RubyGems - grpc - Versions diffs - 1.75.0 → 1.78.1 - Mend

grpc 1.75.0 → 1.78.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (839) hide show

data/src/core/credentials/call/oauth2/oauth2_credentials.cc CHANGED Viewed

@@ -35,16 +35,9 @@
 #include <memory>
 #include <vector>
-#include "absl/log/check.h"
-#include "absl/log/log.h"
-#include "absl/status/status.h"
-#include "absl/strings/numbers.h"
-#include "absl/strings/str_cat.h"
-#include "absl/strings/str_format.h"
-#include "absl/strings/str_join.h"
-#include "absl/strings/string_view.h"
 #include "src/core/call/metadata_batch.h"
 #include "src/core/credentials/call/json_util.h"
+#include "src/core/credentials/call/token_fetcher/token_fetcher_credentials.h"
 #include "src/core/credentials/transport/transport_credentials.h"
 #include "src/core/lib/debug/trace.h"
 #include "src/core/lib/iomgr/error.h"
@@ -53,6 +46,7 @@
 #include "src/core/lib/promise/poll.h"
 #include "src/core/lib/promise/promise.h"
 #include "src/core/lib/transport/error_utils.h"
+#include "src/core/util/grpc_check.h"
 #include "src/core/util/http_client/httpcli_ssl_credentials.h"
 #include "src/core/util/json/json.h"
 #include "src/core/util/json/json_reader.h"
@@ -61,6 +55,13 @@
 #include "src/core/util/ref_counted_ptr.h"
 #include "src/core/util/status_helper.h"
 #include "src/core/util/uri.h"
+#include "absl/log/log.h"
+#include "absl/status/status.h"
+#include "absl/strings/numbers.h"
+#include "absl/strings/str_cat.h"
+#include "absl/strings/str_format.h"
+#include "absl/strings/str_join.h"
+#include "absl/strings/string_view.h"
 using grpc_core::Json;
@@ -211,58 +212,6 @@ grpc_oauth2_token_fetcher_credentials_parse_server_response(
 namespace grpc_core {
-// State held for a pending HTTP request.
-class Oauth2TokenFetcherCredentials::HttpFetchRequest final
-    : public TokenFetcherCredentials::FetchRequest {
- public:
-  HttpFetchRequest(
-      Oauth2TokenFetcherCredentials* creds, Timestamp deadline,
-      absl::AnyInvocable<
-          void(absl::StatusOr<RefCountedPtr<TokenFetcherCredentials::Token>>)>
-          on_done)
-      : on_done_(std::move(on_done)) {
-    GRPC_CLOSURE_INIT(&on_http_response_, OnHttpResponse, this, nullptr);
-    Ref().release();  // Ref held by HTTP request callback.
-    http_request_ = creds->StartHttpRequest(creds->pollent(), deadline,
-                                            &response_, &on_http_response_);
-  }
-  ~HttpFetchRequest() override { grpc_http_response_destroy(&response_); }
-  void Orphan() override {
-    http_request_.reset();
-    Unref();
-  }
- private:
-  static void OnHttpResponse(void* arg, grpc_error_handle error) {
-    RefCountedPtr<HttpFetchRequest> self(static_cast<HttpFetchRequest*>(arg));
-    if (!error.ok()) {
-      self->on_done_(std::move(error));
-      return;
-    }
-    // Parse oauth2 token.
-    std::optional<Slice> access_token_value;
-    Duration token_lifetime;
-    grpc_credentials_status status =
-        grpc_oauth2_token_fetcher_credentials_parse_server_response(
-            &self->response_, &access_token_value, &token_lifetime);
-    if (status != GRPC_CREDENTIALS_OK) {
-      self->on_done_(absl::UnavailableError("error parsing oauth2 token"));
-      return;
-    }
-    self->on_done_(MakeRefCounted<Token>(std::move(*access_token_value),
-                                         Timestamp::Now() + token_lifetime));
-  }
-  OrphanablePtr<HttpRequest> http_request_;
-  grpc_closure on_http_response_;
-  grpc_http_response response_;
-  absl::AnyInvocable<void(
-      absl::StatusOr<RefCountedPtr<TokenFetcherCredentials::Token>>)>
-      on_done_;
-};
 std::string Oauth2TokenFetcherCredentials::debug_string() {
   return "OAuth2TokenFetcherCredentials";
 }
@@ -278,7 +227,27 @@ Oauth2TokenFetcherCredentials::FetchToken(
     absl::AnyInvocable<
         void(absl::StatusOr<RefCountedPtr<TokenFetcherCredentials::Token>>)>
         on_done) {
-  return MakeOrphanable<HttpFetchRequest>(this, deadline, std::move(on_done));
+  return MakeOrphanable<HttpTokenFetcherCredentials::HttpFetchRequest>(
+      this, deadline,
+      [on_done = std::move(on_done)](
+          absl::StatusOr<grpc_http_response> response) mutable {
+        if (!response.ok()) {
+          on_done(response.status());
+          return;
+        }
+        // Parse oauth2 token.
+        std::optional<Slice> access_token_value;
+        Duration token_lifetime;
+        grpc_credentials_status status =
