grpc 1.73.0 → 1.75.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (786) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +116 -53
  3. data/include/grpc/create_channel_from_endpoint.h +54 -0
  4. data/include/grpc/credentials.h +18 -6
  5. data/include/grpc/event_engine/event_engine.h +74 -17
  6. data/include/grpc/grpc_posix.h +20 -1
  7. data/include/grpc/impl/channel_arg_names.h +2 -4
  8. data/include/grpc/module.modulemap +1 -0
  9. data/include/grpc/support/json.h +24 -0
  10. data/src/core/call/client_call.cc +4 -4
  11. data/src/core/call/filter_fusion.h +1230 -0
  12. data/src/core/call/interception_chain.h +7 -11
  13. data/src/core/call/metadata.cc +22 -0
  14. data/src/core/call/metadata.h +24 -2
  15. data/src/core/channelz/channel_trace.cc +213 -115
  16. data/src/core/channelz/channel_trace.h +380 -86
  17. data/src/core/channelz/channelz.cc +274 -192
  18. data/src/core/channelz/channelz.h +224 -72
  19. data/src/core/channelz/channelz_registry.cc +2 -163
  20. data/src/core/channelz/channelz_registry.h +37 -6
  21. data/src/core/channelz/property_list.cc +353 -0
  22. data/src/core/channelz/property_list.h +204 -0
  23. data/src/core/channelz/v2tov1/convert.cc +683 -0
  24. data/src/core/channelz/v2tov1/convert.h +58 -0
  25. data/src/core/channelz/v2tov1/legacy_api.cc +425 -0
  26. data/src/core/channelz/v2tov1/legacy_api.h +32 -0
  27. data/src/core/channelz/v2tov1/property_list.cc +118 -0
  28. data/src/core/channelz/v2tov1/property_list.h +52 -0
  29. data/src/core/channelz/ztrace_collector.h +3 -2
  30. data/src/core/client_channel/backup_poller.cc +17 -2
  31. data/src/core/client_channel/client_channel.cc +17 -28
  32. data/src/core/client_channel/client_channel_filter.cc +24 -33
  33. data/src/core/client_channel/client_channel_filter.h +2 -2
  34. data/src/core/client_channel/client_channel_internal.h +2 -1
  35. data/src/core/client_channel/config_selector.h +8 -2
  36. data/src/core/client_channel/dynamic_filters.cc +5 -6
  37. data/src/core/client_channel/dynamic_filters.h +1 -1
  38. data/src/core/client_channel/global_subchannel_pool.cc +4 -1
  39. data/src/core/client_channel/load_balanced_call_destination.cc +6 -5
  40. data/src/core/client_channel/retry_filter.cc +21 -27
  41. data/src/core/client_channel/retry_filter.h +10 -7
  42. data/src/core/client_channel/retry_filter_legacy_call_data.cc +5 -5
  43. data/src/core/client_channel/retry_filter_legacy_call_data.h +1 -1
  44. data/src/core/client_channel/retry_interceptor.cc +30 -44
  45. data/src/core/client_channel/retry_interceptor.h +18 -17
  46. data/src/core/client_channel/retry_throttle.cc +46 -61
  47. data/src/core/client_channel/retry_throttle.h +17 -39
  48. data/src/core/client_channel/subchannel.cc +57 -25
  49. data/src/core/client_channel/subchannel.h +10 -0
  50. data/src/core/config/config_vars.cc +2 -0
  51. data/src/core/config/core_configuration.cc +4 -1
  52. data/src/core/config/core_configuration.h +23 -0
  53. data/src/core/credentials/call/call_creds_registry.h +125 -0
  54. data/src/core/credentials/call/call_creds_registry_init.cc +91 -0
  55. data/src/core/credentials/call/gcp_service_account_identity/gcp_service_account_identity_credentials.cc +6 -48
  56. data/src/core/credentials/call/jwt_token_file/jwt_token_file_call_credentials.cc +86 -0
  57. data/src/core/credentials/call/jwt_token_file/jwt_token_file_call_credentials.h +74 -0
  58. data/src/core/credentials/call/jwt_util.cc +70 -0
  59. data/src/core/credentials/call/jwt_util.h +32 -0
  60. data/src/core/credentials/transport/alts/alts_credentials.cc +5 -0
  61. data/src/core/credentials/transport/alts/check_gcp_environment_windows.cc +2 -0
  62. data/src/core/credentials/transport/channel_creds_registry_init.cc +4 -2
  63. data/src/core/credentials/transport/google_default/google_default_credentials.cc +72 -4
  64. data/src/core/credentials/transport/ssl/ssl_credentials.cc +1 -2
  65. data/src/core/credentials/transport/ssl/ssl_security_connector.cc +8 -3
  66. data/src/core/credentials/transport/tls/grpc_tls_certificate_distributor.cc +29 -24
  67. data/src/core/credentials/transport/tls/grpc_tls_certificate_distributor.h +19 -8
  68. data/src/core/credentials/transport/tls/grpc_tls_certificate_provider.cc +96 -54
  69. data/src/core/credentials/transport/tls/grpc_tls_certificate_provider.h +15 -2
  70. data/src/core/credentials/transport/tls/load_system_roots_supported.cc +1 -0
  71. data/src/core/credentials/transport/tls/spiffe_utils.cc +371 -0
  72. data/src/core/credentials/transport/tls/spiffe_utils.h +171 -0
  73. data/src/core/credentials/transport/tls/ssl_utils.cc +11 -10
  74. data/src/core/credentials/transport/tls/ssl_utils.h +4 -2
  75. data/src/core/credentials/transport/tls/tls_credentials.cc +2 -0
  76. data/src/core/credentials/transport/tls/tls_security_connector.cc +11 -26
  77. data/src/core/credentials/transport/tls/tls_security_connector.h +12 -12
  78. data/src/core/credentials/transport/xds/xds_credentials.cc +0 -3
  79. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +1 -2
  80. data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.cc +8 -8
  81. data/src/core/ext/filters/gcp_authentication/gcp_authentication_filter.h +16 -16
  82. data/src/core/ext/filters/http/client/http_client_filter.cc +3 -6
  83. data/src/core/ext/filters/http/client_authority_filter.cc +3 -6
  84. data/src/core/ext/filters/http/message_compress/compression_filter.cc +8 -8
  85. data/src/core/ext/filters/http/message_compress/compression_filter.h +25 -22
  86. data/src/core/ext/filters/http/server/http_server_filter.cc +3 -6
  87. data/src/core/ext/filters/http/server/http_server_filter.h +12 -11
  88. data/src/core/ext/filters/message_size/message_size_filter.cc +4 -4
  89. data/src/core/ext/filters/rbac/rbac_filter.cc +1 -1
  90. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +3 -5
  91. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +120 -35
  92. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +6 -5
  93. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +165 -117
  94. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +0 -3
  95. data/src/core/ext/transport/chttp2/transport/decode_huff.cc +1239 -3514
  96. data/src/core/ext/transport/chttp2/transport/decode_huff.h +1008 -1486
  97. data/src/core/ext/transport/chttp2/transport/flow_control.cc +1 -0
  98. data/src/core/ext/transport/chttp2/transport/flow_control.h +23 -17
  99. data/src/core/ext/transport/chttp2/transport/frame.cc +99 -6
  100. data/src/core/ext/transport/chttp2/transport/frame.h +40 -2
  101. data/src/core/ext/transport/chttp2/transport/frame_data.cc +1 -1
  102. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +7 -8
  103. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -5
  104. data/src/core/ext/transport/chttp2/transport/header_assembler.h +290 -0
  105. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +1 -1
  106. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +4 -1
  107. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +11 -5
  108. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +12 -1
  109. data/src/core/ext/transport/chttp2/transport/http2_client_transport.cc +1233 -0
  110. data/src/core/ext/transport/chttp2/transport/http2_client_transport.h +712 -0
  111. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +11 -38
  112. data/src/core/ext/transport/chttp2/transport/http2_settings.h +65 -51
  113. data/src/core/ext/transport/chttp2/transport/http2_settings_manager.cc +61 -0
  114. data/src/core/ext/transport/chttp2/transport/http2_settings_manager.h +142 -0
  115. data/{third_party/abseil-cpp/absl/strings/cord_buffer.cc → src/core/ext/transport/chttp2/transport/http2_stats_collector.cc} +14 -14
  116. data/src/core/ext/transport/chttp2/transport/http2_stats_collector.h +33 -0
  117. data/src/core/ext/transport/chttp2/transport/http2_status.h +6 -1
  118. data/src/core/ext/transport/chttp2/transport/http2_transport.cc +121 -0
  119. data/src/core/ext/transport/chttp2/transport/http2_transport.h +76 -0
  120. data/src/core/ext/transport/chttp2/transport/http2_ztrace_collector.h +0 -29
  121. data/src/core/ext/transport/chttp2/transport/internal.h +18 -8
  122. data/src/core/ext/transport/chttp2/transport/keepalive.cc +105 -0
  123. data/src/core/ext/transport/chttp2/transport/keepalive.h +138 -0
  124. data/src/core/ext/transport/chttp2/transport/message_assembler.h +185 -0
  125. data/src/core/ext/transport/chttp2/transport/parsing.cc +4 -5
  126. data/src/core/ext/transport/chttp2/transport/ping_callbacks.h +19 -0
  127. data/src/core/ext/transport/chttp2/transport/ping_promise.cc +152 -0
  128. data/src/core/ext/transport/chttp2/transport/ping_promise.h +197 -0
  129. data/src/core/ext/transport/chttp2/transport/ping_rate_policy.cc +5 -9
  130. data/src/core/ext/transport/chttp2/transport/ping_rate_policy.h +11 -0
  131. data/src/core/ext/transport/chttp2/transport/stream_data_queue.h +607 -0
  132. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +39 -1
  133. data/src/core/ext/transport/chttp2/transport/transport_common.cc +19 -0
  134. data/src/core/ext/transport/chttp2/transport/transport_common.h +27 -0
  135. data/src/core/ext/transport/chttp2/transport/writable_streams.h +254 -0
