grpc 1.66.0.pre5 → 1.67.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +19 -10
- data/include/grpc/credentials.h +1 -1
- data/include/grpc/event_engine/README.md +1 -1
- data/include/grpc/event_engine/internal/slice_cast.h +1 -1
- data/include/grpc/event_engine/slice.h +0 -1
- data/include/grpc/event_engine/slice_buffer.h +0 -1
- data/include/grpc/grpc_crl_provider.h +1 -1
- data/include/grpc/impl/channel_arg_names.h +1 -1
- data/include/grpc/support/log.h +34 -32
- data/include/grpc/support/sync_generic.h +2 -4
- data/src/core/channelz/channelz.cc +0 -1
- data/src/core/channelz/channelz_registry.cc +0 -1
- data/src/core/client_channel/client_channel.cc +10 -7
- data/src/core/client_channel/client_channel.h +1 -1
- data/src/core/client_channel/client_channel_filter.cc +21 -18
- data/src/core/client_channel/client_channel_filter.h +1 -1
- data/src/core/client_channel/client_channel_internal.h +0 -2
- data/src/core/client_channel/config_selector.h +0 -1
- data/src/core/client_channel/dynamic_filters.cc +0 -2
- data/src/core/client_channel/local_subchannel_pool.cc +0 -2
- data/src/core/client_channel/retry_filter.h +0 -1
- data/src/core/client_channel/retry_filter_legacy_call_data.cc +175 -257
- data/src/core/client_channel/subchannel.cc +21 -27
- data/src/core/client_channel/subchannel_stream_client.cc +1 -1
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +8 -9
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +0 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +3 -4
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.cc +167 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.h +82 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.cc +81 -0
- data/src/core/ext/filters/gcp_authentication/gcp_authentication_service_config_parser.h +87 -0
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +7 -9
- data/src/core/ext/filters/http/server/http_server_filter.cc +2 -4
- data/src/core/ext/filters/message_size/message_size_filter.cc +6 -7
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +0 -2
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +0 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +6 -8
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +288 -265
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.h +0 -1
- data/src/core/ext/transport/chttp2/transport/frame.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +3 -4
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +0 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +37 -5
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +27 -6
- data/src/core/ext/transport/chttp2/transport/internal.h +2 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +21 -32
- data/src/core/ext/transport/chttp2/transport/ping_callbacks.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +6 -8
- data/src/core/ext/transport/chttp2/transport/varint.h +0 -1
- data/src/core/ext/transport/chttp2/transport/write_size_policy.cc +0 -1
- data/src/core/ext/transport/chttp2/transport/writing.cc +22 -22
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb.h +431 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.c +129 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upb_minitable.h +33 -0
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb.h +16 -0
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb_minitable.c +13 -2
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb.h +397 -22
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.c +94 -20
- data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.h +2 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.c +86 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.upbdefs.h +47 -0
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/checked.upbdefs.c +108 -107
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.c +101 -78
- data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.h +10 -0
- data/src/core/handshaker/handshaker.cc +21 -29
- data/src/core/handshaker/security/secure_endpoint.cc +3 -3
- data/src/core/handshaker/security/security_handshaker.cc +60 -72
- data/src/core/handshaker/tcp_connect/tcp_connect_handshaker.cc +0 -1
- data/src/core/lib/backoff/backoff.cc +7 -10
- data/src/core/lib/backoff/backoff.h +4 -6
- data/src/core/lib/channel/channel_stack.cc +0 -1
- data/src/core/lib/channel/channel_stack.h +0 -1
- data/src/core/lib/channel/channel_stack_builder_impl.cc +0 -1
- data/src/core/lib/channel/connected_channel.cc +0 -1
- data/src/core/lib/channel/promise_based_filter.cc +146 -194
- data/src/core/lib/channel/promise_based_filter.h +1 -1
- data/src/core/lib/compression/compression_internal.cc +0 -1
- data/src/core/lib/config/config_vars.cc +11 -1
- data/src/core/lib/config/config_vars.h +8 -0
- data/src/core/lib/config/core_configuration.cc +0 -1
- data/src/core/lib/config/core_configuration.h +0 -1
- data/src/core/lib/debug/event_log.cc +0 -1
- data/src/core/lib/debug/trace_flags.cc +4 -18
- data/src/core/lib/debug/trace_flags.h +2 -5
- data/src/core/lib/debug/trace_impl.h +6 -0
- data/src/core/lib/event_engine/ares_resolver.cc +89 -56
- data/src/core/lib/event_engine/ares_resolver.h +0 -9
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +14 -1
- data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +1 -1
- data/src/core/lib/event_engine/forkable.cc +0 -1
- data/src/core/lib/event_engine/forkable.h +0 -1
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +4 -4
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -1
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +0 -1
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +9 -1
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +0 -1
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +2 -2
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +1 -2
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +4 -9
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +0 -1
- data/src/core/lib/event_engine/resolved_address.cc +0 -1
- data/src/core/lib/event_engine/slice.cc +0 -1
- data/src/core/lib/event_engine/thread_pool/thread_count.cc +0 -1
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +3 -5
- data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +121 -93
- data/src/core/lib/experiments/config.cc +12 -10
- data/src/core/lib/experiments/experiments.cc +45 -66
- data/src/core/lib/experiments/experiments.h +22 -27
- data/src/core/lib/gprpp/chunked_vector.h +0 -1
- data/src/core/lib/gprpp/down_cast.h +0 -1
- data/src/core/lib/gprpp/host_port.cc +0 -1
- data/src/core/lib/gprpp/load_file.cc +0 -1
- data/src/core/lib/gprpp/mpscq.h +0 -1
- data/src/core/lib/gprpp/single_set_ptr.h +0 -1
- data/src/core/lib/gprpp/status_helper.cc +0 -1
- data/src/core/lib/gprpp/sync.h +0 -1
- data/src/core/lib/gprpp/table.h +28 -0
- data/src/core/lib/gprpp/thd.h +0 -1
- data/src/core/lib/gprpp/time.h +0 -1
- data/src/core/lib/gprpp/time_util.cc +0 -1
- data/src/core/lib/gprpp/windows/directory_reader.cc +0 -2
- data/src/core/lib/gprpp/windows/thd.cc +0 -1
- data/src/core/lib/gprpp/work_serializer.cc +23 -34
- data/src/core/lib/iomgr/buffer_list.cc +0 -1
- data/src/core/lib/iomgr/call_combiner.h +6 -8
- data/src/core/lib/iomgr/cfstream_handle.cc +6 -8
- data/src/core/lib/iomgr/closure.h +5 -8
- data/src/core/lib/iomgr/combiner.cc +6 -8
- data/src/core/lib/iomgr/endpoint_cfstream.cc +17 -22
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +0 -1
- data/src/core/lib/iomgr/error.h +0 -1
- data/src/core/lib/iomgr/ev_apple.cc +13 -18
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +47 -85
- data/src/core/lib/iomgr/ev_poll_posix.cc +17 -24
- data/src/core/lib/iomgr/ev_posix.cc +55 -44
- data/src/core/lib/iomgr/ev_posix.h +0 -5
- data/src/core/lib/iomgr/event_engine_shims/closure.cc +7 -9
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +3 -4
- data/src/core/lib/iomgr/exec_ctx.cc +6 -9
- data/src/core/lib/iomgr/exec_ctx.h +26 -16
- data/src/core/lib/iomgr/executor.cc +43 -33
- data/src/core/lib/iomgr/fork_windows.cc +0 -1
- data/src/core/lib/iomgr/internal_errqueue.cc +0 -1
- data/src/core/lib/iomgr/iocp_windows.cc +0 -1
- data/src/core/lib/iomgr/iomgr_windows.cc +0 -2
- data/src/core/lib/iomgr/lockfree_event.cc +7 -11
- data/src/core/lib/iomgr/polling_entity.cc +10 -3
- data/src/core/lib/iomgr/pollset_windows.cc +0 -2
- data/src/core/lib/iomgr/resolve_address.cc +0 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +0 -1
- data/src/core/lib/iomgr/resolve_address_windows.cc +0 -1
- data/src/core/lib/iomgr/sockaddr_utils_posix.cc +0 -1
- data/src/core/lib/iomgr/socket_mutator.cc +0 -1
- data/src/core/lib/iomgr/socket_utils_linux.cc +0 -2
- data/src/core/lib/iomgr/socket_utils_posix.cc +0 -1
- data/src/core/lib/iomgr/socket_utils_windows.cc +0 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +7 -12