+            grpc_oauth2_token_fetcher_credentials_parse_server_response(
+                &(*response), &access_token_value, &token_lifetime);
+        if (status != GRPC_CREDENTIALS_OK) {
+          on_done(absl::UnavailableError("error parsing oauth2 token"));
+          return;
+        }
+        on_done(MakeRefCounted<Token>(std::move(*access_token_value),
+                                      Timestamp::Now() + token_lifetime));
+      });
 }
 }  // namespace grpc_core
@@ -293,6 +262,9 @@ class grpc_compute_engine_token_fetcher_credentials
     : public grpc_core::Oauth2TokenFetcherCredentials {
  public:
   grpc_compute_engine_token_fetcher_credentials() = default;
+  explicit grpc_compute_engine_token_fetcher_credentials(
+      std::vector<grpc_core::URI::QueryParam> query_params)
+      : query_params_(std::move(query_params)) {}
   ~grpc_compute_engine_token_fetcher_credentials() override = default;
   std::string debug_string() override {
@@ -317,8 +289,8 @@ class grpc_compute_engine_token_fetcher_credentials
     auto uri = grpc_core::URI::Create("http", /*user_info=*/"",
                                       GRPC_COMPUTE_ENGINE_METADATA_HOST,
                                       GRPC_COMPUTE_ENGINE_METADATA_TOKEN_PATH,
-                                      {} /* query params */, "" /* fragment */);
-    CHECK(uri.ok());  // params are hardcoded
+                                      query_params_, "" /* fragment */);
+    GRPC_CHECK(uri.ok());  // params are hardcoded
     auto http_request = grpc_core::HttpRequest::Get(
         std::move(*uri), /*args=*/nullptr, pollent, &request, deadline,
         on_complete, response,
@@ -327,17 +299,22 @@ class grpc_compute_engine_token_fetcher_credentials
     http_request->Start();
     return http_request;
   }
-};
+  std::vector<grpc_core::URI::QueryParam> query_params_;
+};
 }  // namespace
 grpc_call_credentials* grpc_google_compute_engine_credentials_create(
-    void* reserved) {
+    grpc_google_compute_engine_credentials_options* options) {
   GRPC_TRACE_LOG(api, INFO)
-      << "grpc_compute_engine_credentials_create(reserved=" << reserved << ")";
-  CHECK_EQ(reserved, nullptr);
+      << "grpc_compute_engine_credentials_create(options=" << options << ")";
+  std::vector<grpc_core::URI::QueryParam> query_params;
+  if (options != nullptr && options->alts_hard_bound) {
+    query_params.push_back({"transport", "alts"});
+  }
   return grpc_core::MakeRefCounted<
-             grpc_compute_engine_token_fetcher_credentials>()
+             grpc_compute_engine_token_fetcher_credentials>(
+             std::move(query_params))
       .release();
 }
@@ -377,7 +354,7 @@ grpc_google_refresh_token_credentials::StartHttpRequest(
                                     GRPC_GOOGLE_OAUTH2_SERVICE_HOST,
                                     GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH,
                                     {} /* query params */, "" /* fragment */);
-  CHECK(uri.ok());  // params are hardcoded
+  GRPC_CHECK(uri.ok());  // params are hardcoded
   auto http_request = grpc_core::HttpRequest::Post(
       std::move(*uri), /*args=*/nullptr, pollent, &request, deadline,
       on_complete, response, grpc_core::CreateHttpRequestSSLCredentials());
@@ -426,7 +403,7 @@ grpc_call_credentials* grpc_google_refresh_token_credentials_create(
       << "grpc_refresh_token_credentials_create(json_refresh_token="
       << create_loggable_refresh_token(&token) << ", reserved=" << reserved
       << ")";
-  CHECK_EQ(reserved, nullptr);
+  GRPC_CHECK_EQ(reserved, nullptr);
   return grpc_refresh_token_credentials_create_from_auth_refresh_token(token)
       .release();
 }
@@ -604,7 +581,7 @@ absl::StatusOr<URI> ValidateStsCredentialsOptions(
 grpc_call_credentials* grpc_sts_credentials_create(
     const grpc_sts_credentials_options* options, void* reserved) {
-  CHECK_EQ(reserved, nullptr);
+  GRPC_CHECK_EQ(reserved, nullptr);
   absl::StatusOr<grpc_core::URI> sts_url =
       grpc_core::ValidateStsCredentialsOptions(options);
   if (!sts_url.ok()) {
@@ -650,7 +627,7 @@ grpc_call_credentials* grpc_access_token_credentials_create(
   GRPC_TRACE_LOG(api, INFO) << "grpc_access_token_credentials_create(access_"
                                "token=<redacted>, reserved="
                             << reserved << ")";
-  CHECK_EQ(reserved, nullptr);
+  GRPC_CHECK_EQ(reserved, nullptr);
   return grpc_core::MakeRefCounted<grpc_access_token_credentials>(access_token)
       .release();
 }

