aboutsummaryrefslogtreecommitdiffhomepage
path: root/include
diff options
context:
space:
mode:
authorGravatar Craig Tiller <ctiller@google.com>2015-08-31 15:59:13 -0700
committerGravatar Craig Tiller <ctiller@google.com>2015-08-31 15:59:13 -0700
commit245bd8875b4640104df433f6a432b5d63799bfb8 (patch)
tree5ddd592e172d9e7fec49300f54db6b0bdff7c275 /include
parentae69ad1bcf0322200ebeed5476ee9978101beeb7 (diff)
parentcbdfaba7ae41634c66d1a32cbc2ea674a34be9c6 (diff)
Merge github.com:grpc/grpc into second-coming
Diffstat (limited to 'include')
-rw-r--r--include/grpc++/client_context.h2
-rw-r--r--include/grpc++/create_channel.h8
-rw-r--r--include/grpc++/security/auth_context.h (renamed from include/grpc++/support/auth_context.h)8
-rw-r--r--include/grpc++/security/auth_metadata_processor.h74
-rw-r--r--include/grpc++/security/credentials.h (renamed from include/grpc++/credentials.h)18
-rw-r--r--include/grpc++/security/server_credentials.h (renamed from include/grpc++/server_credentials.h)6
-rw-r--r--include/grpc++/server.h2
-rw-r--r--include/grpc++/server_context.h2
-rw-r--r--include/grpc/census.h254
-rw-r--r--include/grpc/grpc.h3
-rw-r--r--include/grpc/grpc_security.h52
11 files changed, 363 insertions, 66 deletions
diff --git a/include/grpc++/client_context.h b/include/grpc++/client_context.h
index 62e5260a18..917a1222a8 100644
--- a/include/grpc++/client_context.h
+++ b/include/grpc++/client_context.h
@@ -42,7 +42,7 @@
#include <grpc/grpc.h>
#include <grpc/support/log.h>
#include <grpc/support/time.h>
-#include <grpc++/support/auth_context.h>
+#include <grpc++/security/auth_context.h>
#include <grpc++/support/config.h>
#include <grpc++/support/status.h>
#include <grpc++/support/string_ref.h>
diff --git a/include/grpc++/create_channel.h b/include/grpc++/create_channel.h
index 0e559ac53e..72f05174e1 100644
--- a/include/grpc++/create_channel.h
+++ b/include/grpc++/create_channel.h
@@ -36,7 +36,7 @@
#include <memory>
-#include <grpc++/credentials.h>
+#include <grpc++/security/credentials.h>
#include <grpc++/support/channel_arguments.h>
#include <grpc++/support/config.h>
@@ -44,6 +44,12 @@ namespace grpc {
// If creds does not hold an object or is invalid, a lame channel is returned.
std::shared_ptr<Channel> CreateChannel(
+ const grpc::string& target, const std::shared_ptr<Credentials>& creds);
+
+// For advanced use and testing ONLY. Override default channel arguments only
+// if necessary.
+// If creds does not hold an object or is invalid, a lame channel is returned.
+std::shared_ptr<Channel> CreateCustomChannel(
const grpc::string& target, const std::shared_ptr<Credentials>& creds,
const ChannelArguments& args);
diff --git a/include/grpc++/support/auth_context.h b/include/grpc++/security/auth_context.h
index 67e3e66c05..fc2701e806 100644
--- a/include/grpc++/support/auth_context.h
+++ b/include/grpc++/security/auth_context.h
@@ -77,6 +77,9 @@ class AuthContext {
public:
virtual ~AuthContext() {}
+ // Returns true if the peer is authenticated.
+ virtual bool IsPeerAuthenticated() const = 0;
+
// A peer identity, in general is one or more properties (in which case they
// have the same name).
virtual std::vector<grpc::string_ref> GetPeerIdentity() const = 0;
@@ -89,6 +92,11 @@ class AuthContext {
// Iteration over all the properties.
virtual AuthPropertyIterator begin() const = 0;
virtual AuthPropertyIterator end() const = 0;
+
+ // Mutation functions: should only be used by an AuthMetadataProcessor.
