grpc 1.66.0.pre5 → 1.67.0.pre1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (547) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +19 -10
  3. data/include/grpc/credentials.h +1 -1
  4. data/include/grpc/event_engine/README.md +1 -1
  5. data/include/grpc/event_engine/internal/slice_cast.h +1 -1
  6. data/include/grpc/event_engine/slice.h +0 -1
  7. data/include/grpc/event_engine/slice_buffer.h +0 -1
  8. data/include/grpc/grpc_crl_provider.h +1 -1
  9. data/include/grpc/impl/channel_arg_names.h +1 -1
  10. data/include/grpc/support/log.h +34 -32
  11. data/include/grpc/support/sync_generic.h +2 -4
  12. data/src/core/channelz/channelz.cc +0 -1
  13. data/src/core/channelz/channelz_registry.cc +0 -1
  14. data/src/core/client_channel/client_channel.cc +10 -7
  15. data/src/core/client_channel/client_channel.h +1 -1
  16. data/src/core/client_channel/client_channel_filter.cc +21 -18
  17. data/src/core/client_channel/client_channel_filter.h +1 -1
  18. data/src/core/client_channel/client_channel_internal.h +0 -2
  19. data/src/core/client_channel/config_selector.h +0 -1
  20. data/src/core/client_channel/dynamic_filters.cc +0 -2
  21. data/src/core/client_channel/local_subchannel_pool.cc +0 -2
  22. data/src/core/client_channel/retry_filter.h +0 -1
  23. data/src/core/client_channel/retry_filter_legacy_call_data.cc +175 -257
  24. data/src/core/client_channel/subchannel.cc +21 -27
  25. data/src/core/client_channel/subchannel_stream_client.cc +1 -1
  26. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +8 -9
  27. data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +0 -1
  28. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +3 -4
  29. data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.cc +167 -0
  30. data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.h +82 -0
  31. data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.cc +81 -0
  32. data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.h +87 -0
  33. data/src/core/ext/filters/http/message_compress/compression_filter.cc +7 -9
  34. data/src/core/ext/filters/http/server/http_server_filter.cc +2 -4
  35. data/src/core/ext/filters/message_size/message_size_filter.cc +6 -7
  36. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +0 -2
  37. data/src/core/ext/transport/chttp2/alpn/alpn.cc +0 -1
  38. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +6 -8
  39. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +0 -1
  40. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +288 -265
  41. data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -4
  42. data/src/core/ext/transport/chttp2/transport/flow_control.h +0 -1
  43. data/src/core/ext/transport/chttp2/transport/frame.cc +0 -1
  44. data/src/core/ext/transport/chttp2/transport/frame_data.cc +0 -1
  45. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +0 -1
  46. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +6 -6
  47. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +3 -4
  48. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +5 -6
  49. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +0 -1
  50. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +2 -3
  51. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -1
  52. data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +0 -1
  53. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +3 -3
  54. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +37 -5
  55. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +27 -6
  56. data/src/core/ext/transport/chttp2/transport/internal.h +2 -3
  57. data/src/core/ext/transport/chttp2/transport/parsing.cc +21 -32
  58. data/src/core/ext/transport/chttp2/transport/ping_callbacks.cc +0 -1
  59. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +6 -8
  60. data/src/core/ext/transport/chttp2/transport/varint.h +0 -1
  61. data/src/core/ext/transport/chttp2/transport/write_size_policy.cc +0 -1
  62. data/src/core/ext/transport/chttp2/transport/writing.cc +22 -22
  63. data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb.h +431 -0
  64. data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.c +129 -0
  65. data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.h +33 -0
  66. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb.h +16 -0
  67. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb_minitable.c +13 -2
  68. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb.h +397 -22
  69. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.c +94 -20
  70. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.h +2 -0
  71. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.c +86 -0
  72. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.h +47 -0
  73. data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/checked.upbdefs.c +108 -107
  74. data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.c +101 -78
  75. data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.h +10 -0
  76. data/src/core/handshaker/handshaker.cc +21 -29
  77. data/src/core/handshaker/security/secure_endpoint.cc +3 -3
  78. data/src/core/handshaker/security/security_handshaker.cc +60 -72
  79. data/src/core/handshaker/tcp_connect/tcp_connect_handshaker.cc +0 -1
  80. data/src/core/lib/backoff/backoff.cc +7 -10
  81. data/src/core/lib/backoff/backoff.h +4 -6
  82. data/src/core/lib/channel/channel_stack.cc +0 -1
  83. data/src/core/lib/channel/channel_stack.h +0 -1
  84. data/src/core/lib/channel/channel_stack_builder_impl.cc +0 -1
  85. data/src/core/lib/channel/connected_channel.cc +0 -1
  86. data/src/core/lib/channel/promise_based_filter.cc +146 -194
  87. data/src/core/lib/channel/promise_based_filter.h +1 -1
  88. data/src/core/lib/compression/compression_internal.cc +0 -1
  89. data/src/core/lib/config/config_vars.cc +11 -1
  90. data/src/core/lib/config/config_vars.h +8 -0
  91. data/src/core/lib/config/core_configuration.cc +0 -1
  92. data/src/core/lib/config/core_configuration.h +0 -1
  93. data/src/core/lib/debug/event_log.cc +0 -1
  94. data/src/core/lib/debug/trace_flags.cc +4 -18
  95. data/src/core/lib/debug/trace_flags.h +2 -5
  96. data/src/core/lib/debug/trace_impl.h +6 -0
  97. data/src/core/lib/event_engine/ares_resolver.cc +89 -56
  98. data/src/core/lib/event_engine/ares_resolver.h +0 -9
  99. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +14 -1
  100. data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +1 -1
  101. data/src/core/lib/event_engine/forkable.cc +0 -1
  102. data/src/core/lib/event_engine/forkable.h +0 -1
  103. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
  104. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +4 -4
  105. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -1
  106. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +0 -1
  107. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +9 -1
  108. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +0 -1
  109. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +2 -2
  110. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +1 -2
  111. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +4 -9
  112. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +0 -1
  113. data/src/core/lib/event_engine/resolved_address.cc +0 -1
  114. data/src/core/lib/event_engine/slice.cc +0 -1
  115. data/src/core/lib/event_engine/thread_pool/thread_count.cc +0 -1
  116. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -5
  117. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +121 -93
  118. data/src/core/lib/experiments/config.cc +12 -10
  119. data/src/core/lib/experiments/experiments.cc +45 -66
  120. data/src/core/lib/experiments/experiments.h +22 -27
  121. data/src/core/lib/gprpp/chunked_vector.h +0 -1
  122. data/src/core/lib/gprpp/down_cast.h +0 -1
  123. data/src/core/lib/gprpp/host_port.cc +0 -1
  124. data/src/core/lib/gprpp/load_file.cc +0 -1
  125. data/src/core/lib/gprpp/mpscq.h +0 -1
  126. data/src/core/lib/gprpp/single_set_ptr.h +0 -1
  127. data/src/core/lib/gprpp/status_helper.cc +0 -1
  128. data/src/core/lib/gprpp/sync.h +0 -1
  129. data/src/core/lib/gprpp/table.h +28 -0
  130. data/src/core/lib/gprpp/thd.h +0 -1
  131. data/src/core/lib/gprpp/time.h +0 -1
  132. data/src/core/lib/gprpp/time_util.cc +0 -1
  133. data/src/core/lib/gprpp/windows/directory_reader.cc +0 -2
  134. data/src/core/lib/gprpp/windows/thd.cc +0 -1
  135. data/src/core/lib/gprpp/work_serializer.cc +23 -34
  136. data/src/core/lib/iomgr/buffer_list.cc +0 -1
  137. data/src/core/lib/iomgr/call_combiner.h +6 -8
  138. data/src/core/lib/iomgr/cfstream_handle.cc +6 -8
  139. data/src/core/lib/iomgr/closure.h +5 -8
  140. data/src/core/lib/iomgr/combiner.cc +6 -8
  141. data/src/core/lib/iomgr/endpoint_cfstream.cc +17 -22
  142. data/src/core/lib/iomgr/endpoint_pair_posix.cc +0 -1
  143. data/src/core/lib/iomgr/error.h +0 -1
  144. data/src/core/lib/iomgr/ev_apple.cc +13 -18
  145. data/src/core/lib/iomgr/ev_epoll1_linux.cc +47 -85
  146. data/src/core/lib/iomgr/ev_poll_posix.cc +17 -24
  147. data/src/core/lib/iomgr/ev_posix.cc +55 -44
  148. data/src/core/lib/iomgr/ev_posix.h +0 -5
  149. data/src/core/lib/iomgr/event_engine_shims/closure.cc +7 -9
  150. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +3 -4
  151. data/src/core/lib/iomgr/exec_ctx.cc +6 -9
  152. data/src/core/lib/iomgr/exec_ctx.h +26 -16
  153. data/src/core/lib/iomgr/executor.cc +43 -33
  154. data/src/core/lib/iomgr/fork_windows.cc +0 -1
  155. data/src/core/lib/iomgr/internal_errqueue.cc +0 -1
  156. data/src/core/lib/iomgr/iocp_windows.cc +0 -1
  157. data/src/core/lib/iomgr/iomgr_windows.cc +0 -2
  158. data/src/core/lib/iomgr/lockfree_event.cc +7 -11
  159. data/src/core/lib/iomgr/polling_entity.cc +10 -3
  160. data/src/core/lib/iomgr/pollset_windows.cc +0 -2
  161. data/src/core/lib/iomgr/resolve_address.cc +0 -1
  162. data/src/core/lib/iomgr/resolve_address_posix.cc +0 -1
  163. data/src/core/lib/iomgr/resolve_address_windows.cc +0 -1
  164. data/src/core/lib/iomgr/sockaddr_utils_posix.cc +0 -1
  165. data/src/core/lib/iomgr/socket_mutator.cc +0 -1
  166. data/src/core/lib/iomgr/socket_utils_linux.cc +0 -2
  167. data/src/core/lib/iomgr/socket_utils_posix.cc +0 -1
  168. data/src/core/lib/iomgr/socket_utils_windows.cc +0 -2
  169. data/src/core/lib/iomgr/tcp_client_cfstream.cc +7 -12
  170. data/src/core/lib/iomgr/tcp_client_posix.cc +8 -12
  171. data/src/core/lib/iomgr/tcp_client_windows.cc +0 -1
  172. data/src/core/lib/iomgr/tcp_posix.cc +32 -68
  173. data/src/core/lib/iomgr/tcp_server_posix.cc +7 -11
  174. data/src/core/lib/iomgr/tcp_windows.cc +4 -12
  175. data/src/core/lib/iomgr/timer_generic.cc +46 -65
  176. data/src/core/lib/iomgr/timer_manager.cc +4 -5
  177. data/src/core/lib/iomgr/unix_sockets_posix.cc +0 -1
  178. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +0 -2
  179. data/src/core/lib/iomgr/vsock.cc +0 -1
  180. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +0 -2
  181. data/src/core/lib/promise/activity.h +0 -1
  182. data/src/core/lib/promise/context.h +0 -1
  183. data/src/core/lib/promise/detail/join_state.h +44 -44
  184. data/src/core/lib/promise/detail/seq_state.h +1101 -1356
  185. data/src/core/lib/promise/for_each.h +8 -15
  186. data/src/core/lib/promise/interceptor_list.h +17 -27
  187. data/src/core/lib/promise/latch.h +16 -24
  188. data/src/core/lib/promise/map.h +1 -1
  189. data/src/core/lib/promise/party.cc +238 -114
  190. data/src/core/lib/promise/party.h +105 -308
  191. data/src/core/lib/promise/pipe.h +3 -4
  192. data/src/core/lib/promise/poll.h +0 -1
  193. data/src/core/lib/promise/status_flag.h +0 -1
  194. data/src/core/lib/resource_quota/connection_quota.cc +0 -1
  195. data/src/core/lib/resource_quota/memory_quota.cc +11 -19
  196. data/src/core/lib/resource_quota/memory_quota.h +2 -4