  136. data/src/core/ext/transport/chttp2/transport/writing.cc +41 -13
  137. data/src/core/ext/upb-gen/src/proto/grpc/channelz/channelz.upb.h +4959 -0
  138. data/src/core/ext/upb-gen/src/proto/grpc/channelz/channelz.upb_minitable.c +1111 -0
  139. data/src/core/ext/upb-gen/src/proto/grpc/channelz/channelz.upb_minitable.h +108 -0
  140. data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/channelz.upb.h +571 -0
  141. data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/channelz.upb_minitable.c +120 -0
  142. data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/channelz.upb_minitable.h +36 -0
  143. data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/promise.upb.h +1272 -0
  144. data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/promise.upb_minitable.c +312 -0
  145. data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/promise.upb_minitable.h +50 -0
  146. data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/property_list.upb.h +1072 -0
  147. data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/property_list.upb_minitable.c +230 -0
  148. data/src/core/ext/upb-gen/src/proto/grpc/channelz/v2/property_list.upb_minitable.h +44 -0
  149. data/src/core/ext/upbdefs-gen/src/proto/grpc/channelz/channelz.upbdefs.c +716 -0
  150. data/src/core/ext/upbdefs-gen/src/proto/grpc/channelz/channelz.upbdefs.h +227 -0
  151. data/src/core/ext/upbdefs-gen/src/proto/grpc/channelz/v2/promise.upbdefs.c +175 -0
  152. data/src/core/ext/upbdefs-gen/src/proto/grpc/channelz/v2/promise.upbdefs.h +82 -0
  153. data/src/core/ext/upbdefs-gen/src/proto/grpc/channelz/v2/property_list.upbdefs.c +133 -0
  154. data/src/core/ext/upbdefs-gen/src/proto/grpc/channelz/v2/property_list.upbdefs.h +67 -0
  155. data/src/core/filter/auth/auth_filters.h +2 -27
  156. data/src/core/filter/auth/client_auth_filter.cc +0 -118
  157. data/src/core/filter/filter_args.h +9 -23
  158. data/src/core/filter/fused_filters.cc +154 -0
  159. data/src/core/handshaker/handshaker.cc +23 -14
  160. data/src/core/handshaker/handshaker.h +3 -0
  161. data/src/core/handshaker/http_connect/http_connect_handshaker.cc +3 -1
  162. data/src/core/handshaker/security/legacy_secure_endpoint.cc +7 -6
  163. data/src/core/handshaker/security/pipelined_secure_endpoint.cc +965 -0
  164. data/src/core/handshaker/security/secure_endpoint.cc +98 -38
  165. data/src/core/handshaker/security/secure_endpoint.h +8 -0
  166. data/src/core/handshaker/security/security_handshaker.cc +4 -1
  167. data/src/core/handshaker/tcp_connect/tcp_connect_handshaker.cc +7 -1
  168. data/src/core/lib/channel/channel_args.cc +15 -0
  169. data/src/core/lib/channel/channel_args.h +3 -0
  170. data/src/core/lib/channel/channel_stack.cc +22 -23
  171. data/src/core/lib/channel/channel_stack.h +9 -7
  172. data/src/core/lib/channel/channel_stack_builder_impl.cc +1 -1
  173. data/src/core/lib/channel/channel_stack_builder_impl.h +2 -7
  174. data/src/core/lib/channel/promise_based_filter.cc +15 -25
  175. data/src/core/lib/channel/promise_based_filter.h +11 -10
  176. data/src/core/lib/debug/trace_impl.h +0 -1
  177. data/src/core/lib/event_engine/ares_resolver.cc +165 -46
  178. data/src/core/lib/event_engine/ares_resolver.h +51 -3
  179. data/src/core/lib/event_engine/cf_engine/cf_engine.cc +12 -6
  180. data/src/core/lib/event_engine/cf_engine/cf_engine.h +2 -4
  181. data/src/core/lib/event_engine/cf_engine/cfsocket_listener.cc +263 -0
  182. data/src/core/lib/event_engine/cf_engine/cfsocket_listener.h +107 -0
  183. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +31 -3
  184. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +14 -6
  185. data/src/core/lib/event_engine/endpoint_channel_arg_wrapper.cc +40 -0
  186. data/src/core/lib/event_engine/endpoint_channel_arg_wrapper.h +60 -0
  187. data/src/core/lib/event_engine/event_engine.cc +7 -0
  188. data/src/core/lib/event_engine/extensions/channelz.h +10 -6
  189. data/src/core/lib/event_engine/grpc_polled_fd.h +5 -0
  190. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +139 -169
  191. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +17 -19
  192. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +90 -131
  193. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +13 -13
  194. data/src/core/lib/event_engine/posix_engine/event_poller.h +18 -23
  195. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +11 -23
  196. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.h +3 -2
  197. data/src/core/lib/event_engine/posix_engine/file_descriptor_collection.cc +124 -0
  198. data/src/core/lib/event_engine/posix_engine/file_descriptor_collection.h +243 -0
  199. data/src/core/lib/event_engine/posix_engine/grpc_polled_fd_posix.h +30 -19
  200. data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +6 -2
  201. data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +6 -1
  202. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +4 -4
  203. data/src/core/lib/event_engine/posix_engine/lockfree_event.h +3 -4
  204. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +147 -94
  205. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +9 -19
  206. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +435 -229
  207. data/src/core/lib/event_engine/posix_engine/posix_engine.h +78 -50
  208. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +46 -38
  209. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +6 -4
  210. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +32 -142
  211. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.h +6 -5
  212. data/src/core/lib/event_engine/posix_engine/posix_interface.h +211 -0
  213. data/src/core/lib/event_engine/posix_engine/posix_interface_posix.cc +1083 -0
  214. data/src/core/lib/event_engine/posix_engine/posix_interface_windows.cc +281 -0
  215. data/src/core/lib/event_engine/posix_engine/posix_write_event_sink.cc +154 -0
  216. data/src/core/lib/event_engine/posix_engine/posix_write_event_sink.h +174 -0
  217. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +3 -719
  218. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +11 -171
  219. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +33 -22
  220. data/src/core/lib/event_engine/posix_engine/timer_manager.h +13 -11
  221. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +117 -151
  222. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +26 -94
  223. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +26 -25
  224. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +6 -2
  225. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +36 -62
  226. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +6 -2
  227. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +7 -6
  228. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +12 -6
  229. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +3 -1
  230. data/src/core/lib/event_engine/shim.cc +9 -0
  231. data/src/core/lib/event_engine/shim.h +3 -0
  232. data/src/core/lib/event_engine/thread_pool/thread_pool.h +7 -3
  233. data/src/core/lib/event_engine/thread_pool/thread_pool_factory.cc +0 -17
  234. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +4 -2
  235. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +3 -2
  236. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +6 -1
  237. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.h +4 -0
  238. data/src/core/lib/event_engine/windows/windows_endpoint.h +2 -6
  239. data/src/core/lib/event_engine/windows/windows_engine.cc +0 -1
  240. data/src/core/lib/event_engine/windows/windows_engine.h +1 -3
  241. data/src/core/lib/event_engine/windows/windows_listener.cc +14 -2
  242. data/src/core/lib/experiments/experiments.cc +165 -99
  243. data/src/core/lib/experiments/experiments.h +65 -52
  244. data/src/core/lib/iomgr/combiner.cc +1 -1
  245. data/src/core/lib/iomgr/endpoint.cc +4 -3
  246. data/src/core/lib/iomgr/endpoint.h +7 -4
  247. data/src/core/lib/iomgr/endpoint_cfstream.cc +3 -2
  248. data/src/core/lib/iomgr/ev_epoll1_linux.cc +7 -2
  249. data/src/core/lib/iomgr/ev_poll_posix.cc +7 -2
  250. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +4 -6
  251. data/src/core/lib/iomgr/exec_ctx.h +3 -9
  252. data/src/core/lib/iomgr/socket_mutator.cc +1 -1
  253. data/src/core/lib/iomgr/socket_utils_posix.cc +1 -1
  254. data/src/core/lib/iomgr/socket_utils_posix.h +1 -1
  255. data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
  256. data/src/core/lib/iomgr/tcp_posix.cc +15 -9
  257. data/src/core/lib/iomgr/tcp_windows.cc +3 -2
  258. data/src/core/lib/promise/activity.h +3 -2
  259. data/src/core/lib/promise/arena_promise.h +23 -7
  260. data/src/core/lib/promise/detail/promise_factory.h +10 -0
  261. data/src/core/lib/promise/detail/promise_like.h +118 -11
  262. data/src/core/lib/promise/detail/promise_variant.h +50 -0
  263. data/src/core/lib/promise/detail/seq_state.h +687 -548
  264. data/src/core/lib/promise/if.h +20 -0
  265. data/src/core/lib/promise/inter_activity_latch.h +147 -0
  266. data/src/core/lib/promise/inter_activity_mutex.h +547 -0
  267. data/src/core/lib/promise/loop.h +65 -3
  268. data/src/core/lib/promise/map.h +24 -0
  269. data/src/core/lib/promise/match_promise.h +103 -0
