diff options
author | Yash Tibrewal <yashkt@google.com> | 2018-11-16 10:58:12 -0800 |
---|---|---|
committer | Yash Tibrewal <yashkt@google.com> | 2018-11-16 11:11:04 -0800 |
commit | fc332d2c9247832af90792a59ff6d391e84bc8ae (patch) | |
tree | 4bd1db687960ca851f87d237a36f55190ac52f27 /src/core/lib/security/credentials | |
parent | 0eb9a3e783237cd46c8ba6d3b33228f537cafbfc (diff) | |
parent | 9cfacc48ee2e9f8db083d578c84881551734b1f0 (diff) |
Merge master
Diffstat (limited to 'src/core/lib/security/credentials')
10 files changed, 54 insertions, 64 deletions
diff --git a/src/core/lib/security/credentials/alts/alts_credentials.cc b/src/core/lib/security/credentials/alts/alts_credentials.cc index fa05d901bf..1fbef4ae0c 100644 --- a/src/core/lib/security/credentials/alts/alts_credentials.cc +++ b/src/core/lib/security/credentials/alts/alts_credentials.cc @@ -28,7 +28,7 @@ #include <grpc/support/string_util.h> #include "src/core/lib/security/credentials/alts/check_gcp_environment.h" -#include "src/core/lib/security/security_connector/alts_security_connector.h" +#include "src/core/lib/security/security_connector/alts/alts_security_connector.h" #define GRPC_CREDENTIALS_TYPE_ALTS "Alts" #define GRPC_ALTS_HANDSHAKER_SERVICE_URL "metadata.google.internal:8080" diff --git a/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc b/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc index 0a39c6c485..118d18d119 100644 --- a/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +++ b/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc @@ -72,7 +72,8 @@ static void target_service_account_destroy( static const grpc_alts_credentials_options_vtable vtable = { alts_client_options_copy, alts_client_options_destroy}; -grpc_alts_credentials_options* grpc_alts_credentials_client_options_create() { +grpc_alts_credentials_options* grpc_alts_credentials_client_options_create( + void) { auto client_options = static_cast<grpc_alts_credentials_client_options*>( gpr_zalloc(sizeof(grpc_alts_credentials_client_options))); client_options->base.vtable = &vtable; diff --git a/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc b/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc index 62aa7a620a..1a59c45675 100644 --- a/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +++ b/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc @@ -36,7 +36,8 @@ static void alts_server_options_destroy( static const grpc_alts_credentials_options_vtable vtable = { alts_server_options_copy, alts_server_options_destroy}; -grpc_alts_credentials_options* grpc_alts_credentials_server_options_create() { +grpc_alts_credentials_options* grpc_alts_credentials_server_options_create( + void) { grpc_alts_credentials_server_options* server_options = static_cast<grpc_alts_credentials_server_options*>( gpr_zalloc(sizeof(*server_options))); diff --git a/src/core/lib/security/credentials/credentials.h b/src/core/lib/security/credentials/credentials.h index b486d25ab2..3878958b38 100644 --- a/src/core/lib/security/credentials/credentials.h +++ b/src/core/lib/security/credentials/credentials.h @@ -142,8 +142,8 @@ grpc_channel_credentials* grpc_channel_credentials_find_in_args( /* --- grpc_credentials_mdelem_array. --- */ typedef struct { - grpc_mdelem* md; - size_t size; + grpc_mdelem* md = nullptr; + size_t size = 0; } grpc_credentials_mdelem_array; /// Takes a new ref to \a md. diff --git a/src/core/lib/security/credentials/fake/fake_credentials.cc b/src/core/lib/security/credentials/fake/fake_credentials.cc index 858ab6b41b..d3e0e8c816 100644 --- a/src/core/lib/security/credentials/fake/fake_credentials.cc +++ b/src/core/lib/security/credentials/fake/fake_credentials.cc @@ -29,6 +29,7 @@ #include "src/core/lib/channel/channel_args.h" #include "src/core/lib/gpr/string.h" #include "src/core/lib/iomgr/executor.h" +#include "src/core/lib/security/security_connector/fake/fake_security_connector.h" /* -- Fake transport security credentials. -- */ diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc index c456ffaf5d..fcab252959 