  197. data/src/core/lib/resource_quota/periodic_update.cc +2 -3
  198. data/src/core/lib/resource_quota/thread_quota.cc +0 -1
  199. data/src/core/lib/security/authorization/audit_logging.cc +0 -1
  200. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +0 -1
  201. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -19
  202. data/src/core/lib/security/authorization/stdout_logger.cc +0 -1
  203. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +0 -1
  204. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +0 -1
  205. data/src/core/lib/security/credentials/call_creds_util.cc +0 -1
  206. data/src/core/lib/security/credentials/composite/composite_credentials.cc +0 -1
  207. data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -0
  208. data/src/core/lib/security/credentials/credentials.h +1 -2
  209. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +322 -324
  210. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +53 -42
  211. data/src/core/lib/security/credentials/external/external_account_credentials.cc +391 -353
  212. data/src/core/lib/security/credentials/external/external_account_credentials.h +121 -51
  213. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +83 -44
  214. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +27 -7
  215. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +91 -116
  216. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +14 -17
  217. data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -0
  218. data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.cc +196 -0
  219. data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.h +90 -0
  220. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +27 -41
  221. data/src/core/lib/security/credentials/iam/iam_credentials.cc +0 -1
  222. data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -0
  223. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -0
  224. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +163 -259
  225. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +34 -56
  226. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +12 -16
  227. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
  228. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +0 -1
  229. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +0 -1
  230. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -1
  231. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +0 -1
  232. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +0 -1
  233. data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.cc +298 -0
  234. data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.h +176 -0
  235. data/src/core/lib/security/credentials/xds/xds_credentials.cc +0 -1
  236. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +0 -1
  237. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +0 -1
  238. data/src/core/lib/security/security_connector/load_system_roots_windows.cc +0 -1
  239. data/src/core/lib/security/transport/server_auth_filter.cc +4 -6
  240. data/src/core/lib/slice/percent_encoding.cc +0 -1
  241. data/src/core/lib/slice/slice.cc +0 -1
  242. data/src/core/lib/slice/slice.h +0 -1
  243. data/src/core/lib/slice/slice_buffer.cc +0 -1
  244. data/src/core/lib/slice/slice_internal.h +0 -1
  245. data/src/core/lib/slice/slice_refcount.h +6 -8
  246. data/src/core/lib/surface/byte_buffer_reader.cc +0 -1
  247. data/src/core/lib/surface/call.cc +3 -5
  248. data/src/core/lib/surface/call_utils.h +0 -1
  249. data/src/core/lib/surface/channel.cc +0 -1
  250. data/src/core/lib/surface/channel_create.cc +0 -1
  251. data/src/core/lib/surface/channel_init.h +0 -1
  252. data/src/core/lib/surface/client_call.cc +0 -1
  253. data/src/core/lib/surface/client_call.h +0 -1
  254. data/src/core/lib/surface/completion_queue.cc +28 -4
  255. data/src/core/lib/surface/completion_queue_factory.cc +0 -1
  256. data/src/core/lib/surface/filter_stack_call.cc +9 -9
  257. data/src/core/lib/surface/filter_stack_call.h +0 -1
  258. data/src/core/lib/surface/lame_client.cc +0 -1
  259. data/src/core/lib/surface/server_call.cc +0 -1
  260. data/src/core/lib/surface/server_call.h +0 -1
  261. data/src/core/lib/surface/validate_metadata.h +0 -1
  262. data/src/core/lib/surface/version.cc +2 -2
  263. data/src/core/lib/transport/bdp_estimator.cc +9 -12
  264. data/src/core/lib/transport/bdp_estimator.h +6 -8
  265. data/src/core/lib/transport/call_arena_allocator.cc +2 -16
  266. data/src/core/lib/transport/call_arena_allocator.h +20 -5
  267. data/src/core/lib/transport/call_filters.cc +6 -9
  268. data/src/core/lib/transport/call_spine.h +24 -13
  269. data/src/core/lib/transport/connectivity_state.cc +34 -42
  270. data/src/core/lib/transport/metadata_batch.h +41 -1
  271. data/src/core/lib/transport/timeout_encoding.cc +0 -1
  272. data/src/core/lib/transport/transport.h +6 -8
  273. data/src/core/lib/transport/transport_op_string.cc +0 -1
  274. data/src/core/lib/uri/uri_parser.cc +0 -1
  275. data/src/core/load_balancing/grpclb/grpclb.cc +55 -71
  276. data/src/core/load_balancing/health_check_client.cc +31 -42
  277. data/src/core/load_balancing/oob_backend_metric.cc +2 -4
  278. data/src/core/load_balancing/outlier_detection/outlier_detection.cc +99 -129
  279. data/src/core/load_balancing/pick_first/pick_first.cc +168 -228
  280. data/src/core/load_balancing/priority/priority.cc +77 -106
  281. data/src/core/load_balancing/ring_hash/ring_hash.cc +32 -46
  282. data/src/core/load_balancing/rls/rls.cc +142 -187
  283. data/src/core/load_balancing/round_robin/round_robin.cc +36 -55
  284. data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.cc +0 -1
  285. data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +85 -110
  286. data/src/core/load_balancing/weighted_target/weighted_target.cc +52 -75
  287. data/src/core/load_balancing/xds/cds.cc +26 -43
  288. data/src/core/load_balancing/xds/xds_cluster_impl.cc +57 -54
  289. data/src/core/load_balancing/xds/xds_cluster_manager.cc +36 -50
  290. data/src/core/load_balancing/xds/xds_override_host.cc +95 -131
  291. data/src/core/load_balancing/xds/xds_wrr_locality.cc +15 -23
  292. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +3 -0
  293. data/src/core/resolver/binder/binder_resolver.cc +0 -2
  294. data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +62 -44
  295. data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +0 -2
  296. data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +110 -89
  297. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.cc +132 -96
  298. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.h +0 -7
  299. data/src/core/resolver/dns/dns_resolver_plugin.cc +0 -1
  300. data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +40 -39
  301. data/src/core/resolver/dns/native/dns_resolver.cc +8 -14
  302. data/src/core/resolver/endpoint_addresses.cc +0 -1
  303. data/src/core/resolver/fake/fake_resolver.cc +0 -1
  304. data/src/core/resolver/polling_resolver.cc +6 -15
  305. data/src/core/resolver/polling_resolver.h +1 -1
  306. data/src/core/resolver/xds/xds_config.cc +96 -0
  307. data/src/core/resolver/xds/xds_config.h +109 -0
  308. data/src/core/resolver/xds/xds_dependency_manager.cc +59 -154
  309. data/src/core/resolver/xds/xds_dependency_manager.h +1 -69
  310. data/src/core/resolver/xds/xds_resolver.cc +51 -55
  311. data/src/core/server/server.cc +2 -2
  312. data/src/core/server/server_config_selector_filter.cc +0 -1
  313. data/src/core/server/xds_server_config_fetcher.cc +4 -6
  314. data/src/core/service_config/service_config_call_data.h +2 -3
  315. data/src/core/service_config/service_config_channel_arg_filter.cc +0 -1
  316. data/src/core/service_config/service_config_impl.h +0 -1
  317. data/src/core/telemetry/call_tracer.cc +0 -1
  318. data/src/core/telemetry/metrics.h +0 -1
  319. data/src/core/telemetry/stats_data.cc +67 -0
  320. data/src/core/telemetry/stats_data.h +48 -0
  321. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +0 -1
  322. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +0 -1
  323. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +0 -1
  324. data/src/core/tsi/fake_transport_security.cc +6 -5
  325. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -1
  326. data/src/core/util/alloc.cc +0 -1
  327. data/src/core/util/gcp_metadata_query.cc +0 -1
  328. data/src/core/util/http_client/httpcli.cc +12 -15
  329. data/src/core/util/http_client/httpcli.h +16 -11
  330. data/src/core/util/http_client/parser.cc +3 -4
  331. data/src/core/util/json/json_reader.cc +0 -1
  332. data/src/core/util/latent_see.cc +29 -9
  333. data/src/core/util/latent_see.h +122 -27
  334. data/src/core/util/log.cc +36 -55
  335. data/src/core/util/lru_cache.h +104 -0
  336. data/src/core/util/msys/tmpfile.cc +0 -1
  337. data/src/core/util/posix/sync.cc +0 -1
  338. data/src/core/util/posix/time.cc +0 -1
  339. data/src/core/util/ring_buffer.h +123 -0
  340. data/src/core/util/spinlock.h +1 -2
  341. data/src/core/util/string.cc +7 -7
  342. data/src/core/util/sync.cc +0 -1
  343. data/src/core/util/sync_abseil.cc +0 -1
  344. data/src/core/util/time.cc +0 -1
  345. data/src/core/util/unique_ptr_with_bitset.h +86 -0
  346. data/src/core/util/useful.h +0 -24
  347. data/src/core/util/windows/cpu.cc +0 -1
  348. data/src/core/util/windows/sync.cc +0 -1
  349. data/src/core/util/windows/time.cc +0 -1
  350. data/src/core/util/windows/tmpfile.cc +0 -1
  351. data/src/core/xds/grpc/xds_bootstrap_grpc.cc +0 -32
  352. data/src/core/xds/grpc/xds_bootstrap_grpc.h +0 -5
  353. data/src/core/xds/grpc/xds_certificate_provider.cc +0 -1
  354. data/src/core/xds/grpc/xds_client_grpc.cc +11 -16
  355. data/src/core/xds/grpc/xds_cluster.cc +2 -8
  356. data/src/core/xds/grpc/xds_cluster.h +4 -4
  357. data/src/core/xds/grpc/xds_cluster_parser.cc +58 -96
  358. data/src/core/xds/grpc/xds_cluster_specifier_plugin.cc +0 -1
  359. data/src/core/xds/grpc/xds_common_types_parser.cc +4 -4
  360. data/src/core/xds/grpc/xds_common_types_parser.h +17 -0
  361. data/src/core/xds/grpc/xds_endpoint_parser.cc +14 -14
  362. data/src/core/xds/grpc/xds_http_fault_filter.cc +15 -6
  363. data/src/core/xds/grpc/xds_http_fault_filter.h +5 -1
  364. data/src/core/xds/grpc/xds_http_filter.h +11 -1
  365. data/src/core/xds/grpc/xds_http_filter_registry.cc +7 -1
  366. data/src/core/xds/grpc/xds_http_filter_registry.h +8 -1
  367. data/src/core/xds/grpc/xds_http_gcp_authn_filter.cc +142 -0
  368. data/src/core/xds/grpc/xds_http_gcp_authn_filter.h +61 -0
  369. data/src/core/xds/grpc/xds_http_rbac_filter.cc +14 -6
  370. data/src/core/xds/grpc/xds_http_rbac_filter.h +5 -1
  371. data/src/core/xds/grpc/xds_http_stateful_session_filter.cc +9 -1
  372. data/src/core/xds/grpc/xds_http_stateful_session_filter.h +5 -1
  373. data/src/core/xds/grpc/xds_lb_policy_registry.cc +14 -16
  374. data/src/core/xds/grpc/xds_listener_parser.cc +10 -11
  375. data/src/core/xds/grpc/xds_metadata.cc +62 -0
  376. data/src/core/xds/grpc/xds_metadata.h +127 -0
  377. data/src/core/xds/grpc/xds_metadata_parser.cc +143 -0
  378. data/src/core/xds/grpc/xds_metadata_parser.h +36 -0
  379. data/src/core/xds/grpc/xds_route_config_parser.cc +12 -17
  380. data/src/core/xds/grpc/xds_routing.cc +57 -22
  381. data/src/core/xds/grpc/xds_routing.h +10 -2
  382. data/src/core/xds/grpc/xds_transport_grpc.cc +0 -1
  383. data/src/core/xds/xds_client/xds_client.cc +124 -165
  384. data/src/core/xds/xds_client/xds_client_stats.cc +20 -27
  385. data/src/ruby/ext/grpc/rb_call.c +1 -1
  386. data/src/ruby/ext/grpc/rb_call_credentials.c +34 -27
  387. data/src/ruby/ext/grpc/rb_channel.c +22 -16
  388. data/src/ruby/ext/grpc/rb_event_thread.c +3 -2
  389. data/src/ruby/ext/grpc/rb_grpc.c +9 -8
  390. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -10
