RubyGems - grpc - Versions diffs - 1.60.2 → 1.61.0.pre2 - Mend

grpc 1.60.2 → 1.61.0.pre2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (279) hide show

data/src/core/lib/resolver/endpoint_addresses.h CHANGED Viewed

@@ -23,8 +23,11 @@
 #include <set>
 #include <string>
+#include <utility>
 #include <vector>
+#include "absl/functional/function_ref.h"
 #include "src/core/lib/channel/channel_args.h"
 #include "src/core/lib/iomgr/resolved_address.h"
@@ -64,6 +67,9 @@ class EndpointAddresses {
   bool operator==(const EndpointAddresses& other) const {
     return Cmp(other) == 0;
   }
+  bool operator!=(const EndpointAddresses& other) const {
+    return Cmp(other) != 0;
+  }
   bool operator<(const EndpointAddresses& other) const {
     return Cmp(other) < 0;
   }
@@ -111,6 +117,48 @@ class EndpointAddressSet {
   std::set<grpc_resolved_address, ResolvedAddressLessThan> addresses_;
 };
+// An iterator interface for endpoints.
+class EndpointAddressesIterator {
+ public:
+  virtual ~EndpointAddressesIterator() = default;
+  // Invokes callback once for each endpoint.
+  virtual void ForEach(
+      absl::FunctionRef<void(const EndpointAddresses&)> callback) const = 0;
+};
+// Iterator over a fixed list of endpoints.
+class EndpointAddressesListIterator : public EndpointAddressesIterator {
+ public:
+  explicit EndpointAddressesListIterator(EndpointAddressesList endpoints)
+      : endpoints_(std::move(endpoints)) {}
+  void ForEach(absl::FunctionRef<void(const EndpointAddresses&)> callback)
+      const override {
+    for (const auto& endpoint : endpoints_) {
+      callback(endpoint);
+    }
+  }
+ private:
+  EndpointAddressesList endpoints_;
+};
+// Iterator that returns only a single endpoint.
+class SingleEndpointIterator : public EndpointAddressesIterator {
+ public:
+  explicit SingleEndpointIterator(EndpointAddresses endpoint)
+      : endpoint_(std::move(endpoint)) {}
+  void ForEach(absl::FunctionRef<void(const EndpointAddresses&)> callback)
+      const override {
+    callback(endpoint_);
+  }
+ private:
+  EndpointAddresses endpoint_;
+};
 }  // namespace grpc_core
 #endif  // GRPC_SRC_CORE_LIB_RESOLVER_ENDPOINT_ADDRESSES_H

data/src/core/lib/resource_quota/arena.h CHANGED Viewed

@@ -180,7 +180,7 @@ class Arena {
   template <typename T, typename... Args>
   T* New(Args&&... args) {
     T* t = static_cast<T*>(Alloc(sizeof(T)));
-    Construct(t, std::forward<Args>(args)...);
+    new (t) T(std::forward<Args>(args)...);
     return t;
   }
@@ -333,7 +333,7 @@ class Arena {
   //          value in Arena::PoolSizes, and so this may pessimize total
   //          arena size.
   template <typename T, typename... Args>
-  PoolPtr<T> MakePooled(Args&&... args) {
+  static PoolPtr<T> MakePooled(Args&&... args) {
     return PoolPtr<T>(new T(std::forward<Args>(args)...), PooledDeleter());
   }

