slice.refcount = static_cast<SliceRefCount*>(p);
|
388
|
+
slice.data.refcounted.bytes =
|
389
|
+
static_cast<uint8_t*>(p) + sizeof(SliceRefCount);
|
390
|
+
slice.data.refcounted.length = size - sizeof(SliceRefCount);
|
391
|
+
return slice;
|
392
|
+
}
|
393
|
+
|
340
394
|
//
|
341
395
|
// BasicMemoryQuota
|
342
396
|
//
|
@@ -604,14 +658,9 @@ BasicMemoryQuota::PressureInfo BasicMemoryQuota::GetPressureInfo() {
|
|
604
658
|
if (size < 1) return PressureInfo{1, 1, 1};
|
605
659
|
PressureInfo pressure_info;
|
606
660
|
pressure_info.instantaneous_pressure = std::max(0.0, (size - free) / size);
|
607
|
-
|
608
|
-
|
609
|
-
|
610
|
-
pressure_info.instantaneous_pressure);
|
611
|
-
} else {
|
612
|
-
pressure_info.pressure_control_value =
|
613
|
-
std::min(pressure_info.instantaneous_pressure, 1.0);
|
614
|
-
}
|
661
|
+
pressure_info.pressure_control_value =
|
662
|
+
pressure_tracker_.AddSampleAndGetControlValue(
|
663
|
+
pressure_info.instantaneous_pressure);
|
615
664
|
pressure_info.max_recommended_allocation_size = quota_size / 16;
|
616
665
|
return pressure_info;
|
617
666
|
}
|
@@ -400,6 +400,12 @@ class GrpcMemoryAllocatorImpl final : public EventEngineMemoryAllocatorImpl {
|
|
400
400
|
// Returns the number of bytes reserved.
|
401
401
|
size_t Reserve(MemoryRequest request) override;
|
402
402
|
|
403
|
+
/// Allocate a slice, using MemoryRequest to size the number of returned
|
404
|
+
/// bytes. For a variable length request, check the returned slice length to
|
405
|
+
/// verify how much memory was allocated. Takes care of reserving memory for
|
406
|
+
/// any relevant control structures also.
|
407
|
+
grpc_slice MakeSlice(MemoryRequest request) override;
|
408
|
+
|
403
409
|
// Release some bytes that were previously reserved.
|
404
410
|
void Release(size_t n) override {
|
405
411
|
// Add the released memory to our free bytes counter... if this increases
|
@@ -39,6 +39,12 @@ namespace grpc_core {
|
|
39
39
|
|
40
40
|
TraceFlag grpc_authz_trace(false, "grpc_authz_api");
|
41
41
|
|
42
|
+
const NoInterceptor GrpcServerAuthzFilter::Call::OnServerInitialMetadata;
|
43
|
+
const NoInterceptor GrpcServerAuthzFilter::Call::OnServerTrailingMetadata;
|
44
|
+
const NoInterceptor GrpcServerAuthzFilter::Call::OnClientToServerMessage;
|
45
|
+
const NoInterceptor GrpcServerAuthzFilter::Call::OnServerToClientMessage;
|
46
|
+
const NoInterceptor GrpcServerAuthzFilter::Call::OnFinalize;
|
47
|
+
|
42
48
|
GrpcServerAuthzFilter::GrpcServerAuthzFilter(
|
43
49
|
RefCountedPtr<grpc_auth_context> auth_context, grpc_endpoint* endpoint,
|
44
50
|
RefCountedPtr<grpc_authorization_policy_provider> provider)
|
@@ -61,9 +67,8 @@ absl::StatusOr<GrpcServerAuthzFilter> GrpcServerAuthzFilter::Create(
|
|
61
67
|
/*endpoint=*/nullptr, provider->Ref());
|
62
68
|
}
|
63
69
|
|
64
|
-
bool GrpcServerAuthzFilter::IsAuthorized(
|
65
|
-
|
66
|
-
EvaluateArgs args(initial_metadata.get(), &per_channel_evaluate_args_);
|
70
|
+
bool GrpcServerAuthzFilter::IsAuthorized(ClientMetadata& initial_metadata) {
|
71
|
+