  270. data/src/core/lib/promise/mpsc.cc +425 -0
  271. data/src/core/lib/promise/mpsc.h +490 -0
  272. data/src/core/lib/promise/party.cc +55 -6
  273. data/src/core/lib/promise/party.h +68 -3
  274. data/src/core/lib/promise/poll.h +10 -0
  275. data/src/core/lib/promise/race.h +31 -0
  276. data/src/core/lib/promise/seq.h +4 -1
  277. data/src/core/lib/promise/status_flag.h +7 -0
  278. data/src/core/lib/promise/try_seq.h +4 -1
  279. data/src/core/lib/promise/wait_set.cc +28 -0
  280. data/src/core/lib/promise/wait_set.h +86 -0
  281. data/src/core/lib/resource_quota/arena.h +19 -0
  282. data/src/core/lib/resource_quota/memory_quota.cc +90 -3
  283. data/src/core/lib/resource_quota/memory_quota.h +20 -9
  284. data/src/core/lib/resource_quota/periodic_update.cc +14 -0
  285. data/src/core/lib/resource_quota/periodic_update.h +8 -0
  286. data/src/core/lib/resource_quota/resource_quota.cc +15 -4
  287. data/src/core/lib/resource_quota/resource_quota.h +3 -0
  288. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +1 -2
  289. data/src/core/lib/slice/slice.h +5 -0
  290. data/src/core/lib/surface/call.cc +5 -5
  291. data/src/core/lib/surface/call.h +6 -5
  292. data/src/core/lib/surface/channel_create.cc +88 -13
  293. data/src/core/lib/surface/channel_create.h +4 -0
  294. data/src/core/lib/surface/channel_init.cc +164 -47
  295. data/src/core/lib/surface/channel_init.h +64 -1
  296. data/src/core/lib/surface/completion_queue.cc +2 -4
  297. data/src/core/lib/surface/filter_stack_call.cc +19 -10
  298. data/src/core/lib/surface/init.cc +6 -15
  299. data/src/core/lib/surface/legacy_channel.cc +3 -5
  300. data/src/core/lib/surface/legacy_channel.h +3 -1
  301. data/src/core/lib/surface/version.cc +2 -2
  302. data/src/core/lib/transport/promise_endpoint.cc +110 -0
  303. data/src/core/lib/transport/promise_endpoint.h +307 -0
  304. data/src/core/load_balancing/child_policy_handler.cc +2 -4
  305. data/src/core/load_balancing/delegating_helper.h +2 -3
  306. data/src/core/load_balancing/endpoint_list.cc +29 -2
  307. data/src/core/load_balancing/grpclb/client_load_reporting_filter.cc +3 -3
  308. data/src/core/load_balancing/grpclb/client_load_reporting_filter.h +1 -1
  309. data/src/core/load_balancing/health_check_client.cc +1 -5
  310. data/src/core/load_balancing/lb_policy.h +1 -3
  311. data/src/core/load_balancing/oob_backend_metric.cc +1 -5
  312. data/src/core/load_balancing/pick_first/pick_first.cc +15 -5
  313. data/src/core/load_balancing/xds/cds.cc +10 -1
  314. data/src/core/load_balancing/xds/xds_cluster_impl.cc +5 -3
  315. data/src/core/net/socket_mutator.cc +19 -0
  316. data/src/core/net/socket_mutator.h +25 -0
  317. data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -0
  318. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
  319. data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver.h +6 -1
  320. data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +2 -1
  321. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.cc +8 -5
  322. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.h +2 -1
  323. data/src/core/resolver/xds/xds_config.cc +6 -3
  324. data/src/core/resolver/xds/xds_config.h +9 -4
  325. data/src/core/resolver/xds/xds_dependency_manager.cc +22 -7
  326. data/src/core/resolver/xds/xds_dependency_manager.h +2 -1
  327. data/src/core/resolver/xds/xds_resolver.cc +31 -11
  328. data/src/core/server/server.cc +84 -13
  329. data/src/core/server/server.h +21 -2
  330. data/src/core/server/server_call_tracer_filter.cc +0 -66
  331. data/src/core/server/server_call_tracer_filter.h +64 -0
  332. data/src/core/server/server_config_selector_filter.cc +1 -1
  333. data/src/core/server/xds_server_config_fetcher.cc +63 -25
  334. data/src/core/service_config/service_config.h +1 -1
  335. data/src/core/service_config/service_config_channel_arg_filter.cc +3 -60
  336. data/src/core/service_config/service_config_channel_arg_filter.h +82 -0
  337. data/src/core/service_config/service_config_impl.h +1 -1
  338. data/src/core/telemetry/call_tracer.cc +20 -14
  339. data/src/core/telemetry/call_tracer.h +22 -17
  340. data/src/core/telemetry/context_list_entry.cc +38 -0
  341. data/src/core/telemetry/context_list_entry.h +42 -12
  342. data/src/core/telemetry/metrics.h +8 -8
  343. data/src/core/telemetry/stats_data.cc +369 -343
  344. data/src/core/telemetry/stats_data.h +341 -244
  345. data/src/core/telemetry/tcp_tracer.h +1 -1
  346. data/src/core/transport/auth_context.cc +20 -0
  347. data/src/core/transport/auth_context.h +4 -0
  348. data/src/core/transport/auth_context_comparator_registry.h +69 -0
  349. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +2 -3
  350. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +11 -3
  351. data/src/core/tsi/fake_transport_security.cc +17 -0
  352. data/src/core/tsi/ssl_transport_security.cc +205 -32
  353. data/src/core/tsi/ssl_transport_security.h +19 -10
  354. data/src/core/tsi/ssl_transport_security_utils.cc +21 -0
  355. data/src/core/tsi/ssl_transport_security_utils.h +4 -0
  356. data/src/core/tsi/transport_security_grpc.cc +8 -0
  357. data/src/core/tsi/transport_security_grpc.h +15 -0
  358. data/src/core/util/backoff.cc +1 -5
  359. data/src/core/util/backoff.h +1 -0
  360. data/src/core/util/down_cast.h +1 -1
  361. data/src/core/util/function_signature.h +15 -1
  362. data/src/core/util/http_client/httpcli.cc +12 -5
  363. data/src/core/util/http_client/httpcli.h +4 -1
  364. data/src/core/util/http_client/httpcli_security_connector.cc +3 -1
  365. data/src/core/util/latent_see.cc +178 -146
  366. data/src/core/util/latent_see.h +249 -189
  367. data/src/core/util/log.cc +4 -0
  368. data/src/core/util/memory_usage.h +268 -0
  369. data/src/core/util/per_cpu.cc +2 -0
  370. data/src/core/util/per_cpu.h +7 -0
  371. data/src/core/util/shared_bit_gen.h +20 -0
  372. data/src/core/util/single_set_ptr.h +7 -4
  373. data/src/core/util/upb_utils.h +42 -0
  374. data/src/core/util/uri.cc +3 -2
  375. data/src/core/util/useful.h +144 -2
  376. data/src/core/util/wait_for_single_owner.cc +31 -0
  377. data/src/core/util/wait_for_single_owner.h +24 -0
  378. data/src/core/util/windows/directory_reader.cc +1 -0
  379. data/src/core/util/windows/thd.cc +1 -3
  380. data/src/core/util/work_serializer.cc +1 -1
  381. data/src/core/xds/grpc/file_watcher_certificate_provider_factory.cc +32 -5
  382. data/src/core/xds/grpc/file_watcher_certificate_provider_factory.h +5 -0
  383. data/src/core/xds/grpc/xds_bootstrap_grpc.cc +2 -0
  384. data/src/core/xds/grpc/xds_bootstrap_grpc.h +5 -0
  385. data/src/core/xds/grpc/xds_certificate_provider.cc +5 -6
  386. data/src/core/xds/grpc/xds_client_grpc.cc +6 -2
  387. data/src/core/xds/grpc/xds_common_types_parser.cc +138 -50
  388. data/src/core/xds/grpc/xds_common_types_parser.h +12 -0
  389. data/src/core/xds/grpc/xds_http_filter.h +7 -0
  390. data/src/core/xds/grpc/xds_http_gcp_authn_filter.cc +22 -0
  391. data/src/core/xds/grpc/xds_http_gcp_authn_filter.h +3 -0
  392. data/src/core/xds/grpc/xds_route_config_parser.cc +15 -38
  393. data/src/core/xds/grpc/xds_server_grpc.cc +63 -13
  394. data/src/core/xds/grpc/xds_server_grpc.h +10 -2
  395. data/src/core/xds/grpc/xds_server_grpc_interface.h +4 -0
  396. data/src/core/xds/grpc/xds_transport_grpc.cc +18 -0
  397. data/src/core/xds/xds_client/xds_bootstrap.h +2 -0
  398. data/src/core/xds/xds_client/xds_client.cc +26 -5
  399. data/src/ruby/ext/grpc/extconf.rb +2 -0
  400. data/src/ruby/ext/grpc/rb_call.c +1 -8
  401. data/src/ruby/ext/grpc/rb_channel.c +70 -557
  402. data/src/ruby/ext/grpc/rb_channel.h +0 -3
  403. data/src/ruby/ext/grpc/rb_completion_queue.c +26 -14
  404. data/src/ruby/ext/grpc/rb_completion_queue.h +1 -7
  405. data/src/ruby/ext/grpc/rb_grpc.c +9 -5
  406. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +2 -2
  407. data/src/ruby/ext/grpc/rb_loader.c +0 -4
  408. data/src/ruby/ext/grpc/rb_server.c +31 -50
  409. data/src/ruby/lib/grpc/generic/client_stub.rb +4 -4
  410. data/src/ruby/lib/grpc/version.rb +1 -1
  411. data/src/ruby/spec/core_spec.rb +22 -0
  412. data/src/ruby/spec/generic/active_call_spec.rb +1 -1
  413. data/third_party/abseil-cpp/absl/algorithm/container.h +2 -19
  414. data/third_party/abseil-cpp/absl/base/attributes.h +76 -7
  415. data/third_party/abseil-cpp/absl/base/call_once.h +11 -12
  416. data/third_party/abseil-cpp/absl/base/config.h +20 -129
  417. data/third_party/abseil-cpp/absl/base/{internal/fast_type_id.h → fast_type_id.h} +11 -16
  418. data/third_party/abseil-cpp/absl/base/internal/cycleclock.cc +0 -5
  419. data/third_party/abseil-cpp/absl/base/internal/cycleclock_config.h +7 -7
  420. data/third_party/abseil-cpp/absl/base/internal/endian.h +34 -38
  421. data/third_party/abseil-cpp/absl/base/internal/iterator_traits.h +71 -0
  422. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +6 -5
  423. data/third_party/abseil-cpp/absl/base/internal/{nullability_impl.h → nullability_deprecated.h} +45 -8
  424. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +0 -9
  425. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +3 -13
  426. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +6 -6
  427. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +8 -3
