grpc 1.75.0.pre1 → 1.76.0.pre1

data/src/core/credentials/transport/google_default/google_default_credentials.cc

@@ -31,8 +31,8 @@
 #include <memory>
 #include <optional>
 #include <string>
+#include <utility>
 
-#include "absl/log/check.h"
 #include "absl/log/log.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/match.h"
@@ -60,6 +60,7 @@
 #include "src/core/load_balancing/grpclb/grpclb.h"
 #include "src/core/load_balancing/xds/xds_channel_args.h"
 #include "src/core/util/env.h"
+#include "src/core/util/grpc_check.h"
 #include "src/core/util/http_client/httpcli.h"
 #include "src/core/util/http_client/parser.h"
 #include "src/core/util/json/json.h"
@@ -221,7 +222,7 @@ static int is_metadata_server_reachable() {
   auto uri = grpc_core::URI::Create("http", /*user_info=*/"",
                                     GRPC_COMPUTE_ENGINE_DETECTION_HOST, "/",
                                     {} /* query params */, "" /* fragment */);
-  CHECK(uri.ok());  // params are hardcoded
+  GRPC_CHECK(uri.ok());  // params are hardcoded
   auto http_request = grpc_core::HttpRequest::Get(
       std::move(*uri), nullptr /* channel args */, &detector.pollent, &request,
       grpc_core::Timestamp::Now() + max_detection_delay,
@@ -339,6 +340,8 @@ static bool metadata_server_available() {
   return static_cast<bool>(g_metadata_server_available);
 }
 
+namespace {
+
 // A grpc_call_credentials implementation that uses two
 // underlying credentials: one for TLS and one for ALTS.
 // The implementation will pick the right credentials based on the auth
@@ -398,24 +401,42 @@ class GoogleDefaultCallCredentialsWrapper : public grpc_call_credentials {
   grpc_core::RefCountedPtr<grpc_call_credentials> alts_credentials_;
 };
 
-static grpc_core::RefCountedPtr<grpc_call_credentials> make_default_call_creds(
-    grpc_error_handle* error) {
+enum class DefaultCallCredentialsCreationMethod {
+  kNone,
+  kFromEnviromentPathValue,
+  kFromWellKnownFile,
+  kFromDefaultGCE,
+};
+
+absl::StatusOr<std::pair<grpc_core::RefCountedPtr<grpc_call_credentials>,
+                         DefaultCallCredentialsCreationMethod>>
+CreateGoogleDefaultCallCredentials() {
+  DefaultCallCredentialsCreationMethod default_credentials_type;
   grpc_core::RefCountedPtr<grpc_call_credentials> call_creds;
-  grpc_error_handle err;
+  grpc_error_handle return_status;
+  grpc_error_handle child_error;
 
   // First, try the environment variable.
   auto path_from_env = grpc_core::GetEnv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR);
   if (path_from_env.has_value()) {
-    err = create_default_creds_from_path(*path_from_env, &call_creds);
-    if (err.ok()) return call_creds;
-    *error = grpc_error_add_child(*error, err);
+    child_error = create_default_creds_from_path(*path_from_env, &call_creds);
+    if (child_error.ok()) {
+      default_credentials_type =
+          DefaultCallCredentialsCreationMethod::kFromEnviromentPathValue;
+      return std::pair(call_creds, default_credentials_type);
+    }
+    return_status = grpc_error_add_child(return_status, child_error);
   }
 
   // Then the well-known file.
-  err = create_default_creds_from_path(
+  child_error = create_default_creds_from_path(
       grpc_get_well_known_google_credentials_file_path(), &call_creds);
-  if (err.ok()) return call_creds;
-  *error = grpc_error_add_child(*error, err);
+  if (child_error.ok()) {
+    default_credentials_type =
+        DefaultCallCredentialsCreationMethod::kFromWellKnownFile;
+    return std::pair(call_creds, default_credentials_type);
+  }
+  return_status = grpc_error_add_child(return_status, child_error);
 
   update_tenancy();
 
@@ -423,18 +444,26 @@ static grpc_core::RefCountedPtr<grpc_call_credentials> make_default_call_creds(
     call_creds = grpc_core::RefCountedPtr<grpc_call_credentials>(
         grpc_google_compute_engine_credentials_create(nullptr));
     if (call_creds == nullptr) {
-      *error = GRPC_ERROR_CREATE(GRPC_GOOGLE_CREDENTIAL_CREATION_ERROR);
-      *error = grpc_error_add_child(
-          *error, GRPC_ERROR_CREATE("Failed to get credentials from network"));
+      return_status = GRPC_ERROR_CREATE(GRPC_GOOGLE_CREDENTIAL_CREATION_ERROR);
+      return_status = grpc_error_add_child(
+          return_status,
+          GRPC_ERROR_CREATE("Failed to get credentials from network"));
+      return return_status;
     }
+    default_credentials_type =
+        DefaultCallCredentialsCreationMethod::kFromDefaultGCE;
   }
 