EvaluateArgs args(&initial_metadata, &per_channel_evaluate_args_);
|
67
72
|
if (GRPC_TRACE_FLAG_ENABLED(grpc_authz_trace)) {
|
68
73
|
gpr_log(GPR_DEBUG,
|
69
74
|
"checking request: url_path=%s, transport_security_type=%s, "
|
@@ -105,17 +110,15 @@ bool GrpcServerAuthzFilter::IsAuthorized(
|
|
105
110
|
return false;
|
106
111
|
}
|
107
112
|
|
108
|
-
|
109
|
-
|
110
|
-
if (!IsAuthorized(
|
111
|
-
return
|
112
|
-
Immediate(ServerMetadataFromStatus(absl::PermissionDeniedError(
|
113
|
-
"Unauthorized RPC request rejected."))));
|
113
|
+
absl::Status GrpcServerAuthzFilter::Call::OnClientInitialMetadata(
|
114
|
+
ClientMetadata& md, GrpcServerAuthzFilter* filter) {
|
115
|
+
if (!filter->IsAuthorized(md)) {
|
116
|
+
return absl::PermissionDeniedError("Unauthorized RPC request rejected.");
|
114
117
|
}
|
115
|
-
return
|
118
|
+
return absl::OkStatus();
|
116
119
|
}
|
117
120
|
|
118
|
-
const grpc_channel_filter GrpcServerAuthzFilter::
|
121
|
+
const grpc_channel_filter GrpcServerAuthzFilter::kFilter =
|
119
122
|
MakePromiseBasedFilter<GrpcServerAuthzFilter, FilterEndpoint::kServer>(
|
120
123
|
"grpc-server-authz");
|
121
124
|
|
@@ -34,22 +34,31 @@
|
|
34
34
|
|
35
35
|
namespace grpc_core {
|
36
36
|
|
37
|
-
class GrpcServerAuthzFilter final
|
37
|
+
class GrpcServerAuthzFilter final
|
38
|
+
: public ImplementChannelFilter<GrpcServerAuthzFilter> {
|
38
39
|
public:
|
39
|
-
static const grpc_channel_filter
|
40
|
+
static const grpc_channel_filter kFilter;
|
40
41
|
|
41
42
|
static absl::StatusOr<GrpcServerAuthzFilter> Create(const ChannelArgs& args,
|
42
43
|
ChannelFilter::Args);
|
43
44
|
|
44
|
-
|
45
|
-
|
45
|
+
class Call {
|
46
|
+
public:
|
47
|
+
absl::Status OnClientInitialMetadata(ClientMetadata& md,
|
48
|
+
GrpcServerAuthzFilter* filter);
|
49
|
+
static const NoInterceptor OnServerInitialMetadata;
|
50
|
+
static const NoInterceptor OnServerTrailingMetadata;
|
51
|
+
static const NoInterceptor OnClientToServerMessage;
|
52
|
+
static const NoInterceptor OnServerToClientMessage;
|
53
|
+
static const NoInterceptor OnFinalize;
|
54
|
+
};
|
46
55
|
|
47
56
|
private:
|
48
57
|
GrpcServerAuthzFilter(
|
49
58
|
RefCountedPtr<grpc_auth_context> auth_context, grpc_endpoint* endpoint,
|
50
59
|
RefCountedPtr<grpc_authorization_policy_provider> provider);
|
51
60
|
|
52
|
-
bool IsAuthorized(
|
61
|
+
bool IsAuthorized(ClientMetadata& initial_metadata);
|
53
62
|
|
54
63
|
RefCountedPtr<grpc_auth_context> auth_context_;
|
55
64
|
EvaluateArgs::PerChannelArgs per_channel_evaluate_args_;
|
@@ -24,6 +24,8 @@
|
|
24
24
|
#include <string>
|
25
25
|
#include <vector>
|
26
26
|
|
27
|
+
#include "absl/strings/string_view.h"
|
28
|
+
|
27
29
|
#include "src/core/lib/gprpp/orphanable.h"
|
28
30
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
29
31
|
#include "src/core/lib/http/httpcli.h"
|
@@ -72,6 +74,8 @@ class AwsExternalAccountCredentials final : public ExternalAccountCredentials {
|
|
72
74
|
|
73
75
|
void AddMetadataRequestHeaders(grpc_http_request* request);
|
74
76
|
|
77
|
+