  428. data/third_party/abseil-cpp/absl/base/no_destructor.h +11 -32
  429. data/third_party/abseil-cpp/absl/base/nullability.h +84 -72
  430. data/third_party/abseil-cpp/absl/base/options.h +3 -80
  431. data/third_party/abseil-cpp/absl/base/policy_checks.h +7 -7
  432. data/third_party/abseil-cpp/absl/cleanup/cleanup.h +1 -3
  433. data/third_party/abseil-cpp/absl/cleanup/internal/cleanup.h +3 -4
  434. data/third_party/abseil-cpp/absl/container/btree_map.h +4 -2
  435. data/third_party/abseil-cpp/absl/container/btree_set.h +4 -2
  436. data/third_party/abseil-cpp/absl/container/fixed_array.h +7 -14
  437. data/third_party/abseil-cpp/absl/container/flat_hash_map.h +5 -0
  438. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +6 -1
  439. data/third_party/abseil-cpp/absl/container/inlined_vector.h +8 -5
  440. data/third_party/abseil-cpp/absl/container/internal/btree.h +132 -29
  441. data/third_party/abseil-cpp/absl/container/internal/btree_container.h +175 -71
  442. data/third_party/abseil-cpp/absl/container/internal/common.h +43 -0
  443. data/third_party/abseil-cpp/absl/container/internal/common_policy_traits.h +1 -2
  444. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +9 -10
  445. data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +1 -8
  446. data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +0 -4
  447. data/third_party/abseil-cpp/absl/container/internal/hashtable_control_bytes.h +527 -0
  448. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +20 -4
  449. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +31 -12
  450. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +2 -7
  451. data/third_party/abseil-cpp/absl/container/internal/layout.h +26 -42
  452. data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +199 -68
  453. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +1354 -183
  454. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +881 -1424
  455. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set_resize_impl.h +80 -0
  456. data/third_party/abseil-cpp/absl/crc/crc32c.cc +0 -4
  457. data/third_party/abseil-cpp/absl/crc/crc32c.h +7 -5
  458. data/third_party/abseil-cpp/absl/crc/internal/crc32_x86_arm_combined_simd.h +0 -22
  459. data/third_party/abseil-cpp/absl/crc/internal/crc_x86_arm_combined.cc +45 -74
  460. data/third_party/abseil-cpp/absl/debugging/internal/addresses.h +57 -0
  461. data/third_party/abseil-cpp/absl/debugging/internal/decode_rust_punycode.cc +1 -1
  462. data/third_party/abseil-cpp/absl/debugging/internal/decode_rust_punycode.h +5 -5
  463. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +8 -35
  464. data/third_party/abseil-cpp/absl/debugging/internal/demangle_rust.cc +16 -16
  465. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +40 -37
  466. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +16 -7
  467. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_emscripten-inl.inc +14 -5
  468. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +10 -4
  469. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +27 -16
  470. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_riscv-inl.inc +13 -4
  471. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc +4 -3
  472. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +15 -28
  473. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +19 -9
  474. data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +144 -27
  475. data/third_party/abseil-cpp/absl/debugging/stacktrace.h +73 -5
  476. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +19 -9
  477. data/third_party/abseil-cpp/absl/debugging/symbolize_emscripten.inc +3 -2
  478. data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +25 -6
  479. data/third_party/abseil-cpp/absl/flags/commandlineflag.h +2 -2
  480. data/third_party/abseil-cpp/absl/flags/flag.h +4 -3
  481. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +2 -2
  482. data/third_party/abseil-cpp/absl/flags/internal/flag.cc +2 -1
  483. data/third_party/abseil-cpp/absl/flags/internal/flag.h +7 -6
  484. data/third_party/abseil-cpp/absl/flags/internal/registry.h +4 -3
  485. data/third_party/abseil-cpp/absl/flags/reflection.cc +2 -3
  486. data/third_party/abseil-cpp/absl/functional/any_invocable.h +8 -10
  487. data/third_party/abseil-cpp/absl/functional/function_ref.h +2 -9
  488. data/third_party/abseil-cpp/absl/functional/internal/any_invocable.h +110 -226
  489. data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +10 -12
  490. data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +2 -5
  491. data/third_party/abseil-cpp/absl/hash/hash.h +18 -0
  492. data/third_party/abseil-cpp/absl/hash/internal/hash.cc +1 -5
  493. data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -61
  494. data/third_party/abseil-cpp/absl/hash/internal/low_level_hash.cc +25 -68
  495. data/third_party/abseil-cpp/absl/hash/internal/low_level_hash.h +2 -6
  496. data/third_party/abseil-cpp/absl/hash/internal/weakly_mixed_integer.h +38 -0
  497. data/third_party/abseil-cpp/absl/log/check.h +2 -1
  498. data/third_party/abseil-cpp/absl/log/globals.h +4 -5
  499. data/third_party/abseil-cpp/absl/log/internal/append_truncated.h +28 -0
  500. data/third_party/abseil-cpp/absl/log/internal/check_op.cc +22 -22
  501. data/third_party/abseil-cpp/absl/log/internal/check_op.h +65 -62
  502. data/third_party/abseil-cpp/absl/log/internal/conditions.cc +5 -3
  503. data/third_party/abseil-cpp/absl/log/internal/conditions.h +7 -2
  504. data/third_party/abseil-cpp/absl/log/internal/log_message.cc +85 -43
  505. data/third_party/abseil-cpp/absl/log/internal/log_message.h +84 -59
  506. data/third_party/abseil-cpp/absl/log/internal/nullstream.h +1 -0
  507. data/third_party/abseil-cpp/absl/log/internal/proto.cc +3 -2
  508. data/third_party/abseil-cpp/absl/log/internal/proto.h +3 -3
  509. data/third_party/abseil-cpp/absl/log/internal/strip.h +4 -12
  510. data/third_party/abseil-cpp/absl/log/internal/vlog_config.h +8 -6
  511. data/third_party/abseil-cpp/absl/log/internal/voidify.h +10 -4
  512. data/third_party/abseil-cpp/absl/log/log.h +48 -35
  513. data/third_party/abseil-cpp/absl/log/log_sink_registry.h +2 -2
  514. data/third_party/abseil-cpp/absl/meta/type_traits.h +46 -175
  515. data/third_party/abseil-cpp/absl/numeric/bits.h +68 -2
  516. data/third_party/abseil-cpp/absl/numeric/int128.cc +0 -52
  517. data/third_party/abseil-cpp/absl/numeric/internal/bits.h +7 -3
  518. data/third_party/abseil-cpp/absl/profiling/internal/exponential_biased.cc +1 -1
  519. data/third_party/abseil-cpp/absl/random/bit_gen_ref.h +10 -11
  520. data/third_party/abseil-cpp/absl/random/distributions.h +6 -8
  521. data/third_party/abseil-cpp/absl/random/gaussian_distribution.h +1 -1
  522. data/third_party/abseil-cpp/absl/random/internal/distribution_caller.h +5 -6
  523. data/third_party/abseil-cpp/absl/random/internal/{pool_urbg.cc → entropy_pool.cc} +22 -90
  524. data/third_party/abseil-cpp/absl/random/internal/entropy_pool.h +35 -0
  525. data/third_party/abseil-cpp/absl/random/internal/nonsecure_base.h +5 -6
  526. data/third_party/abseil-cpp/absl/random/internal/randen_detect.cc +1 -1
  527. data/third_party/abseil-cpp/absl/random/internal/seed_material.cc +20 -12
  528. data/third_party/abseil-cpp/absl/random/internal/seed_material.h +5 -5
  529. data/third_party/abseil-cpp/absl/random/random.h +88 -53
  530. data/third_party/abseil-cpp/absl/random/seed_sequences.cc +6 -2
  531. data/third_party/abseil-cpp/absl/status/internal/status_internal.cc +3 -4
  532. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +3 -4
  533. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -3
  534. data/third_party/abseil-cpp/absl/status/status.cc +4 -8
  535. data/third_party/abseil-cpp/absl/status/status.h +8 -8
  536. data/third_party/abseil-cpp/absl/status/status_payload_printer.h +2 -2
  537. data/third_party/abseil-cpp/absl/status/statusor.cc +2 -2
  538. data/third_party/abseil-cpp/absl/status/statusor.h +6 -6
  539. data/third_party/abseil-cpp/absl/strings/ascii.cc +9 -9
  540. data/third_party/abseil-cpp/absl/strings/ascii.h +18 -18
  541. data/third_party/abseil-cpp/absl/strings/charconv.cc +21 -22
  542. data/third_party/abseil-cpp/absl/strings/charconv.h +5 -5
  543. data/third_party/abseil-cpp/absl/strings/cord.cc +54 -58
  544. data/third_party/abseil-cpp/absl/strings/cord.h +94 -83
  545. data/third_party/abseil-cpp/absl/strings/cord_analysis.cc +11 -11
  546. data/third_party/abseil-cpp/absl/strings/cord_analysis.h +3 -3
  547. data/third_party/abseil-cpp/absl/strings/escaping.cc +130 -149
  548. data/third_party/abseil-cpp/absl/strings/escaping.h +9 -10
  549. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
  550. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +6 -8
  551. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.cc +0 -4
  552. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +0 -4
  553. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +7 -63
  554. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +1 -11
  555. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +0 -22
  556. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +5 -3
  557. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +4 -2