- data/src/core/lib/iomgr/tcp_client_posix.cc +8 -12
- data/src/core/lib/iomgr/tcp_client_windows.cc +0 -1
- data/src/core/lib/iomgr/tcp_posix.cc +32 -68
- data/src/core/lib/iomgr/tcp_server_posix.cc +7 -11
- data/src/core/lib/iomgr/tcp_windows.cc +4 -12
- data/src/core/lib/iomgr/timer_generic.cc +46 -65
- data/src/core/lib/iomgr/timer_manager.cc +4 -5
- data/src/core/lib/iomgr/unix_sockets_posix.cc +0 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +0 -2
- data/src/core/lib/iomgr/vsock.cc +0 -1
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +0 -2
- data/src/core/lib/promise/activity.h +0 -1
- data/src/core/lib/promise/context.h +0 -1
- data/src/core/lib/promise/detail/join_state.h +44 -44
- data/src/core/lib/promise/detail/seq_state.h +1101 -1356
- data/src/core/lib/promise/for_each.h +8 -15
- data/src/core/lib/promise/interceptor_list.h +17 -27
- data/src/core/lib/promise/latch.h +16 -24
- data/src/core/lib/promise/map.h +1 -1
- data/src/core/lib/promise/party.cc +238 -114
- data/src/core/lib/promise/party.h +105 -308
- data/src/core/lib/promise/pipe.h +3 -4
- data/src/core/lib/promise/poll.h +0 -1
- data/src/core/lib/promise/status_flag.h +0 -1
- data/src/core/lib/resource_quota/connection_quota.cc +0 -1
- data/src/core/lib/resource_quota/memory_quota.cc +11 -19
- data/src/core/lib/resource_quota/memory_quota.h +2 -4
- data/src/core/lib/resource_quota/periodic_update.cc +2 -3
- data/src/core/lib/resource_quota/thread_quota.cc +0 -1
- data/src/core/lib/security/authorization/audit_logging.cc +0 -1
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +0 -1
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -19
- data/src/core/lib/security/authorization/stdout_logger.cc +0 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +0 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +0 -1
- data/src/core/lib/security/credentials/call_creds_util.cc +0 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +0 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -0
- data/src/core/lib/security/credentials/credentials.h +1 -2
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +322 -324
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +53 -42
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +391 -353
- data/src/core/lib/security/credentials/external/external_account_credentials.h +121 -51
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +83 -44
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +27 -7
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +91 -116
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +14 -17
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -0
- data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.cc +196 -0
- data/src/core/lib/security/credentials/gcp_service_account_identity/gcp_service_account_identity_credentials.h +90 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +27 -41
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +0 -1
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -0
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +163 -259
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +34 -56
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +12 -16
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +0 -1
- data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.cc +298 -0
- data/src/core/lib/security/credentials/token_fetcher/token_fetcher_credentials.h +176 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +0 -1
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +0 -1
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +0 -1
- data/src/core/lib/security/security_connector/load_system_roots_windows.cc +0 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +4 -6
- data/src/core/lib/slice/percent_encoding.cc +0 -1
- data/src/core/lib/slice/slice.cc +0 -1
- data/src/core/lib/slice/slice.h +0 -1
- data/src/core/lib/slice/slice_buffer.cc +0 -1
- data/src/core/lib/slice/slice_internal.h +0 -1
- data/src/core/lib/slice/slice_refcount.h +6 -8
- data/src/core/lib/surface/byte_buffer_reader.cc +0 -1
- data/src/core/lib/surface/call.cc +3 -5
- data/src/core/lib/surface/call_utils.h +0 -1
- data/src/core/lib/surface/channel.cc +0 -1
- data/src/core/lib/surface/channel_create.cc +0 -1
- data/src/core/lib/surface/channel_init.h +0 -1
- data/src/core/lib/surface/client_call.cc +0 -1
- data/src/core/lib/surface/client_call.h +0 -1
- data/src/core/lib/surface/completion_queue.cc +28 -4
- data/src/core/lib/surface/completion_queue_factory.cc +0 -1
- data/src/core/lib/surface/filter_stack_call.cc +9 -9
- data/src/core/lib/surface/filter_stack_call.h +0 -1
- data/src/core/lib/surface/lame_client.cc +0 -1
- data/src/core/lib/surface/server_call.cc +0 -1
- data/src/core/lib/surface/server_call.h +0 -1
- data/src/core/lib/surface/validate_metadata.h +0 -1
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.cc +9 -12
- data/src/core/lib/transport/bdp_estimator.h +6 -8
- data/src/core/lib/transport/call_arena_allocator.cc +2 -16
- data/src/core/lib/transport/call_arena_allocator.h +20 -5
- data/src/core/lib/transport/call_filters.cc +6 -9
- data/src/core/lib/transport/call_spine.h +24 -13
- data/src/core/lib/transport/connectivity_state.cc +34 -42
- data/src/core/lib/transport/metadata_batch.h +41 -1
- data/src/core/lib/transport/timeout_encoding.cc +0 -1
- data/src/core/lib/transport/transport.h +6 -8
- data/src/core/lib/transport/transport_op_string.cc +0 -1
- data/src/core/lib/uri/uri_parser.cc +0 -1
- data/src/core/load_balancing/grpclb/grpclb.cc +55 -71
- data/src/core/load_balancing/health_check_client.cc +31 -42
- data/src/core/load_balancing/oob_backend_metric.cc +2 -4
- data/src/core/load_balancing/outlier_detection/outlier_detection.cc +99 -129
- data/src/core/load_balancing/pick_first/pick_first.cc +168 -228
- data/src/core/load_balancing/priority/priority.cc +77 -106
- data/src/core/load_balancing/ring_hash/ring_hash.cc +32 -46
- data/src/core/load_balancing/rls/rls.cc +142 -187
- data/src/core/load_balancing/round_robin/round_robin.cc +36 -55
- data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.cc +0 -1
- data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +85 -110
- data/src/core/load_balancing/weighted_target/weighted_target.cc +52 -75
- data/src/core/load_balancing/xds/cds.cc +26 -43
- data/src/core/load_balancing/xds/xds_cluster_impl.cc +57 -54
- data/src/core/load_balancing/xds/xds_cluster_manager.cc +36 -50
- data/src/core/load_balancing/xds/xds_override_host.cc +95 -131
- data/src/core/load_balancing/xds/xds_wrr_locality.cc +15 -23
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +3 -0
- data/src/core/resolver/binder/binder_resolver.cc +0 -2
- data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +62 -44
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +0 -2
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +110 -89
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.cc +132 -96
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.h +0 -7
- data/src/core/resolver/dns/dns_resolver_plugin.cc +0 -1
- data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +40 -39
- data/src/core/resolver/dns/native/dns_resolver.cc +8 -14
- data/src/core/resolver/endpoint_addresses.cc +0 -1
- data/src/core/resolver/fake/fake_resolver.cc +0 -1
- data/src/core/resolver/polling_resolver.cc +6 -15
- data/src/core/resolver/polling_resolver.h +1 -1
- data/src/core/resolver/xds/xds_config.cc +96 -0
- data/src/core/resolver/xds/xds_config.h +109 -0
- data/src/core/resolver/xds/xds_dependency_manager.cc +59 -154
- data/src/core/resolver/xds/xds_dependency_manager.h +1 -69
- data/src/core/resolver/xds/xds_resolver.cc +51 -55
- data/src/core/server/server.cc +2 -2
- data/src/core/server/server_config_selector_filter.cc +0 -1
- data/src/core/server/xds_server_config_fetcher.cc +4 -6
- data/src/core/service_config/service_config_call_data.h +2 -3
- data/src/core/service_config/service_config_channel_arg_filter.cc +0 -1
- data/src/core/service_config/service_config_impl.h +0 -1
- data/src/core/telemetry/call_tracer.cc +0 -1
- data/src/core/telemetry/metrics.h +0 -1
- data/src/core/telemetry/stats_data.cc +67 -0
- data/src/core/telemetry/stats_data.h +48 -0
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +0 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.h +0 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +0 -1
- data/src/core/tsi/fake_transport_security.cc +6 -5
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -1
- data/src/core/util/alloc.cc +0 -1
- data/src/core/util/gcp_metadata_query.cc +0 -1
- data/src/core/util/http_client/httpcli.cc +12 -15
- data/src/core/util/http_client/httpcli.h +16 -11
- data/src/core/util/http_client/parser.cc +3 -4