absl::string_view CredentialSourceType() override;
|
78
|
+
|
75
79
|
std::string audience_;
|
76
80
|
OrphanablePtr<HttpRequest> http_request_;
|
77
81
|
|
@@ -26,6 +26,7 @@
|
|
26
26
|
|
27
27
|
#include "absl/status/status.h"
|
28
28
|
#include "absl/status/statusor.h"
|
29
|
+
#include "absl/strings/escaping.h"
|
29
30
|
#include "absl/strings/match.h"
|
30
31
|
#include "absl/strings/numbers.h"
|
31
32
|
#include "absl/strings/str_cat.h"
|
@@ -53,7 +54,6 @@
|
|
53
54
|
#include "src/core/lib/security/credentials/external/file_external_account_credentials.h"
|
54
55
|
#include "src/core/lib/security/credentials/external/url_external_account_credentials.h"
|
55
56
|
#include "src/core/lib/security/util/json_util.h"
|
56
|
-
#include "src/core/lib/slice/b64.h"
|
57
57
|
#include "src/core/lib/uri/uri_parser.h"
|
58
58
|
|
59
59
|
#define EXTERNAL_ACCOUNT_CREDENTIALS_GRANT_TYPE \
|
@@ -271,6 +271,20 @@ std::string ExternalAccountCredentials::debug_string() {
|
|
271
271
|
grpc_oauth2_token_fetcher_credentials::debug_string());
|
272
272
|
}
|
273
273
|
|
274
|
+
std::string ExternalAccountCredentials::MetricsHeaderValue() {
|
275
|
+
return absl::StrFormat(
|
276
|
+
"gl-cpp/unknown auth/%s google-byoid-sdk source/%s sa-impersonation/%v "
|
277
|
+
"config-lifetime/%v",
|
278
|
+
grpc_version_string(), CredentialSourceType(),
|
279
|
+
!options_.service_account_impersonation_url.empty(),
|
280
|
+
options_.service_account_impersonation.token_lifetime_seconds !=
|
281
|
+
IMPERSONATED_CRED_DEFAULT_LIFETIME_IN_SECONDS);
|
282
|
+
}
|
283
|
+
|
284
|
+
absl::string_view ExternalAccountCredentials::CredentialSourceType() {
|
285
|
+
return "unknown";
|
286
|
+
}
|
287
|
+
|
274
288
|
// The token fetching flow:
|
275
289
|
// 1. Retrieve subject token - Subclass's RetrieveSubjectToken() gets called
|
276
290
|
// and the subject token is received in OnRetrieveSubjectTokenInternal().
|
@@ -317,27 +331,21 @@ void ExternalAccountCredentials::ExchangeToken(
|
|
317
331
|
}
|
318
332
|
grpc_http_request request;
|
319
333
|
memset(&request, 0, sizeof(grpc_http_request));
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
|
325
|
-
|
326
|
-
|
334
|
+
const bool add_authorization_header =
|
335
|
+
!options_.client_id.empty() && !options_.client_secret.empty();
|
336
|
+
request.hdr_count = add_authorization_header ? 3 : 2;
|
337
|
+
auto* headers = static_cast<grpc_http_header*>(
|
338
|
+
gpr_malloc(sizeof(grpc_http_header) * request.hdr_count));
|
339
|
+
headers[0].key = gpr_strdup("Content-Type");
|
340
|
+
headers[0].value = gpr_strdup("application/x-www-form-urlencoded");
|
341
|
+
headers[1].key = gpr_strdup("x-goog-api-client");
|
342
|
+
headers[1].value = gpr_strdup(MetricsHeaderValue().c_str());
|
343
|
+
if (add_authorization_header) {
|
327
344
|
std::string raw_cred =
|
328
345
|
absl::StrFormat("%s:%s", options_.client_id, options_.client_secret);
|
329
|
-
|
330
|
-
|
331
|
-
|
332
|
-
headers[1].key = gpr_strdup("Authorization");
|
333
|
-
headers[1].value = gpr_strdup(str.c_str());
|
334
|
-