  391. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +9 -15
  392. data/src/ruby/ext/grpc/rb_server.c +10 -8
  393. data/src/ruby/lib/grpc/generic/active_call.rb +8 -5
  394. data/src/ruby/lib/grpc/version.rb +1 -1
  395. data/src/ruby/spec/call_spec.rb +53 -40
  396. data/src/ruby/spec/channel_spec.rb +4 -2
  397. data/src/ruby/spec/client_server_spec.rb +148 -507
  398. data/src/ruby/spec/generic/active_call_spec.rb +64 -86
  399. data/src/ruby/spec/support/services.rb +3 -0
  400. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand/fork_detect.h → bcm_support.h} +51 -6
  401. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +43 -0
  402. data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +72 -23
  403. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +1 -1
  404. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +160 -14
  405. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +2 -0
  406. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +79 -78
  407. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +89 -0
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c → div.c.inc} +146 -179
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c → random.c.inc} +6 -8
  410. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c → sqrt.c.inc} +1 -1
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c → e_aes.c.inc} +9 -8
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c → ec_key.c.inc} +11 -7
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c → p256-nistz.c.inc} +104 -12
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.h +65 -8
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c → ecdsa.c.inc} +52 -107
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +28 -11
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -80
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c → rand.c.inc} +26 -40
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c → padding.c.inc} +2 -5
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c → rsa_impl.c.inc} +1 -1
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c → self_check.c.inc} +9 -35
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +2 -2
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c → service_indicator.c.inc} +2 -2
  424. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +293 -2
  425. data/third_party/boringssl-with-bazel/src/crypto/internal.h +69 -14
  426. data/third_party/boringssl-with-bazel/src/crypto/mem.c +7 -3
  427. data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +73 -0
  428. data/third_party/boringssl-with-bazel/src/crypto/mldsa/mldsa.c +1687 -0
  429. data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +90 -0
  430. data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +1097 -0
  431. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +4 -1
  432. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +4 -5
  433. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +2 -3
  434. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +1 -1
  435. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +1 -0
  436. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +9 -1
  437. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/fork_detect.c +26 -28
  438. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getentropy.c +9 -1
  439. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/ios.c +9 -1
  440. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +19 -3
  441. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +26 -23
  442. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +37 -0
  443. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/trusty.c +9 -1
  444. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/urandom.c +19 -19
  445. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +8 -1
  446. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +2 -0
  447. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +14 -1
  448. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -9
  449. data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +13 -15
  450. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +8 -6
  451. data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +136 -0
  452. data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +246 -0
  453. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +3 -0
  454. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +3 -4
  455. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +2 -2
  456. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +22 -0
  457. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +35 -5
  458. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -6
  459. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +6 -0
  460. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +6 -1
  461. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -1
  462. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +289 -55
  463. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -0
  464. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +69 -38
  465. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +14 -3
  466. data/third_party/boringssl-with-bazel/src/ssl/internal.h +107 -14
  467. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +44 -16
  468. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -1
  469. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +86 -1
  470. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +7 -4
  471. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +97 -3
  472. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +31 -2
  473. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +6 -0
  474. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +18 -4
  475. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +96 -34
  476. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +15 -5
  477. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +3 -23
  478. metadata +113 -87
  479. data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.cc +0 -45
  480. data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.h +0 -67
  481. data/src/core/util/android/log.cc +0 -48
  482. data/src/core/util/linux/log.cc +0 -69
  483. data/src/core/util/posix/log.cc +0 -69
  484. data/src/core/util/windows/log.cc +0 -73
  485. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c → aes.c.inc} +0 -0
  486. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c → aes_nohw.c.inc} +0 -0
  487. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c → key_wrap.c.inc} +0 -0
  488. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c → mode_wrappers.c.inc} +0 -0
  489. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c → add.c.inc} +0 -0
  490. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c → x86_64-gcc.c.inc} +0 -0
  491. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c → bn.c.inc} +0 -0
  492. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c → bytes.c.inc} +0 -0
  493. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c → cmp.c.inc} +0 -0
  494. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c → ctx.c.inc} +0 -0
  495. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c → div_extra.c.inc} +0 -0
  496. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c → exponentiation.c.inc} +0 -0
  497. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c → gcd.c.inc} +0 -0
  498. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c → gcd_extra.c.inc} +0 -0
  499. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c → generic.c.inc} +0 -0
  500. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c → jacobi.c.inc} +0 -0
  501. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c → montgomery.c.inc} +0 -0
  502. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c → montgomery_inv.c.inc} +0 -0
  503. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c → mul.c.inc} +0 -0
  504. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c → prime.c.inc} +0 -0
  505. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c → rsaz_exp.c.inc} +0 -0
  506. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c → shift.c.inc} +0 -0
  507. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c → aead.c.inc} +0 -0
  508. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c → cipher.c.inc} +0 -0
  509. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c → e_aesccm.c.inc} +0 -0
  510. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c → cmac.c.inc} +0 -0
  511. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c → check.c.inc} +0 -0
  512. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c → dh.c.inc} +0 -0
  513. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c → digest.c.inc} +0 -0
  514. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c → digests.c.inc} +0 -0
  515. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c → digestsign.c.inc} +0 -0
  516. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c → ec.c.inc} +0 -0
  517. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c → ec_montgomery.c.inc} +0 -0
  518. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c → felem.c.inc} +0 -0
  519. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c → oct.c.inc} +0 -0
  520. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c → p224-64.c.inc} +0 -0
  521. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c → p256.c.inc} +0 -0
  522. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c → scalar.c.inc} +0 -0
  523. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c → simple.c.inc} +0 -0
  524. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c → simple_mul.c.inc} +0 -0
  525. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c → util.c.inc} +0 -0
  526. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c → wnaf.c.inc} +0 -0
  527. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c → ecdh.c.inc} +0 -0
  528. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c → hkdf.c.inc} +0 -0
  529. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c → hmac.c.inc} +0 -0
  530. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/{md4.c → md4.c.inc} +0 -0
  531. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/{md5.c → md5.c.inc} +0 -0
  532. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c → cbc.c.inc} +0 -0
  533. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c → cfb.c.inc} +0 -0
  534. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c → ctr.c.inc} +0 -0
  535. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c → gcm.c.inc} +0 -0
  536. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c → gcm_nohw.c.inc} +0 -0
  537. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c → ofb.c.inc} +0 -0
  538. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c → polyval.c.inc} +0 -0
  539. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c → ctrdrbg.c.inc} +0 -0
  540. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c → blinding.c.inc} +0 -0
  541. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c → rsa.c.inc} +0 -0
  542. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c → fips.c.inc} +0 -0
  543. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c → sha1.c.inc} +0 -0
  544. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c → sha256.c.inc} +0 -0
  545. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c → sha512.c.inc} +0 -0
  546. /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c → kdf.c.inc} +0 -0
  547. /data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/getrandom_fillin.h +0 -0
@@ -34,7 +34,6 @@
34
34
  #include <grpc/grpc_security.h>
35
35
  #include <grpc/support/alloc.h>
36
36
  #include <grpc/support/json.h>
37
- #include <grpc/support/log.h>
38
37
  #include <grpc/support/port_platform.h>
39
38
  #include <grpc/support/string_util.h>
40
39
 