- data/src/core/util/json/json_reader.cc +0 -1
- data/src/core/util/latent_see.cc +29 -9
- data/src/core/util/latent_see.h +122 -27
- data/src/core/util/log.cc +36 -55
- data/src/core/util/lru_cache.h +104 -0
- data/src/core/util/msys/tmpfile.cc +0 -1
- data/src/core/util/posix/sync.cc +0 -1
- data/src/core/util/posix/time.cc +0 -1
- data/src/core/util/ring_buffer.h +123 -0
- data/src/core/util/spinlock.h +1 -2
- data/src/core/util/string.cc +7 -7
- data/src/core/util/sync.cc +0 -1
- data/src/core/util/sync_abseil.cc +0 -1
- data/src/core/util/time.cc +0 -1
- data/src/core/util/unique_ptr_with_bitset.h +86 -0
- data/src/core/util/useful.h +0 -24
- data/src/core/util/windows/cpu.cc +0 -1
- data/src/core/util/windows/sync.cc +0 -1
- data/src/core/util/windows/time.cc +0 -1
- data/src/core/util/windows/tmpfile.cc +0 -1
- data/src/core/xds/grpc/xds_bootstrap_grpc.cc +0 -32
- data/src/core/xds/grpc/xds_bootstrap_grpc.h +0 -5
- data/src/core/xds/grpc/xds_certificate_provider.cc +0 -1
- data/src/core/xds/grpc/xds_client_grpc.cc +11 -16
- data/src/core/xds/grpc/xds_cluster.cc +2 -8
- data/src/core/xds/grpc/xds_cluster.h +4 -4
- data/src/core/xds/grpc/xds_cluster_parser.cc +58 -96
- data/src/core/xds/grpc/xds_cluster_specifier_plugin.cc +0 -1
- data/src/core/xds/grpc/xds_common_types_parser.cc +4 -4
- data/src/core/xds/grpc/xds_common_types_parser.h +17 -0
- data/src/core/xds/grpc/xds_endpoint_parser.cc +14 -14
- data/src/core/xds/grpc/xds_http_fault_filter.cc +15 -6
- data/src/core/xds/grpc/xds_http_fault_filter.h +5 -1
- data/src/core/xds/grpc/xds_http_filter.h +11 -1
- data/src/core/xds/grpc/xds_http_filter_registry.cc +7 -1
- data/src/core/xds/grpc/xds_http_filter_registry.h +8 -1
- data/src/core/xds/grpc/xds_http_gcp_authn_filter.cc +142 -0
- data/src/core/xds/grpc/xds_http_gcp_authn_filter.h +61 -0
- data/src/core/xds/grpc/xds_http_rbac_filter.cc +14 -6
- data/src/core/xds/grpc/xds_http_rbac_filter.h +5 -1
- data/src/core/xds/grpc/xds_http_stateful_session_filter.cc +9 -1
- data/src/core/xds/grpc/xds_http_stateful_session_filter.h +5 -1
- data/src/core/xds/grpc/xds_lb_policy_registry.cc +14 -16
- data/src/core/xds/grpc/xds_listener_parser.cc +10 -11
- data/src/core/xds/grpc/xds_metadata.cc +62 -0
- data/src/core/xds/grpc/xds_metadata.h +127 -0
- data/src/core/xds/grpc/xds_metadata_parser.cc +143 -0
- data/src/core/xds/grpc/xds_metadata_parser.h +36 -0
- data/src/core/xds/grpc/xds_route_config_parser.cc +12 -17
- data/src/core/xds/grpc/xds_routing.cc +57 -22
- data/src/core/xds/grpc/xds_routing.h +10 -2
- data/src/core/xds/grpc/xds_transport_grpc.cc +0 -1
- data/src/core/xds/xds_client/xds_client.cc +124 -165
- data/src/core/xds/xds_client/xds_client_stats.cc +20 -27
- data/src/ruby/ext/grpc/rb_call.c +1 -1
- data/src/ruby/ext/grpc/rb_call_credentials.c +34 -27
- data/src/ruby/ext/grpc/rb_channel.c +22 -16
- data/src/ruby/ext/grpc/rb_event_thread.c +3 -2
- data/src/ruby/ext/grpc/rb_grpc.c +9 -8
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -10
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +9 -15
- data/src/ruby/ext/grpc/rb_server.c +10 -8
- data/src/ruby/lib/grpc/generic/active_call.rb +8 -5
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/call_spec.rb +53 -40
- data/src/ruby/spec/channel_spec.rb +4 -2
- data/src/ruby/spec/client_server_spec.rb +148 -507
- data/src/ruby/spec/generic/active_call_spec.rb +64 -86
- data/src/ruby/spec/support/services.rb +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand/fork_detect.h → bcm_support.h} +51 -6
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +43 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +72 -23
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +160 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +79 -78
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm_interface.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div.c → div.c.inc} +146 -179
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{random.c → random.c.inc} +6 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{sqrt.c → sqrt.c.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aes.c → e_aes.c.inc} +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_key.c → ec_key.c.inc} +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-nistz.c → p256-nistz.c.inc} +104 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.h +65 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/{ecdsa.c → ecdsa.c.inc} +52 -107
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +28 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -80
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{rand.c → rand.c.inc} +26 -40
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{padding.c → padding.c.inc} +2 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa_impl.c → rsa_impl.c.inc} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{self_check.c → self_check.c.inc} +9 -35
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/{service_indicator.c → service_indicator.c.inc} +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +293 -2
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +69 -14
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +7 -3
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/internal.h +73 -0
- data/third_party/boringssl-with-bazel/src/crypto/mldsa/mldsa.c +1687 -0
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/internal.h +90 -0
- data/third_party/boringssl-with-bazel/src/crypto/mlkem/mlkem.cc +1097 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/fork_detect.c +26 -28
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/getentropy.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/ios.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +19 -3
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/sysrand_internal.h +37 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/trusty.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/urandom.c +19 -19
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +14 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -9
- data/third_party/boringssl-with-bazel/src/include/openssl/experimental/dilithium.h +13 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +8 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/mldsa.h +136 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mlkem.h +246 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +3 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +22 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +35 -5
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -6
- data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +6 -1
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +13 -1
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +289 -55
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +69 -38
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +14 -3
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +107 -14
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +44 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +21 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +86 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +97 -3
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +31 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +6 -0
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +18 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +96 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +15 -5
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +3 -23
- metadata +113 -87
- data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.cc +0 -45
- data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.h +0 -67
- data/src/core/util/android/log.cc +0 -48
- data/src/core/util/linux/log.cc +0 -69
- data/src/core/util/posix/log.cc +0 -69
- data/src/core/util/windows/log.cc +0 -73