data/src/core/lib/resource_quota/memory_quota.cc CHANGED Viewed

@@ -20,11 +20,19 @@
 #include <algorithm>
 #include <atomic>
+#include <cstddef>
+#include <cstdint>
+#include <cstdlib>
+#include <memory>
 #include <tuple>
+#include <utility>
 #include "absl/status/status.h"
 #include "absl/strings/str_cat.h"
+#include <grpc/event_engine/internal/memory_allocator_impl.h>
+#include <grpc/slice.h>
 #include "src/core/lib/debug/trace.h"
 #include "src/core/lib/gpr/useful.h"
 #include "src/core/lib/gprpp/mpscq.h"
@@ -34,6 +42,7 @@
 #include "src/core/lib/promise/race.h"
 #include "src/core/lib/promise/seq.h"
 #include "src/core/lib/resource_quota/trace.h"
+#include "src/core/lib/slice/slice_refcount.h"
 namespace grpc_core {
@@ -90,6 +99,39 @@ class MemoryQuotaTracker {
   Mutex mu_;
   std::vector<std::weak_ptr<BasicMemoryQuota>> quotas_ ABSL_GUARDED_BY(mu_);
 };
+// Reference count for a slice allocated by MemoryAllocator::MakeSlice.
+// Takes care of releasing memory back when the slice is destroyed.
+class SliceRefCount : public grpc_slice_refcount {
+ public:
+  SliceRefCount(
+      std::shared_ptr<
+          grpc_event_engine::experimental::internal::MemoryAllocatorImpl>
+          allocator,
+      size_t size)
+      : grpc_slice_refcount(Destroy),
+        allocator_(std::move(allocator)),
+        size_(size) {
+    // Nothing to do here.
+  }
+  ~SliceRefCount() {
+    allocator_->Release(size_);
+    allocator_.reset();
+  }
+ private:
+  static void Destroy(grpc_slice_refcount* p) {
+    auto* rc = static_cast<SliceRefCount*>(p);
+    rc->~SliceRefCount();
+    free(rc);
+  }
+  std::shared_ptr<
+      grpc_event_engine::experimental::internal::MemoryAllocatorImpl>
+      allocator_;
+  size_t size_;
+};
 }  // namespace
 //
@@ -337,6 +379,18 @@ void GrpcMemoryAllocatorImpl::Replenish() {
   free_bytes_.fetch_add(amount, std::memory_order_acq_rel);
 }
+grpc_slice GrpcMemoryAllocatorImpl::MakeSlice(MemoryRequest request) {
+  auto size = Reserve(request.Increase(sizeof(SliceRefCount)));
+  void* p = malloc(size);
+  new (p) SliceRefCount(shared_from_this(), size);
+  grpc_slice slice;
+  slice.refcount = static_cast<SliceRefCount*>(p);
+  slice.data.refcounted.bytes =
+      static_cast<uint8_t*>(p) + sizeof(SliceRefCount);
+  slice.data.refcounted.length = size - sizeof(SliceRefCount);
+  return slice;
+}
 //
 // BasicMemoryQuota
 //
@@ -604,14 +658,9 @@ BasicMemoryQuota::PressureInfo BasicMemoryQuota::GetPressureInfo() {
   if (size < 1) return PressureInfo{1, 1, 1};
   PressureInfo pressure_info;
   pressure_info.instantaneous_pressure = std::max(0.0, (size - free) / size);
-  if (IsMemoryPressureControllerEnabled()) {
-    pressure_info.pressure_control_value =
-        pressure_tracker_.AddSampleAndGetControlValue(
-            pressure_info.instantaneous_pressure);
-  } else {
-    pressure_info.pressure_control_value =
-        std::min(pressure_info.instantaneous_pressure, 1.0);
-  }
+  pressure_info.pressure_control_value =
+      pressure_tracker_.AddSampleAndGetControlValue(
+          pressure_info.instantaneous_pressure);
   pressure_info.max_recommended_allocation_size = quota_size / 16;
   return pressure_info;
 }

data/src/core/lib/resource_quota/memory_quota.h CHANGED Viewed

@@ -400,6 +400,12 @@ class GrpcMemoryAllocatorImpl final : public EventEngineMemoryAllocatorImpl {
   // Returns the number of bytes reserved.
   size_t Reserve(MemoryRequest request) override;
+  /// Allocate a slice, using MemoryRequest to size the number of returned
+  /// bytes. For a variable length request, check the returned slice length to
+  /// verify how much memory was allocated. Takes care of reserving memory for
+  /// any relevant control structures also.
+  grpc_slice MakeSlice(MemoryRequest request) override;
   // Release some bytes that were previously reserved.
   void Release(size_t n) override {
     // Add the released memory to our free bytes counter... if this increases

data/src/core/lib/security/authorization/grpc_server_authz_filter.cc CHANGED Viewed