-  return call_creds;
+  return std::pair(call_creds, default_credentials_type);
 }
 
+}  // namespace
+
 grpc_channel_credentials* grpc_google_default_credentials_create(
     grpc_call_credentials* call_creds_for_tls,
-    grpc_call_credentials* call_creds_for_alts) {
+    grpc_google_default_credentials_options* options) {
+  DefaultCallCredentialsCreationMethod default_credentials_type =
+      DefaultCallCredentialsCreationMethod::kNone;
   grpc_channel_credentials* result = nullptr;
   grpc_core::RefCountedPtr<grpc_call_credentials> call_creds(
       call_creds_for_tls);
@@ -445,33 +474,54 @@ grpc_channel_credentials* grpc_google_default_credentials_create(
       << "grpc_google_default_credentials_create(" << call_creds_for_tls << ")";
 
   if (call_creds == nullptr) {
-    call_creds = make_default_call_creds(&error);
+    auto create_default_creds_status = CreateGoogleDefaultCallCredentials();
+
+    if (!create_default_creds_status.ok()) {
+      LOG(ERROR) << "Could not create google default credentials: "
+                 << grpc_core::StatusToString(
+                        create_default_creds_status.status());
+    } else {
+      call_creds = create_default_creds_status->first;
+      default_credentials_type = create_default_creds_status->second;
+    }
   }
 
   if (call_creds != nullptr) {
     // Create google default credentials.
     grpc_channel_credentials* ssl_creds =
         grpc_ssl_credentials_create(nullptr, nullptr, nullptr, nullptr);
-    CHECK_NE(ssl_creds, nullptr);
-    grpc_alts_credentials_options* options =
+    GRPC_CHECK_NE(ssl_creds, nullptr);
+    grpc_alts_credentials_options* credentials_options =
         grpc_alts_credentials_client_options_create();
     grpc_channel_credentials* alts_creds =
-        grpc_alts_credentials_create(options);
-    grpc_alts_credentials_options_destroy(options);
+        grpc_alts_credentials_create(credentials_options);
+    grpc_alts_credentials_options_destroy(credentials_options);
     auto creds =
         grpc_core::MakeRefCounted<grpc_google_default_channel_credentials>(
             grpc_core::RefCountedPtr<grpc_channel_credentials>(alts_creds),
             grpc_core::RefCountedPtr<grpc_channel_credentials>(ssl_creds));
-    if (call_creds_for_alts != nullptr) {
-      grpc_core::RefCountedPtr<grpc_call_credentials> alts_call_creds(
-          call_creds_for_alts);
-      call_creds =
-          grpc_core::MakeRefCounted<GoogleDefaultCallCredentialsWrapper>(
-              std::move(call_creds), std::move(alts_call_creds));
+    if (options != nullptr) {
+      if (options->create_hard_bound_credentials &&
+          default_credentials_type ==
+              DefaultCallCredentialsCreationMethod::kFromDefaultGCE) {
+        grpc_google_compute_engine_credentials_options alts_options = {};
+        alts_options.alts_hard_bound = true;
+        grpc_core::RefCountedPtr<grpc_call_credentials> alts_call_creds(
+            grpc_google_compute_engine_credentials_create(&alts_options));
+        call_creds =
+            grpc_core::MakeRefCounted<GoogleDefaultCallCredentialsWrapper>(
+                std::move(call_creds), std::move(alts_call_creds));
+      } else if (options->call_creds_for_alts != nullptr) {
+        grpc_core::RefCountedPtr<grpc_call_credentials> alts_call_creds(
+            options->call_creds_for_alts);
+        call_creds =
+            grpc_core::MakeRefCounted<GoogleDefaultCallCredentialsWrapper>(
+                std::move(call_creds), std::move(alts_call_creds));
+      }
     }
     result = grpc_composite_channel_credentials_create(
         creds.get(), call_creds.get(), nullptr);
-    CHECK_NE(result, nullptr);
+    GRPC_CHECK_NE(result, nullptr);
   } else {
     LOG(ERROR) << "Could not create google default credentials: "
                << grpc_core::StatusToString(error);