  558. data/third_party/abseil-cpp/absl/strings/internal/str_join_internal.h +3 -3
  559. data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +0 -5
  560. data/third_party/abseil-cpp/absl/strings/internal/utf8.cc +96 -1
  561. data/third_party/abseil-cpp/absl/strings/internal/utf8.h +15 -1
  562. data/third_party/abseil-cpp/absl/strings/numbers.cc +53 -32
  563. data/third_party/abseil-cpp/absl/strings/numbers.h +87 -58
  564. data/third_party/abseil-cpp/absl/strings/str_cat.cc +6 -7
  565. data/third_party/abseil-cpp/absl/strings/str_cat.h +32 -32
  566. data/third_party/abseil-cpp/absl/strings/str_format.h +18 -18
  567. data/third_party/abseil-cpp/absl/strings/str_replace.cc +3 -3
  568. data/third_party/abseil-cpp/absl/strings/str_replace.h +6 -6
  569. data/third_party/abseil-cpp/absl/strings/string_view.cc +4 -9
  570. data/third_party/abseil-cpp/absl/strings/string_view.h +27 -32
  571. data/third_party/abseil-cpp/absl/strings/strip.h +4 -4
  572. data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -4
  573. data/third_party/abseil-cpp/absl/strings/substitute.h +66 -64
  574. data/third_party/abseil-cpp/absl/synchronization/internal/futex_waiter.cc +0 -4
  575. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.cc +0 -5
  576. data/third_party/abseil-cpp/absl/synchronization/internal/pthread_waiter.cc +0 -4
  577. data/third_party/abseil-cpp/absl/synchronization/internal/sem_waiter.cc +0 -4
  578. data/third_party/abseil-cpp/absl/synchronization/internal/stdcpp_waiter.cc +0 -4
  579. data/third_party/abseil-cpp/absl/synchronization/internal/waiter_base.cc +0 -4
  580. data/third_party/abseil-cpp/absl/synchronization/internal/win32_waiter.cc +0 -4
  581. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +1 -1
  582. data/third_party/abseil-cpp/absl/synchronization/mutex.h +97 -69
  583. data/third_party/abseil-cpp/absl/synchronization/notification.h +1 -1
  584. data/third_party/abseil-cpp/absl/time/civil_time.cc +1 -0
  585. data/third_party/abseil-cpp/absl/time/duration.cc +12 -7
  586. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +1 -1
  587. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +90 -111
  588. data/third_party/abseil-cpp/absl/time/time.h +20 -15
  589. data/third_party/abseil-cpp/absl/types/optional.h +7 -747
  590. data/third_party/abseil-cpp/absl/types/span.h +13 -11
  591. data/third_party/abseil-cpp/absl/types/variant.h +5 -784
  592. data/third_party/abseil-cpp/absl/utility/utility.h +10 -185
  593. data/third_party/cares/cares/include/ares.h +925 -460
  594. data/third_party/cares/cares/include/ares_dns.h +86 -71
  595. data/third_party/cares/cares/include/ares_dns_record.h +1118 -0
  596. data/third_party/cares/cares/include/ares_nameser.h +215 -189
  597. data/third_party/cares/cares/include/ares_version.h +37 -14
  598. data/third_party/cares/cares/src/lib/ares_addrinfo2hostent.c +305 -0
  599. data/third_party/cares/cares/src/lib/ares_addrinfo_localhost.c +245 -0
  600. data/third_party/cares/cares/src/lib/ares_android.c +216 -164
  601. data/third_party/cares/cares/src/lib/ares_android.h +25 -14
  602. data/third_party/cares/cares/src/lib/ares_cancel.c +68 -44
  603. data/third_party/cares/cares/src/lib/ares_close_sockets.c +137 -0
  604. data/third_party/cares/cares/src/lib/ares_conn.c +511 -0
  605. data/third_party/cares/cares/src/lib/ares_conn.h +196 -0
  606. data/third_party/cares/cares/src/lib/ares_cookie.c +461 -0
  607. data/third_party/cares/cares/src/lib/ares_data.c +93 -181
  608. data/third_party/cares/cares/src/lib/ares_data.h +50 -39
  609. data/third_party/cares/cares/src/lib/ares_destroy.c +127 -89
  610. data/third_party/cares/cares/src/lib/ares_free_hostent.c +35 -24
  611. data/third_party/cares/cares/src/lib/ares_free_string.c +24 -16
  612. data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +45 -38
  613. data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +549 -663
  614. data/third_party/cares/cares/src/lib/ares_getenv.c +25 -15
  615. data/third_party/cares/cares/src/lib/ares_getenv.h +26 -18
  616. data/third_party/cares/cares/src/lib/ares_gethostbyaddr.c +163 -221
  617. data/third_party/cares/cares/src/lib/ares_gethostbyname.c +222 -223
  618. data/third_party/cares/cares/src/lib/ares_getnameinfo.c +328 -338
  619. data/third_party/cares/cares/src/lib/ares_hosts_file.c +952 -0
  620. data/third_party/cares/cares/src/lib/ares_inet_net_pton.h +25 -19
  621. data/third_party/cares/cares/src/lib/ares_init.c +425 -2091
  622. data/third_party/cares/cares/src/lib/ares_ipv6.h +63 -33
  623. data/third_party/cares/cares/src/lib/ares_library_init.c +110 -54
  624. data/third_party/cares/cares/src/lib/ares_metrics.c +261 -0
  625. data/third_party/cares/cares/src/lib/ares_options.c +418 -332
  626. data/third_party/cares/cares/src/lib/ares_parse_into_addrinfo.c +179 -0
  627. data/third_party/cares/cares/src/lib/ares_private.h +558 -356
  628. data/third_party/cares/cares/src/lib/ares_process.c +1224 -1369
  629. data/third_party/cares/cares/src/lib/ares_qcache.c +430 -0
  630. data/third_party/cares/cares/src/lib/ares_query.c +126 -121
  631. data/third_party/cares/cares/src/lib/ares_search.c +564 -262
  632. data/third_party/cares/cares/src/lib/ares_send.c +264 -93
  633. data/third_party/cares/cares/src/lib/ares_set_socket_functions.c +588 -0
  634. data/third_party/cares/cares/src/lib/ares_setup.h +115 -111
  635. data/third_party/cares/cares/src/lib/ares_socket.c +425 -0
  636. data/third_party/cares/cares/src/lib/ares_socket.h +163 -0
  637. data/third_party/cares/cares/src/lib/ares_sortaddrinfo.c +447 -0
  638. data/third_party/cares/cares/src/lib/ares_strerror.c +83 -48
  639. data/third_party/cares/cares/src/lib/ares_sysconfig.c +639 -0
  640. data/third_party/cares/cares/src/lib/ares_sysconfig_files.c +839 -0
  641. data/third_party/cares/cares/src/lib/ares_sysconfig_mac.c +373 -0
  642. data/third_party/cares/cares/src/lib/ares_sysconfig_win.c +621 -0
  643. data/third_party/cares/cares/src/lib/ares_timeout.c +136 -73
  644. data/third_party/cares/cares/src/lib/ares_update_servers.c +1362 -0
  645. data/third_party/cares/cares/src/lib/ares_version.c +29 -4
  646. data/third_party/cares/cares/src/lib/config-dos.h +88 -89
  647. data/third_party/cares/cares/src/lib/config-win32.h +122 -77
  648. data/third_party/cares/cares/src/lib/dsa/ares_array.c +394 -0
  649. data/third_party/cares/cares/src/lib/dsa/ares_htable.c +447 -0
  650. data/third_party/cares/cares/src/lib/dsa/ares_htable.h +174 -0
  651. data/third_party/cares/cares/src/lib/dsa/ares_htable_asvp.c +224 -0
  652. data/third_party/cares/cares/src/lib/dsa/ares_htable_dict.c +228 -0
  653. data/third_party/cares/cares/src/lib/dsa/ares_htable_strvp.c +210 -0
  654. data/third_party/cares/cares/src/lib/dsa/ares_htable_szvp.c +188 -0
  655. data/third_party/cares/cares/src/lib/dsa/ares_htable_vpstr.c +186 -0
  656. data/third_party/cares/cares/src/lib/dsa/ares_htable_vpvp.c +194 -0
  657. data/third_party/cares/cares/src/lib/dsa/ares_llist.c +382 -0
  658. data/third_party/cares/cares/src/lib/dsa/ares_slist.c +479 -0
  659. data/third_party/cares/cares/src/lib/dsa/ares_slist.h +207 -0
  660. data/third_party/cares/cares/src/lib/event/ares_event.h +191 -0
  661. data/third_party/cares/cares/src/lib/event/ares_event_configchg.c +743 -0
  662. data/third_party/cares/cares/src/lib/event/ares_event_epoll.c +192 -0
  663. data/third_party/cares/cares/src/lib/event/ares_event_kqueue.c +248 -0
  664. data/third_party/cares/cares/src/lib/event/ares_event_poll.c +140 -0
  665. data/third_party/cares/cares/src/lib/event/ares_event_select.c +159 -0
  666. data/third_party/cares/cares/src/lib/event/ares_event_thread.c +567 -0
  667. data/third_party/cares/cares/src/lib/event/ares_event_wake_pipe.c +166 -0
  668. data/third_party/cares/cares/src/lib/event/ares_event_win32.c +978 -0
  669. data/third_party/cares/cares/src/lib/event/ares_event_win32.h +161 -0
  670. data/third_party/cares/cares/src/lib/include/ares_array.h +276 -0
  671. data/third_party/cares/cares/src/lib/include/ares_buf.h +732 -0
  672. data/third_party/cares/cares/src/lib/include/ares_htable_asvp.h +130 -0
  673. data/third_party/cares/cares/src/lib/include/ares_htable_dict.h +123 -0
  674. data/third_party/cares/cares/src/lib/include/ares_htable_strvp.h +130 -0
  675. data/third_party/cares/cares/src/lib/include/ares_htable_szvp.h +118 -0
  676. data/third_party/cares/cares/src/lib/include/ares_htable_vpstr.h +111 -0
  677. data/third_party/cares/cares/src/lib/include/ares_htable_vpvp.h +128 -0
  678. data/third_party/cares/cares/src/lib/include/ares_llist.h +239 -0
  679. data/third_party/cares/cares/src/lib/include/ares_mem.h +38 -0
  680. data/third_party/cares/cares/src/lib/include/ares_str.h +244 -0
  681. data/third_party/cares/cares/src/lib/inet_net_pton.c +202 -157
  682. data/third_party/cares/cares/src/lib/inet_ntop.c +87 -69
  683. data/third_party/cares/cares/src/lib/legacy/ares_create_query.c +78 -0
  684. data/third_party/cares/cares/src/lib/legacy/ares_expand_name.c +99 -0
  685. data/third_party/cares/cares/src/lib/legacy/ares_expand_string.c +107 -0
  686. data/third_party/cares/cares/src/lib/legacy/ares_fds.c +80 -0
  687. data/third_party/cares/cares/src/lib/legacy/ares_getsock.c +85 -0