gpr_free(encoded_cred);
|
335
|
-
} else {
|
336
|
-
request.hdr_count = 1;
|
337
|
-
headers = static_cast<grpc_http_header*>(
|
338
|
-
gpr_malloc(sizeof(grpc_http_header) * request.hdr_count));
|
339
|
-
headers[0].key = gpr_strdup("Content-Type");
|
340
|
-
headers[0].value = gpr_strdup("application/x-www-form-urlencoded");
|
346
|
+
std::string str = absl::StrFormat("Basic %s", absl::Base64Escape(raw_cred));
|
347
|
+
headers[2].key = gpr_strdup("Authorization");
|
348
|
+
headers[2].value = gpr_strdup(str.c_str());
|
341
349
|
}
|
342
350
|
request.hdrs = headers;
|
343
351
|
std::vector<std::string> body_parts;
|
@@ -101,6 +101,10 @@ class ExternalAccountCredentials
|
|
101
101
|
HTTPRequestContext* ctx, const Options& options,
|
102
102
|
std::function<void(std::string, grpc_error_handle)> cb) = 0;
|
103
103
|
|
104
|
+
virtual absl::string_view CredentialSourceType();
|
105
|
+
|
106
|
+
std::string MetricsHeaderValue();
|
107
|
+
|
104
108
|
private:
|
105
109
|
// This method implements the common token fetch logic and it will be called
|
106
110
|
// when grpc_oauth2_token_fetcher_credentials request a new access token.
|
@@ -23,6 +23,8 @@
|
|
23
23
|
#include <string>
|
24
24
|
#include <vector>
|
25
25
|
|
26
|
+
#include "absl/strings/string_view.h"
|
27
|
+
|
26
28
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
27
29
|
#include "src/core/lib/iomgr/error.h"
|
28
30
|
#include "src/core/lib/security/credentials/external/external_account_credentials.h"
|
@@ -44,6 +46,8 @@ class FileExternalAccountCredentials final : public ExternalAccountCredentials {
|
|
44
46
|
HTTPRequestContext* ctx, const Options& options,
|
45
47
|
std::function<void(std::string, grpc_error_handle)> cb) override;
|
46
48
|
|
49
|
+
absl::string_view CredentialSourceType() override;
|
50
|
+
|
47
51
|
// Fields of credential source
|
48
52
|
std::string file_;
|
49
53
|
std::string format_type_;
|
@@ -24,6 +24,8 @@
|
|
24
24
|
#include <string>
|
25
25
|
#include <vector>
|
26
26
|
|
27
|
+
#include "absl/strings/string_view.h"
|
28
|
+
|
27
29
|
#include "src/core/lib/gprpp/orphanable.h"
|
28
30
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
29
31
|
#include "src/core/lib/http/httpcli.h"
|
@@ -48,6 +50,8 @@ class UrlExternalAccountCredentials final : public ExternalAccountCredentials {
|
|
48
50
|
HTTPRequestContext* ctx, const Options& options,
|
49
51
|
std::function<void(std::string, grpc_error_handle)> cb) override;
|
50
52
|
|
53
|
+
absl::string_view CredentialSourceType() override;
|
54
|
+
|
51
55
|
static void OnRetrieveSubjectToken(void* arg, grpc_error_handle error);
|
52
56
|
void OnRetrieveSubjectTokenInternal(grpc_error_handle error);
|
53
57
|
|
@@ -152,7 +152,8 @@ grpc_plugin_credentials::GetRequestMetadata(
|
|
152
152
|
|
153
153
|
// Create pending_request object.
|
154
154
|
auto request = grpc_core::MakeRefCounted<PendingRequest>(
|
155
|
-
|
155
|
+
RefAsSubclass<grpc_plugin_credentials>(), std::move(initial_metadata),
|
156
|
+
args);
|
156
157
|
// Invoke the plugin. The callback holds a ref to us.