data/src/core/credentials/call/oauth2/oauth2_credentials.h CHANGED Viewed

@@ -30,8 +30,6 @@
 #include <string>
 #include <utility>
-#include "absl/status/statusor.h"
-#include "absl/strings/string_view.h"
 #include "src/core/credentials/call/call_credentials.h"
 #include "src/core/credentials/call/token_fetcher/token_fetcher_credentials.h"
 #include "src/core/lib/iomgr/closure.h"
@@ -51,6 +49,8 @@
 #include "src/core/util/unique_type_name.h"
 #include "src/core/util/uri.h"
 #include "src/core/util/useful.h"
+#include "absl/status/statusor.h"
+#include "absl/strings/string_view.h"
 // Constants.
 #define GRPC_STS_POST_MINIMAL_BODY_FORMAT_STRING                               \
@@ -90,7 +90,7 @@ namespace grpc_core {
 // A base class for oauth2 token fetching credentials.
 // Subclasses must implement StartHttpRequest().
-class Oauth2TokenFetcherCredentials : public TokenFetcherCredentials {
+class Oauth2TokenFetcherCredentials : public HttpTokenFetcherCredentials {
  public:
   std::string debug_string() override;
@@ -102,13 +102,7 @@ class Oauth2TokenFetcherCredentials : public TokenFetcherCredentials {
           void(absl::StatusOr<RefCountedPtr<TokenFetcherCredentials::Token>>)>
           on_done) final;
-  virtual OrphanablePtr<HttpRequest> StartHttpRequest(
-      grpc_polling_entity* pollent, Timestamp deadline,
-      grpc_http_response* response, grpc_closure* on_complete) = 0;
  private:
-  class HttpFetchRequest;
   int cmp_impl(const grpc_call_credentials* other) const override {
     // TODO(yashykt): Check if we can do something better here
     return QsortCompare(static_cast<const grpc_call_credentials*>(this), other);