data/src/core/credentials/transport/insecure/insecure_security_connector.cc

@@ -22,7 +22,6 @@
 #include <grpc/support/port_platform.h>
 #include <string.h>
 
-#include "absl/log/check.h"
 #include "src/core/handshaker/security/security_handshaker.h"
 #include "src/core/lib/channel/channel_args.h"
 #include "src/core/lib/iomgr/exec_ctx.h"
@@ -30,6 +29,7 @@
 #include "src/core/transport/auth_context.h"
 #include "src/core/tsi/local_transport_security.h"
 #include "src/core/util/debug_location.h"
+#include "src/core/util/grpc_check.h"
 #include "src/core/util/ref_counted_ptr.h"
 
 namespace grpc_core {
@@ -69,7 +69,7 @@ void InsecureChannelSecurityConnector::add_handshakers(
     HandshakeManager* handshake_manager) {
   tsi_handshaker* handshaker = nullptr;
   // Re-use local_tsi_handshaker_create as a minimalist handshaker.
-  CHECK(tsi_local_handshaker_create(&handshaker) == TSI_OK);
+  GRPC_CHECK(tsi_local_handshaker_create(&handshaker) == TSI_OK);
   handshake_manager->Add(SecurityHandshakerCreate(handshaker, this, args));
 }
 
@@ -96,7 +96,7 @@ void InsecureServerSecurityConnector::add_handshakers(
     HandshakeManager* handshake_manager) {
   tsi_handshaker* handshaker = nullptr;
   // Re-use local_tsi_handshaker_create as a minimalist handshaker.
-  CHECK(tsi_local_handshaker_create(&handshaker) == TSI_OK);
+  GRPC_CHECK(tsi_local_handshaker_create(&handshaker) == TSI_OK);
   handshake_manager->Add(SecurityHandshakerCreate(handshaker, this, args));
 }
 

data/src/core/credentials/transport/local/local_security_connector.cc

@@ -29,7 +29,6 @@
 #include <string>
 #include <utility>
 
-#include "absl/log/check.h"
 #include "absl/log/log.h"
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
@@ -60,6 +59,7 @@
 #include "src/core/tsi/transport_security.h"
 #include "src/core/tsi/transport_security_interface.h"
 #include "src/core/util/debug_location.h"
+#include "src/core/util/grpc_check.h"
 #include "src/core/util/ref_counted_ptr.h"
 #include "src/core/util/uri.h"
 
@@ -77,12 +77,12 @@ grpc_core::RefCountedPtr<grpc_auth_context> local_auth_context_create(
   grpc_auth_context_add_cstring_property(
       ctx.get(), GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
       GRPC_LOCAL_TRANSPORT_SECURITY_TYPE);
-  CHECK(grpc_auth_context_set_peer_identity_property_name(
-            ctx.get(), GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME) == 1);
-  CHECK_EQ(peer->property_count, 1u);
+  GRPC_CHECK(grpc_auth_context_set_peer_identity_property_name(
+                 ctx.get(), GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME) == 1);
+  GRPC_CHECK_EQ(peer->property_count, 1u);
   const tsi_peer_property* prop = &peer->properties[0];
-  CHECK_NE(prop, nullptr);
-  CHECK_EQ(strcmp(prop->name, TSI_SECURITY_LEVEL_PEER_PROPERTY), 0);
+  GRPC_CHECK_NE(prop, nullptr);
+  GRPC_CHECK_EQ(strcmp(prop->name, TSI_SECURITY_LEVEL_PEER_PROPERTY), 0);
   grpc_auth_context_add_property(ctx.get(),
                                  GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME,
                                  prop->value.data, prop->value.length);
@@ -186,7 +186,7 @@ class grpc_local_channel_security_connector final
       grpc_pollset_set* /*interested_parties*/,
       grpc_core::HandshakeManager* handshake_manager) override {
     tsi_handshaker* handshaker = nullptr;
-    CHECK(tsi_local_handshaker_create(&handshaker) == TSI_OK);
+    GRPC_CHECK(tsi_local_handshaker_create(&handshaker) == TSI_OK);
     handshake_manager->Add(
         grpc_core::SecurityHandshakerCreate(handshaker, this, args));
   }
@@ -241,7 +241,7 @@ class grpc_local_server_security_connector final
       grpc_pollset_set* /*interested_parties*/,
       grpc_core::HandshakeManager* handshake_manager) override {
     tsi_handshaker* handshaker = nullptr;
-    CHECK(tsi_local_handshaker_create(&handshaker) == TSI_OK);
+    GRPC_CHECK(tsi_local_handshaker_create(&handshaker) == TSI_OK);
     handshake_manager->Add(
         grpc_core::SecurityHandshakerCreate(handshaker, this, args));
   }