+ virtual void AddProperty(const grpc::string& key,
+ const grpc::string_ref& value) = 0;
+ virtual bool SetPeerIdentityPropertyName(const grpc::string& name) = 0;
};
} // namespace grpc
diff --git a/include/grpc++/security/auth_metadata_processor.h b/include/grpc++/security/auth_metadata_processor.h
new file mode 100644
index 0000000000..18ad922321
--- /dev/null
+++ b/include/grpc++/security/auth_metadata_processor.h
@@ -0,0 +1,74 @@
+/*
+ *
+ * Copyright 2015, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef GRPCXX_AUTH_METADATA_PROCESSOR_H_
+#define GRPCXX_AUTH_METADATA_PROCESSOR_H_
+
+#include <map>
+
+#include <grpc++/security/auth_context.h>
+#include <grpc++/support/status.h>
+#include <grpc++/support/string_ref.h>
+
+namespace grpc {
+
+class AuthMetadataProcessor {
+ public:
+ typedef std::multimap<grpc::string_ref, grpc::string_ref> InputMetadata;
+ typedef std::multimap<grpc::string, grpc::string_ref> OutputMetadata;
+
+ virtual ~AuthMetadataProcessor() {}
+
+ // If this method returns true, the Process function will be scheduled in
+ // a different thread from the one processing the call.
+ virtual bool IsBlocking() const { return true; }
+
+ // context is read/write: it contains the properties of the channel peer and
+ // it is the job of the Process method to augment it with properties derived
+ // from the passed-in auth_metadata.
+ // consumed_auth_metadata needs to be filled with metadata that has been
+ // consumed by the processor and will be removed from the call.
+ // response_metadata is the metadata that will be sent as part of the
+ // response.
+ // If the return value is not Status::OK, the rpc call will be aborted with
+ // the error code and error message sent back to the client.
+ virtual Status Process(const InputMetadata& auth_metadata,
+ AuthContext* context,
+ OutputMetadata* consumed_auth_metadata,
+ OutputMetadata* response_metadata) = 0;
+};
+
+} // namespace grpc
+
+#endif // GRPCXX_AUTH_METADATA_PROCESSOR_H_
+
diff --git a/include/grpc++/credentials.h b/include/grpc++/security/credentials.h
index 71e1f00f15..ce5a9e0606 100644
--- a/include/grpc++/credentials.h
+++ b/include/grpc++/security/credentials.h
@@ -57,7 +57,7 @@ class Credentials : public GrpcLibrary {
virtual SecureCredentials* AsSecureCredentials() = 0;
private:
- friend std::shared_ptr<Channel> CreateChannel(
+ friend std::shared_ptr<Channel> CreateCustomChannel(
const grpc::string& target, const std::shared_ptr<Credentials>& creds,
const ChannelArguments& args);
@@ -94,17 +94,7 @@ std::shared_ptr<Credentials> SslCredentials(
const SslCredentialsOptions& options);
// Builds credentials for use when running in GCE
-std::shared_ptr<Credentials> ComputeEngineCredentials();
-
-// Builds service account credentials.
-// json_key is the JSON key string containing the client's private key.
-// scope is a space-delimited list of the requested permissions.
-// token_lifetime_seconds is the lifetime in seconds of each token acquired
-// through this service account credentials. It should be positive and should
-// not exceed grpc_max_auth_token_lifetime or will be cropped to this value.
-std::shared_ptr<Credentials> ServiceAccountCredentials(
- const grpc::string& json_key, const grpc::string& scope,
- long token_lifetime_seconds);
+std::shared_ptr<Credentials> GoogleComputeEngineCredentials();
// Builds Service Account JWT Access credentials.
// json_key is the JSON key string containing the client's private key.