data/src/core/credentials/call/plugin/plugin_credentials.cc CHANGED Viewed

@@ -24,11 +24,6 @@
 #include <atomic>
 #include <memory>
-#include "absl/log/check.h"
-#include "absl/log/log.h"
-#include "absl/status/status.h"
-#include "absl/strings/str_cat.h"
-#include "absl/strings/string_view.h"
 #include "src/core/call/metadata_batch.h"
 #include "src/core/lib/iomgr/error.h"
 #include "src/core/lib/iomgr/exec_ctx.h"
@@ -36,6 +31,11 @@
 #include "src/core/lib/slice/slice.h"
 #include "src/core/lib/slice/slice_internal.h"
 #include "src/core/lib/surface/validate_metadata.h"
+#include "src/core/util/grpc_check.h"
+#include "absl/log/log.h"
+#include "absl/status/status.h"
+#include "absl/strings/str_cat.h"
+#include "absl/strings/string_view.h"
 grpc_plugin_credentials::~grpc_plugin_credentials() {
   if (plugin_.state != nullptr && plugin_.destroy != nullptr) {
@@ -196,6 +196,6 @@ grpc_call_credentials* grpc_metadata_credentials_create_from_plugin(
   GRPC_TRACE_LOG(api, INFO)
       << "grpc_metadata_credentials_create_from_plugin(reserved=" << reserved
       << ")";
-  CHECK_EQ(reserved, nullptr);
+  GRPC_CHECK_EQ(reserved, nullptr);
   return new grpc_plugin_credentials(plugin, min_security_level);
 }

data/src/core/credentials/call/plugin/plugin_credentials.h CHANGED Viewed

@@ -31,8 +31,6 @@
 #include <string>
 #include <utility>
-#include "absl/container/inlined_vector.h"
-#include "absl/status/statusor.h"
 #include "src/core/credentials/call/call_credentials.h"
 #include "src/core/credentials/call/call_creds_util.h"
 #include "src/core/lib/debug/trace.h"
@@ -45,6 +43,8 @@
 #include "src/core/util/ref_counted_ptr.h"
 #include "src/core/util/unique_type_name.h"
 #include "src/core/util/useful.h"
+#include "absl/container/inlined_vector.h"
+#include "absl/status/statusor.h"
 // This type is forward declared as a C struct and we cannot define it as a
 // class. Otherwise, compiler will complain about type mismatch due to

data/src/core/credentials/call/token_fetcher/token_fetcher_credentials.cc CHANGED Viewed