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes.c → aes.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{aes_nohw.c → aes_nohw.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{key_wrap.c → key_wrap.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/{mode_wrappers.c → mode_wrappers.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{add.c → add.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/{x86_64-gcc.c → x86_64-gcc.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bn.c → bn.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{bytes.c → bytes.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{cmp.c → cmp.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{ctx.c → ctx.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{div_extra.c → div_extra.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{exponentiation.c → exponentiation.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd.c → gcd.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{gcd_extra.c → gcd_extra.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{generic.c → generic.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{jacobi.c → jacobi.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery.c → montgomery.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{montgomery_inv.c → montgomery_inv.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{mul.c → mul.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{prime.c → prime.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{rsaz_exp.c → rsaz_exp.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/{shift.c → shift.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{aead.c → aead.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{cipher.c → cipher.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/{e_aesccm.c → e_aesccm.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cmac/{cmac.c → cmac.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{check.c → check.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/{dh.c → dh.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digest.c → digest.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/{digests.c → digests.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digestsign/{digestsign.c → digestsign.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec.c → ec.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{ec_montgomery.c → ec_montgomery.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{felem.c → felem.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{oct.c → oct.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p224-64.c → p224-64.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256.c → p256.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{scalar.c → scalar.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple.c → simple.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{simple_mul.c → simple_mul.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{util.c → util.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{wnaf.c → wnaf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/{ecdh.c → ecdh.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hkdf/{hkdf.c → hkdf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/{hmac.c → hmac.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/{md4.c → md4.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/{md5.c → md5.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cbc.c → cbc.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{cfb.c → cfb.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ctr.c → ctr.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm.c → gcm.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{gcm_nohw.c → gcm_nohw.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{ofb.c → ofb.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/{polyval.c → polyval.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/{ctrdrbg.c → ctrdrbg.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{blinding.c → blinding.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/{rsa.c → rsa.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/{fips.c → fips.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha1.c → sha1.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha256.c → sha256.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/{sha512.c → sha512.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/{kdf.c → kdf.c.inc} +0 -0
- /data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/rand → rand_extra}/getrandom_fillin.h +0 -0
@@ -34,7 +34,6 @@
|
|
34
34
|
#include <grpc/grpc_security.h>
|
35
35
|
#include <grpc/support/alloc.h>
|
36
36
|
#include <grpc/support/json.h>
|
37
|
-
#include <grpc/support/log.h>
|
38
37
|
#include <grpc/support/port_platform.h>
|
39
38
|
#include <grpc/support/string_util.h>
|
40
39
|
|
@@ -59,6 +58,13 @@ const char* kAccessKeyIdEnvVar = "AWS_ACCESS_KEY_ID";
|
|
59
58
|
const char* kSecretAccessKeyEnvVar = "AWS_SECRET_ACCESS_KEY";
|
60
59
|
const char* kSessionTokenEnvVar = "AWS_SESSION_TOKEN";
|
61
60
|
|
61
|
+
bool ShouldUseMetadataServer() {
|
62
|
+
return !((GetEnv(kRegionEnvVar).has_value() ||
|
63
|
+
GetEnv(kDefaultRegionEnvVar).has_value()) &&
|
64
|
+
(GetEnv(kAccessKeyIdEnvVar).has_value() &&
|
65
|
+
GetEnv(kSecretAccessKeyEnvVar).has_value()));
|
66
|
+
}
|
67
|
+
|
62
68
|
std::string UrlEncode(const absl::string_view& s) {
|
63
69
|
const char* hex = "0123456789ABCDEF";
|
64
70
|
std::string result;
|
@@ -79,281 +85,202 @@ std::string UrlEncode(const absl::string_view& s) {
|
|
79
85
|
|
80
86
|
} // namespace
|
81
87
|
|
82
|
-
|
83
|
-
AwsExternalAccountCredentials::
|
84
|
-
|
85
|
-
grpc_error_handle* error) {
|
86
|
-
auto creds = MakeRefCounted<AwsExternalAccountCredentials>(
|
87
|
-
std::move(options), std::move(scopes), error);
|
88
|
-
if (error->ok()) {
|
89
|
-
return creds;
|
90
|
-
} else {
|
91
|
-
return nullptr;
|
92
|
-
}
|
93
|
-
}
|
88
|
+
//
|
89
|
+
// AwsExternalAccountCredentials::AwsFetchBody
|
90
|
+
//
|
94
91
|
|
95
|
-
AwsExternalAccountCredentials::
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
}
|
108
|
-
if (it->second.string() != kExpectedEnvironmentId) {
|
109
|
-
*error = GRPC_ERROR_CREATE("environment_id does not match.");
|
110
|
-
return;
|
111
|
-
}
|
112
|
-
it = options.credential_source.object().find("region_url");
|
113
|
-
if (it == options.credential_source.object().end()) {
|
114
|
-
*error = GRPC_ERROR_CREATE("region_url field not present.");
|
115
|
-
return;
|
116
|
-
}
|
117
|
-
if (it->second.type() != Json::Type::kString) {
|
118
|
-
*error = GRPC_ERROR_CREATE("region_url field must be a string.");
|
119
|
-
return;
|
120
|
-
}
|
121
|
-
region_url_ = it->second.string();
|
122
|
-
it = options.credential_source.object().find("url");
|
123
|
-
if (it != options.credential_source.object().end() &&
|
124
|
-
it->second.type() == Json::Type::kString) {
|
125
|
-
url_ = it->second.string();
|
126
|
-
}
|
127
|
-
it =
|
128
|
-
options.credential_source.object().find("regional_cred_verification_url");
|
129
|
-
if (it == options.credential_source.object().end()) {
|
130
|
-
*error =
|
131
|
-
GRPC_ERROR_CREATE("regional_cred_verification_url field not present.");
|
132
|
-
return;
|
133
|
-
}
|
134
|
-
if (it->second.type() != Json::Type::kString) {
|
135
|
-
*error = GRPC_ERROR_CREATE(
|
136
|
-
"regional_cred_verification_url field must be a string.");
|
137
|
-
return;
|
138
|
-
}
|
139
|
-
regional_cred_verification_url_ = it->second.string();
|
140
|
-
it = options.credential_source.object().find("imdsv2_session_token_url");
|
141
|
-
if (it != options.credential_source.object().end() &&
|
142
|
-
it->second.type() == Json::Type::kString) {
|
143
|
-
imdsv2_session_token_url_ = it->second.string();
|
144
|
-
}
|
92
|
+
AwsExternalAccountCredentials::AwsFetchBody::AwsFetchBody(
|
93
|
+
absl::AnyInvocable<void(absl::StatusOr<std::string>)> on_done,
|
94
|
+
AwsExternalAccountCredentials* creds, Timestamp deadline)
|
95
|
+
: FetchBody(std::move(on_done)), creds_(creds), deadline_(deadline) {
|
96
|
+
MutexLock lock(&mu_);
|
97
|
+
// Do a quick async hop here, so that we can invoke the callback at
|
98
|
+
// any time without deadlocking.
|
99
|
+
fetch_body_ = MakeOrphanable<NoOpFetchBody>(
|
100
|
+
creds->event_engine(),
|
101
|
+
[self = RefAsSubclass<AwsFetchBody>()](
|
102
|
+
absl::StatusOr<std::string> /*result*/) { self->Start(); },
|
103
|
+
"");
|
145
104
|
}
|
146
105
|
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
(GetEnv(kAccessKeyIdEnvVar).has_value() &&
|
151
|
-
GetEnv(kSecretAccessKeyEnvVar).has_value()));
|
106
|
+
void AwsExternalAccountCredentials::AwsFetchBody::Shutdown() {
|
107
|
+
MutexLock lock(&mu_);
|
108
|
+
fetch_body_.reset();
|
152
109
|
}
|
153
110
|
|
154
|
-
void AwsExternalAccountCredentials::
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
}
|
164
|
-
ctx_ = ctx;
|
165
|
-
cb_ = cb;
|
166
|
-
if (!imdsv2_session_token_url_.empty() && ShouldUseMetadataServer()) {
|
167
|
-
RetrieveImdsV2SessionToken();
|
168
|
-
} else if (signer_ != nullptr) {
|
169
|
-
BuildSubjectToken();
|
170
|
-
} else {
|
171
|
-
RetrieveRegion();
|
172
|
-
}
|
111
|
+
void AwsExternalAccountCredentials::AwsFetchBody::AsyncFinish(
|
112
|
+
absl::StatusOr<std::string> result) {
|
113
|
+
creds_->event_engine().Run(
|
114
|
+
[this, self = Ref(), result = std::move(result)]() mutable {
|
115
|
+
ApplicationCallbackExecCtx application_exec_ctx;
|
116
|
+
ExecCtx exec_ctx;
|
117
|
+
Finish(std::move(result));
|
118
|
+
self.reset();
|
119
|
+
});
|
173
120
|
}
|
174
121
|
|
175
|
-
|
176
|
-
|
177
|
-
if (!