@@ -39,6 +39,12 @@ namespace grpc_core {
 TraceFlag grpc_authz_trace(false, "grpc_authz_api");
+const NoInterceptor GrpcServerAuthzFilter::Call::OnServerInitialMetadata;
+const NoInterceptor GrpcServerAuthzFilter::Call::OnServerTrailingMetadata;
+const NoInterceptor GrpcServerAuthzFilter::Call::OnClientToServerMessage;
+const NoInterceptor GrpcServerAuthzFilter::Call::OnServerToClientMessage;
+const NoInterceptor GrpcServerAuthzFilter::Call::OnFinalize;
 GrpcServerAuthzFilter::GrpcServerAuthzFilter(
     RefCountedPtr<grpc_auth_context> auth_context, grpc_endpoint* endpoint,
     RefCountedPtr<grpc_authorization_policy_provider> provider)
@@ -61,9 +67,8 @@ absl::StatusOr<GrpcServerAuthzFilter> GrpcServerAuthzFilter::Create(
       /*endpoint=*/nullptr, provider->Ref());
 }
-bool GrpcServerAuthzFilter::IsAuthorized(
-    const ClientMetadataHandle& initial_metadata) {
-  EvaluateArgs args(initial_metadata.get(), &per_channel_evaluate_args_);
+bool GrpcServerAuthzFilter::IsAuthorized(ClientMetadata& initial_metadata) {
+  EvaluateArgs args(&initial_metadata, &per_channel_evaluate_args_);
   if (GRPC_TRACE_FLAG_ENABLED(grpc_authz_trace)) {
     gpr_log(GPR_DEBUG,
             "checking request: url_path=%s, transport_security_type=%s, "
@@ -105,17 +110,15 @@ bool GrpcServerAuthzFilter::IsAuthorized(
   return false;
 }
-ArenaPromise<ServerMetadataHandle> GrpcServerAuthzFilter::MakeCallPromise(
-    CallArgs call_args, NextPromiseFactory next_promise_factory) {
-  if (!IsAuthorized(call_args.client_initial_metadata)) {
-    return ArenaPromise<ServerMetadataHandle>(
-        Immediate(ServerMetadataFromStatus(absl::PermissionDeniedError(
-            "Unauthorized RPC request rejected."))));
+absl::Status GrpcServerAuthzFilter::Call::OnClientInitialMetadata(
+    ClientMetadata& md, GrpcServerAuthzFilter* filter) {
+  if (!filter->IsAuthorized(md)) {
+    return absl::PermissionDeniedError("Unauthorized RPC request rejected.");
   }
-  return next_promise_factory(std::move(call_args));
+  return absl::OkStatus();
 }
-const grpc_channel_filter GrpcServerAuthzFilter::kFilterVtable =
+const grpc_channel_filter GrpcServerAuthzFilter::kFilter =
     MakePromiseBasedFilter<GrpcServerAuthzFilter, FilterEndpoint::kServer>(
         "grpc-server-authz");

data/src/core/lib/security/authorization/grpc_server_authz_filter.h CHANGED Viewed