data/src/core/credentials/transport/security_connector.cc

@@ -23,11 +23,11 @@
 
 #include <utility>
 
-#include "absl/log/check.h"
 #include "absl/log/log.h"
 #include "src/core/credentials/transport/transport_credentials.h"
 #include "src/core/lib/channel/channel_args.h"
 #include "src/core/util/debug_location.h"
+#include "src/core/util/grpc_check.h"
 #include "src/core/util/useful.h"
 
 grpc_channel_security_connector::grpc_channel_security_connector(
@@ -42,8 +42,8 @@ int grpc_channel_security_connector::channel_security_connector_cmp(
     const grpc_channel_security_connector* other) const {
   const grpc_channel_security_connector* other_sc =
       static_cast<const grpc_channel_security_connector*>(other);
-  CHECK_NE(channel_creds(), nullptr);
-  CHECK_NE(other_sc->channel_creds(), nullptr);
+  GRPC_CHECK_NE(channel_creds(), nullptr);
+  GRPC_CHECK_NE(other_sc->channel_creds(), nullptr);
   int c = channel_creds()->cmp(other_sc->channel_creds());
   if (c != 0) return c;
   return grpc_core::QsortCompare(request_metadata_creds(),
@@ -64,8 +64,8 @@ int grpc_server_security_connector::server_security_connector_cmp(
     const grpc_server_security_connector* other) const {
   const grpc_server_security_connector* other_sc =
       static_cast<const grpc_server_security_connector*>(other);
-  CHECK_NE(server_creds(), nullptr);
-  CHECK_NE(other_sc->server_creds(), nullptr);
+  GRPC_CHECK_NE(server_creds(), nullptr);
+  GRPC_CHECK_NE(other_sc->server_creds(), nullptr);
   return grpc_core::QsortCompare(server_creds(), other_sc->server_creds());
 }
 

data/src/core/credentials/transport/ssl/ssl_credentials.cc

@@ -28,7 +28,6 @@
 #include <string>
 #include <utility>
 
-#include "absl/log/check.h"
 #include "absl/log/log.h"
 #include "src/core/credentials/transport/tls/ssl_utils.h"
 #include "src/core/lib/channel/channel_args.h"
@@ -36,6 +35,7 @@
 #include "src/core/tsi/ssl/session_cache/ssl_session_cache.h"
 #include "src/core/tsi/ssl_transport_security.h"
 #include "src/core/tsi/transport_security_interface.h"
+#include "src/core/util/grpc_check.h"
 
 //
 // SSL Channel Credentials.
@@ -143,8 +143,8 @@ void grpc_ssl_credentials::build_config(
     const grpc_ssl_verify_peer_options* verify_options) {
   config_.pem_root_certs = gpr_strdup(pem_root_certs);
   if (pem_key_cert_pair != nullptr) {
-    CHECK_NE(pem_key_cert_pair->private_key, nullptr);
-    CHECK_NE(pem_key_cert_pair->cert_chain, nullptr);
+    GRPC_CHECK_NE(pem_key_cert_pair->private_key, nullptr);
+    GRPC_CHECK_NE(pem_key_cert_pair->cert_chain, nullptr);
     config_.pem_key_cert_pair = static_cast<tsi_ssl_pem_key_cert_pair*>(
         gpr_zalloc(sizeof(tsi_ssl_pem_key_cert_pair)));
     config_.pem_key_cert_pair->cert_chain =
@@ -226,7 +226,7 @@ grpc_channel_credentials* grpc_ssl_credentials_create(
       << ", pem_key_cert_pair=" << pem_key_cert_pair
       << ", verify_options=" << verify_options << ", reserved=" << reserved
       << ")";
-  CHECK_EQ(reserved, nullptr);
+  GRPC_CHECK_EQ(reserved, nullptr);
 
   return new grpc_ssl_credentials(
       pem_root_certs, pem_key_cert_pair,
@@ -241,7 +241,7 @@ grpc_channel_credentials* grpc_ssl_credentials_create_ex(
       << ", pem_key_cert_pair=" << pem_key_cert_pair
       << ", verify_options=" << verify_options << ", reserved=" << reserved
       << ")";
-  CHECK_EQ(reserved, nullptr);
+  GRPC_CHECK_EQ(reserved, nullptr);
 