|
178
|
-
|
122
|
+
bool AwsExternalAccountCredentials::AwsFetchBody::MaybeFail(
|
123
|
+
absl::Status status) {
|
124
|
+
if (!status.ok()) {
|
125
|
+
AsyncFinish(std::move(status));
|
126
|
+
return true;
|
179
127
|
}
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
grpc_http_request request;
|
185
|
-
memset(&request, 0, sizeof(grpc_http_request));
|
186
|
-
request.hdr_count = 1;
|
187
|
-
request.hdrs = headers;
|
188
|
-
grpc_http_response_destroy(&ctx_->response);
|
189
|
-
ctx_->response = {};
|
190
|
-
GRPC_CLOSURE_INIT(&ctx_->closure, OnRetrieveImdsV2SessionToken, this,
|
191
|
-
nullptr);
|
192
|
-
RefCountedPtr<grpc_channel_credentials> http_request_creds;
|
193
|
-
if (uri->scheme() == "http") {
|
194
|
-
http_request_creds = RefCountedPtr<grpc_channel_credentials>(
|
195
|
-
grpc_insecure_credentials_create());
|
196
|
-
} else {
|
197
|
-
http_request_creds = CreateHttpRequestSSLCredentials();
|
128
|
+
if (fetch_body_ == nullptr) {
|
129
|
+
AsyncFinish(
|
130
|
+
absl::CancelledError("external account credentials fetch cancelled"));
|
131
|
+
return true;
|
198
132
|
}
|
199
|
-
|
200
|
-
HttpRequest::Put(std::move(*uri), nullptr /* channel args */,
|
201
|
-
ctx_->pollent, &request, ctx_->deadline, &ctx_->closure,
|
202
|
-
&ctx_->response, std::move(http_request_creds));
|
203
|
-
http_request_->Start();
|
204
|
-
grpc_http_request_destroy(&request);
|
205
|
-
}
|
206
|
-
|
207
|
-
void AwsExternalAccountCredentials::OnRetrieveImdsV2SessionToken(
|
208
|
-
void* arg, grpc_error_handle error) {
|
209
|
-
AwsExternalAccountCredentials* self =
|
210
|
-
static_cast<AwsExternalAccountCredentials*>(arg);
|
211
|
-
self->OnRetrieveImdsV2SessionTokenInternal(error);
|
133
|
+
return false;
|
212
134
|
}
|
213
135
|
|
214
|
-
void AwsExternalAccountCredentials::
|
215
|
-
|
216
|
-
if (
|
217
|
-
|
218
|
-
|
219
|
-
}
|
220
|
-
imdsv2_session_token_ =
|
221
|
-
std::string(ctx_->response.body, ctx_->response.body_length);
|
222
|
-
if (signer_ != nullptr) {
|
136
|
+
void AwsExternalAccountCredentials::AwsFetchBody::Start() {
|
137
|
+
MutexLock lock(&mu_);
|
138
|
+
if (MaybeFail(absl::OkStatus())) return;
|
139
|
+
if (!creds_->imdsv2_session_token_url_.empty() && ShouldUseMetadataServer()) {
|
140
|
+
RetrieveImdsV2SessionToken();
|
141
|
+
} else if (creds_->signer_ != nullptr) {
|
223
142
|
BuildSubjectToken();
|
224
143
|
} else {
|
225
144
|
RetrieveRegion();
|
226
145
|
}
|
227
146
|
}
|
228
147
|
|
229
|
-
void AwsExternalAccountCredentials::
|
230
|
-
|
231
|
-
if (!
|
232
|
-
|
233
|
-
|
234
|
-
grpc_http_header* headers =
|
235
|
-
static_cast<grpc_http_header*>(gpr_malloc(sizeof(grpc_http_header)));
|
236
|
-
headers[0].key = gpr_strdup("x-aws-ec2-metadata-token");
|
237
|
-
headers[0].value = gpr_strdup(imdsv2_session_token_.c_str());
|
238
|
-
request->hdr_count = 1;
|
239
|
-
request->hdrs = headers;
|
148
|
+
void AwsExternalAccountCredentials::AwsFetchBody::RetrieveImdsV2SessionToken() {
|
149
|
+
absl::StatusOr<URI> uri = URI::Parse(creds_->imdsv2_session_token_url_);
|
150
|
+
if (!uri.ok()) {
|
151
|
+
AsyncFinish(uri.status());
|
152
|
+
return;
|
240
153
|
}
|
154
|
+
fetch_body_ = MakeOrphanable<HttpFetchBody>(
|
155
|
+
[&](grpc_http_response* response, grpc_closure* on_http_response) {
|
156
|
+
grpc_http_header* headers = static_cast<grpc_http_header*>(
|
157
|
+
gpr_malloc(sizeof(grpc_http_header)));
|
158
|
+
headers[0].key = gpr_strdup("x-aws-ec2-metadata-token-ttl-seconds");
|
159
|
+
headers[0].value = gpr_strdup("300");
|
160
|
+
grpc_http_request request;
|
161
|
+
memset(&request, 0, sizeof(grpc_http_request));
|
162
|
+
request.hdr_count = 1;
|
163
|
+
request.hdrs = headers;
|
164
|
+
RefCountedPtr<grpc_channel_credentials> http_request_creds;
|
165
|
+
if (uri->scheme() == "http") {
|
166
|
+
http_request_creds = RefCountedPtr<grpc_channel_credentials>(
|
167
|
+
grpc_insecure_credentials_create());
|
168
|
+
} else {
|
169
|
+
http_request_creds = CreateHttpRequestSSLCredentials();
|
170
|
+
}
|
171
|
+
auto http_request = HttpRequest::Put(
|
172
|
+
std::move(*uri), /*args=*/nullptr, creds_->pollent(), &request,
|
173
|
+
deadline_, on_http_response, response,
|
174
|
+
std::move(http_request_creds));
|
175
|
+
http_request->Start();
|
176
|
+
grpc_http_request_destroy(&request);
|
177
|
+
return http_request;
|
178
|
+
},
|
179
|
+
[self =
|
180
|
+
RefAsSubclass<AwsFetchBody>()](absl::StatusOr<std::string> result) {
|
181
|
+
MutexLock lock(&self->mu_);
|
182
|
+
if (self->MaybeFail(result.status())) return;
|
183
|
+
self->imdsv2_session_token_ = std::move(*result);
|
184
|
+
if (self->creds_->signer_ != nullptr) {
|
185
|
+
self->BuildSubjectToken();
|
186
|
+
} else {
|
187
|
+
self->RetrieveRegion();
|
188
|
+
}
|
189
|
+
});
|
241
190
|
}
|
242
191
|
|
243
|
-
void AwsExternalAccountCredentials::RetrieveRegion() {
|
192
|
+
void AwsExternalAccountCredentials::AwsFetchBody::RetrieveRegion() {
|
244
193
|
auto region_from_env = GetEnv(kRegionEnvVar);
|
245
194
|
if (!region_from_env.has_value()) {
|
246
195
|
region_from_env = GetEnv(kDefaultRegionEnvVar);
|
247
196
|
}
|
248
197
|
if (region_from_env.has_value()) {
|
249
198
|
region_ = std::move(*region_from_env);
|
250
|
-
if (url_.empty()) {
|
199
|
+
if (creds_->url_.empty()) {
|
251
200
|
RetrieveSigningKeys();
|
252
201
|
} else {
|
253
202
|
RetrieveRoleName();
|
254
203
|
}
|
255
204
|
return;
|
256
205
|
}
|
257
|
-
absl::StatusOr<URI> uri = URI::Parse(region_url_);
|
206
|
+
absl::StatusOr<URI> uri = URI::Parse(creds_->region_url_);
|
258
207
|
if (!uri.ok()) {
|
259
|
-
|
260
|
-
|
261
|
-
uri.status().ToString())));
|
262
|
-
return;
|
263
|
-
}
|
264
|
-
grpc_http_request request;
|
265
|
-
memset(&request, 0, sizeof(grpc_http_request));
|
266
|
-
grpc_http_response_destroy(&ctx_->response);
|
267
|
-
ctx_->response = {};
|
268
|
-
AddMetadataRequestHeaders(&request);
|
269
|
-
GRPC_CLOSURE_INIT(&ctx_->closure, OnRetrieveRegion, this, nullptr);
|
270
|
-
RefCountedPtr<grpc_channel_credentials> http_request_creds;
|
271
|
-
if (uri->scheme() == "http") {
|
272
|
-
http_request_creds = RefCountedPtr<grpc_channel_credentials>(
|
273
|
-
grpc_insecure_credentials_create());
|
274
|
-
} else {
|
275
|
-
http_request_creds = CreateHttpRequestSSLCredentials();
|
276
|
-
}
|
277
|
-
http_request_ =
|
278
|
-
HttpRequest::Get(std::move(*uri), nullptr /* channel args */,
|
279
|
-
ctx_->pollent, &request, ctx_->deadline, &ctx_->closure,
|
280
|
-
&ctx_->response, std::move(http_request_creds));
|