@@ -24,6 +24,7 @@
 #include "src/core/lib/promise/context.h"
 #include "src/core/lib/promise/poll.h"
 #include "src/core/lib/promise/promise.h"
+#include "src/core/lib/transport/status_conversion.h"
 namespace grpc_core {
@@ -301,4 +302,49 @@ TokenFetcherCredentials::GetRequestMetadata(
   };
 }
+//
+// HttpTokenFetcherCredentials
+//
+HttpTokenFetcherCredentials::HttpFetchRequest::HttpFetchRequest(
+    HttpTokenFetcherCredentials* creds, Timestamp deadline,
+    absl::AnyInvocable<void(absl::StatusOr<grpc_http_response>)> on_done)
+    : on_done_(std::move(on_done)) {
+  GRPC_CLOSURE_INIT(&on_http_response_, OnHttpResponse, this, nullptr);
+  Ref().release();  // Ref held by HTTP request callback.
+  http_request_ = creds->StartHttpRequest(creds->pollent(), deadline,
+                                          &response_, &on_http_response_);
+}
+void HttpTokenFetcherCredentials::HttpFetchRequest::Orphan() {
+  http_request_.reset();
+  Unref();
+}
+void HttpTokenFetcherCredentials::HttpFetchRequest::OnHttpResponse(
+    void* arg, grpc_error_handle error) {
+  RefCountedPtr<HttpFetchRequest> self(static_cast<HttpFetchRequest*>(arg));
+  if (!error.ok()) {
+    // TODO(roth): It shouldn't be necessary to explicitly set the
+    // status to UNAVAILABLE here.  Once the HTTP client code is
+    // migrated to stop using legacy grpc_error APIs to create
+    // statuses, we should be able to just propagate the status as-is.
+    self->on_done_(absl::UnavailableError(StatusToString(error)));
+    return;
+  }
+  if (self->response_.status != 200) {
+    grpc_status_code status_code =
+        grpc_http2_status_to_grpc_status(self->response_.status);
+    if (status_code != GRPC_STATUS_UNAVAILABLE) {
+      status_code = GRPC_STATUS_UNAUTHENTICATED;
+    }
+    self->on_done_(
+        absl::Status(static_cast<absl::StatusCode>(status_code),
+                     absl::StrCat("HTTP token fetch failed with status ",
+                                  self->response_.status)));
+    return;
+  }
+  self->on_done_(self->response_);
+}
 }  // namespace grpc_core

data/src/core/credentials/call/token_fetcher/token_fetcher_credentials.h CHANGED Viewed

@@ -24,9 +24,6 @@
 #include <utility>
 #include <variant>
-#include "absl/container/flat_hash_set.h"
-#include "absl/functional/any_invocable.h"
-#include "absl/status/statusor.h"
 #include "src/core/call/metadata.h"
 #include "src/core/credentials/call/call_credentials.h"
 #include "src/core/lib/iomgr/polling_entity.h"
@@ -39,6 +36,9 @@
 #include "src/core/util/sync.h"
 #include "src/core/util/time.h"
 #include "src/core/util/useful.h"
+#include "absl/container/flat_hash_set.h"
+#include "absl/functional/any_invocable.h"
+#include "absl/status/statusor.h"
 namespace grpc_core {
@@ -176,6 +176,35 @@ class TokenFetcherCredentials : public grpc_call_credentials {
   grpc_polling_entity pollent_ ABSL_GUARDED_BY(&mu_);
 };
+// A base class for fetching tokens via an HTTP request.
+class HttpTokenFetcherCredentials : public TokenFetcherCredentials {
+ public:
+  virtual OrphanablePtr<HttpRequest> StartHttpRequest(
+      grpc_polling_entity* pollent, Timestamp deadline,
+      grpc_http_response* response, grpc_closure* on_complete) = 0;
+ protected:
+  // State held for a pending HTTP request.
+  class HttpFetchRequest : public TokenFetcherCredentials::FetchRequest {
+   public:
+    // The given callback should assume the http response status has already
+    // been checked and handle the token parsing.
+    HttpFetchRequest(
+        HttpTokenFetcherCredentials* creds, Timestamp deadline,
+        absl::AnyInvocable<void(absl::StatusOr<grpc_http_response>)> on_done);
+    ~HttpFetchRequest() override { grpc_http_response_destroy(&response_); }
+    void Orphan() override;
+   private:
+    static void OnHttpResponse(void* arg, grpc_error_handle error);
+    OrphanablePtr<HttpRequest> http_request_;
+    grpc_closure on_http_response_;
+    grpc_http_response response_;
+    absl::AnyInvocable<void(absl::StatusOr<grpc_http_response>)> on_done_;
+  };
+};
 }  // namespace grpc_core
 #endif  // GRPC_SRC_CORE_CREDENTIALS_CALL_TOKEN_FETCHER_TOKEN_FETCHER_CREDENTIALS_H