@@ -117,7 +107,7 @@ std::shared_ptr<Credentials> ServiceAccountJWTAccessCredentials(
// Builds refresh token credentials.
// json_refresh_token is the JSON string containing the refresh token along
// with a client_id and client_secret.
-std::shared_ptr<Credentials> RefreshTokenCredentials(
+std::shared_ptr<Credentials> GoogleRefreshTokenCredentials(
const grpc::string& json_refresh_token);
// Builds access token credentials.
@@ -127,7 +117,7 @@ std::shared_ptr<Credentials> AccessTokenCredentials(
const grpc::string& access_token);
// Builds IAM credentials.
-std::shared_ptr<Credentials> IAMCredentials(
+std::shared_ptr<Credentials> GoogleIAMCredentials(
const grpc::string& authorization_token,
const grpc::string& authority_selector);
diff --git a/include/grpc++/server_credentials.h b/include/grpc++/security/server_credentials.h
index 16b78c08af..2094c7403c 100644
--- a/include/grpc++/server_credentials.h
+++ b/include/grpc++/security/server_credentials.h
@@ -37,6 +37,7 @@
#include <memory>
#include <vector>
+#include <grpc++/security/auth_metadata_processor.h>
#include <grpc++/support/config.h>
struct grpc_server;
@@ -49,6 +50,11 @@ class ServerCredentials {
public:
virtual ~ServerCredentials();
+ // This method is not thread-safe and has to be called before the server is
+ // started. The last call to this function wins.
+ virtual void SetAuthMetadataProcessor(
+ const std::shared_ptr<AuthMetadataProcessor>& processor) = 0;
+
private:
friend class ::grpc::Server;
diff --git a/include/grpc++/server.h b/include/grpc++/server.h
index c8979e433c..22d14ee652 100644
--- a/include/grpc++/server.h
+++ b/include/grpc++/server.h
@@ -41,6 +41,7 @@
#include <grpc++/impl/call.h>
#include <grpc++/impl/grpc_library.h>
#include <grpc++/impl/sync.h>
+#include <grpc++/security/server_credentials.h>
#include <grpc++/support/config.h>
#include <grpc++/support/status.h>
@@ -54,7 +55,6 @@ class AsyncGenericService;
class RpcService;
class RpcServiceMethod;
class ServerAsyncStreamingInterface;
-class ServerCredentials;
class ThreadPoolInterface;
// Currently it only supports handling rpcs in a single thread.
diff --git a/include/grpc++/server_context.h b/include/grpc++/server_context.h
index 4b17a28047..85f384d477 100644
--- a/include/grpc++/server_context.h
+++ b/include/grpc++/server_context.h
@@ -39,7 +39,7 @@
#include <grpc/compression.h>
#include <grpc/support/time.h>
-#include <grpc++/support/auth_context.h>
+#include <grpc++/security/auth_context.h>
#include <grpc++/support/config.h>
#include <grpc++/support/string_ref.h>
#include <grpc++/support/time.h>
diff --git a/include/grpc/census.h b/include/grpc/census.h
index a18b997b79..d1a2978bd2 100644
--- a/include/grpc/census.h
+++ b/include/grpc/census.h
@@ -69,12 +69,14 @@ int census_supported(void);
/** Return the census features currently enabled. */
int census_enabled(void);
-/* Internally, Census relies on a context, which should be propagated across
- * RPC's. From the RPC subsystems viewpoint, this is an opaque data structure.
- * A context must be used as the first argument to all other census
- * functions. Conceptually, contexts should be thought of as specific to
- * single RPC/thread. The context can be serialized for passing across the
- * wire. */
+/**
+ Context is a handle used by census to represent the current tracing and
+ tagging information. Contexts should be propagated across RPC's. Contexts
+ are created by any of the census_start_*_op() functions. A context is
+ typically used as argument to most census functions. Conceptually, contexts
+ should be thought of as specific to single RPC/thread. The context can be
+ serialized for passing across the wire, via census_context_serialize().