281
|
-
http_request_->Start();
|
282
|
-
grpc_http_request_destroy(&request);
|
283
|
-
}
|
284
|
-
|
285
|
-
void AwsExternalAccountCredentials::OnRetrieveRegion(void* arg,
|
286
|
-
grpc_error_handle error) {
|
287
|
-
AwsExternalAccountCredentials* self =
|
288
|
-
static_cast<AwsExternalAccountCredentials*>(arg);
|
289
|
-
self->OnRetrieveRegionInternal(error);
|
290
|
-
}
|
291
|
-
|
292
|
-
void AwsExternalAccountCredentials::OnRetrieveRegionInternal(
|
293
|
-
grpc_error_handle error) {
|
294
|
-
if (!error.ok()) {
|
295
|
-
FinishRetrieveSubjectToken("", error);
|
208
|
+
AsyncFinish(GRPC_ERROR_CREATE(
|
209
|
+
absl::StrFormat("Invalid region url. %s", uri.status().ToString())));
|
296
210
|
return;
|
297
211
|
}
|
298
|
-
|
299
|
-
|
300
|
-
|
301
|
-
|
302
|
-
|
303
|
-
|
304
|
-
|
305
|
-
|
306
|
-
|
212
|
+
fetch_body_ = MakeOrphanable<HttpFetchBody>(
|
213
|
+
[&](grpc_http_response* response, grpc_closure* on_http_response) {
|
214
|
+
grpc_http_request request;
|
215
|
+
memset(&request, 0, sizeof(grpc_http_request));
|
216
|
+
AddMetadataRequestHeaders(&request);
|
217
|
+
RefCountedPtr<grpc_channel_credentials> http_request_creds;
|
218
|
+
if (uri->scheme() == "http") {
|
219
|
+
http_request_creds = RefCountedPtr<grpc_channel_credentials>(
|
220
|
+
grpc_insecure_credentials_create());
|
221
|
+
} else {
|
222
|
+
http_request_creds = CreateHttpRequestSSLCredentials();
|
223
|
+
}
|
224
|
+
auto http_request = HttpRequest::Get(
|
225
|
+
std::move(*uri), /*args=*/nullptr, creds_->pollent(), &request,
|
226
|
+
deadline_, on_http_response, response,
|
227
|
+
std::move(http_request_creds));
|
228
|
+
http_request->Start();
|
229
|
+
grpc_http_request_destroy(&request);
|
230
|
+
return http_request;
|
231
|
+
},
|
232
|
+
[self =
|
233
|
+
RefAsSubclass<AwsFetchBody>()](absl::StatusOr<std::string> result) {
|
234
|
+
MutexLock lock(&self->mu_);
|
235
|
+
if (self->MaybeFail(result.status())) return;
|
236
|
+
// Remove the last letter of availability zone to get pure region
|
237
|
+
self->region_ = result->substr(0, result->size() - 1);
|
238
|
+
if (self->creds_->url_.empty()) {
|
239
|
+
self->RetrieveSigningKeys();
|
240
|
+
} else {
|
241
|
+
self->RetrieveRoleName();
|
242
|
+
}
|
243
|
+
});
|
307
244
|
}
|
308
245
|
|
309
|
-
void AwsExternalAccountCredentials::RetrieveRoleName() {
|
310
|
-
absl::StatusOr<URI> uri = URI::Parse(url_);
|
246
|
+
void AwsExternalAccountCredentials::AwsFetchBody::RetrieveRoleName() {
|
247
|
+
absl::StatusOr<URI> uri = URI::Parse(creds_->url_);
|
311
248
|
if (!uri.ok()) {
|
312
|
-
|
313
|
-
"",
|
314
|
-
absl::StrFormat("Invalid url: %s.", uri.status().ToString())));
|
249
|
+
AsyncFinish(GRPC_ERROR_CREATE(
|
250
|
+
absl::StrFormat("Invalid url: %s.", uri.status().ToString())));
|
315
251
|
return;
|
316
252
|
}
|
317
|
-
|
318
|
-
|
319
|
-
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
|
325
|
-
|
326
|
-
|
327
|
-
|
328
|
-
|
329
|
-
|
330
|
-
|
331
|
-
|
332
|
-
|
333
|
-
|
334
|
-
|
335
|
-
|
336
|
-
|
337
|
-
}
|
338
|
-
|
339
|
-
|
340
|
-
|
341
|
-
|
342
|
-
|
343
|
-
|
253
|
+
fetch_body_ = MakeOrphanable<HttpFetchBody>(
|
254
|
+
[&](grpc_http_response* response, grpc_closure* on_http_response) {
|
255
|
+
grpc_http_request request;
|
256
|
+
memset(&request, 0, sizeof(grpc_http_request));
|
257
|
+
AddMetadataRequestHeaders(&request);
|
258
|
+
// TODO(ctiller): use the caller's resource quota.
|
259
|
+
RefCountedPtr<grpc_channel_credentials> http_request_creds;
|
260
|
+
if (uri->scheme() == "http") {
|
261
|
+
http_request_creds = RefCountedPtr<grpc_channel_credentials>(
|
262
|
+
grpc_insecure_credentials_create());
|
263
|
+
} else {
|
264
|
+
http_request_creds = CreateHttpRequestSSLCredentials();
|
265
|
+
}
|
266
|
+
auto http_request = HttpRequest::Get(
|
267
|
+
std::move(*uri), /*args=*/nullptr, creds_->pollent(), &request,
|
268
|
+
deadline_, on_http_response, response,
|
269
|
+
std::move(http_request_creds));
|
270
|
+
http_request->Start();
|
271
|
+
grpc_http_request_destroy(&request);
|
272
|
+
return http_request;
|
273
|
+
},
|
274
|
+
[self =
|
275
|
+
RefAsSubclass<AwsFetchBody>()](absl::StatusOr<std::string> result) {
|
276
|
+
MutexLock lock(&self->mu_);
|
277
|
+
if (self->MaybeFail(result.status())) return;
|
278
|
+
self->role_name_ = std::move(*result);
|
279
|
+
self->RetrieveSigningKeys();
|
280
|
+
});
|
344
281
|
}
|
345
282
|
|
346
|
-
void AwsExternalAccountCredentials::
|
347
|
-
grpc_error_handle error) {
|
348
|
-
if (!error.ok()) {
|
349
|
-
FinishRetrieveSubjectToken("", error);
|
350
|
-
return;
|
351
|
-
}
|
352
|
-
role_name_ = std::string(ctx_->response.body, ctx_->response.body_length);
|
353
|
-
RetrieveSigningKeys();
|
354
|
-
}
|
355
|
-
|
356
|
-
void AwsExternalAccountCredentials::RetrieveSigningKeys() {
|
283
|
+
void AwsExternalAccountCredentials::AwsFetchBody::RetrieveSigningKeys() {
|
357
284
|
auto access_key_id_from_env = GetEnv(kAccessKeyIdEnvVar);
|
358
285
|
auto secret_access_key_from_env = GetEnv(kSecretAccessKeyEnvVar);
|
359
286
|
auto token_from_env = GetEnv(kSessionTokenEnvVar);
|
@@ -368,122 +295,106 @@ void AwsExternalAccountCredentials::RetrieveSigningKeys() {
|
|
368
295
|
return;
|
369
296
|
}
|
370
297
|
if (role_name_.empty()) {
|
371
|
-
|
372
|
-
"",
|
298
|
+
AsyncFinish(
|
373
299
|
GRPC_ERROR_CREATE("Missing role name when retrieving signing keys."));
|
374
300
|
return;
|
375
301
|
}
|
376
|
-
std::string url_with_role_name = absl::StrCat(url_, "/", role_name_);
|
302
|
+
std::string url_with_role_name = absl::StrCat(creds_->url_, "/", role_name_);
|
377
303
|
absl::StatusOr<URI> uri = URI::Parse(url_with_role_name);
|
378
304
|
if (!uri.ok()) {
|
379
|
-
|
380
|
-
"
|
381
|
-
uri.status().ToString())));
|
305
|
+
AsyncFinish(GRPC_ERROR_CREATE(absl::StrFormat(
|
306
|
+
"Invalid url with role name: %s.", uri.status().ToString())));
|
382
307
|
return;
|
383
308
|
}
|
384
|
-
|
385
|
-
|
386
|
-
|
387
|
-
|
388
|
-
|
389
|
-
|
390
|
-
|
391
|
-
|
392
|
-
|
393
|
-
|
394
|
-
|
395
|
-
|
396
|
-
|
397
|
-
|
398
|
-
|
399
|
-
|
400
|
-
|
401
|
-
|
402
|
-
|
403
|
-
|
404
|
-
}
|
405
|
-
|
406
|
-
|
407
|
-
|
408
|
-
|
409
|
-
|
410
|
-
|
309
|
+
fetch_body_ = MakeOrphanable<HttpFetchBody>(
|
310
|
+
[&](grpc_http_response* response, grpc_closure* on_http_response) {
|
311
|
+
grpc_http_request request;
|
312
|
+
memset(&request, 0, sizeof(grpc_http_request));
|
313
|
+
AddMetadataRequestHeaders(&request);
|
314
|
+
// TODO(ctiller): use the caller's resource quota.