data/src/core/credentials/transport/alts/alts_credentials.cc CHANGED Viewed

@@ -25,10 +25,10 @@
 #include <utility>
-#include "absl/log/log.h"
 #include "src/core/credentials/transport/alts/alts_security_connector.h"
 #include "src/core/credentials/transport/alts/check_gcp_environment.h"
 #include "src/core/credentials/transport/alts/grpc_alts_credentials_options.h"
+#include "absl/log/log.h"
 #define GRPC_ALTS_HANDSHAKER_SERVICE_URL "dns:///metadata.google.internal.:8080"
@@ -90,8 +90,8 @@ grpc_channel_credentials* grpc_alts_credentials_create_customized(
     const grpc_alts_credentials_options* options,
     const char* handshaker_service_url, bool enable_untrusted_alts) {
   if (!enable_untrusted_alts && !grpc_alts_is_running_on_gcp()) {
-    LOG(ERROR) << "ALTS creds ignored. Not running on GCP and untrusted ALTS "
-                  "is not enabled.";
+    VLOG(2) << "ALTS creds ignored. Not running on GCP and untrusted ALTS "
+               "is not enabled.";
     return nullptr;
   }
   return new grpc_alts_credentials(options, handshaker_service_url);
@@ -101,8 +101,8 @@ grpc_server_credentials* grpc_alts_server_credentials_create_customized(
     const grpc_alts_credentials_options* options,
     const char* handshaker_service_url, bool enable_untrusted_alts) {
   if (!enable_untrusted_alts && !grpc_alts_is_running_on_gcp()) {
-    LOG(ERROR) << "ALTS server creds ignored. Not running on GCP and untrusted "
-                  "ALTS is not enabled.";
+    VLOG(2) << "ALTS server creds ignored. Not running on GCP and untrusted "
+               "ALTS is not enabled.";
     return nullptr;
   }
   return new grpc_alts_server_credentials(options, handshaker_service_url);

data/src/core/credentials/transport/alts/alts_security_connector.cc CHANGED Viewed

@@ -31,10 +31,6 @@
 #include <optional>
 #include <utility>
-#include "absl/log/check.h"
-#include "absl/log/log.h"
-#include "absl/status/status.h"
-#include "absl/strings/string_view.h"
 #include "src/core/credentials/transport/alts/alts_credentials.h"
 #include "src/core/credentials/transport/transport_credentials.h"
 #include "src/core/handshaker/handshaker.h"
@@ -53,7 +49,11 @@
 #include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
 #include "src/core/tsi/transport_security.h"
 #include "src/core/util/debug_location.h"
+#include "src/core/util/grpc_check.h"
 #include "src/core/util/ref_counted_ptr.h"
+#include "absl/log/log.h"
+#include "absl/status/status.h"
+#include "absl/strings/string_view.h"
 void grpc_alts_set_rpc_protocol_versions(
     grpc_gcp_rpc_protocol_versions* rpc_versions) {
@@ -102,11 +102,12 @@ class grpc_alts_channel_security_connector final
         static_cast<const grpc_alts_credentials*>(channel_creds());
     const size_t user_specified_max_frame_size =
         std::max(0, args.GetInt(GRPC_ARG_TSI_MAX_FRAME_SIZE).value_or(0));
-    CHECK(alts_tsi_handshaker_create(
-              creds->options(), target_name_, creds->handshaker_service_url(),
-              true, interested_parties, &handshaker,
-              user_specified_max_frame_size,
-              args.GetOwnedString(GRPC_ARG_TRANSPORT_PROTOCOLS)) == TSI_OK);
+    GRPC_CHECK(alts_tsi_handshaker_create(
+                   creds->options(), target_name_,
+                   creds->handshaker_service_url(), true, interested_parties,
+                   &handshaker, user_specified_max_frame_size,
+                   args.GetOwnedString(GRPC_ARG_TRANSPORT_PROTOCOLS)) ==
+               TSI_OK);
     handshake_manager->Add(
         grpc_core::SecurityHandshakerCreate(handshaker, this, args));
   }
@@ -156,10 +157,11 @@ class grpc_alts_server_security_connector final
         static_cast<const grpc_alts_server_credentials*>(server_creds());
     size_t user_specified_max_frame_size =
         std::max(0, args.GetInt(GRPC_ARG_TSI_MAX_FRAME_SIZE).value_or(0));
-    CHECK(alts_tsi_handshaker_create(
-              creds->options(), nullptr, creds->handshaker_service_url(), false,
-              interested_parties, &handshaker, user_specified_max_frame_size,
-              args.GetOwnedString(GRPC_ARG_TRANSPORT_PROTOCOLS)) == TSI_OK);
+    GRPC_CHECK(
+        alts_tsi_handshaker_create(
+            creds->options(), nullptr, creds->handshaker_service_url(), false,
+            interested_parties, &handshaker, user_specified_max_frame_size,
+            args.GetOwnedString(GRPC_ARG_TRANSPORT_PROTOCOLS)) == TSI_OK);
     handshake_manager->Add(
         grpc_core::SecurityHandshakerCreate(handshaker, this, args));
   }
@@ -250,8 +252,8 @@ RefCountedPtr<grpc_auth_context> grpc_alts_auth_context_from_tsi_peer(
       grpc_auth_context_add_property(
           ctx.get(), TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY,
           tsi_prop->value.data, tsi_prop->value.length);
-      CHECK(grpc_auth_context_set_peer_identity_property_name(
-                ctx.get(), TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY) == 1);
+      GRPC_CHECK(grpc_auth_context_set_peer_identity_property_name(
+                     ctx.get(), TSI_ALTS_SERVICE_ACCOUNT_PEER_PROPERTY) == 1);
     }
     // Add alts context to auth context.
     if (strcmp(tsi_prop->name, TSI_ALTS_CONTEXT) == 0) {