  688. data/third_party/cares/cares/src/lib/legacy/ares_parse_a_reply.c +107 -0
  689. data/third_party/cares/cares/src/lib/legacy/ares_parse_aaaa_reply.c +109 -0
  690. data/third_party/cares/cares/src/lib/legacy/ares_parse_caa_reply.c +137 -0
  691. data/third_party/cares/cares/src/lib/legacy/ares_parse_mx_reply.c +110 -0
  692. data/third_party/cares/cares/src/lib/legacy/ares_parse_naptr_reply.c +132 -0
  693. data/third_party/cares/cares/src/lib/legacy/ares_parse_ns_reply.c +154 -0
  694. data/third_party/cares/cares/src/lib/legacy/ares_parse_ptr_reply.c +213 -0
  695. data/third_party/cares/cares/src/lib/legacy/ares_parse_soa_reply.c +115 -0
  696. data/third_party/cares/cares/src/lib/legacy/ares_parse_srv_reply.c +114 -0
  697. data/third_party/cares/cares/src/lib/legacy/ares_parse_txt_reply.c +144 -0
  698. data/third_party/cares/cares/src/lib/legacy/ares_parse_uri_reply.c +113 -0
  699. data/third_party/cares/cares/src/lib/record/ares_dns_mapping.c +982 -0
  700. data/third_party/cares/cares/src/lib/record/ares_dns_multistring.c +307 -0
  701. data/third_party/cares/cares/src/lib/record/ares_dns_multistring.h +72 -0
  702. data/third_party/cares/cares/src/lib/record/ares_dns_name.c +673 -0
  703. data/third_party/cares/cares/src/lib/record/ares_dns_parse.c +1329 -0
  704. data/third_party/cares/cares/src/lib/record/ares_dns_private.h +273 -0
  705. data/third_party/cares/cares/src/lib/record/ares_dns_record.c +1661 -0
  706. data/third_party/cares/cares/src/lib/record/ares_dns_write.c +1229 -0
  707. data/third_party/cares/cares/src/lib/str/ares_buf.c +1498 -0
  708. data/third_party/cares/cares/src/lib/str/ares_str.c +508 -0
  709. data/third_party/cares/cares/src/lib/str/ares_strsplit.c +90 -0
  710. data/third_party/cares/cares/src/lib/str/ares_strsplit.h +51 -0
  711. data/third_party/cares/cares/src/lib/thirdparty/apple/dnsinfo.h +122 -0
  712. data/third_party/cares/cares/src/lib/util/ares_iface_ips.c +628 -0
  713. data/third_party/cares/cares/src/lib/util/ares_iface_ips.h +139 -0
  714. data/third_party/cares/cares/src/lib/util/ares_math.c +158 -0
  715. data/third_party/cares/cares/src/lib/util/ares_math.h +45 -0
  716. data/third_party/cares/cares/src/lib/util/ares_rand.c +389 -0
  717. data/third_party/cares/cares/src/lib/util/ares_rand.h +36 -0
  718. data/third_party/cares/cares/src/lib/util/ares_threads.c +614 -0
  719. data/third_party/cares/cares/src/lib/util/ares_threads.h +60 -0
  720. data/third_party/cares/cares/src/lib/util/ares_time.h +48 -0
  721. data/third_party/cares/cares/src/lib/util/ares_timeval.c +95 -0
  722. data/third_party/cares/cares/src/lib/util/ares_uri.c +1626 -0
  723. data/third_party/cares/cares/src/lib/util/ares_uri.h +252 -0
  724. data/third_party/cares/cares/src/lib/windows_port.c +16 -9
  725. metadata +192 -68
  726. data/src/core/lib/event_engine/forkable.cc +0 -105
  727. data/src/core/lib/event_engine/forkable.h +0 -67
  728. data/src/core/lib/iomgr/python_util.h +0 -46
  729. data/src/core/util/ring_buffer.h +0 -122
  730. data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +0 -108
  731. data/third_party/abseil-cpp/absl/base/internal/invoke.h +0 -241
  732. data/third_party/abseil-cpp/absl/log/log_entry.cc +0 -41
  733. data/third_party/abseil-cpp/absl/random/internal/pool_urbg.h +0 -131
  734. data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +0 -66
  735. data/third_party/abseil-cpp/absl/types/bad_optional_access.h +0 -78
  736. data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +0 -82
  737. data/third_party/abseil-cpp/absl/types/bad_variant_access.h +0 -82
  738. data/third_party/abseil-cpp/absl/types/internal/optional.h +0 -352
  739. data/third_party/abseil-cpp/absl/types/internal/variant.h +0 -1622
  740. data/third_party/cares/cares/include/ares_rules.h +0 -125
  741. data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +0 -266
  742. data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +0 -240
  743. data/third_party/cares/cares/src/lib/ares__close_sockets.c +0 -61
  744. data/third_party/cares/cares/src/lib/ares__get_hostent.c +0 -260
  745. data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +0 -229
  746. data/third_party/cares/cares/src/lib/ares__read_line.c +0 -73
  747. data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +0 -258
  748. data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +0 -507
  749. data/third_party/cares/cares/src/lib/ares__timeval.c +0 -111
  750. data/third_party/cares/cares/src/lib/ares_create_query.c +0 -197
  751. data/third_party/cares/cares/src/lib/ares_expand_name.c +0 -311
  752. data/third_party/cares/cares/src/lib/ares_expand_string.c +0 -67
  753. data/third_party/cares/cares/src/lib/ares_fds.c +0 -59
  754. data/third_party/cares/cares/src/lib/ares_getsock.c +0 -66
  755. data/third_party/cares/cares/src/lib/ares_iphlpapi.h +0 -221
  756. data/third_party/cares/cares/src/lib/ares_llist.c +0 -63
  757. data/third_party/cares/cares/src/lib/ares_llist.h +0 -39
  758. data/third_party/cares/cares/src/lib/ares_mkquery.c +0 -24
  759. data/third_party/cares/cares/src/lib/ares_nowarn.c +0 -260
  760. data/third_party/cares/cares/src/lib/ares_nowarn.h +0 -61
  761. data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +0 -90
  762. data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +0 -92
  763. data/third_party/cares/cares/src/lib/ares_parse_caa_reply.c +0 -199
  764. data/third_party/cares/cares/src/lib/ares_parse_mx_reply.c +0 -164
  765. data/third_party/cares/cares/src/lib/ares_parse_naptr_reply.c +0 -183
  766. data/third_party/cares/cares/src/lib/ares_parse_ns_reply.c +0 -177
  767. data/third_party/cares/cares/src/lib/ares_parse_ptr_reply.c +0 -228
  768. data/third_party/cares/cares/src/lib/ares_parse_soa_reply.c +0 -179
  769. data/third_party/cares/cares/src/lib/ares_parse_srv_reply.c +0 -168
  770. data/third_party/cares/cares/src/lib/ares_parse_txt_reply.c +0 -214
  771. data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +0 -184
  772. data/third_party/cares/cares/src/lib/ares_platform.c +0 -11042
  773. data/third_party/cares/cares/src/lib/ares_platform.h +0 -43
  774. data/third_party/cares/cares/src/lib/ares_rand.c +0 -279
  775. data/third_party/cares/cares/src/lib/ares_strcasecmp.c +0 -66
  776. data/third_party/cares/cares/src/lib/ares_strcasecmp.h +0 -30
  777. data/third_party/cares/cares/src/lib/ares_strdup.c +0 -42
  778. data/third_party/cares/cares/src/lib/ares_strdup.h +0 -24
  779. data/third_party/cares/cares/src/lib/ares_strsplit.c +0 -94
  780. data/third_party/cares/cares/src/lib/ares_strsplit.h +0 -42
  781. data/third_party/cares/cares/src/lib/ares_writev.c +0 -79
  782. data/third_party/cares/cares/src/lib/ares_writev.h +0 -36
  783. data/third_party/cares/cares/src/lib/bitncmp.c +0 -59
  784. data/third_party/cares/cares/src/lib/bitncmp.h +0 -26
  785. data/third_party/cares/cares/src/lib/setup_once.h +0 -554
  786. data/third_party/cares/cares/src/tools/ares_getopt.h +0 -53
data/src/core/credentials/transport/tls/grpc_tls_certificate_provider.cc CHANGED
@@ -31,6 +31,7 @@
31
31
  #include "absl/log/log.h"
32
32
  #include "absl/status/status.h"
33
33
  #include "absl/strings/string_view.h"
34
+ #include "src/core/credentials/transport/tls/spiffe_utils.h"
34
35
  #include "src/core/credentials/transport/tls/ssl_utils.h"
35
36
  #include "src/core/lib/debug/trace.h"
36
37
  #include "src/core/lib/iomgr/error.h"
@@ -39,26 +40,37 @@
39
40
  #include "src/core/lib/slice/slice_internal.h"
40
41
  #include "src/core/tsi/ssl_transport_security_utils.h"
41
42
  #include "src/core/util/load_file.h"
43
+ #include "src/core/util/match.h"
42
44
  #include "src/core/util/stat.h"
43
45
  #include "src/core/util/status_helper.h"
44
46
 
45
47
  namespace grpc_core {
46
48
  namespace {
47
49
 
48
- absl::Status ValidateRootCertificates(absl::string_view root_certificates) {
49
- if (root_certificates.empty()) return absl::OkStatus();
50
- absl::StatusOr<std::vector<X509*>> parsed_roots =
51
- ParsePemCertificateChain(root_certificates);
52
- if (!parsed_roots.ok()) {
53
- return absl::Status(
54
- parsed_roots.status().code(),
55
- absl::StrCat("Failed to parse root certificates as PEM: ",
56
- parsed_roots.status().message()));
57
- }
58
- for (X509* x509 : *parsed_roots) {
59
- X509_free(x509);
60
- }
61
- return absl::OkStatus();
50
+ absl::Status ValidateRootCertificates(const RootCertInfo* root_cert_info) {
51
+ if (root_cert_info == nullptr) return absl::OkStatus();
52
+ return Match(
53
+ *root_cert_info,
54
+ [&](const std::string& root_certificates) {
55
+ if (root_certificates.empty()) return absl::OkStatus();
56
+ absl::StatusOr<std::vector<X509*>> parsed_roots =
57
+ ParsePemCertificateChain(root_certificates);
58
+ if (!parsed_roots.ok()) {
59
+ return absl::Status(
60
+ parsed_roots.status().code(),
61
+ absl::StrCat("Failed to parse root certificates as PEM: ",
62
+ parsed_roots.status().message()));
63
+ }
64
+ for (X509* x509 : *parsed_roots) {
65
+ X509_free(x509);
66
+ }
67
+ return absl::OkStatus();
68
+ },
69
+ [&](const SpiffeBundleMap&) {
70
+ // SpiffeBundleMap validation is done when it is created - a value here
71
+ // inherently means that it is valid.