+*/
typedef struct census_context census_context;
/* This function is called by the RPC subsystem whenever it needs to get a
@@ -91,18 +93,236 @@ typedef struct census_context census_context;
size_t census_context_serialize(const census_context *context, char *buffer,
size_t buf_size);
-/* Create a new census context, possibly from a serialized buffer. If 'buffer'
- * is non-NULL, it is assumed that it is a buffer encoded by
- * census_context_serialize(). If `buffer` is NULL, a new, empty context is
- * created. The decoded/new contest is returned in 'context'.
- *
- * Returns 0 if no errors, non-zero if buffer is incorrectly formatted, in
- * which case a new empty context will be returned. */
-int census_context_deserialize(const char *buffer, census_context **context);
+/* Distributed traces can have a number of options. */
+enum census_trace_mask_values {
+ CENSUS_TRACE_MASK_NONE = 0, /* Default, empty flags */
+ CENSUS_TRACE_MASK_IS_SAMPLED = 1 /* RPC tracing enabled for this context. */
+};
+
+/** Get the current trace mask associated with this context. The value returned
+ will be the logical or of census_trace_mask_values values. */
+int census_trace_mask(const census_context *context);
+
+/** Set the trace mask associated with a context. */
+void census_set_trace_mask(int trace_mask);
+
+/* The concept of "operation" is a fundamental concept for Census. In an RPC
+ system, and operation typcially represents a single RPC, or a significant
+ sub-part thereof (e.g. a single logical "read" RPC to a distributed storage
+ system might do several other actions in parallel, from looking up metadata
+ indices to making requests of other services - each of these could be a
+ sub-operation with the larger RPC operation). Census uses operations for the
+ following:
+
+ CPU accounting: If enabled, census will measure the thread CPU time
+ consumed between operation start and end times.
+
+ Active operations: Census will maintain information on all currently
+ active operations.
+
+ Distributed tracing: Each operation serves as a logical trace span.
+
+ Stats collection: Stats are broken down by operation (e.g. latency
+ breakdown for each unique RPC path).
+
+ The following functions serve to delineate the start and stop points for
+ each logical operation. */
+
+/**
+ This structure represents a timestamp as used by census to record the time
+ at which an operation begins.
+*/
+typedef struct {
+ /* Use gpr_timespec for default implementation. High performance
+ * implementations should use a cycle-counter based timestamp. */
+ gpr_timespec ts;
+} census_timestamp;
+
+/**
+ Mark the beginning of an RPC operation. The information required to call the
+ functions to record the start of RPC operations (both client and server) may
+ not be callable at the true start time of the operation, due to information
+ not being available (e.g. the census context data will not be available in a
+ server RPC until at least initial metadata has been processed). To ensure
+ correct CPU accounting and latency recording, RPC systems can call this
+ function to get the timestamp of operation beginning. This can later be used
+ as an argument to census_start_{client,server}_rpc_op(). NB: for correct
+ CPU accounting, the system must guarantee that the same thread is used
+ for all request processing after this function is called.
+
+ @return A timestamp representing the operation start time.
+*/
+census_timestamp census_start_rpc_op_timestamp(void);
+
+/**
+ Represent functions to map RPC name ID to service/method names. Census
+ breaks down all RPC stats by service and method names. We leave the
+ definition and format of these to the RPC system. For efficiency purposes,
+ we encode these as a single 64 bit identifier, and allow the RPC system to
+ provide a structure for functions that can convert these to service and
+ method strings.
+
+ TODO(aveitch): Instead of providing this as an argument to the rpc_start_op()
+ functions, maybe it should be set once at census initialization.
+*/
+typedef struct {
+ const char *(*get_rpc_service_name)(gpr_int64 id);
+ const char *(*get_rpc_method_name)(gpr_int64 id);
+} census_rpc_name_info;
+
+/**
+ Start a client rpc operation. This function should be called as early in the
+ client RPC path as possible. This function will create a new context. If
+ the context argument is non-null, then the new context will inherit all
+ its properties, with the following changes:
+ - create a new operation ID for the new context, marking it as a child of
+ the previous operation.