|
315
|
+
RefCountedPtr<grpc_channel_credentials> http_request_creds;
|
316
|
+
if (uri->scheme() == "http") {
|
317
|
+
http_request_creds = RefCountedPtr<grpc_channel_credentials>(
|
318
|
+
grpc_insecure_credentials_create());
|
319
|
+
} else {
|
320
|
+
http_request_creds = CreateHttpRequestSSLCredentials();
|
321
|
+
}
|
322
|
+
auto http_request = HttpRequest::Get(
|
323
|
+
std::move(*uri), /*args=*/nullptr, creds_->pollent(), &request,
|
324
|
+
deadline_, on_http_response, response,
|
325
|
+
std::move(http_request_creds));
|
326
|
+
http_request->Start();
|
327
|
+
grpc_http_request_destroy(&request);
|
328
|
+
return http_request;
|
329
|
+
},
|
330
|
+
[self =
|
331
|
+
RefAsSubclass<AwsFetchBody>()](absl::StatusOr<std::string> result) {
|
332
|
+
MutexLock lock(&self->mu_);
|
333
|
+
if (self->MaybeFail(result.status())) return;
|
334
|
+
self->OnRetrieveSigningKeys(std::move(*result));
|
335
|
+
});
|
411
336
|
}
|
412
337
|
|
413
|
-
void AwsExternalAccountCredentials::
|
414
|
-
|
415
|
-
|
416
|
-
FinishRetrieveSubjectToken("", error);
|
417
|
-
return;
|
418
|
-
}
|
419
|
-
absl::string_view response_body(ctx_->response.body,
|
420
|
-
ctx_->response.body_length);
|
421
|
-
auto json = JsonParse(response_body);
|
338
|
+
void AwsExternalAccountCredentials::AwsFetchBody::OnRetrieveSigningKeys(
|
339
|
+
std::string result) {
|
340
|
+
auto json = JsonParse(result);
|
422
341
|
if (!json.ok()) {
|
423
|
-
|
424
|
-
"",
|
425
|
-
absl::StrCat("Invalid retrieve signing keys response: ",
|
426
|
-
json.status().ToString())));
|
342
|
+
AsyncFinish(GRPC_ERROR_CREATE(absl::StrCat(
|
343
|
+
"Invalid retrieve signing keys response: ", json.status().ToString())));
|
427
344
|
return;
|
428
345
|
}
|
429
346
|
if (json->type() != Json::Type::kObject) {
|
430
|
-
|
431
|
-
|
432
|
-
|
347
|
+
AsyncFinish(
|
348
|
+
GRPC_ERROR_CREATE("Invalid retrieve signing keys response: "
|
349
|
+
"JSON type is not object"));
|
433
350
|
return;
|
434
351
|
}
|
435
352
|
auto it = json->object().find("AccessKeyId");
|
436
353
|
if (it != json->object().end() && it->second.type() == Json::Type::kString) {
|
437
354
|
access_key_id_ = it->second.string();
|
438
355
|
} else {
|
439
|
-
|
440
|
-
"",
|
441
|
-
"Missing or invalid AccessKeyId in %s.", response_body)));
|
356
|
+
AsyncFinish(GRPC_ERROR_CREATE(
|
357
|
+
absl::StrFormat("Missing or invalid AccessKeyId in %s.", result)));
|
442
358
|
return;
|
443
359
|
}
|
444
360
|
it = json->object().find("SecretAccessKey");
|
445
361
|
if (it != json->object().end() && it->second.type() == Json::Type::kString) {
|
446
362
|
secret_access_key_ = it->second.string();
|
447
363
|
} else {
|
448
|
-
|
449
|
-
"",
|
450
|
-
"Missing or invalid SecretAccessKey in %s.", response_body)));
|
364
|
+
AsyncFinish(GRPC_ERROR_CREATE(
|
365
|
+
absl::StrFormat("Missing or invalid SecretAccessKey in %s.", result)));
|
451
366
|
return;
|
452
367
|
}
|
453
368
|
it = json->object().find("Token");
|
454
369
|
if (it != json->object().end() && it->second.type() == Json::Type::kString) {
|
455
370
|
token_ = it->second.string();
|
456
371
|
} else {
|
457
|
-
|
458
|
-
|
459
|
-
response_body)));
|
372
|
+
AsyncFinish(GRPC_ERROR_CREATE(
|
373
|
+
absl::StrFormat("Missing or invalid Token in %s.", result)));
|
460
374
|
return;
|
461
375
|
}
|
462
376
|
BuildSubjectToken();
|
463
377
|
}
|
464
378
|
|
465
|
-
void AwsExternalAccountCredentials::BuildSubjectToken() {
|
379
|
+
void AwsExternalAccountCredentials::AwsFetchBody::BuildSubjectToken() {
|
466
380
|
grpc_error_handle error;
|
467
|
-
if (signer_ == nullptr) {
|
468
|
-
cred_verification_url_ = absl::StrReplaceAll(
|
469
|
-
regional_cred_verification_url_, {{"{region}", region_}});
|
470
|
-
signer_ = std::make_unique<AwsRequestSigner>(
|
381
|
+
if (creds_->signer_ == nullptr) {
|
382
|
+
creds_->cred_verification_url_ = absl::StrReplaceAll(
|
383
|
+
creds_->regional_cred_verification_url_, {{"{region}", region_}});
|
384
|
+
creds_->signer_ = std::make_unique<AwsRequestSigner>(
|
471
385
|
access_key_id_, secret_access_key_, token_, "POST",
|
472
|
-
cred_verification_url_, region_, "",
|
386
|
+
creds_->cred_verification_url_, region_, "",
|
473
387
|
std::map<std::string, std::string>(), &error);
|
474
388
|
if (!error.ok()) {
|
475
|
-
|
476
|
-
"",
|
477
|
-
"Creating aws request signer failed.", &error, 1));
|
389
|
+
AsyncFinish(GRPC_ERROR_CREATE_REFERENCING(
|
390
|
+
"Creating aws request signer failed.", &error, 1));
|
478
391
|
return;
|
479
392
|
}
|
480
393
|
}
|
481
|
-
auto signed_headers = signer_->GetSignedRequestHeaders();
|
394
|
+
auto signed_headers = creds_->signer_->GetSignedRequestHeaders();
|
482
395
|
if (!error.ok()) {
|
483
|
-
|
484
|
-
"
|
485
|
-
"headers.",
|
486
|
-
&error, 1));
|
396
|
+
AsyncFinish(GRPC_ERROR_CREATE_REFERENCING(
|
397
|
+
"Invalid getting signed request headers.", &error, 1));
|
487
398
|
return;
|
488
399
|
}
|
489
400
|
// Construct subject token
|
@@ -502,30 +413,117 @@ void AwsExternalAccountCredentials::BuildSubjectToken() {
|
|
502
413
|
{"value", Json::FromString(signed_headers["x-amz-security-token"])}}));
|
503
414
|
headers.push_back(Json::FromObject(
|
504
415
|
{{"key", Json::FromString("x-goog-cloud-target-resource")},
|
505
|
-
{"value", Json::FromString(audience_)}}));
|
506
|
-