@@ -59,6 +58,13 @@ const char* kAccessKeyIdEnvVar = "AWS_ACCESS_KEY_ID";
59
58
  const char* kSecretAccessKeyEnvVar = "AWS_SECRET_ACCESS_KEY";
60
59
  const char* kSessionTokenEnvVar = "AWS_SESSION_TOKEN";
61
60
 
61
+ bool ShouldUseMetadataServer() {
62
+ return !((GetEnv(kRegionEnvVar).has_value() ||
63
+ GetEnv(kDefaultRegionEnvVar).has_value()) &&
64
+ (GetEnv(kAccessKeyIdEnvVar).has_value() &&
65
+ GetEnv(kSecretAccessKeyEnvVar).has_value()));
66
+ }
67
+
62
68
  std::string UrlEncode(const absl::string_view& s) {
63
69
  const char* hex = "0123456789ABCDEF";
64
70
  std::string result;
@@ -79,281 +85,202 @@ std::string UrlEncode(const absl::string_view& s) {
79
85
 
80
86
  } // namespace
81
87
 
82
- RefCountedPtr<AwsExternalAccountCredentials>
83
- AwsExternalAccountCredentials::Create(Options options,
84
- std::vector<std::string> scopes,
85
- grpc_error_handle* error) {
86
- auto creds = MakeRefCounted<AwsExternalAccountCredentials>(
87
- std::move(options), std::move(scopes), error);
88
- if (error->ok()) {
89
- return creds;
90
- } else {
91
- return nullptr;
92
- }
93
- }
88
+ //
89
+ // AwsExternalAccountCredentials::AwsFetchBody
90
+ //
94
91
 