data/src/core/credentials/transport/alts/check_gcp_environment_no_op.cc CHANGED Viewed

@@ -20,9 +20,9 @@
 #if !defined(GPR_LINUX) && !defined(GPR_WINDOWS)
-#include "absl/log/log.h"
 #include "src/core/credentials/transport/alts/check_gcp_environment.h"
 #include "src/core/util/crash.h"
+#include "absl/log/log.h"
 bool grpc_alts_is_running_on_gcp() {
   VLOG(2) << "ALTS: Platforms other than Linux and Windows are not supported";

data/src/core/credentials/transport/alts/grpc_alts_credentials_client_options.cc CHANGED Viewed

@@ -21,9 +21,13 @@
 #include <grpc/support/port_platform.h>
 #include <grpc/support/string_util.h>
-#include "absl/log/log.h"
+#include <algorithm>
+#include <memory>
+#include <optional>
 #include "src/core/credentials/transport/alts/grpc_alts_credentials_options.h"
 #include "src/core/tsi/alts/handshaker/transport_security_common_api.h"
+#include "absl/log/log.h"
 static grpc_alts_credentials_options* alts_client_options_copy(
     const grpc_alts_credentials_options* options);
@@ -70,8 +74,7 @@ static const grpc_alts_credentials_options_vtable vtable = {
 grpc_alts_credentials_options* grpc_alts_credentials_client_options_create(
     void) {
-  auto client_options = static_cast<grpc_alts_credentials_client_options*>(
-      gpr_zalloc(sizeof(grpc_alts_credentials_client_options)));
+  auto client_options = new grpc_alts_credentials_client_options();
   client_options->base.vtable = &vtable;
   return &client_options->base;
 }
@@ -101,12 +104,28 @@ static grpc_alts_credentials_options* alts_client_options_copy(
     prev = new_node;
     node = node->next;
   }
+  new_options->record_protocols = options->record_protocols;
+  new_client_options->token_fetcher =
+      reinterpret_cast<const grpc_alts_credentials_client_options*>(options)
+          ->token_fetcher;
   // Copy rpc protocol versions.
   grpc_gcp_rpc_protocol_versions_copy(&options->rpc_versions,
                                       &new_options->rpc_versions);
   return new_options;
 }
+void grpc_alts_credentials_client_options_set_token_fetcher(
+    grpc_alts_credentials_options* options,
+    std::shared_ptr<grpc::alts::TokenFetcher> token_fetcher) {
+  if (options == nullptr) {
+    return;
+  }
+  reinterpret_cast<grpc_alts_credentials_client_options*>(options)
+      ->token_fetcher = token_fetcher;
+}
 static void alts_client_options_destroy(
     grpc_alts_credentials_options* options) {
   if (options == nullptr) {
@@ -120,4 +139,5 @@ static void alts_client_options_destroy(
     target_service_account_destroy(node);
     node = next_node;
   }
+  delete client_options;
 }