+ - use the new RPC path and peer information for tracing and stats
+ collection purposes, rather than those from the original context
+
+ If the context argument is NULL, then a new root context is created. This
+ is particularly important for tracing purposes (the trace spans generated
+ will be unassociated with any other trace spans, except those
+ downstream). The trace_mask will be used for tracing operations associated
+ with the new context.
+
+ In some RPC systems (e.g. where load balancing is used), peer information
+ may not be available at the time the operation starts. In this case, use a
+ NULL value for peer, and set it later using the
+ census_set_rpc_client_peer() function.
+
+ @param context The parent context. Can be NULL.
+ @param rpc_name_id The rpc name identifier to be associated with this RPC.
+ @param rpc_name_info Used to decode rpc_name_id.
+ @param peer RPC peer. If not available at the time, NULL can be used,
+ and a later census_set_rpc_client_peer() call made.
+ @param trace_mask An OR of census_trace_mask_values values. Only used in
+ the creation of a new root context (context == NULL).
+ @param start_time A timestamp returned from census_start_rpc_op_timestamp().
+ Can be NULL. Used to set the true time the operation
+ begins.
+
+ @return A new census context.
+ */
+census_context *census_start_client_rpc_op(
+ const census_context *context, gpr_int64 rpc_name_id,
+ const census_rpc_name_info *rpc_name_info, const char *peer, int trace_mask,
+ const census_timestamp *start_time);
+
+/**
+ Add peer information to a context representing a client RPC operation.
+*/
+void census_set_rpc_client_peer(census_context *context, const char *peer);
+
+/**
+ Start a server RPC operation. Returns a new context to be used in future
+ census calls. If buffer is non-NULL, then the buffer contents should
+ represent the client context, as generated by census_context_serialize().
+ If buffer is NULL, a new root context is created.
+
+ @param buffer Buffer containing bytes output from census_context_serialize().
+ @param rpc_name_id The rpc name identifier to be associated with this RPC.
+ @param rpc_name_info Used to decode rpc_name_id.
+ @param peer RPC peer.
+ @param trace_mask An OR of census_trace_mask_values values. Only used in
+ the creation of a new root context (buffer == NULL).
+ @param start_time A timestamp returned from census_start_rpc_op_timestamp().
+ Can be NULL. Used to set the true time the operation
+ begins.
+
+ @return A new census context.
+ */
+census_context *census_start_server_rpc_op(
+ const char *buffer, gpr_int64 rpc_name_id,
+ const census_rpc_name_info *rpc_name_info, const char *peer, int trace_mask,
+ census_timestamp *start_time);
+
+/**
+ Start a new, non-RPC operation. In general, this function works very
+ similarly to census_start_client_rpc_op, with the primary difference being
+ the replacement of host/path information with the more generic family/name
+ tags. If the context argument is non-null, then the new context will
+ inherit all its properties, with the following changes:
+ - create a new operation ID for the new context, marking it as a child of
+ the previous operation.
+ - use the family and name information for tracing and stats collection
+ purposes, rather than those from the original context
+
+ If the context argument is NULL, then a new root context is created. This
+ is particularly important for tracing purposes (the trace spans generated
+ will be unassociated with any other trace spans, except those
+ downstream). The trace_mask will be used for tracing
+ operations associated with the new context.
+
+ @param context The base context. Can be NULL.
+ @param family Family name to associate with the trace
+ @param name Name within family to associated with traces/stats
+ @param trace_mask An OR of census_trace_mask_values values. Only used if
+ context is NULL.
+
+ @return A new census context.
+ */
+census_context *census_start_op(census_context *context, const char *family,
+ const char *name, int trace_mask);
+
+/**
+ End an operation started by any of the census_start_*_op*() calls. The
+ context used in this call will no longer be valid once this function
+ completes.