95
- AwsExternalAccountCredentials::AwsExternalAccountCredentials(
96
- Options options, std::vector<std::string> scopes, grpc_error_handle* error)
97
- : ExternalAccountCredentials(options, std::move(scopes)) {
98
- audience_ = options.audience;
99
- auto it = options.credential_source.object().find("environment_id");
100
- if (it == options.credential_source.object().end()) {
101
- *error = GRPC_ERROR_CREATE("environment_id field not present.");
102
- return;
103
- }
104
- if (it->second.type() != Json::Type::kString) {
105
- *error = GRPC_ERROR_CREATE("environment_id field must be a string.");
106
- return;
107
- }
108
- if (it->second.string() != kExpectedEnvironmentId) {
109
- *error = GRPC_ERROR_CREATE("environment_id does not match.");
110
- return;
111
- }
112
- it = options.credential_source.object().find("region_url");
113
- if (it == options.credential_source.object().end()) {
114
- *error = GRPC_ERROR_CREATE("region_url field not present.");
115
- return;
116
- }
117
- if (it->second.type() != Json::Type::kString) {
118
- *error = GRPC_ERROR_CREATE("region_url field must be a string.");
119
- return;
120
- }
121
- region_url_ = it->second.string();
122
- it = options.credential_source.object().find("url");
123
- if (it != options.credential_source.object().end() &&
124
- it->second.type() == Json::Type::kString) {
125
- url_ = it->second.string();
126
- }
127
- it =
128
- options.credential_source.object().find("regional_cred_verification_url");
129
- if (it == options.credential_source.object().end()) {
130
- *error =
131
- GRPC_ERROR_CREATE("regional_cred_verification_url field not present.");
132
- return;
133
- }
134
- if (it->second.type() != Json::Type::kString) {
135
- *error = GRPC_ERROR_CREATE(
136
- "regional_cred_verification_url field must be a string.");
137
- return;
138
- }
139
- regional_cred_verification_url_ = it->second.string();
140
- it = options.credential_source.object().find("imdsv2_session_token_url");
141
- if (it != options.credential_source.object().end() &&
142
- it->second.type() == Json::Type::kString) {
143
- imdsv2_session_token_url_ = it->second.string();
144
- }
92
+ AwsExternalAccountCredentials::AwsFetchBody::AwsFetchBody(
93
+ absl::AnyInvocable<void(absl::StatusOr<std::string>)> on_done,
94
+ AwsExternalAccountCredentials* creds, Timestamp deadline)
95
+ : FetchBody(std::move(on_done)), creds_(creds), deadline_(deadline) {
96
+ MutexLock lock(&mu_);
97
+ // Do a quick async hop here, so that we can invoke the callback at
98
+ // any time without deadlocking.
99
+ fetch_body_ = MakeOrphanable<NoOpFetchBody>(
100
+ creds->event_engine(),
101
+ [self = RefAsSubclass<AwsFetchBody>()](
102
+ absl::StatusOr<std::string> /*result*/) { self->Start(); },
103
+ "");
145
104
  }
146
105
 
147
- bool AwsExternalAccountCredentials::ShouldUseMetadataServer() {
148
- return !((GetEnv(kRegionEnvVar).has_value() ||
149
- GetEnv(kDefaultRegionEnvVar).has_value()) &&
150
- (GetEnv(kAccessKeyIdEnvVar).has_value() &&
151
- GetEnv(kSecretAccessKeyEnvVar).has_value()));
106
+ void AwsExternalAccountCredentials::AwsFetchBody::Shutdown() {
107
+ MutexLock lock(&mu_);
108
+ fetch_body_.reset();
152
109
  }
153
110
 
154
- void AwsExternalAccountCredentials::RetrieveSubjectToken(
155
- HTTPRequestContext* ctx, const Options& /*options*/,
156
- std::function<void(std::string, grpc_error_handle)> cb) {
157
- if (ctx == nullptr) {
158
- FinishRetrieveSubjectToken(
159
- "",
160
- GRPC_ERROR_CREATE(
161
- "Missing HTTPRequestContext to start subject token retrieval."));
162
- return;
163
- }
164
- ctx_ = ctx;
165
- cb_ = cb;
166
- if (!imdsv2_session_token_url_.empty() && ShouldUseMetadataServer()) {
167
- RetrieveImdsV2SessionToken();
168
- } else if (signer_ != nullptr) {
169
- BuildSubjectToken();
170
- } else {
171
- RetrieveRegion();
172
- }
111
+ void AwsExternalAccountCredentials::AwsFetchBody::AsyncFinish(
112
+ absl::StatusOr<std::string> result) {
113
+ creds_->event_engine().Run(
114
+ [this, self = Ref(), result = std::move(result)]() mutable {
115
+ ApplicationCallbackExecCtx application_exec_ctx;
116
+ ExecCtx exec_ctx;
117
+ Finish(std::move(result));
118
+ self.reset();
119
+ });
173
120
  }
174
121
 
175
- void AwsExternalAccountCredentials::RetrieveImdsV2SessionToken() {
176
- absl::StatusOr<URI> uri = URI::Parse(imdsv2_session_token_url_);
177
- if (!uri.ok()) {
178
- return;
122
+ bool AwsExternalAccountCredentials::AwsFetchBody::MaybeFail(
123
+ absl::Status status) {
124
+ if (!status.ok()) {
125
+ AsyncFinish(std::move(status));
126
+ return true;
179
127
  }
180
- grpc_http_header* headers =
181
- static_cast<grpc_http_header*>(gpr_malloc(sizeof(grpc_http_header)));
182
- headers[0].key = gpr_strdup("x-aws-ec2-metadata-token-ttl-seconds");
183
- headers[0].value = gpr_strdup("300");
184
- grpc_http_request request;
185
- memset(&request, 0, sizeof(grpc_http_request));
186
- request.hdr_count = 1;
187
- request.hdrs = headers;
188
- grpc_http_response_destroy(&ctx_->response);
189
- ctx_->response = {};
190
- GRPC_CLOSURE_INIT(&ctx_->closure, OnRetrieveImdsV2SessionToken, this,
191
- nullptr);
192
- RefCountedPtr<grpc_channel_credentials> http_request_creds;
193
- if (uri->scheme() == "http") {
194
- http_request_creds = RefCountedPtr<grpc_channel_credentials>(
195
- grpc_insecure_credentials_create());
196
- } else {
197
- http_request_creds = CreateHttpRequestSSLCredentials();
128
+ if (fetch_body_ == nullptr) {
129
+ AsyncFinish(
130
+ absl::CancelledError("external account credentials fetch cancelled"));
131
+ return true;
198
132
  }
199
- http_request_ =
200
- HttpRequest::Put(std::move(*uri), nullptr /* channel args */,
201
- ctx_->pollent, &request, ctx_->deadline, &ctx_->closure,
202
- &ctx_->response, std::move(http_request_creds));
203
- http_request_->Start();
204
- grpc_http_request_destroy(&request);
205
- }
206
-
207
- void AwsExternalAccountCredentials::OnRetrieveImdsV2SessionToken(
208
- void* arg, grpc_error_handle error) {
209
- AwsExternalAccountCredentials* self =
210
- static_cast<AwsExternalAccountCredentials*>(arg);
211
- self->OnRetrieveImdsV2SessionTokenInternal(error);
133
+ return false;
212
134
  }
213
135
 
214
- void AwsExternalAccountCredentials::OnRetrieveImdsV2SessionTokenInternal(
215
- grpc_error_handle error) {
216
- if (!error.ok()) {
217
- FinishRetrieveSubjectToken("", error);
218
- return;
219
- }
220
- imdsv2_session_token_ =
221
- std::string(ctx_->response.body, ctx_->response.body_length);
222
- if (signer_ != nullptr) {
136
+ void AwsExternalAccountCredentials::AwsFetchBody::Start() {
137
+ MutexLock lock(&mu_);
138
+ if (MaybeFail(absl::OkStatus())) return;
139
+ if (!creds_->imdsv2_session_token_url_.empty() && ShouldUseMetadataServer()) {
140
+ RetrieveImdsV2SessionToken();
141
+ } else if (creds_->signer_ != nullptr) {
223
142
  BuildSubjectToken();
224
143
  } else {
225
144
  RetrieveRegion();
226
145
  }
227
146
  }
228
147
 
229
- void AwsExternalAccountCredentials::AddMetadataRequestHeaders(
230
- grpc_http_request* request) {
231
- if (!imdsv2_session_token_.empty()) {
232
- CHECK_EQ(request->hdr_count, 0u);
233
- CHECK_EQ(request->hdrs, nullptr);
234
- grpc_http_header* headers =
235
- static_cast<grpc_http_header*>(gpr_malloc(sizeof(grpc_http_header)));
236
- headers[0].key = gpr_strdup("x-aws-ec2-metadata-token");
237
- headers[0].value = gpr_strdup(imdsv2_session_token_.c_str());
238
- request->hdr_count = 1;
239
- request->hdrs = headers;
148
+ void AwsExternalAccountCredentials::AwsFetchBody::RetrieveImdsV2SessionToken() {
149
+ absl::StatusOr<URI> uri = URI::Parse(creds_->imdsv2_session_token_url_);
150
+ if (!uri.ok()) {
151
+ AsyncFinish(uri.status());
152
+ return;
240
153
  }
154
+ fetch_body_ = MakeOrphanable<HttpFetchBody>(
155
+ [&](grpc_http_response* response, grpc_closure* on_http_response) {
156
+ grpc_http_header* headers = static_cast<grpc_http_header*>(
157
+ gpr_malloc(sizeof(grpc_http_header)));
158
+ headers[0].key = gpr_strdup("x-aws-ec2-metadata-token-ttl-seconds");
159
+ headers[0].value = gpr_strdup("300");
160
+ grpc_http_request request;
161
+ memset(&request, 0, sizeof(grpc_http_request));
162
+ request.hdr_count = 1;
163
+ request.hdrs = headers;
164
+ RefCountedPtr<grpc_channel_credentials> http_request_creds;
165
+ if (uri->scheme() == "http") {
166
+ http_request_creds = RefCountedPtr<grpc_channel_credentials>(
167
+ grpc_insecure_credentials_create());
168
+ } else {
169
+ http_request_creds = CreateHttpRequestSSLCredentials();
170
+ }
171
+ auto http_request = HttpRequest::Put(
172
+ std::move(*uri), /*args=*/nullptr, creds_->pollent(), &request,
173
+ deadline_, on_http_response, response,
174
+ std::move(http_request_creds));
175
+ http_request->Start();
176
+ grpc_http_request_destroy(&request);
177
+ return http_request;
178
+ },
179
+ [self =
180
+ RefAsSubclass<AwsFetchBody>()](absl::StatusOr<std::string> result) {
181
+ MutexLock lock(&self->mu_);
182
+ if (self->MaybeFail(result.status())) return;
183
+ self->imdsv2_session_token_ = std::move(*result);
184
+ if (self->creds_->signer_ != nullptr) {
185
+ self->BuildSubjectToken();
186
+ } else {
187
+ self->RetrieveRegion();
188
+ }
189
+ });
241
190
  }
242
191
 