@@ -34,22 +34,31 @@
 namespace grpc_core {
-class GrpcServerAuthzFilter final : public ChannelFilter {
+class GrpcServerAuthzFilter final
+    : public ImplementChannelFilter<GrpcServerAuthzFilter> {
  public:
-  static const grpc_channel_filter kFilterVtable;
+  static const grpc_channel_filter kFilter;
   static absl::StatusOr<GrpcServerAuthzFilter> Create(const ChannelArgs& args,
                                                       ChannelFilter::Args);
-  ArenaPromise<ServerMetadataHandle> MakeCallPromise(
-      CallArgs call_args, NextPromiseFactory next_promise_factory) override;
+  class Call {
+   public:
+    absl::Status OnClientInitialMetadata(ClientMetadata& md,
+                                         GrpcServerAuthzFilter* filter);
+    static const NoInterceptor OnServerInitialMetadata;
+    static const NoInterceptor OnServerTrailingMetadata;
+    static const NoInterceptor OnClientToServerMessage;
+    static const NoInterceptor OnServerToClientMessage;
+    static const NoInterceptor OnFinalize;
+  };
  private:
   GrpcServerAuthzFilter(
       RefCountedPtr<grpc_auth_context> auth_context, grpc_endpoint* endpoint,
       RefCountedPtr<grpc_authorization_policy_provider> provider);
-  bool IsAuthorized(const ClientMetadataHandle& initial_metadata);
+  bool IsAuthorized(ClientMetadata& initial_metadata);
   RefCountedPtr<grpc_auth_context> auth_context_;
   EvaluateArgs::PerChannelArgs per_channel_evaluate_args_;

data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc CHANGED Viewed

@@ -525,4 +525,8 @@ void AwsExternalAccountCredentials::FinishRetrieveSubjectToken(
   }
 }
+absl::string_view AwsExternalAccountCredentials::CredentialSourceType() {
+  return "aws";
+}
 }  // namespace grpc_core

data/src/core/lib/security/credentials/external/aws_external_account_credentials.h CHANGED Viewed

@@ -24,6 +24,8 @@
 #include <string>
 #include <vector>
+#include "absl/strings/string_view.h"
 #include "src/core/lib/gprpp/orphanable.h"
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/http/httpcli.h"
@@ -72,6 +74,8 @@ class AwsExternalAccountCredentials final : public ExternalAccountCredentials {
   void AddMetadataRequestHeaders(grpc_http_request* request);
+  absl::string_view CredentialSourceType() override;
   std::string audience_;
   OrphanablePtr<HttpRequest> http_request_;

data/src/core/lib/security/credentials/external/external_account_credentials.cc CHANGED Viewed