+
+ @param context Context associated with operation which is ending.
+ @param status status associated with the operation. Not interpreted by
+ census.
+*/
+void census_end_op(census_context *context, int status);
+
+#define CENSUS_TRACE_RECORD_START_OP ((gpr_uint32)0)
+#define CENSUS_TRACE_RECORD_END_OP ((gpr_uint32)1)
+
+/** Insert a trace record into the trace stream. The record consists of an
+ arbitrary size buffer, the size of which is provided in 'n'.
+ @param context Trace context
+ @param type User-defined type to associate with trace entry.
+ @param buffer Pointer to buffer to use
+ @param n Number of bytes in buffer
+*/
+void census_trace_print(census_context *context, gpr_uint32 type,
+ const char *buffer, size_t n);
+
+/** Trace record. */
+typedef struct {
+ census_timestamp timestamp; /* Time of record creation */
+ gpr_uint64 trace_id; /* Trace ID associated with record */
+ gpr_uint64 op_id; /* Operation ID associated with record */
+ gpr_uint32 type; /* Type (as used in census_trace_print() */
+ const char *buffer; /* Buffer (from census_trace_print() */
+ size_t buf_size; /* Number of bytes inside buffer */
+} census_trace_record;
+
+/** Start a scan of existing trace records. While a scan is ongoing, addition
+ of new trace records will be blocked if the underlying trace buffers
+ fill up, so trace processing systems should endeavor to complete
+ reading as soon as possible.
+ @param consume if non-zero, indicates that reading records also "consumes"
+ the previously read record - i.e. releases space in the trace log
+ while scanning is ongoing.
+ @returns 0 on success, non-zero on failure (e.g. if a scan is already ongoing)
+*/
+int census_trace_scan_start(int consume);
+
+/** Get a trace record. The data pointed to by the trace buffer is guaranteed
+ stable until the next census_get_trace_record() call (if the consume
+ argument to census_trace_scan_start was non-zero) or census_trace_scan_end()
+ is called (otherwise).
+ @param trace_record structure that will be filled in with oldest trace record.
+ @returns -1 if an error occurred (e.g. no previous call to
+ census_trace_scan_start()), 0 if there is no more trace data (and
+ trace_record will not be modified) or 1 otherwise.
+*/
+int census_get_trace_record(census_trace_record *trace_record);
-/* The given context is destroyed. Once destroyed, using the context in
- * future census calls will result in undefined behavior. */
-void census_context_destroy(census_context *context);
+/** End a scan previously started by census_trace_scan_start() */
+void census_trace_scan_end();
/* Max number of characters in tag key */
#define CENSUS_MAX_TAG_KEY_LENGTH 20
diff --git a/include/grpc/grpc.h b/include/grpc/grpc.h
index 145052b6d3..a75f356312 100644
--- a/include/grpc/grpc.h
+++ b/include/grpc/grpc.h
@@ -214,8 +214,7 @@ typedef struct grpc_metadata {
/** The following fields are reserved for grpc internal use.
There is no need to initialize them, and they will be set to garbage
- during
- calls to grpc. */
+ during calls to grpc. */
struct {
void *obfuscated[4];
} internal_data;
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h
index de565b2d2f..87bc250429 100644
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@@ -89,63 +89,55 @@ typedef struct {
key and certificate chain. This parameter can be NULL if the client does
not have such a key/cert pair. */
grpc_credentials *grpc_ssl_credentials_create(
- const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair);
+ const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair,
+ void *reserved);
/* Creates a composite credentials object. */
grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1,
- grpc_credentials *creds2);
+ grpc_credentials *creds2,
+ void *reserved);
-/* Creates a compute engine credentials object.
+/* Creates a compute engine credentials object for connecting to Google.