data/src/core/credentials/transport/alts/grpc_alts_credentials_options.cc CHANGED Viewed

@@ -40,6 +40,15 @@ void grpc_alts_credentials_options_destroy(
     if (options->vtable != nullptr && options->vtable->destruct != nullptr) {
       options->vtable->destruct(options);
     }
-    gpr_free(options);
   }
 }
+void grpc_alts_credentials_client_options_set_record_protocols(
+    grpc_alts_credentials_options* options,
+    const absl::Span<std::string> record_protocols) {
+  if (options == nullptr) {
+    return;
+  }
+  std::copy(record_protocols.begin(), record_protocols.end(),
+            std::back_inserter(options->record_protocols));
+}

data/src/core/credentials/transport/alts/grpc_alts_credentials_options.h CHANGED Viewed

@@ -23,7 +23,28 @@
 #include <grpc/grpc_security.h>
 #include <grpc/support/port_platform.h>
+#include <memory>
+#include <string>
+#include <vector>
 #include "src/core/tsi/alts/handshaker/transport_security_common_api.h"
+#include "absl/status/statusor.h"
+namespace grpc::alts {
+// Its implementation must be thread-safe.
+class TokenFetcher {
+ public:
+  virtual ~TokenFetcher() = default;
+  // Thread-safe and non-blocking. The returned token must be strongly bound.
+  // Failure to comply with this requirement will result in a serious security
+  // issue. The token must also be valid for at least 9 hours to outlive an
+  // arbitrary ALTS connection.
+  virtual absl::StatusOr<std::string> GetToken() = 0;
+};
+}  // namespace grpc::alts
 // V-table for grpc_alts_credentials_options
 typedef struct grpc_alts_credentials_options_vtable {
@@ -35,6 +56,7 @@ typedef struct grpc_alts_credentials_options_vtable {
 struct grpc_alts_credentials_options {
   const struct grpc_alts_credentials_options_vtable* vtable;
   grpc_gcp_rpc_protocol_versions rpc_versions;
+  std::vector<std::string> record_protocols;
 };
 typedef struct target_service_account {
@@ -50,6 +72,7 @@ typedef struct target_service_account {
 typedef struct grpc_alts_credentials_client_options {
   grpc_alts_credentials_options base;
   target_service_account* target_account_list_head;
+  std::shared_ptr<grpc::alts::TokenFetcher> token_fetcher;
 } grpc_alts_credentials_client_options;
 ///
@@ -71,4 +94,12 @@ typedef struct grpc_alts_credentials_server_options {
 grpc_alts_credentials_options* grpc_alts_credentials_options_copy(
     const grpc_alts_credentials_options* options);
+void grpc_alts_credentials_client_options_set_token_fetcher(
+    grpc_alts_credentials_options* options,
+    std::shared_ptr<grpc::alts::TokenFetcher> token_fetcher);
+void grpc_alts_credentials_client_options_set_record_protocols(
+    grpc_alts_credentials_options* options,
+    const absl::Span<std::string> record_protocols);
 #endif  // GRPC_SRC_CORE_CREDENTIALS_TRANSPORT_ALTS_GRPC_ALTS_CREDENTIALS_OPTIONS_H