   return new grpc_ssl_credentials(pem_root_certs, pem_key_cert_pair,
                                   verify_options);
@@ -291,13 +291,13 @@ tsi_ssl_pem_key_cert_pair* grpc_convert_grpc_to_tsi_cert_pairs(
     size_t num_key_cert_pairs) {
   tsi_ssl_pem_key_cert_pair* tsi_pairs = nullptr;
   if (num_key_cert_pairs > 0) {
-    CHECK_NE(pem_key_cert_pairs, nullptr);
+    GRPC_CHECK_NE(pem_key_cert_pairs, nullptr);
     tsi_pairs = static_cast<tsi_ssl_pem_key_cert_pair*>(
         gpr_zalloc(num_key_cert_pairs * sizeof(tsi_ssl_pem_key_cert_pair)));
   }
   for (size_t i = 0; i < num_key_cert_pairs; i++) {
-    CHECK_NE(pem_key_cert_pairs[i].private_key, nullptr);
-    CHECK_NE(pem_key_cert_pairs[i].cert_chain, nullptr);
+    GRPC_CHECK_NE(pem_key_cert_pairs[i].private_key, nullptr);
+    GRPC_CHECK_NE(pem_key_cert_pairs[i].cert_chain, nullptr);
     tsi_pairs[i].cert_chain = gpr_strdup(pem_key_cert_pairs[i].cert_chain);
     tsi_pairs[i].private_key = gpr_strdup(pem_key_cert_pairs[i].private_key);
   }
@@ -334,14 +334,14 @@ grpc_ssl_server_certificate_config* grpc_ssl_server_certificate_config_create(
           gpr_zalloc(sizeof(grpc_ssl_server_certificate_config)));
   config->pem_root_certs = gpr_strdup(pem_root_certs);
   if (num_key_cert_pairs > 0) {
-    CHECK_NE(pem_key_cert_pairs, nullptr);
+    GRPC_CHECK_NE(pem_key_cert_pairs, nullptr);
     config->pem_key_cert_pairs = static_cast<grpc_ssl_pem_key_cert_pair*>(
         gpr_zalloc(num_key_cert_pairs * sizeof(grpc_ssl_pem_key_cert_pair)));
   }
   config->num_key_cert_pairs = num_key_cert_pairs;
   for (size_t i = 0; i < num_key_cert_pairs; i++) {
-    CHECK_NE(pem_key_cert_pairs[i].private_key, nullptr);
-    CHECK_NE(pem_key_cert_pairs[i].cert_chain, nullptr);
+    GRPC_CHECK_NE(pem_key_cert_pairs[i].private_key, nullptr);
+    GRPC_CHECK_NE(pem_key_cert_pairs[i].cert_chain, nullptr);
     config->pem_key_cert_pairs[i].cert_chain =
         gpr_strdup(pem_key_cert_pairs[i].cert_chain);
     config->pem_key_cert_pairs[i].private_key =
@@ -425,7 +425,7 @@ grpc_server_credentials* grpc_ssl_server_credentials_create_ex(
       << ", num_key_cert_pairs=" << (unsigned long)num_key_cert_pairs
       << ", client_certificate_request=" << client_certificate_request
       << ", reserved=" << reserved << ")";
-  CHECK_EQ(reserved, nullptr);
+  GRPC_CHECK_EQ(reserved, nullptr);
 
   grpc_ssl_server_certificate_config* cert_config =
       grpc_ssl_server_certificate_config_create(

data/src/core/credentials/transport/ssl/ssl_credentials.h

@@ -25,12 +25,12 @@
 #include <grpc/support/port_platform.h>
 #include <stddef.h>
 
-#include "absl/log/check.h"
 #include "src/core/credentials/transport/security_connector.h"
 #include "src/core/credentials/transport/ssl/ssl_security_connector.h"
 #include "src/core/credentials/transport/transport_credentials.h"
 #include "src/core/lib/channel/channel_args.h"
 #include "src/core/tsi/ssl_transport_security.h"
+#include "src/core/util/grpc_check.h"
 #include "src/core/util/ref_counted_ptr.h"
 #include "src/core/util/unique_type_name.h"
 #include "src/core/util/useful.h"
@@ -115,7 +115,7 @@ class grpc_ssl_server_credentials final : public grpc_server_credentials {
 
   grpc_ssl_certificate_config_reload_status FetchCertConfig(
       grpc_ssl_server_certificate_config** config) {
-    DCHECK(has_cert_config_fetcher());
+    GRPC_DCHECK(has_cert_config_fetcher());
     return certificate_config_fetcher_.cb(certificate_config_fetcher_.user_data,
                                           config);
   }