|
157
158
|
if (GRPC_TRACE_FLAG_ENABLED(grpc_plugin_credentials_trace)) {
|
158
159
|
gpr_log(GPR_INFO, "plugin_credentials[%p]: request %p: invoking plugin",
|
@@ -39,7 +39,6 @@
|
|
39
39
|
#include "src/core/lib/gprpp/sync.h"
|
40
40
|
#include "src/core/lib/gprpp/thd.h"
|
41
41
|
#include "src/core/lib/gprpp/unique_type_name.h"
|
42
|
-
#include "src/core/lib/iomgr/iomgr_fwd.h"
|
43
42
|
#include "src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h"
|
44
43
|
#include "src/core/lib/security/security_connector/ssl_utils.h"
|
45
44
|
|
@@ -55,8 +54,6 @@
|
|
55
54
|
struct grpc_tls_certificate_provider
|
56
55
|
: public grpc_core::RefCounted<grpc_tls_certificate_provider> {
|
57
56
|
public:
|
58
|
-
virtual grpc_pollset_set* interested_parties() const { return nullptr; }
|
59
|
-
|
60
57
|
virtual grpc_core::RefCountedPtr<grpc_tls_certificate_distributor>
|
61
58
|
distributor() const = 0;
|
62
59
|
|
@@ -149,3 +149,15 @@ void grpc_tls_credentials_options_set_crl_provider(
|
|
149
149
|
GPR_ASSERT(options != nullptr);
|
150
150
|
options->set_crl_provider(provider);
|
151
151
|
}
|
152
|
+
|
153
|
+
void grpc_tls_credentials_options_set_min_tls_version(
|
154
|
+
grpc_tls_credentials_options* options, grpc_tls_version min_tls_version) {
|
155
|
+
GPR_ASSERT(options != nullptr);
|
156
|
+
options->set_min_tls_version(min_tls_version);
|
157
|
+
}
|
158
|
+
|
159
|
+
void grpc_tls_credentials_options_set_max_tls_version(
|
160
|
+
grpc_tls_credentials_options* options, grpc_tls_version max_tls_version) {
|
161
|
+
GPR_ASSERT(options != nullptr);
|
162
|
+
options->set_max_tls_version(max_tls_version);
|
163
|
+
}
|
@@ -148,8 +148,7 @@ absl::StatusOr<std::shared_ptr<CrlProvider>> CreateDirectoryReloaderCrlProvider(
|
|
148
148
|
return absl::InvalidArgumentError("Refresh duration minimum is 60 seconds");
|
149
149
|
}
|
150
150
|
auto provider = std::make_shared<DirectoryReloaderCrlProvider>(
|
151
|
-
refresh_duration, reload_error_callback,
|
152
|
-
grpc_event_engine::experimental::GetDefaultEventEngine(),
|
151
|
+
refresh_duration, reload_error_callback, /*event_engine=*/nullptr,
|
153
152
|
MakeDirectoryReader(directory));
|
154
153
|
// This could be slow to do at startup, but we want to
|
155
154
|
// make sure it's done before the provider is used.
|
@@ -157,10 +156,28 @@ absl::StatusOr<std::shared_ptr<CrlProvider>> CreateDirectoryReloaderCrlProvider(
|
|
157
156
|
return provider;
|
158
157
|
}
|
159
158
|
|
159
|
+
DirectoryReloaderCrlProvider::DirectoryReloaderCrlProvider(
|
160
|
+
std::chrono::seconds duration, std::function<void(absl::Status)> callback,
|
161
|
+
std::shared_ptr<grpc_event_engine::experimental::EventEngine> event_engine,
|
162
|
+
std::shared_ptr<DirectoryReader> directory_impl)
|
163
|
+
: refresh_duration_(Duration::FromSecondsAsDouble(duration.count())),
|
164
|
+
reload_error_callback_(std::move(callback)),
|
165
|
+
crl_directory_(std::move(directory_impl)) {
|
166
|
+
// Must be called before `GetDefaultEventEngine`
|
167
|
+
grpc_init();
|
168
|
+
if (event_engine == nullptr) {
|
169
|
+
event_engine_ = grpc_event_engine::experimental::GetDefaultEventEngine();
|
170
|
+
} else {
|
171
|
+
event_engine_ = std::move(event_engine);
|
172
|
+
}
|
173
|
+
}
|
174
|
+
|
160
175
|
DirectoryReloaderCrlProvider::~DirectoryReloaderCrlProvider() {
|
161
176
|
if (refresh_handle_.has_value()) {
|
162
177
|
event_engine_->Cancel(refresh_handle_.value());
|
163
178
|
}
|
179
|
+
// Call here because we call grpc_init in the constructor
|
180
|
+
grpc_shutdown();
|
164
181
|
}
|
165
182
|
|
166
183
|
void DirectoryReloaderCrlProvider::UpdateAndStartTimer() {
|
@@ -209,9 +226,9 @@ absl::Status DirectoryReloaderCrlProvider::Update() {
|
|
209
226
|
// in-place updated in crls_.