72
+ return absl::OkStatus();
73
+ });
62
74
  }
63
75
 
64
76
  absl::Status ValidatePemKeyCertPair(absl::string_view cert_chain,
@@ -88,23 +100,35 @@ absl::Status ValidatePemKeyCertPair(absl::string_view cert_chain,
88
100
  return absl::OkStatus();
89
101
  }
90
102
 
103
+ bool HasRootCertInfoChanged(
104
+ const absl::StatusOr<std::shared_ptr<RootCertInfo>>& old,
105
+ const absl::StatusOr<std::shared_ptr<RootCertInfo>>& updated) {
106
+ if (old.status() != updated.status()) return true; // Status changed.
107
+ if (!old.ok()) return false; // Both have same non-OK status.
108
+ // Both have OK status.
109
+ if (*old == nullptr) return *updated != nullptr;
110
+ if (*updated == nullptr) return true;
111
+ // Both have non-null value.
112
+ return **old != **updated;
113
+ }
114
+
91
115
  } // namespace
92
116
 
93
117
  StaticDataCertificateProvider::StaticDataCertificateProvider(
94
118
  std::string root_certificate, PemKeyCertPairList pem_key_cert_pairs)
95
119
  : distributor_(MakeRefCounted<grpc_tls_certificate_distributor>()),
96
- root_certificate_(std::move(root_certificate)),
120
+ root_cert_info_(std::make_shared<RootCertInfo>(root_certificate)),
97
121
  pem_key_cert_pairs_(std::move(pem_key_cert_pairs)) {
98
122
  distributor_->SetWatchStatusCallback([this](std::string cert_name,
99
123
  bool root_being_watched,
100
124
  bool identity_being_watched) {
101
125
  MutexLock lock(&mu_);
102
- std::optional<std::string> root_certificate;
126
+ std::shared_ptr<RootCertInfo> root_cert_info;
103
127
  std::optional<PemKeyCertPairList> pem_key_cert_pairs;
104
128
  StaticDataCertificateProvider::WatcherInfo& info = watcher_info_[cert_name];
105
129
  if (!info.root_being_watched && root_being_watched &&
106
- !root_certificate_.empty()) {
107
- root_certificate = root_certificate_;
130
+ !IsRootCertInfoEmpty(root_cert_info_.get())) {
131
+ root_cert_info = root_cert_info_;
108
132
  }
109
133
  info.root_being_watched = root_being_watched;
110
134
  if (!info.identity_being_watched && identity_being_watched &&
@@ -115,10 +139,10 @@ StaticDataCertificateProvider::StaticDataCertificateProvider(
115
139
  if (!info.root_being_watched && !info.identity_being_watched) {
116
140
  watcher_info_.erase(cert_name);
117
141
  }
118
- const bool root_has_update = root_certificate.has_value();
142
+ const bool root_has_update = root_cert_info != nullptr;
119
143
  const bool identity_has_update = pem_key_cert_pairs.has_value();
120
144
  if (root_has_update || identity_has_update) {
121
- distributor_->SetKeyMaterials(cert_name, std::move(root_certificate),
145
+ distributor_->SetKeyMaterials(cert_name, std::move(root_cert_info),
122
146
  std::move(pem_key_cert_pairs));
123
147
  }
124
148
  grpc_error_handle root_cert_error;
@@ -150,7 +174,7 @@ UniqueTypeName StaticDataCertificateProvider::type() const {
150
174
  }
151
175
 
152
176
  absl::Status StaticDataCertificateProvider::ValidateCredentials() const {
153
- absl::Status status = ValidateRootCertificates(root_certificate_);
177
+ absl::Status status = ValidateRootCertificates(root_cert_info_.get());
154
178
  if (!status.ok()) {
155
179
  return status;
156
180
  }
@@ -177,10 +201,12 @@ static constexpr int64_t kMinimumFileWatcherRefreshIntervalSeconds = 1;
177
201
 
178
202
  FileWatcherCertificateProvider::FileWatcherCertificateProvider(
179
203
  std::string private_key_path, std::string identity_certificate_path,
180
- std::string root_cert_path, int64_t refresh_interval_sec)
204
+ std::string root_cert_path, std::string spiffe_bundle_map_path,
205
+ int64_t refresh_interval_sec)
181
206
  : private_key_path_(std::move(private_key_path)),
182
207
  identity_certificate_path_(std::move(identity_certificate_path)),
183
208
  root_cert_path_(std::move(root_cert_path)),
209
+ spiffe_bundle_map_path_(std::move(spiffe_bundle_map_path)),
184
210
  refresh_interval_sec_(refresh_interval_sec),
185
211
  distributor_(MakeRefCounted<grpc_tls_certificate_distributor>()) {
186
212
  if (refresh_interval_sec_ < kMinimumFileWatcherRefreshIntervalSeconds) {
@@ -192,7 +218,9 @@ FileWatcherCertificateProvider::FileWatcherCertificateProvider(
192
218
  // Private key and identity cert files must be both set or both unset.
193
219
  CHECK(private_key_path_.empty() == identity_certificate_path_.empty());
194
220
  // Must be watching either root or identity certs.
195
- CHECK(!private_key_path_.empty() || !root_cert_path_.empty());
221
+ bool watching_root =
222
+ !root_cert_path_.empty() || !spiffe_bundle_map_path_.empty();
223
+ CHECK(!private_key_path_.empty() || watching_root);
196
224
  gpr_event_init(&shutdown_event_);
197
225
  ForceUpdate();
198
226
  auto thread_lambda = [](void* arg) {
@@ -216,13 +244,13 @@ FileWatcherCertificateProvider::FileWatcherCertificateProvider(
216
244
  bool root_being_watched,
217
245
  bool identity_being_watched) {
218
246
  MutexLock lock(&mu_);
219
- std::optional<std::string> root_certificate;
247
+ absl::StatusOr<std::shared_ptr<RootCertInfo>> roots = nullptr;
220
248
  std::optional<PemKeyCertPairList> pem_key_cert_pairs;
221
249
  FileWatcherCertificateProvider::WatcherInfo& info =
222
250
  watcher_info_[cert_name];
223
251
  if (!info.root_being_watched && root_being_watched &&
224
- !root_certificate_.empty()) {
225
- root_certificate = root_certificate_;
252
+ root_cert_info_.ok() && *root_cert_info_ != nullptr) {
253
+ roots = root_cert_info_;
226
254
  }
227
255
  info.root_being_watched = root_being_watched;
228
256
  if (!info.identity_being_watched && identity_being_watched &&
@@ -234,13 +262,13 @@ FileWatcherCertificateProvider::FileWatcherCertificateProvider(
234
262
  watcher_info_.erase(cert_name);
235
263
  }
236
264
  ExecCtx exec_ctx;
237
- if (root_certificate.has_value() || pem_key_cert_pairs.has_value()) {
238
- distributor_->SetKeyMaterials(cert_name, root_certificate,
265
+ if ((roots.ok() && *roots != nullptr) || pem_key_cert_pairs.has_value()) {
266
+ distributor_->SetKeyMaterials(cert_name, roots.ok() ? *roots : nullptr,
239
267
  pem_key_cert_pairs);
240
268
  }
241
269
  grpc_error_handle root_cert_error;
242
270
  grpc_error_handle identity_cert_error;
243
- if (root_being_watched && !root_certificate.has_value()) {
271
+ if (root_being_watched && (!roots.ok() || *roots == nullptr)) {
244
272
  root_cert_error =
245
273
  GRPC_ERROR_CREATE("Unable to get latest root certificates.");
246
274
  }
@@ -270,7 +298,10 @@ UniqueTypeName FileWatcherCertificateProvider::type() const {
270
298
 
271
299
  absl::Status FileWatcherCertificateProvider::ValidateCredentials() const {
272
300
  MutexLock lock(&mu_);
273
- absl::Status status = ValidateRootCertificates(root_certificate_);
301
+ if (!root_cert_info_.ok()) {
302
+ return root_cert_info_.status();
303
+ }
304
+ absl::Status status = ValidateRootCertificates(root_cert_info_->get());
274
305
  if (!status.ok()) {
275
306
  return status;
276
307
  }
@@ -285,25 +316,34 @@ absl::Status FileWatcherCertificateProvider::ValidateCredentials() const {
285
316
  }
286
317
 
287
318
  void FileWatcherCertificateProvider::ForceUpdate() {
288
- std::optional<std::string> root_certificate;
319
+ absl::StatusOr<std::shared_ptr<RootCertInfo>> root_cert_info = nullptr;
289
320
  std::optional<PemKeyCertPairList> pem_key_cert_pairs;
290
- if (!root_cert_path_.empty()) {
291
- root_certificate = ReadRootCertificatesFromFile(root_cert_path_);
321
+ if (!spiffe_bundle_map_path_.empty()) {
322
+ auto map = SpiffeBundleMap::FromFile(spiffe_bundle_map_path_);
323
+ if (map.ok()) {
324
+ root_cert_info = std::make_shared<RootCertInfo>(std::move(*map));
325
+ } else {
326
+ root_cert_info = absl::InvalidArgumentError(
327
+ absl::StrFormat("spiffe bundle map file %s failed to load: %s",
328
+ spiffe_bundle_map_path_, map.status().ToString()));
329
+ }
330
+ } else if (!root_cert_path_.empty()) {
331