data/src/core/credentials/transport/ssl/ssl_security_connector.cc

@@ -26,7 +26,6 @@
 #include <string>
 #include <utility>
 
-#include "absl/log/check.h"
 #include "absl/log/log.h"
 #include "absl/status/status.h"
 #include "absl/strings/str_cat.h"
@@ -50,6 +49,7 @@
 #include "src/core/tsi/transport_security.h"
 #include "src/core/tsi/transport_security_interface.h"
 #include "src/core/util/debug_location.h"
+#include "src/core/util/grpc_check.h"
 #include "src/core/util/host_port.h"
 #include "src/core/util/ref_counted_ptr.h"
 #include "src/core/util/sync.h"
@@ -357,7 +357,7 @@ class grpc_ssl_server_security_connector
     tsi_ssl_server_handshaker_factory* new_handshaker_factory = nullptr;
     const grpc_ssl_server_credentials* server_creds =
         static_cast<const grpc_ssl_server_credentials*>(this->server_creds());
-    DCHECK_NE(config->pem_root_certs, nullptr);
+    GRPC_DCHECK_NE(config->pem_root_certs, nullptr);
     tsi_ssl_server_handshaker_options options;
     options.pem_key_cert_pairs = grpc_convert_grpc_to_tsi_cert_pairs(
         config->pem_key_cert_pairs, config->num_key_cert_pairs);
@@ -425,7 +425,7 @@ grpc_core::RefCountedPtr<grpc_server_security_connector>
 grpc_ssl_server_security_connector_create(
     grpc_core::RefCountedPtr<grpc_server_credentials> server_credentials,
     const grpc_core::ChannelArgs& args) {
-  CHECK(server_credentials != nullptr);
+  GRPC_CHECK(server_credentials != nullptr);
   grpc_core::RefCountedPtr<grpc_ssl_server_security_connector> c =
       grpc_core::MakeRefCounted<grpc_ssl_server_security_connector>(
           std::move(server_credentials));

data/src/core/credentials/transport/tls/certificate_provider_registry.cc

@@ -23,8 +23,8 @@
 #include <string>
 #include <utility>
 
-#include "absl/log/check.h"
 #include "absl/log/log.h"
+#include "src/core/util/grpc_check.h"
 
 namespace grpc_core {
 
@@ -32,7 +32,7 @@ void CertificateProviderRegistry::Builder::RegisterCertificateProviderFactory(
     std::unique_ptr<CertificateProviderFactory> factory) {
   absl::string_view name = factory->name();
   VLOG(2) << "registering certificate provider factory for \"" << name << "\"";
-  CHECK(factories_.emplace(name, std::move(factory)).second);
+  GRPC_CHECK(factories_.emplace(name, std::move(factory)).second);
 }
 
 CertificateProviderRegistry CertificateProviderRegistry::Builder::Build() {

data/src/core/credentials/transport/tls/grpc_tls_certificate_distributor.cc

@@ -20,10 +20,10 @@
 #include <grpc/grpc_security.h>
 #include <grpc/support/port_platform.h>
 
-#include "absl/log/check.h"
 #include "absl/status/status.h"
 #include "src/core/credentials/transport/tls/spiffe_utils.h"
 #include "src/core/tsi/ssl_transport_security.h"
+#include "src/core/util/grpc_check.h"
 