@@ -26,6 +26,7 @@
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
+#include "absl/strings/escaping.h"
 #include "absl/strings/match.h"
 #include "absl/strings/numbers.h"
 #include "absl/strings/str_cat.h"
@@ -53,7 +54,6 @@
 #include "src/core/lib/security/credentials/external/file_external_account_credentials.h"
 #include "src/core/lib/security/credentials/external/url_external_account_credentials.h"
 #include "src/core/lib/security/util/json_util.h"
-#include "src/core/lib/slice/b64.h"
 #include "src/core/lib/uri/uri_parser.h"
 #define EXTERNAL_ACCOUNT_CREDENTIALS_GRANT_TYPE \
@@ -271,6 +271,20 @@ std::string ExternalAccountCredentials::debug_string() {
                          grpc_oauth2_token_fetcher_credentials::debug_string());
 }
+std::string ExternalAccountCredentials::MetricsHeaderValue() {
+  return absl::StrFormat(
+      "gl-cpp/unknown auth/%s google-byoid-sdk source/%s sa-impersonation/%v "
+      "config-lifetime/%v",
+      grpc_version_string(), CredentialSourceType(),
+      !options_.service_account_impersonation_url.empty(),
+      options_.service_account_impersonation.token_lifetime_seconds !=
+          IMPERSONATED_CRED_DEFAULT_LIFETIME_IN_SECONDS);
+}
+absl::string_view ExternalAccountCredentials::CredentialSourceType() {
+  return "unknown";
+}
 // The token fetching flow:
 // 1. Retrieve subject token - Subclass's RetrieveSubjectToken() gets called
 // and the subject token is received in OnRetrieveSubjectTokenInternal().
@@ -317,27 +331,21 @@ void ExternalAccountCredentials::ExchangeToken(
   }
   grpc_http_request request;
   memset(&request, 0, sizeof(grpc_http_request));
-  grpc_http_header* headers = nullptr;
-  if (!options_.client_id.empty() && !options_.client_secret.empty()) {
-    request.hdr_count = 2;
-    headers = static_cast<grpc_http_header*>(
-        gpr_malloc(sizeof(grpc_http_header) * request.hdr_count));
-    headers[0].key = gpr_strdup("Content-Type");
-    headers[0].value = gpr_strdup("application/x-www-form-urlencoded");
+  const bool add_authorization_header =
+      !options_.client_id.empty() && !options_.client_secret.empty();
+  request.hdr_count = add_authorization_header ? 3 : 2;
+  auto* headers = static_cast<grpc_http_header*>(
+      gpr_malloc(sizeof(grpc_http_header) * request.hdr_count));
+  headers[0].key = gpr_strdup("Content-Type");
+  headers[0].value = gpr_strdup("application/x-www-form-urlencoded");
+  headers[1].key = gpr_strdup("x-goog-api-client");
+  headers[1].value = gpr_strdup(MetricsHeaderValue().c_str());
+  if (add_authorization_header) {
     std::string raw_cred =
         absl::StrFormat("%s:%s", options_.client_id, options_.client_secret);
-    char* encoded_cred =
-        grpc_base64_encode(raw_cred.c_str(), raw_cred.length(), 0, 0);
-    std::string str = absl::StrFormat("Basic %s", std::string(encoded_cred));
-    headers[1].key = gpr_strdup("Authorization");
-    headers[1].value = gpr_strdup(str.c_str());
-    gpr_free(encoded_cred);
-  } else {
-    request.hdr_count = 1;
-    headers = static_cast<grpc_http_header*>(
-        gpr_malloc(sizeof(grpc_http_header) * request.hdr_count));
-    headers[0].key = gpr_strdup("Content-Type");
-    headers[0].value = gpr_strdup("application/x-www-form-urlencoded");
+    std::string str = absl::StrFormat("Basic %s", absl::Base64Escape(raw_cred));
+    headers[2].key = gpr_strdup("Authorization");
+    headers[2].value = gpr_strdup(str.c_str());
   }
   request.hdrs = headers;
   std::vector<std::string> body_parts;

data/src/core/lib/security/credentials/external/external_account_credentials.h CHANGED Viewed

@@ -101,6 +101,10 @@ class ExternalAccountCredentials
       HTTPRequestContext* ctx, const Options& options,
       std::function<void(std::string, grpc_error_handle)> cb) = 0;
+  virtual absl::string_view CredentialSourceType();
+  std::string MetricsHeaderValue();
  private:
   // This method implements the common token fetch logic and it will be called
   // when grpc_oauth2_token_fetcher_credentials request a new access token.

data/src/core/lib/security/credentials/external/file_external_account_credentials.cc CHANGED Viewed

@@ -137,4 +137,8 @@ void FileExternalAccountCredentials::RetrieveSubjectToken(
   cb(std::string(content), absl::OkStatus());
 }
+absl::string_view FileExternalAccountCredentials::CredentialSourceType() {
+  return "file";
+}
 }  // namespace grpc_core

data/src/core/lib/security/credentials/external/file_external_account_credentials.h CHANGED Viewed

@@ -23,6 +23,8 @@
 #include <string>
 #include <vector>
+#include "absl/strings/string_view.h"
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/iomgr/error.h"
 #include "src/core/lib/security/credentials/external/external_account_credentials.h"
@@ -44,6 +46,8 @@ class FileExternalAccountCredentials final : public ExternalAccountCredentials {
       HTTPRequestContext* ctx, const Options& options,
       std::function<void(std::string, grpc_error_handle)> cb) override;
+  absl::string_view CredentialSourceType() override;
   // Fields of credential source
   std::string file_;
   std::string format_type_;

data/src/core/lib/security/credentials/external/url_external_account_credentials.cc CHANGED Viewed

