Merge github.com:grpc/grpc into come-out-of-the-shadow

3 files changed, 62 insertions, 1 deletions

diff --git a/include/grpc++/security/auth_metadata_processor.h b/include/grpc++/security/auth_metadata_processor.h
index 18ad922321..9b9c06e3b6 100644
--- a/include/grpc++/security/auth_metadata_processor.h
+++ b/include/grpc++/security/auth_metadata_processor.h
@@ -45,7 +45,7 @@ namespace grpc {
 class AuthMetadataProcessor {
  public:
   typedef std::multimap<grpc::string_ref, grpc::string_ref> InputMetadata;
-  typedef std::multimap<grpc::string, grpc::string_ref> OutputMetadata;
+  typedef std::multimap<grpc::string, grpc::string> OutputMetadata;
 
   virtual ~AuthMetadataProcessor() {}
 
diff --git a/include/grpc++/security/credentials.h b/include/grpc++/security/credentials.h
index e423849714..ff41bc597e 100644
--- a/include/grpc++/security/credentials.h
+++ b/include/grpc++/security/credentials.h
@@ -34,10 +34,13 @@
 #ifndef GRPCXX_CREDENTIALS_H
 #define GRPCXX_CREDENTIALS_H
 
+#include <map>
 #include <memory>
 
 #include <grpc++/impl/grpc_library.h>
 #include <grpc++/support/config.h>
+#include <grpc++/support/status.h>
+#include <grpc++/support/string_ref.h>
 
 namespace grpc {
 class ChannelArguments;
@@ -165,6 +168,24 @@ std::shared_ptr<Credentials> CompositeCredentials(
 /// Credentials for an unencrypted, unauthenticated channel
 std::shared_ptr<Credentials> InsecureCredentials();
 
+// User defined metadata credentials.
+class MetadataCredentialsPlugin {
+ public:
+  virtual ~MetadataCredentialsPlugin() {}
+
+  // If this method returns true, the Process function will be scheduled in
+  // a different thread from the one processing the call.
+  virtual bool IsBlocking() const { return true; }
+
+  // Gets the auth metatada produced by this plugin.
+  virtual Status GetMetadata(
+      grpc::string_ref service_url,
+      std::multimap<grpc::string, grpc::string>* metadata) = 0;
+};
+
+std::shared_ptr<Credentials> MetadataCredentialsFromPlugin(
+    std::unique_ptr<MetadataCredentialsPlugin> plugin);
+
 }  // namespace grpc
 
 #endif  // GRPCXX_CREDENTIALS_H
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h
index 87bc250429..44ced4fb43 100644
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@@ -131,6 +131,46 @@ grpc_credentials *grpc_google_iam_credentials_create(
     const char *authorization_token, const char *authority_selector,
     void *reserved);
 
+/* Callback function to be called by the metadata credentials plugin
+   implementation when the metadata is ready.
+   - user_data is the opaque pointer that was passed in the get_metadata method
+     of the grpc_metadata_credentials_plugin (see below).
+   - creds_md is an array of credentials metadata produced by the plugin. It
+     may be set to NULL in case of an error.
+   - num_creds_md is the number of items in the creds_md array.
+   - status must be GRPC_STATUS_OK in case of success or another specific error
+     code otherwise.
+   - error_details contains details about the error if any. In case of success
+     it should be NULL and will be otherwise ignored. */
+typedef void (*grpc_credentials_plugin_metadata_cb)(
+    void *user_data, const grpc_metadata *creds_md, size_t num_creds_md,
+    grpc_status_code status, const char *error_details);
+
+/* grpc_metadata_credentials plugin is an API user provided structure used to
+   create grpc_credentials objects that can be set on a channel (composed) or
+   a call. See grpc_credentials_metadata_create_from_plugin below.
+   The grpc client stack will call the get_metadata method of the plugin for
+   every call in scope for the credentials created from it. */
+typedef struct {
+  /* The implementation of this method has to be non-blocking.
+     - service_url is the fully qualified URL that the client stack is
+       connecting to.
+     - cb is the callback that needs to be called when the metadata is ready.
+     - user_data needs to be passed as the first parameter of the callback. */
+  void (*get_metadata)(void *state, const char *service_url,
+                       grpc_credentials_plugin_metadata_cb cb, void *user_data);
+
+  /* Destroys the plugin state. */
+  void (*destroy)(void *state);
+
+  /* State that will be set as the first parameter of the methods above. */
+  void *state;
+} grpc_metadata_credentials_plugin;
+
+/* Creates a credentials object from a plugin. */
+grpc_credentials *grpc_metadata_credentials_create_from_plugin(
+    grpc_metadata_credentials_plugin plugin, void *reserved);
+
 /* --- Secure channel creation. --- */
 
 /* Creates a secure channel using the passed-in credentials. */