 bool grpc_tls_certificate_distributor::CertificateInfo::AreRootsEmpty() {
   return IsRootCertInfoEmpty(roots.get());
@@ -32,17 +32,17 @@ bool grpc_tls_certificate_distributor::CertificateInfo::AreRootsEmpty() {
 void grpc_tls_certificate_distributor::SetKeyMaterials(
     const std::string& cert_name, std::shared_ptr<RootCertInfo> roots,
     std::optional<grpc_core::PemKeyCertPairList> pem_key_cert_pairs) {
-  CHECK(roots != nullptr || pem_key_cert_pairs.has_value());
+  GRPC_CHECK(roots != nullptr || pem_key_cert_pairs.has_value());
   grpc_core::MutexLock lock(&mu_);
   auto& cert_info = certificate_info_map_[cert_name];
   if (roots != nullptr) {
     // Successful credential updates will clear any pre-existing error.
     cert_info.SetRootError(absl::OkStatus());
     for (auto* watcher_ptr : cert_info.root_cert_watchers) {
-      CHECK_NE(watcher_ptr, nullptr);
+      GRPC_CHECK_NE(watcher_ptr, nullptr);
       const auto watcher_it = watchers_.find(watcher_ptr);
-      CHECK(watcher_it != watchers_.end());
-      CHECK(watcher_it->second.root_cert_name.has_value());
+      GRPC_CHECK(watcher_it != watchers_.end());
+      GRPC_CHECK(watcher_it->second.root_cert_name.has_value());
       std::optional<grpc_core::PemKeyCertPairList> pem_key_cert_pairs_to_report;
       if (pem_key_cert_pairs.has_value() &&
           watcher_it->second.identity_cert_name == cert_name) {
@@ -63,10 +63,10 @@ void grpc_tls_certificate_distributor::SetKeyMaterials(
     // Successful credential updates will clear any pre-existing error.
     cert_info.SetIdentityError(absl::OkStatus());
     for (const auto watcher_ptr : cert_info.identity_cert_watchers) {
-      CHECK_NE(watcher_ptr, nullptr);
+      GRPC_CHECK_NE(watcher_ptr, nullptr);
       const auto watcher_it = watchers_.find(watcher_ptr);
-      CHECK(watcher_it != watchers_.end());
-      CHECK(watcher_it->second.identity_cert_name.has_value());
+      GRPC_CHECK(watcher_it != watchers_.end());
+      GRPC_CHECK(watcher_it->second.identity_cert_name.has_value());
       std::shared_ptr<RootCertInfo> roots_to_report;
       if (roots != nullptr && watcher_it->second.root_cert_name == cert_name) {
         // In this case, We've already sent the credential updates at the time
@@ -105,14 +105,14 @@ void grpc_tls_certificate_distributor::SetErrorForCert(
     const std::string& cert_name,
     std::optional<grpc_error_handle> root_cert_error,
     std::optional<grpc_error_handle> identity_cert_error) {
-  CHECK(root_cert_error.has_value() || identity_cert_error.has_value());
+  GRPC_CHECK(root_cert_error.has_value() || identity_cert_error.has_value());
   grpc_core::MutexLock lock(&mu_);
   CertificateInfo& cert_info = certificate_info_map_[cert_name];
   if (root_cert_error.has_value()) {
     for (auto* watcher_ptr : cert_info.root_cert_watchers) {
-      CHECK_NE(watcher_ptr, nullptr);
+      GRPC_CHECK_NE(watcher_ptr, nullptr);
       const auto watcher_it = watchers_.find(watcher_ptr);
-      CHECK(watcher_it != watchers_.end());
+      GRPC_CHECK(watcher_it != watchers_.end());
       // identity_cert_error_to_report is the error of the identity cert this
       // watcher is watching, if there is any.
       grpc_error_handle identity_cert_error_to_report;
@@ -130,9 +130,9 @@ void grpc_tls_certificate_distributor::SetErrorForCert(
   }
   if (identity_cert_error.has_value()) {
     for (auto* watcher_ptr : cert_info.identity_cert_watchers) {
-      CHECK_NE(watcher_ptr, nullptr);
+      GRPC_CHECK_NE(watcher_ptr, nullptr);
       const auto watcher_it = watchers_.find(watcher_ptr);
-      CHECK(watcher_it != watchers_.end());
+      GRPC_CHECK(watcher_it != watchers_.end());
       // root_error_to_report is the error of the roots this watcher
       // is watching, if there is any.
       grpc_error_handle root_error_to_report;
@@ -153,11 +153,11 @@ void grpc_tls_certificate_distributor::SetErrorForCert(
 };
 