@@ -240,4 +240,8 @@ void UrlExternalAccountCredentials::FinishRetrieveSubjectToken(
   }
 }
+absl::string_view UrlExternalAccountCredentials::CredentialSourceType() {
+  return "url";
+}
 }  // namespace grpc_core

data/src/core/lib/security/credentials/external/url_external_account_credentials.h CHANGED Viewed

@@ -24,6 +24,8 @@
 #include <string>
 #include <vector>
+#include "absl/strings/string_view.h"
 #include "src/core/lib/gprpp/orphanable.h"
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/http/httpcli.h"
@@ -48,6 +50,8 @@ class UrlExternalAccountCredentials final : public ExternalAccountCredentials {
       HTTPRequestContext* ctx, const Options& options,
       std::function<void(std::string, grpc_error_handle)> cb) override;
+  absl::string_view CredentialSourceType() override;
   static void OnRetrieveSubjectToken(void* arg, grpc_error_handle error);
   void OnRetrieveSubjectTokenInternal(grpc_error_handle error);

data/src/core/lib/security/credentials/plugin/plugin_credentials.cc CHANGED Viewed

@@ -152,7 +152,8 @@ grpc_plugin_credentials::GetRequestMetadata(
   // Create pending_request object.
   auto request = grpc_core::MakeRefCounted<PendingRequest>(
-      Ref(), std::move(initial_metadata), args);
+      RefAsSubclass<grpc_plugin_credentials>(), std::move(initial_metadata),
+      args);
   // Invoke the plugin.  The callback holds a ref to us.
   if (GRPC_TRACE_FLAG_ENABLED(grpc_plugin_credentials_trace)) {
     gpr_log(GPR_INFO, "plugin_credentials[%p]: request %p: invoking plugin",

data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h CHANGED Viewed

@@ -39,7 +39,6 @@
 #include "src/core/lib/gprpp/sync.h"
 #include "src/core/lib/gprpp/thd.h"
 #include "src/core/lib/gprpp/unique_type_name.h"
-#include "src/core/lib/iomgr/iomgr_fwd.h"
 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h"
 #include "src/core/lib/security/security_connector/ssl_utils.h"
@@ -55,8 +54,6 @@
 struct grpc_tls_certificate_provider
     : public grpc_core::RefCounted<grpc_tls_certificate_provider> {
  public:
-  virtual grpc_pollset_set* interested_parties() const { return nullptr; }
   virtual grpc_core::RefCountedPtr<grpc_tls_certificate_distributor>
   distributor() const = 0;

data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc CHANGED Viewed

@@ -149,3 +149,15 @@ void grpc_tls_credentials_options_set_crl_provider(
   GPR_ASSERT(options != nullptr);
   options->set_crl_provider(provider);
 }
+void grpc_tls_credentials_options_set_min_tls_version(
+    grpc_tls_credentials_options* options, grpc_tls_version min_tls_version) {
+  GPR_ASSERT(options != nullptr);
+  options->set_min_tls_version(min_tls_version);
+}
+void grpc_tls_credentials_options_set_max_tls_version(
+    grpc_tls_credentials_options* options, grpc_tls_version max_tls_version) {
+  GPR_ASSERT(options != nullptr);
+  options->set_max_tls_version(max_tls_version);
+}