+ std::optional<std::string> root_certificate =
332
+ ReadRootCertificatesFromFile(root_cert_path_);
333
+ if (root_certificate.has_value()) {
334
+ root_cert_info =
335
+ std::make_shared<RootCertInfo>(std::move(*root_certificate));
336
+ }
292
337
  }
293
338
  if (!private_key_path_.empty()) {
294
339
  pem_key_cert_pairs = ReadIdentityKeyCertPairFromFiles(
295
340
  private_key_path_, identity_certificate_path_);
296
341
  }
297
342
  MutexLock lock(&mu_);
298
- const bool root_cert_changed =
299
- (!root_certificate.has_value() && !root_certificate_.empty()) ||
300
- (root_certificate.has_value() && root_certificate_ != *root_certificate);
301
- if (root_cert_changed) {
302
- if (root_certificate.has_value()) {
303
- root_certificate_ = std::move(*root_certificate);
304
- } else {
305
- root_certificate_ = "";
306
- }
343
+ const bool root_changed =
344
+ HasRootCertInfoChanged(root_cert_info_, root_cert_info);
345
+ if (root_changed) {
346
+ root_cert_info_ = std::move(root_cert_info);
307
347
  }
308
348
  const bool identity_cert_changed =
309
349
  (!pem_key_cert_pairs.has_value() && !pem_key_cert_pairs_.empty()) ||
@@ -316,7 +356,7 @@ void FileWatcherCertificateProvider::ForceUpdate() {
316
356
  pem_key_cert_pairs_ = {};
317
357
  }
318
358
  }
319
- if (root_cert_changed || identity_cert_changed) {
359
+ if (root_changed || identity_cert_changed) {
320
360
  ExecCtx exec_ctx;
321
361
  grpc_error_handle root_cert_error =
322
362
  GRPC_ERROR_CREATE("Unable to get latest root certificates.");
@@ -325,24 +365,24 @@ void FileWatcherCertificateProvider::ForceUpdate() {
325
365
  for (const auto& p : watcher_info_) {
326
366
  const std::string& cert_name = p.first;
327
367
  const WatcherInfo& info = p.second;
328
- std::optional<std::string> root_to_report;
368
+ std::shared_ptr<RootCertInfo> root_to_report;
329
369
  std::optional<PemKeyCertPairList> identity_to_report;
330
370
  // Set key materials to the distributor if their contents changed.
331
- if (info.root_being_watched && !root_certificate_.empty() &&
332
- root_cert_changed) {
333
- root_to_report = root_certificate_;
371
+ if (info.root_being_watched && root_changed) {
372
+ root_to_report = root_cert_info_.ok() ? *root_cert_info_ : nullptr;
334
373
  }
335
374
  if (info.identity_being_watched && !pem_key_cert_pairs_.empty() &&
336
375
  identity_cert_changed) {
337
376
  identity_to_report = pem_key_cert_pairs_;
338
377
  }
339
- if (root_to_report.has_value() || identity_to_report.has_value()) {
378
+ if (root_to_report != nullptr || identity_to_report.has_value()) {
340
379
  distributor_->SetKeyMaterials(cert_name, std::move(root_to_report),
341
380
  std::move(identity_to_report));
342
381
  }
343
382
  // Report errors to the distributor if the contents are empty.
344
383
  const bool report_root_error =
345
- info.root_being_watched && root_certificate_.empty();
384
+ info.root_being_watched &&
385
+ (!root_cert_info_.ok() || *root_cert_info_ == nullptr);
346
386
  const bool report_identity_error =
347
387
  info.identity_being_watched && pem_key_cert_pairs_.empty();
348
388
  if (report_root_error || report_identity_error) {
@@ -369,9 +409,8 @@ FileWatcherCertificateProvider::ReadRootCertificatesFromFile(
369
409
  }
370
410
 
371
411
  namespace {
372
-
373
- // This helper function gets the last-modified time of |filename|. When failed,
374
- // it logs the error and returns 0.
412
+ // This helper function gets the last-modified time of |filename|. When
413
+ // failed, it logs the error and returns 0.
375
414
  time_t GetModificationTime(const char* filename) {
376
415
  time_t ts = 0;
377
416
  (void)GetFileModificationTime(filename, &ts);
@@ -473,12 +512,15 @@ grpc_tls_certificate_provider* grpc_tls_certificate_provider_static_data_create(
473
512
  grpc_tls_certificate_provider*
474
513
  grpc_tls_certificate_provider_file_watcher_create(
475
514
  const char* private_key_path, const char* identity_certificate_path,
476
- const char* root_cert_path, unsigned int refresh_interval_sec) {
515
+ const char* root_cert_path, const char* spiffe_bundle_map_path,
516
+ unsigned int refresh_interval_sec) {
477
517
  grpc_core::ExecCtx exec_ctx;
478
518
  return new grpc_core::FileWatcherCertificateProvider(
479
519
  private_key_path == nullptr ? "" : private_key_path,
480
520
  identity_certificate_path == nullptr ? "" : identity_certificate_path,
481
- root_cert_path == nullptr ? "" : root_cert_path, refresh_interval_sec);
521
+ root_cert_path == nullptr ? "" : root_cert_path,
522
+ spiffe_bundle_map_path == nullptr ? "" : spiffe_bundle_map_path,
523
+ refresh_interval_sec);
482
524
  }
483
525
 
484
526
  void grpc_tls_certificate_provider_release(
data/src/core/credentials/transport/tls/grpc_tls_certificate_provider.h CHANGED
@@ -31,6 +31,7 @@
31
31
  #include "absl/status/statusor.h"
32
32
  #include "absl/strings/string_view.h"
33
33
  #include "src/core/credentials/transport/tls/grpc_tls_certificate_distributor.h"
34
+ #include "src/core/credentials/transport/tls/spiffe_utils.h"
34
35
  #include "src/core/credentials/transport/tls/ssl_utils.h"
35
36
  #include "src/core/util/ref_counted.h"
36
37
  #include "src/core/util/ref_counted_ptr.h"
@@ -121,7 +122,7 @@ class StaticDataCertificateProvider final
121
122
  }
122
123
 
123
124
  RefCountedPtr<grpc_tls_certificate_distributor> distributor_;
124
- std::string root_certificate_;
125
+ std::shared_ptr<RootCertInfo> root_cert_info_;
125
126
  PemKeyCertPairList pem_key_cert_pairs_;
126
127
  // Guards members below.
127
128
  Mutex mu_;
@@ -137,6 +138,7 @@ class FileWatcherCertificateProvider final
137
138
  FileWatcherCertificateProvider(std::string private_key_path,
138
139
  std::string identity_certificate_path,
139
140
  std::string root_cert_path,
141
+ std::string spiffe_bundle_map_path,
140
142
  int64_t refresh_interval_sec);
141
143
 
142
144
  ~FileWatcherCertificateProvider() override;
@@ -178,6 +180,7 @@ class FileWatcherCertificateProvider final
178
180
  std::string private_key_path_;
179
181
  std::string identity_certificate_path_;
180
182
  std::string root_cert_path_;
183
+ std::string spiffe_bundle_map_path_;
181
184
  int64_t refresh_interval_sec_ = 0;
182
185
 
183
186
  RefCountedPtr<grpc_tls_certificate_distributor> distributor_;
@@ -188,8 +191,18 @@ class FileWatcherCertificateProvider final
188
191
  mutable Mutex mu_;
189
192
  // The most-recent credential data. It will be empty if the most recent read
190
193
  // attempt failed.
191
- std::string root_certificate_ ABSL_GUARDED_BY(mu_);
192
194
  PemKeyCertPairList pem_key_cert_pairs_ ABSL_GUARDED_BY(mu_);
195
+ // The most-recent root data.
196
+ // - If unset, the status will be OK and the value will be nullptr
197
+ // - If a SPIFFE Bundle Map is configured and fails to read, the status will
198
+ // be not-Ok
199
+ // - If a string root cert is configured and fails to read, the status will be
200
+ // OK with a nullptr
201
+ // - Otherwise, holds either a SpiffeBundleMap or a string root cert
202
+ // TODO(gtcooke94) - refactor the handling for string root cert files such
203
+ // that their failure is a non-ok status rather than a nullptr
204
+ absl::StatusOr<std::shared_ptr<RootCertInfo>> root_cert_info_
205
+ ABSL_GUARDED_BY(mu_) = nullptr;
193
206
  // Stores each cert_name we get from the distributor callback and its watcher
194
207
  // information.
195
208
  std::map<std::string, WatcherInfo> watcher_info_ ABSL_GUARDED_BY(mu_);
data/src/core/credentials/transport/tls/load_system_roots_supported.cc CHANGED
@@ -131,6 +131,7 @@ grpc_slice CreateRootCertsBundle(const char* certs_directory) {
131
131
  } else {
132
132
  LOG(ERROR) << "failed to read file: " << roots_filenames[i].path;
133
133
  }
134
+ close(file_descriptor);
134
135
  }
135
136
  }
136
137
  bundle_slice = grpc_slice_new(bundle_string, bytes_read, gpr_free);