|
210
227
|
for (auto& kv : new_crls) {
|
211
228
|
std::shared_ptr<Crl>& crl = kv.second;
|
212
|
-
// It's not safe to say crl->Issuer() on the LHS and std::move(crl) on
|
213
|
-
// RHS, because C++ does not guarantee which of those will be
|
214
|
-
// first.
|
229
|
+
// It's not safe to say crl->Issuer() on the LHS and std::move(crl) on
|
230
|
+
// the RHS, because C++ does not guarantee which of those will be
|
231
|
+
// executed first.
|
215
232
|
std::string issuer(crl->Issuer());
|
216
233
|
crls_[std::move(issuer)] = std::move(crl);
|
217
234
|
}
|
@@ -98,11 +98,7 @@ class DirectoryReloaderCrlProvider
|
|
98
98
|
std::chrono::seconds duration, std::function<void(absl::Status)> callback,
|
99
99
|
std::shared_ptr<grpc_event_engine::experimental::EventEngine>
|
100
100
|
event_engine,
|
101
|
-
std::shared_ptr<DirectoryReader> directory_impl)
|
102
|
-
: refresh_duration_(Duration::FromSecondsAsDouble(duration.count())),
|
103
|
-
reload_error_callback_(std::move(callback)),
|
104
|
-
event_engine_(std::move(event_engine)),
|
105
|
-
crl_directory_(std::move(directory_impl)) {}
|
101
|
+
std::shared_ptr<DirectoryReader> directory_impl);
|
106
102
|
|
107
103
|
~DirectoryReloaderCrlProvider() override;
|
108
104
|
std::shared_ptr<Crl> GetCrl(const CertificateInfo& certificate_info) override;
|
@@ -46,6 +46,22 @@ bool CredentialOptionSanityCheck(grpc_tls_credentials_options* options,
|
|
46
46
|
gpr_log(GPR_ERROR, "TLS credentials options is nullptr.");
|
47
47
|
return false;
|
48
48
|
}
|
49
|
+
// In this case, there will be non-retriable handshake errors.
|
50
|
+
if (options->min_tls_version() > options->max_tls_version()) {
|
51
|
+
gpr_log(GPR_ERROR, "TLS min version must not be higher than max version.");
|
52
|
+
grpc_tls_credentials_options_destroy(options);
|
53
|
+
return false;
|
54
|
+
}
|
55
|
+
if (options->max_tls_version() > grpc_tls_version::TLS1_3) {
|
56
|
+
gpr_log(GPR_ERROR, "TLS max version must not be higher than v1.3.");
|
57
|
+
grpc_tls_credentials_options_destroy(options);
|
58
|
+
return false;
|
59
|
+
}
|
60
|
+
if (options->min_tls_version() < grpc_tls_version::TLS1_2) {
|
61
|
+
gpr_log(GPR_ERROR, "TLS min version must not be lower than v1.2.");
|
62
|
+
grpc_tls_credentials_options_destroy(options);
|
63
|
+
return false;
|
64
|
+
}
|
49
65
|
if (!options->crl_directory().empty() && options->crl_provider() != nullptr) {
|
50
66
|
gpr_log(GPR_ERROR,
|
51
67
|
"Setting crl_directory and crl_provider not supported. Using the "
|