data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.cc CHANGED Viewed

@@ -148,8 +148,7 @@ absl::StatusOr<std::shared_ptr<CrlProvider>> CreateDirectoryReloaderCrlProvider(
     return absl::InvalidArgumentError("Refresh duration minimum is 60 seconds");
   }
   auto provider = std::make_shared<DirectoryReloaderCrlProvider>(
-      refresh_duration, reload_error_callback,
-      grpc_event_engine::experimental::GetDefaultEventEngine(),
+      refresh_duration, reload_error_callback, /*event_engine=*/nullptr,
       MakeDirectoryReader(directory));
   // This could be slow to do at startup, but we want to
   // make sure it's done before the provider is used.
@@ -157,10 +156,28 @@ absl::StatusOr<std::shared_ptr<CrlProvider>> CreateDirectoryReloaderCrlProvider(
   return provider;
 }
+DirectoryReloaderCrlProvider::DirectoryReloaderCrlProvider(
+    std::chrono::seconds duration, std::function<void(absl::Status)> callback,
+    std::shared_ptr<grpc_event_engine::experimental::EventEngine> event_engine,
+    std::shared_ptr<DirectoryReader> directory_impl)
+    : refresh_duration_(Duration::FromSecondsAsDouble(duration.count())),
+      reload_error_callback_(std::move(callback)),
+      crl_directory_(std::move(directory_impl)) {
+  // Must be called before `GetDefaultEventEngine`
+  grpc_init();
+  if (event_engine == nullptr) {
+    event_engine_ = grpc_event_engine::experimental::GetDefaultEventEngine();
+  } else {
+    event_engine_ = std::move(event_engine);
+  }
+}
 DirectoryReloaderCrlProvider::~DirectoryReloaderCrlProvider() {
   if (refresh_handle_.has_value()) {
     event_engine_->Cancel(refresh_handle_.value());
   }
+  // Call here because we call grpc_init in the constructor
+  grpc_shutdown();
 }
 void DirectoryReloaderCrlProvider::UpdateAndStartTimer() {
@@ -209,9 +226,9 @@ absl::Status DirectoryReloaderCrlProvider::Update() {
     // in-place updated in crls_.
     for (auto& kv : new_crls) {
       std::shared_ptr<Crl>& crl = kv.second;
-      // It's not safe to say crl->Issuer() on the LHS and std::move(crl) on the
-      // RHS, because C++ does not guarantee which of those will be executed
-      // first.
+      // It's not safe to say crl->Issuer() on the LHS and std::move(crl) on
+      // the RHS, because C++ does not guarantee which of those will be
+      // executed first.
       std::string issuer(crl->Issuer());
       crls_[std::move(issuer)] = std::move(crl);
     }

data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.h CHANGED Viewed

@@ -98,11 +98,7 @@ class DirectoryReloaderCrlProvider
       std::chrono::seconds duration, std::function<void(absl::Status)> callback,
       std::shared_ptr<grpc_event_engine::experimental::EventEngine>
           event_engine,
-      std::shared_ptr<DirectoryReader> directory_impl)
-      : refresh_duration_(Duration::FromSecondsAsDouble(duration.count())),
-        reload_error_callback_(std::move(callback)),
-        event_engine_(std::move(event_engine)),
-        crl_directory_(std::move(directory_impl)) {}
+      std::shared_ptr<DirectoryReader> directory_impl);
   ~DirectoryReloaderCrlProvider() override;
   std::shared_ptr<Crl> GetCrl(const CertificateInfo& certificate_info) override;

data/src/core/lib/security/credentials/tls/tls_credentials.cc CHANGED Viewed

@@ -46,6 +46,22 @@ bool CredentialOptionSanityCheck(grpc_tls_credentials_options* options,
     gpr_log(GPR_ERROR, "TLS credentials options is nullptr.");
     return false;
   }
+  // In this case, there will be non-retriable handshake errors.
+  if (options->min_tls_version() > options->max_tls_version()) {
+    gpr_log(GPR_ERROR, "TLS min version must not be higher than max version.");
+    grpc_tls_credentials_options_destroy(options);
+    return false;
+  }
+  if (options->max_tls_version() > grpc_tls_version::TLS1_3) {
+    gpr_log(GPR_ERROR, "TLS max version must not be higher than v1.3.");
+    grpc_tls_credentials_options_destroy(options);
+    return false;
+  }
+  if (options->min_tls_version() < grpc_tls_version::TLS1_2) {
+    gpr_log(GPR_ERROR, "TLS min version must not be lower than v1.2.");
+    grpc_tls_credentials_options_destroy(options);
+    return false;
+  }
   if (!options->crl_directory().empty() && options->crl_provider() != nullptr) {
     gpr_log(GPR_ERROR,
             "Setting crl_directory and crl_provider not supported. Using the "