WARNING: Do NOT use this credentials to connect to a non-google service as
this could result in an oauth2 token leak. */
-grpc_credentials *grpc_compute_engine_credentials_create(void);
+grpc_credentials *grpc_google_compute_engine_credentials_create(void *reserved);
extern const gpr_timespec grpc_max_auth_token_lifetime;
-/* Creates a service account credentials object. May return NULL if the input is
- invalid.
- WARNING: Do NOT use this credentials to connect to a non-google service as
- this could result in an oauth2 token leak.
- - json_key is the JSON key string containing the client's private key.
- - scope is a space-delimited list of the requested permissions.
- - token_lifetime is the lifetime of each token acquired through this service
- account credentials. It should not exceed grpc_max_auth_token_lifetime
- or will be cropped to this value. */
-grpc_credentials *grpc_service_account_credentials_create(
- const char *json_key, const char *scope, gpr_timespec token_lifetime);
-
/* Creates a JWT credentials object. May return NULL if the input is invalid.
- json_key is the JSON key string containing the client's private key.
- token_lifetime is the lifetime of each Json Web Token (JWT) created with
this credentials. It should not exceed grpc_max_auth_token_lifetime or
will be cropped to this value. */
grpc_credentials *grpc_service_account_jwt_access_credentials_create(
- const char *json_key, gpr_timespec token_lifetime);
+ const char *json_key, gpr_timespec token_lifetime, void *reserved);
-/* Creates an Oauth2 Refresh Token credentials object. May return NULL if the
- input is invalid.
+/* Creates an Oauth2 Refresh Token credentials object for connecting to Google.
+ May return NULL if the input is invalid.
WARNING: Do NOT use this credentials to connect to a non-google service as
this could result in an oauth2 token leak.
- json_refresh_token is the JSON string containing the refresh token itself
along with a client_id and client_secret. */
-grpc_credentials *grpc_refresh_token_credentials_create(
- const char *json_refresh_token);
+grpc_credentials *grpc_google_refresh_token_credentials_create(
+ const char *json_refresh_token, void *reserved);
/* Creates an Oauth2 Access Token credentials with an access token that was
aquired by an out of band mechanism. */
grpc_credentials *grpc_access_token_credentials_create(
- const char *access_token);
+ const char *access_token, void *reserved);
-/* Creates an IAM credentials object. */
-grpc_credentials *grpc_iam_credentials_create(const char *authorization_token,
- const char *authority_selector);
+/* Creates an IAM credentials object for connecting to Google. */
+grpc_credentials *grpc_google_iam_credentials_create(
+ const char *authorization_token, const char *authority_selector,
+ void *reserved);
/* --- Secure channel creation. --- */
/* Creates a secure channel using the passed-in credentials. */
grpc_channel *grpc_secure_channel_create(grpc_credentials *creds,
const char *target,
- const grpc_channel_args *args);
+ const grpc_channel_args *args,
+ void *reserved);
/* --- grpc_server_credentials object. ---
@@ -171,7 +163,7 @@ void grpc_server_credentials_release(grpc_server_credentials *creds);
NULL. */
grpc_server_credentials *grpc_ssl_server_credentials_create(
const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
- size_t num_key_cert_pairs, int force_client_auth);
+ size_t num_key_cert_pairs, int force_client_auth, void *reserved);
/* --- Server-side secure ports. --- */
@@ -283,10 +275,12 @@ typedef void (*grpc_process_auth_metadata_done_cb)(
typedef struct {
/* The context object is read/write: it contains the properties of the
channel peer and it is the job of the process function to augment it with
- properties derived from the passed-in metadata. */
+ properties derived from the passed-in metadata.
+ The lifetime of these objects is guaranteed until cb is invoked. */
void (*process)(void *state, grpc_auth_context *context,
- const grpc_metadata *md, size_t md_count,
+ const grpc_metadata *md, size_t num_md,
grpc_process_auth_metadata_done_cb cb, void *user_data);
+ void (*destroy)(void *state);
void *state;
} grpc_auth_metadata_processor;