243
- void AwsExternalAccountCredentials::RetrieveRegion() {
192
+ void AwsExternalAccountCredentials::AwsFetchBody::RetrieveRegion() {
244
193
  auto region_from_env = GetEnv(kRegionEnvVar);
245
194
  if (!region_from_env.has_value()) {
246
195
  region_from_env = GetEnv(kDefaultRegionEnvVar);
247
196
  }
248
197
  if (region_from_env.has_value()) {
249
198
  region_ = std::move(*region_from_env);
250
- if (url_.empty()) {
199
+ if (creds_->url_.empty()) {
251
200
  RetrieveSigningKeys();
252
201
  } else {
253
202
  RetrieveRoleName();
254
203
  }
255
204
  return;
256
205
  }
257
- absl::StatusOr<URI> uri = URI::Parse(region_url_);
206
+ absl::StatusOr<URI> uri = URI::Parse(creds_->region_url_);
258
207
  if (!uri.ok()) {
259
- FinishRetrieveSubjectToken(
260
- "", GRPC_ERROR_CREATE(absl::StrFormat("Invalid region url. %s",
261
- uri.status().ToString())));
262
- return;
263
- }
264
- grpc_http_request request;
265
- memset(&request, 0, sizeof(grpc_http_request));
266
- grpc_http_response_destroy(&ctx_->response);
267
- ctx_->response = {};
268
- AddMetadataRequestHeaders(&request);
269
- GRPC_CLOSURE_INIT(&ctx_->closure, OnRetrieveRegion, this, nullptr);
270
- RefCountedPtr<grpc_channel_credentials> http_request_creds;
271
- if (uri->scheme() == "http") {
272
- http_request_creds = RefCountedPtr<grpc_channel_credentials>(
273
- grpc_insecure_credentials_create());
274
- } else {
275
- http_request_creds = CreateHttpRequestSSLCredentials();
276
- }
277
- http_request_ =
278
- HttpRequest::Get(std::move(*uri), nullptr /* channel args */,
279
- ctx_->pollent, &request, ctx_->deadline, &ctx_->closure,
280
- &ctx_->response, std::move(http_request_creds));
281
- http_request_->Start();
282
- grpc_http_request_destroy(&request);
283
- }
284
-
285
- void AwsExternalAccountCredentials::OnRetrieveRegion(void* arg,
286
- grpc_error_handle error) {
287
- AwsExternalAccountCredentials* self =
288
- static_cast<AwsExternalAccountCredentials*>(arg);
289
- self->OnRetrieveRegionInternal(error);
290
- }
291
-
292
- void AwsExternalAccountCredentials::OnRetrieveRegionInternal(
293
- grpc_error_handle error) {
294
- if (!error.ok()) {
295
- FinishRetrieveSubjectToken("", error);
208
+ AsyncFinish(GRPC_ERROR_CREATE(
209
+ absl::StrFormat("Invalid region url. %s", uri.status().ToString())));
296
210
  return;
297
211
  }
298
- // Remove the last letter of availability zone to get pure region
299
- absl::string_view response_body(ctx_->response.body,
300
- ctx_->response.body_length);
301
- region_ = std::string(response_body.substr(0, response_body.size() - 1));
302
- if (url_.empty()) {
303
- RetrieveSigningKeys();
304
- } else {
305
- RetrieveRoleName();
306
- }
212
+ fetch_body_ = MakeOrphanable<HttpFetchBody>(
213
+ [&](grpc_http_response* response, grpc_closure* on_http_response) {
214
+ grpc_http_request request;
215
+ memset(&request, 0, sizeof(grpc_http_request));
216
+ AddMetadataRequestHeaders(&request);
217
+ RefCountedPtr<grpc_channel_credentials> http_request_creds;
218
+ if (uri->scheme() == "http") {
219
+ http_request_creds = RefCountedPtr<grpc_channel_credentials>(
220
+ grpc_insecure_credentials_create());
221
+ } else {
222
+ http_request_creds = CreateHttpRequestSSLCredentials();
223
+ }
224
+ auto http_request = HttpRequest::Get(
225
+ std::move(*uri), /*args=*/nullptr, creds_->pollent(), &request,
226
+ deadline_, on_http_response, response,
227
+ std::move(http_request_creds));
228
+ http_request->Start();
229
+ grpc_http_request_destroy(&request);
230
+ return http_request;
231
+ },
232
+ [self =
233
+ RefAsSubclass<AwsFetchBody>()](absl::StatusOr<std::string> result) {
234
+ MutexLock lock(&self->mu_);
235
+ if (self->MaybeFail(result.status())) return;
236
+ // Remove the last letter of availability zone to get pure region
237
+ self->region_ = result->substr(0, result->size() - 1);
238
+ if (self->creds_->url_.empty()) {
239
+ self->RetrieveSigningKeys();
240
+ } else {
241
+ self->RetrieveRoleName();
242
+ }
243
+ });
307
244
  }
308
245
 
309
- void AwsExternalAccountCredentials::RetrieveRoleName() {
310
- absl::StatusOr<URI> uri = URI::Parse(url_);
246
+ void AwsExternalAccountCredentials::AwsFetchBody::RetrieveRoleName() {
247
+ absl::StatusOr<URI> uri = URI::Parse(creds_->url_);
311
248
  if (!uri.ok()) {
312
- FinishRetrieveSubjectToken(
313
- "", GRPC_ERROR_CREATE(
314
- absl::StrFormat("Invalid url: %s.", uri.status().ToString())));
249
+ AsyncFinish(GRPC_ERROR_CREATE(
250
+ absl::StrFormat("Invalid url: %s.", uri.status().ToString())));
315
251
  return;
316
252
  }
317
- grpc_http_request request;
318
- memset(&request, 0, sizeof(grpc_http_request));
319
- grpc_http_response_destroy(&ctx_->response);
320
- ctx_->response = {};
321
- AddMetadataRequestHeaders(&request);
322
- GRPC_CLOSURE_INIT(&ctx_->closure, OnRetrieveRoleName, this, nullptr);
323
- // TODO(ctiller): use the caller's resource quota.
324
- RefCountedPtr<grpc_channel_credentials> http_request_creds;
325
- if (uri->scheme() == "http") {
326
- http_request_creds = RefCountedPtr<grpc_channel_credentials>(
327
- grpc_insecure_credentials_create());
328
- } else {
329
- http_request_creds = CreateHttpRequestSSLCredentials();
330
- }
331
- http_request_ =
332
- HttpRequest::Get(std::move(*uri), nullptr /* channel args */,
333
- ctx_->pollent, &request, ctx_->deadline, &ctx_->closure,
334
- &ctx_->response, std::move(http_request_creds));
335
- http_request_->Start();
336
- grpc_http_request_destroy(&request);
337
- }
338
-
339
- void AwsExternalAccountCredentials::OnRetrieveRoleName(
340
- void* arg, grpc_error_handle error) {
341
- AwsExternalAccountCredentials* self =
342
- static_cast<AwsExternalAccountCredentials*>(arg);
343
- self->OnRetrieveRoleNameInternal(error);
253
+ fetch_body_ = MakeOrphanable<HttpFetchBody>(
254
+ [&](grpc_http_response* response, grpc_closure* on_http_response) {
255
+ grpc_http_request request;
256
+ memset(&request, 0, sizeof(grpc_http_request));
257
+ AddMetadataRequestHeaders(&request);
258
+ // TODO(ctiller): use the caller's resource quota.
259
+ RefCountedPtr<grpc_channel_credentials> http_request_creds;
260
+ if (uri->scheme() == "http") {
261
+ http_request_creds = RefCountedPtr<grpc_channel_credentials>(
262
+ grpc_insecure_credentials_create());
263
+ } else {
264
+ http_request_creds = CreateHttpRequestSSLCredentials();
265
+ }
266
+ auto http_request = HttpRequest::Get(
267
+ std::move(*uri), /*args=*/nullptr, creds_->pollent(), &request,
268
+ deadline_, on_http_response, response,
269
+ std::move(http_request_creds));
270
+ http_request->Start();
271
+ grpc_http_request_destroy(&request);
272
+ return http_request;
273
+ },
274
+ [self =
275
+ RefAsSubclass<AwsFetchBody>()](absl::StatusOr<std::string> result) {
276
+ MutexLock lock(&self->mu_);
277
+ if (self->MaybeFail(result.status())) return;
278
+ self->role_name_ = std::move(*result);
279
+ self->RetrieveSigningKeys();
280
+ });
344
281
  }
345
282
 