Json subject_token_json =
|
507
|
-
|
508
|
-
|
509
|
-
|
416
|
+
{"value", Json::FromString(creds_->audience_)}}));
|
417
|
+
Json subject_token_json = Json::FromObject(
|
418
|
+
{{"url", Json::FromString(creds_->cred_verification_url_)},
|
419
|
+
{"method", Json::FromString("POST")},
|
420
|
+
{"headers", Json::FromArray(headers)}});
|
510
421
|
std::string subject_token = UrlEncode(JsonDump(subject_token_json));
|
511
|
-
|
422
|
+
AsyncFinish(std::move(subject_token));
|
512
423
|
}
|
513
424
|
|
514
|
-
void AwsExternalAccountCredentials::
|
515
|
-
|
516
|
-
|
517
|
-
|
518
|
-
|
519
|
-
|
520
|
-
|
521
|
-
|
522
|
-
|
523
|
-
|
524
|
-
|
525
|
-
cb(subject_token, absl::OkStatus());
|
425
|
+
void AwsExternalAccountCredentials::AwsFetchBody::AddMetadataRequestHeaders(
|
426
|
+
grpc_http_request* request) {
|
427
|
+
if (!imdsv2_session_token_.empty()) {
|
428
|
+
CHECK_EQ(request->hdr_count, 0u);
|
429
|
+
CHECK_EQ(request->hdrs, nullptr);
|
430
|
+
grpc_http_header* headers =
|
431
|
+
static_cast<grpc_http_header*>(gpr_malloc(sizeof(grpc_http_header)));
|
432
|
+
headers[0].key = gpr_strdup("x-aws-ec2-metadata-token");
|
433
|
+
headers[0].value = gpr_strdup(imdsv2_session_token_.c_str());
|
434
|
+
request->hdr_count = 1;
|
435
|
+
request->hdrs = headers;
|
526
436
|
}
|
527
437
|
}
|
528
438
|
|
439
|
+
//
|
440
|
+
// AwsExternalAccountCredentials
|
441
|
+
//
|
442
|
+
|
443
|
+
absl::StatusOr<RefCountedPtr<AwsExternalAccountCredentials>>
|
444
|
+
AwsExternalAccountCredentials::Create(
|
445
|
+
Options options, std::vector<std::string> scopes,
|
446
|
+
std::shared_ptr<grpc_event_engine::experimental::EventEngine>
|
447
|
+
event_engine) {
|
448
|
+
grpc_error_handle error;
|
449
|
+
auto creds = MakeRefCounted<AwsExternalAccountCredentials>(
|
450
|
+
std::move(options), std::move(scopes), std::move(event_engine), &error);
|
451
|
+
if (!error.ok()) return error;
|
452
|
+
return creds;
|
453
|
+
}
|
454
|
+
|
455
|
+
AwsExternalAccountCredentials::AwsExternalAccountCredentials(
|
456
|
+
Options options, std::vector<std::string> scopes,
|
457
|
+
std::shared_ptr<grpc_event_engine::experimental::EventEngine> event_engine,
|
458
|
+
grpc_error_handle* error)
|
459
|
+
: ExternalAccountCredentials(options, std::move(scopes),
|
460
|
+
std::move(event_engine)) {
|
461
|
+
audience_ = options.audience;
|
462
|
+
auto it = options.credential_source.object().find("environment_id");
|
463
|
+
if (it == options.credential_source.object().end()) {
|
464
|
+
*error = GRPC_ERROR_CREATE("environment_id field not present.");
|
465
|
+
return;
|
466
|
+
}
|
467
|
+
if (it->second.type() != Json::Type::kString) {
|
468
|
+
*error = GRPC_ERROR_CREATE("environment_id field must be a string.");
|
469
|
+
return;
|
470
|
+
}
|
471
|
+
if (it->second.string() != kExpectedEnvironmentId) {
|
472
|
+
*error = GRPC_ERROR_CREATE("environment_id does not match.");
|
473
|
+
return;
|
474
|
+
}
|
475
|
+
it = options.credential_source.object().find("region_url");
|
476
|
+
if (it == options.credential_source.object().end()) {
|
477
|
+
*error = GRPC_ERROR_CREATE("region_url field not present.");
|
478
|
+
return;
|
479
|
+
}
|
480
|
+
if (it->second.type() != Json::Type::kString) {
|
481
|
+
*error = GRPC_ERROR_CREATE("region_url field must be a string.");
|
482
|
+
return;
|
483
|
+
}
|
484
|
+
region_url_ = it->second.string();
|
485
|
+
it = options.credential_source.object().find("url");
|
486
|
+
if (it != options.credential_source.object().end() &&
|
487
|
+
it->second.type() == Json::Type::kString) {
|
488
|
+
url_ = it->second.string();
|
489
|
+
}
|
490
|
+
it =
|
491
|
+
options.credential_source.object().find("regional_cred_verification_url");
|
492
|
+
if (it == options.credential_source.object().end()) {
|
493
|
+
*error =
|
494
|
+
GRPC_ERROR_CREATE("regional_cred_verification_url field not present.");
|
495
|
+
return;
|
496
|
+
}
|
497
|
+
if (it->second.type() != Json::Type::kString) {
|
498
|
+
*error = GRPC_ERROR_CREATE(
|
499
|
+
"regional_cred_verification_url field must be a string.");
|
500
|
+
return;
|
501
|
+
}
|
502
|
+
regional_cred_verification_url_ = it->second.string();
|
503
|
+
it = options.credential_source.object().find("imdsv2_session_token_url");
|
504
|
+
if (it != options.credential_source.object().end() &&
|
505
|
+
it->second.type() == Json::Type::kString) {
|
506
|
+
imdsv2_session_token_url_ = it->second.string();
|
507
|
+
}
|
508
|
+
}
|
509
|
+
|
510
|
+
std::string AwsExternalAccountCredentials::debug_string() {
|
511
|
+
return absl::StrCat("AwsExternalAccountCredentials{Audience:", audience(),
|
512
|
+
")");
|
513
|
+
}
|
514
|
+
|
515
|
+
UniqueTypeName AwsExternalAccountCredentials::type() const {
|
516
|
+
static UniqueTypeName::Factory kFactory("AwsExternalAccountCredentials");
|
517
|
+
return kFactory.Create();
|
518
|
+
}
|
519
|
+
|
520
|
+
OrphanablePtr<ExternalAccountCredentials::FetchBody>
|
521
|
+
AwsExternalAccountCredentials::RetrieveSubjectToken(
|
522
|
+
Timestamp deadline,
|
523
|
+
absl::AnyInvocable<void(absl::StatusOr<std::string>)> on_done) {
|
524
|
+
return MakeOrphanable<AwsFetchBody>(std::move(on_done), this, deadline);
|
525
|
+
}
|
526
|
+
|
529
527
|
absl::string_view AwsExternalAccountCredentials::CredentialSourceType() {
|
530
528
|
return "aws";
|
531
529
|
}
|