 void grpc_tls_certificate_distributor::SetError(grpc_error_handle error) {
-  CHECK(!error.ok());
+  GRPC_CHECK(!error.ok());
   grpc_core::MutexLock lock(&mu_);
   for (const auto& watcher : watchers_) {
     const auto watcher_ptr = watcher.first;
-    CHECK_NE(watcher_ptr, nullptr);
+    GRPC_CHECK_NE(watcher_ptr, nullptr);
     const auto& watcher_info = watcher.second;
     watcher_ptr->OnError(
         watcher_info.root_cert_name.has_value() ? error : absl::OkStatus(),
@@ -178,16 +178,16 @@ void grpc_tls_certificate_distributor::WatchTlsCertificates(
   bool already_watching_identity_for_root_cert = false;
   bool start_watching_identity_cert = false;
   bool already_watching_root_for_identity_cert = false;
-  CHECK(root_cert_name.has_value() || identity_cert_name.has_value());
+  GRPC_CHECK(root_cert_name.has_value() || identity_cert_name.has_value());
   TlsCertificatesWatcherInterface* watcher_ptr = watcher.get();
-  CHECK_NE(watcher_ptr, nullptr);
+  GRPC_CHECK_NE(watcher_ptr, nullptr);
   // Update watchers_ and certificate_info_map_.
   {
     grpc_core::MutexLock lock(&mu_);
     const auto watcher_it = watchers_.find(watcher_ptr);
     // The caller needs to cancel the watcher first if it wants to re-register
     // the watcher.
-    CHECK(watcher_it == watchers_.end());
+    GRPC_CHECK(watcher_it == watchers_.end());
     watchers_[watcher_ptr] = {std::move(watcher), root_cert_name,
                               identity_cert_name};
     std::shared_ptr<RootCertInfo> updated_roots;
@@ -274,7 +274,7 @@ void grpc_tls_certificate_distributor::CancelTlsCertificatesWatch(
     watchers_.erase(it);
     if (root_cert_name.has_value()) {
       auto it = certificate_info_map_.find(*root_cert_name);
-      CHECK(it != certificate_info_map_.end());
+      GRPC_CHECK(it != certificate_info_map_.end());
       CertificateInfo& cert_info = it->second;
       cert_info.root_cert_watchers.erase(watcher);
       stop_watching_root_cert = cert_info.root_cert_watchers.empty();
@@ -286,7 +286,7 @@ void grpc_tls_certificate_distributor::CancelTlsCertificatesWatch(
     }
     if (identity_cert_name.has_value()) {
       auto it = certificate_info_map_.find(*identity_cert_name);
-      CHECK(it != certificate_info_map_.end());
+      GRPC_CHECK(it != certificate_info_map_.end());
       CertificateInfo& cert_info = it->second;
       cert_info.identity_cert_watchers.erase(watcher);
       stop_watching_identity_cert = cert_info.identity_cert_watchers.empty();
@@ -330,13 +330,13 @@ grpc_tls_identity_pairs* grpc_tls_identity_pairs_create() {
 void grpc_tls_identity_pairs_add_pair(grpc_tls_identity_pairs* pairs,
                                       const char* private_key,
                                       const char* cert_chain) {
-  CHECK_NE(pairs, nullptr);
-  CHECK_NE(private_key, nullptr);
-  CHECK_NE(cert_chain, nullptr);
+  GRPC_CHECK_NE(pairs, nullptr);
+  GRPC_CHECK_NE(private_key, nullptr);
+  GRPC_CHECK_NE(cert_chain, nullptr);
   pairs->pem_key_cert_pairs.emplace_back(private_key, cert_chain);
 }
 
 void grpc_tls_identity_pairs_destroy(grpc_tls_identity_pairs* pairs) {
-  CHECK_NE(pairs, nullptr);
+  GRPC_CHECK_NE(pairs, nullptr);
   delete pairs;
 }

data/src/core/credentials/transport/tls/grpc_tls_certificate_provider.cc

@@ -27,7 +27,6 @@
 #include <utility>
 #include <vector>
 
-#include "absl/log/check.h"
 #include "absl/log/log.h"
 #include "absl/status/status.h"
 #include "absl/strings/string_view.h"
@@ -39,6 +38,7 @@
 #include "src/core/lib/slice/slice.h"
 #include "src/core/lib/slice/slice_internal.h"
 #include "src/core/tsi/ssl_transport_security_utils.h"
+#include "src/core/util/grpc_check.h"
 #include "src/core/util/load_file.h"
 #include "src/core/util/match.h"
 #include "src/core/util/stat.h"
@@ -216,17 +216,17 @@ FileWatcherCertificateProvider::FileWatcherCertificateProvider(
     refresh_interval_sec_ = kMinimumFileWatcherRefreshIntervalSeconds;
   }
   // Private key and identity cert files must be both set or both unset.
-  CHECK(private_key_path_.empty() == identity_certificate_path_.empty());
+  GRPC_CHECK(private_key_path_.empty() == identity_certificate_path_.empty());
   // Must be watching either root or identity certs.
   bool watching_root =
       !root_cert_path_.empty() || !spiffe_bundle_map_path_.empty();
-  CHECK(!private_key_path_.empty() || watching_root);
+  GRPC_CHECK(!private_key_path_.empty() || watching_root);
   gpr_event_init(&shutdown_event_);
   ForceUpdate();
   auto thread_lambda = [](void* arg) {
     FileWatcherCertificateProvider* provider =
         static_cast<FileWatcherCertificateProvider*>(arg);
-    CHECK_NE(provider, nullptr);
+    GRPC_CHECK_NE(provider, nullptr);
     while (true) {
       void* value = gpr_event_wait(
           &provider->shutdown_event_,
@@ -494,7 +494,7 @@ int64_t FileWatcherCertificateProvider::TestOnlyGetRefreshIntervalSecond()
 
 grpc_tls_certificate_provider* grpc_tls_certificate_provider_static_data_create(
     const char* root_certificate, grpc_tls_identity_pairs* pem_key_cert_pairs) {
-  CHECK(root_certificate != nullptr || pem_key_cert_pairs != nullptr);
+  GRPC_CHECK(root_certificate != nullptr || pem_key_cert_pairs != nullptr);
   grpc_core::ExecCtx exec_ctx;
   grpc_core::PemKeyCertPairList identity_pairs_core;
   if (pem_key_cert_pairs != nullptr) {