346
- void AwsExternalAccountCredentials::OnRetrieveRoleNameInternal(
347
- grpc_error_handle error) {
348
- if (!error.ok()) {
349
- FinishRetrieveSubjectToken("", error);
350
- return;
351
- }
352
- role_name_ = std::string(ctx_->response.body, ctx_->response.body_length);
353
- RetrieveSigningKeys();
354
- }
355
-
356
- void AwsExternalAccountCredentials::RetrieveSigningKeys() {
283
+ void AwsExternalAccountCredentials::AwsFetchBody::RetrieveSigningKeys() {
357
284
  auto access_key_id_from_env = GetEnv(kAccessKeyIdEnvVar);
358
285
  auto secret_access_key_from_env = GetEnv(kSecretAccessKeyEnvVar);
359
286
  auto token_from_env = GetEnv(kSessionTokenEnvVar);
@@ -368,122 +295,106 @@ void AwsExternalAccountCredentials::RetrieveSigningKeys() {
368
295
  return;
369
296
  }
370
297
  if (role_name_.empty()) {
371
- FinishRetrieveSubjectToken(
372
- "",
298
+ AsyncFinish(
373
299
  GRPC_ERROR_CREATE("Missing role name when retrieving signing keys."));
374
300
  return;
375
301
  }
376
- std::string url_with_role_name = absl::StrCat(url_, "/", role_name_);
302
+ std::string url_with_role_name = absl::StrCat(creds_->url_, "/", role_name_);
377
303
  absl::StatusOr<URI> uri = URI::Parse(url_with_role_name);
378
304
  if (!uri.ok()) {
379
- FinishRetrieveSubjectToken(
380
- "", GRPC_ERROR_CREATE(absl::StrFormat("Invalid url with role name: %s.",
381
- uri.status().ToString())));
305
+ AsyncFinish(GRPC_ERROR_CREATE(absl::StrFormat(
306
+ "Invalid url with role name: %s.", uri.status().ToString())));
382
307
  return;
383
308
  }
384
- grpc_http_request request;
385
- memset(&request, 0, sizeof(grpc_http_request));
386
- grpc_http_response_destroy(&ctx_->response);
387
- ctx_->response = {};
388
- AddMetadataRequestHeaders(&request);
389
- GRPC_CLOSURE_INIT(&ctx_->closure, OnRetrieveSigningKeys, this, nullptr);
390
- // TODO(ctiller): use the caller's resource quota.
391
- RefCountedPtr<grpc_channel_credentials> http_request_creds;
392
- if (uri->scheme() == "http") {
393
- http_request_creds = RefCountedPtr<grpc_channel_credentials>(
394
- grpc_insecure_credentials_create());
395
- } else {
396
- http_request_creds = CreateHttpRequestSSLCredentials();
397
- }
398
- http_request_ =
399
- HttpRequest::Get(std::move(*uri), nullptr /* channel args */,
400
- ctx_->pollent, &request, ctx_->deadline, &ctx_->closure,
401
- &ctx_->response, std::move(http_request_creds));
402
- http_request_->Start();
403
- grpc_http_request_destroy(&request);
404
- }
405
-
406
- void AwsExternalAccountCredentials::OnRetrieveSigningKeys(
407
- void* arg, grpc_error_handle error) {
408
- AwsExternalAccountCredentials* self =
409
- static_cast<AwsExternalAccountCredentials*>(arg);
410
- self->OnRetrieveSigningKeysInternal(error);
309
+ fetch_body_ = MakeOrphanable<HttpFetchBody>(
310
+ [&](grpc_http_response* response, grpc_closure* on_http_response) {
311
+ grpc_http_request request;
312
+ memset(&request, 0, sizeof(grpc_http_request));
313
+ AddMetadataRequestHeaders(&request);
314
+ // TODO(ctiller): use the caller's resource quota.
315
+ RefCountedPtr<grpc_channel_credentials> http_request_creds;
316
+ if (uri->scheme() == "http") {
317
+ http_request_creds = RefCountedPtr<grpc_channel_credentials>(
318
+ grpc_insecure_credentials_create());
319
+ } else {
320
+ http_request_creds = CreateHttpRequestSSLCredentials();
321
+ }
322
+ auto http_request = HttpRequest::Get(
323
+ std::move(*uri), /*args=*/nullptr, creds_->pollent(), &request,
324
+ deadline_, on_http_response, response,
325
+ std::move(http_request_creds));
326
+ http_request->Start();
327
+ grpc_http_request_destroy(&request);
328
+ return http_request;
329
+ },
330
+ [self =
331
+ RefAsSubclass<AwsFetchBody>()](absl::StatusOr<std::string> result) {
332
+ MutexLock lock(&self->mu_);
333
+ if (self->MaybeFail(result.status())) return;
334
+ self->OnRetrieveSigningKeys(std::move(*result));
335
+ });
411
336
  }
412
337
 
413
- void AwsExternalAccountCredentials::OnRetrieveSigningKeysInternal(
414
- grpc_error_handle error) {
415
- if (!error.ok()) {
416
- FinishRetrieveSubjectToken("", error);
417
- return;
418
- }
419
- absl::string_view response_body(ctx_->response.body,
420
- ctx_->response.body_length);
421
- auto json = JsonParse(response_body);
338
+ void AwsExternalAccountCredentials::AwsFetchBody::OnRetrieveSigningKeys(
339
+ std::string result) {
340
+ auto json = JsonParse(result);
422
341
  if (!json.ok()) {
423
- FinishRetrieveSubjectToken(
424
- "", GRPC_ERROR_CREATE(
425
- absl::StrCat("Invalid retrieve signing keys response: ",
426
- json.status().ToString())));
342
+ AsyncFinish(GRPC_ERROR_CREATE(absl::StrCat(
343
+ "Invalid retrieve signing keys response: ", json.status().ToString())));
427
344
  return;
428
345
  }
429
346
  if (json->type() != Json::Type::kObject) {
430
- FinishRetrieveSubjectToken(
431
- "", GRPC_ERROR_CREATE("Invalid retrieve signing keys response: "
432
- "JSON type is not object"));
347
+ AsyncFinish(
348
+ GRPC_ERROR_CREATE("Invalid retrieve signing keys response: "
349
+ "JSON type is not object"));
433
350
  return;
434
351
  }
435
352
  auto it = json->object().find("AccessKeyId");
436
353
  if (it != json->object().end() && it->second.type() == Json::Type::kString) {
437
354
  access_key_id_ = it->second.string();
438
355
  } else {
439
- FinishRetrieveSubjectToken(
440
- "", GRPC_ERROR_CREATE(absl::StrFormat(
441
- "Missing or invalid AccessKeyId in %s.", response_body)));
356
+ AsyncFinish(GRPC_ERROR_CREATE(
357
+ absl::StrFormat("Missing or invalid AccessKeyId in %s.", result)));
442
358
  return;
443
359
  }
444
360
  it = json->object().find("SecretAccessKey");
445
361
  if (it != json->object().end() && it->second.type() == Json::Type::kString) {
446
362
  secret_access_key_ = it->second.string();
447
363
  } else {
448
- FinishRetrieveSubjectToken(
449
- "", GRPC_ERROR_CREATE(absl::StrFormat(
450
- "Missing or invalid SecretAccessKey in %s.", response_body)));
364
+ AsyncFinish(GRPC_ERROR_CREATE(
365
+ absl::StrFormat("Missing or invalid SecretAccessKey in %s.", result)));
451
366
  return;
452
367
  }
453
368
  it = json->object().find("Token");
454
369
  if (it != json->object().end() && it->second.type() == Json::Type::kString) {
455
370
  token_ = it->second.string();
456
371
  } else {
457
- FinishRetrieveSubjectToken(
458
- "", GRPC_ERROR_CREATE(absl::StrFormat("Missing or invalid Token in %s.",
459
- response_body)));
372
+ AsyncFinish(GRPC_ERROR_CREATE(
373
+ absl::StrFormat("Missing or invalid Token in %s.", result)));
460
374
  return;
461
375
  }
462
376
  BuildSubjectToken();
463
377
  }
464
378
 
465
- void AwsExternalAccountCredentials::BuildSubjectToken() {
379
+ void AwsExternalAccountCredentials::AwsFetchBody::BuildSubjectToken() {
466
380
  grpc_error_handle error;
467
- if (signer_ == nullptr) {
468
- cred_verification_url_ = absl::StrReplaceAll(
469
- regional_cred_verification_url_, {{"{region}", region_}});
470
- signer_ = std::make_unique<AwsRequestSigner>(
381
+ if (creds_->signer_ == nullptr) {
382
+ creds_->cred_verification_url_ = absl::StrReplaceAll(
383
+ creds_->regional_cred_verification_url_, {{"{region}", region_}});
384
+ creds_->signer_ = std::make_unique<AwsRequestSigner>(
471
385
  access_key_id_, secret_access_key_, token_, "POST",
472
- cred_verification_url_, region_, "",
386
+ creds_->cred_verification_url_, region_, "",
473
387
  std::map<std::string, std::string>(), &error);
474
388
  if (!error.ok()) {
475
- FinishRetrieveSubjectToken(
476
- "", GRPC_ERROR_CREATE_REFERENCING(
477
- "Creating aws request signer failed.", &error, 1));
389
+ AsyncFinish(GRPC_ERROR_CREATE_REFERENCING(
390
+ "Creating aws request signer failed.", &error, 1));
478
391
  return;
479
392
  }
480
393
  }
481
- auto signed_headers = signer_->GetSignedRequestHeaders();
394
+ auto signed_headers = creds_->signer_->GetSignedRequestHeaders();
482
395
  if (!error.ok()) {
483
- FinishRetrieveSubjectToken(
484
- "", GRPC_ERROR_CREATE_REFERENCING("Invalid getting signed request"
485
- "headers.",
486
- &error, 1));
396
+ AsyncFinish(GRPC_ERROR_CREATE_REFERENCING(
397
+ "Invalid getting signed request headers.", &error, 1));
487
398
  return;
488
399
  }
489
400
  // Construct subject token
@@ -502,30 +413,117 @@ void AwsExternalAccountCredentials::BuildSubjectToken() {
502
413
  {"value", Json::FromString(signed_headers["x-amz-security-token"])}}));
503
414
  headers.push_back(Json::FromObject(
504
415
  {{"key", Json::FromString("x-goog-cloud-target-resource")},
505
- {"value", Json::FromString(audience_)}}));
506
- Json subject_token_json =
507
- Json::FromObject({{"url", Json::FromString(cred_verification_url_)},
508
- {"method", Json::FromString("POST")},
509
- {"headers", Json::FromArray(headers)}});
416
+ {"value", Json::FromString(creds_->audience_)}}));
417
+ Json subject_token_json = Json::FromObject(
418
+ {{"url", Json::FromString(creds_->cred_verification_url_)},
419
+ {"method", Json::FromString("POST")},
420
+ {"headers", Json::FromArray(headers)}});
510
421
  std::string subject_token = UrlEncode(JsonDump(subject_token_json));
511
- FinishRetrieveSubjectToken(subject_token, absl::OkStatus());
422
+ AsyncFinish(std::move(subject_token));
512
423
  }
513
424
 
514
- void AwsExternalAccountCredentials::FinishRetrieveSubjectToken(
515
- std::string subject_token, grpc_error_handle error) {
516
- // Reset context
517
- ctx_ = nullptr;
518
- // Move object state into local variables.
519
- auto cb = cb_;
520
- cb_ = nullptr;
521
- // Invoke the callback.
522
- if (!error.ok()) {
523
- cb("", error);
524
- } else {
525
- cb(subject_token, absl::OkStatus());
425
+ void AwsExternalAccountCredentials::AwsFetchBody::AddMetadataRequestHeaders(
426
+ grpc_http_request* request) {
427
+ if (!imdsv2_session_token_.empty()) {
428
+ CHECK_EQ(request->hdr_count, 0u);
429
+ CHECK_EQ(request->hdrs, nullptr);
430
+ grpc_http_header* headers =
431
+ static_cast<grpc_http_header*>(gpr_malloc(sizeof(grpc_http_header)));
432
+ headers[0].key = gpr_strdup("x-aws-ec2-metadata-token");
433
+ headers[0].value = gpr_strdup(imdsv2_session_token_.c_str());
434
+ request->hdr_count = 1;
435
+ request->hdrs = headers;
526
436
  }
527
437
  }
528
438
 
439
+ //
440
+ // AwsExternalAccountCredentials
441
+ //
442
+
443
+ absl::StatusOr<RefCountedPtr<AwsExternalAccountCredentials>>
444
+ AwsExternalAccountCredentials::Create(
445
+ Options options, std::vector<std::string> scopes,
446
+ std::shared_ptr<grpc_event_engine::experimental::EventEngine>
447
+ event_engine) {
448
+ grpc_error_handle error;
449
+ auto creds = MakeRefCounted<AwsExternalAccountCredentials>(
450
+ std::move(options), std::move(scopes), std::move(event_engine), &error);
451
+ if (!error.ok()) return error;
452
+ return creds;
453
+ }
454
+
455
+ AwsExternalAccountCredentials::AwsExternalAccountCredentials(
456
+ Options options, std::vector<std::string> scopes,
457
+ std::shared_ptr<grpc_event_engine::experimental::EventEngine> event_engine,
458
+ grpc_error_handle* error)
459
+ : ExternalAccountCredentials(options, std::move(scopes),
460
+ std::move(event_engine)) {
461
+ audience_ = options.audience;
462
+ auto it = options.credential_source.object().find("environment_id");
463
+ if (it == options.credential_source.object().end()) {
464
+ *error = GRPC_ERROR_CREATE("environment_id field not present.");
465
+ return;
466
+ }
467
+ if (it->second.type() != Json::Type::kString) {
468
+ *error = GRPC_ERROR_CREATE("environment_id field must be a string.");
469
+ return;
470
+ }
471
+ if (it->second.string() != kExpectedEnvironmentId) {
472
+ *error = GRPC_ERROR_CREATE("environment_id does not match.");
473
+ return;
474
+ }
475
+ it = options.credential_source.object().find("region_url");
476
+ if (it == options.credential_source.object().end()) {
477
+ *error = GRPC_ERROR_CREATE("region_url field not present.");
478
+ return;
479
+ }
480
+ if (it->second.type() != Json::Type::kString) {
481
+ *error = GRPC_ERROR_CREATE("region_url field must be a string.");
482
+ return;
483
+ }
484
+ region_url_ = it->second.string();
485
+ it = options.credential_source.object().find("url");
486
+ if (it != options.credential_source.object().end() &&
487
+ it->second.type() == Json::Type::kString) {
488
+ url_ = it->second.string();
489
+ }
490
+ it =
491
+ options.credential_source.object().find("regional_cred_verification_url");
492
+ if (it == options.credential_source.object().end()) {
493
+ *error =
494
+ GRPC_ERROR_CREATE("regional_cred_verification_url field not present.");
495
+ return;
496
+ }
497
+ if (it->second.type() != Json::Type::kString) {
498
+ *error = GRPC_ERROR_CREATE(
499
+ "regional_cred_verification_url field must be a string.");
500
+ return;
501
+ }
502
+ regional_cred_verification_url_ = it->second.string();
503
+ it = options.credential_source.object().find("imdsv2_session_token_url");
504
+ if (it != options.credential_source.object().end() &&
505
+ it->second.type() == Json::Type::kString) {
506
+ imdsv2_session_token_url_ = it->second.string();
507
+ }
508
+ }
509
+
510
+ std::string AwsExternalAccountCredentials::debug_string() {
511
+ return absl::StrCat("AwsExternalAccountCredentials{Audience:", audience(),
512
+ ")");
513
+ }
514
+
515
+ UniqueTypeName AwsExternalAccountCredentials::type() const {
516
+ static UniqueTypeName::Factory kFactory("AwsExternalAccountCredentials");
517
+ return kFactory.Create();
518
+ }
519
+
520
+ OrphanablePtr<ExternalAccountCredentials::FetchBody>
521
+ AwsExternalAccountCredentials::RetrieveSubjectToken(
522
+ Timestamp deadline,
523
+ absl::AnyInvocable<void(absl::StatusOr<std::string>)> on_done) {
524
+ return MakeOrphanable<AwsFetchBody>(std::move(on_done), this, deadline);
525
+ }
526
+
529
527
  absl::string_view AwsExternalAccountCredentials::CredentialSourceType() {
530
528
  return "aws";
531
529
  }