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc @@ -49,8 +49,8 @@ /* -- Default credentials. -- */ -static grpc_channel_credentials* g_default_credentials = nullptr; static int g_compute_engine_detection_done = 0; +static int g_need_compute_engine_creds = 0; static gpr_mu g_state_mu; static gpr_once g_once = GPR_ONCE_INIT; static grpc_core::internal::grpc_gce_tenancy_checker g_gce_tenancy_checker = @@ -182,19 +182,13 @@ grpc_channel_credentials* grpc_google_default_credentials_create(void) { grpc_error* error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( "Failed to create Google credentials"); grpc_error* err; + int need_compute_engine_creds = 0; grpc_core::ExecCtx exec_ctx; GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ()); gpr_once_init(&g_once, init_default_credentials); - gpr_mu_lock(&g_state_mu); - - if (g_default_credentials != nullptr) { - result = grpc_channel_credentials_ref(g_default_credentials); - goto end; - } - /* First, try the environment variable. */ err = create_default_creds_from_path( gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR), &call_creds); @@ -207,55 +201,50 @@ grpc_channel_credentials* grpc_google_default_credentials_create(void) { if (err == GRPC_ERROR_NONE) goto end; error = grpc_error_add_child(error, err); + gpr_mu_lock(&g_state_mu); /* At last try to see if we're on compute engine (do the detection only once since it requires a network test). */ if (!g_compute_engine_detection_done) { - int need_compute_engine_creds = g_gce_tenancy_checker(); + g_need_compute_engine_creds = g_gce_tenancy_checker(); g_compute_engine_detection_done = 1; - if (need_compute_engine_creds) { - call_creds = grpc_google_compute_engine_credentials_create(nullptr); - if (call_creds == nullptr) { - error = grpc_error_add_child( - error, GRPC_ERROR_CREATE_FROM_STATIC_STRING( - "Failed to get credentials from network")); - } - } } + need_compute_engine_creds = g_need_compute_engine_creds; + gpr_mu_unlock(&g_state_mu); -end: - if (result == nullptr) { - if (call_creds != nullptr) { - /* Create google default credentials. */ - auto creds = static_cast<grpc_google_default_channel_credentials*>( - gpr_zalloc(sizeof(grpc_google_default_channel_credentials))); - creds->base.vtable = &google_default_credentials_vtable; - creds->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_GOOGLE_DEFAULT; - gpr_ref_init(&creds->base.refcount, 1); - creds->ssl_creds = - grpc_ssl_credentials_create(nullptr, nullptr, nullptr, nullptr); - GPR_ASSERT(creds->ssl_creds != nullptr); - grpc_alts_credentials_options* options = - grpc_alts_credentials_client_options_create(); - creds->alts_creds = grpc_alts_credentials_create(options); - grpc_alts_credentials_options_destroy(options); - /* Add a global reference so that it can be cached and re-served. */ - g_default_credentials = grpc_composite_channel_credentials_create( - &creds->base, call_creds, nullptr); - GPR_ASSERT(g_default_credentials != nullptr); - grpc_channel_credentials_unref(&creds->base); - grpc_call_credentials_unref(call_creds); - result = grpc_channel_credentials_ref(g_default_credentials); - } else { - gpr_log(GPR_ERROR, "Could not create google default credentials."); + if (need_compute_engine_creds) { + call_creds = grpc_google_compute_engine_credentials_create(nullptr); + if (call_creds == nullptr) { + error = grpc_error_add_child( + error, GRPC_ERROR_CREATE_FROM_STATIC_STRING( + "Failed to get credentials from network")); } } - gpr_mu_unlock(&g_state_mu); - if (result == nullptr) { - GRPC_LOG_IF_ERROR("grpc_google_default_credentials_create", error); + +end: + if (call_creds != nullptr) { + /* Create google default credentials. */ + auto creds = static_cast<grpc_google_default_channel_credentials*>( + gpr_zalloc(sizeof(grpc_google_default_channel_credentials))); + creds->base.vtable = &google_default_credentials_vtable; + creds->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_GOOGLE_DEFAULT; + gpr_ref_init(&creds->base.refcount, 1); + creds->ssl_creds = + grpc_ssl_credentials_create(nullptr, nullptr, nullptr, nullptr); + GPR_ASSERT(creds->ssl_creds != nullptr); + grpc_alts_credentials_options* options = + grpc_alts_credentials_client_options_create(); + creds->alts_creds = grpc_alts_credentials_create(options); + grpc_alts_credentials_options_destroy(options); + result = grpc_composite_channel_credentials_create(&creds->base, call_creds, + nullptr); + GPR_ASSERT(result != nullptr); + grpc_channel_credentials_unref(&creds->base); + grpc_call_credentials_unref(call_creds); } else { - GRPC_ERROR_UNREF(error); + gpr_log(GPR_ERROR, "Could not create google default credentials: %s", + grpc_error_string(error)); } - + GRPC_ERROR_UNREF(error); return result; } @@ -266,21 +255,17 @@ void set_gce_tenancy_checker_for_testing(grpc_gce_tenancy_checker checker) { g_gce_tenancy_checker = checker; } -} // namespace internal -} // namespace grpc_core - void grpc_flush_cached_google_default_credentials(void) { grpc_core::ExecCtx exec_ctx; gpr_once_init(&g_once, init_default_credentials); gpr_mu_lock(&g_state_mu); - if (g_default_credentials != nullptr) { - grpc_channel_credentials_unref(g_default_credentials); - g_default_credentials = nullptr; - } g_compute_engine_detection_done = 0; gpr_mu_unlock(&g_state_mu); } +} // namespace internal +} // namespace grpc_core + /* -- Well known credentials path. -- */ static grpc_well_known_credentials_path_getter creds_path_getter = nullptr; diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.h b/src/core/lib/security/credentials/google_default/google_default_credentials.h index a7dd0ea8ae..b9e2efb04f 100644 --- a/src/core/lib/security/credentials/google_default/google_default_credentials.h +++ b/src/core/lib/security/credentials/google_default/google_default_credentials.h @@ -45,8 +45,6 @@ typedef struct { grpc_channel_credentials* ssl_creds; } grpc_google_default_channel_credentials; -void grpc_flush_cached_google_default_credentials(void); - namespace grpc_core { namespace internal { @@ -54,6 +52,9 @@ typedef bool (*grpc_gce_tenancy_checker)(void); void set_gce_tenancy_checker_for_testing(grpc_gce_tenancy_checker checker); +// TEST-ONLY. Reset the internal global state. +void grpc_flush_cached_google_default_credentials(void); + } // namespace internal } // namespace grpc_core diff --git a/src/core/lib/security/credentials/local/local_credentials.cc b/src/core/lib/security/credentials/local/local_credentials.cc index 9a2f646ba5..3ccfa2b908 100644 --- a/src/core/lib/security/credentials/local/local_credentials.cc +++ b/src/core/lib/security/credentials/local/local_credentials.cc @@ -25,7 +25,7 @@ #include <grpc/support/log.h> #include "src/core/lib/channel/channel_args.h" -#include "src/core/lib/security/security_connector/local_security_connector.h" +#include "src/core/lib/security/security_connector/local/local_security_connector.h" #define GRPC_CREDENTIALS_TYPE_LOCAL "Local" diff --git a/src/core/lib/security/credentials/plugin/plugin_credentials.cc b/src/core/lib/security/credentials/plugin/plugin_credentials.cc index 73946ce039..4015124298 100644 --- a/src/core/lib/security/credentials/plugin/plugin_credentials.cc +++ b/src/core/lib/security/credentials/plugin/plugin_credentials.cc @@ -102,8 +102,7 @@ static grpc_error* process_plugin_result( } else { for (size_t i = 0; i < num_md; ++i) { grpc_mdelem mdelem = - grpc_mdelem_from_slices(grpc_slice_ref_internal(md[i].key), - grpc_slice_ref_internal(md[i].value)); + grpc_mdelem_create(md[i].key, md[i].value, nullptr); grpc_credentials_mdelem_array_add(r->md_array, mdelem); GRPC_MDELEM_UNREF(mdelem); } diff --git a/src/core/lib/security/credentials/ssl/ssl_credentials.h b/src/core/lib/security/credentials/ssl/ssl_credentials.h index 712d34c733..0fba413876 100644 --- a/src/core/lib/security/credentials/ssl/ssl_credentials.h +++ b/src/core/lib/security/credentials/ssl/ssl_credentials.h @@ -22,6 +22,8 @@ #include "src/core/lib/security/credentials/credentials.h" +#include "src/core/lib/security/security_connector/ssl/ssl_security_connector.h" + typedef struct { grpc_channel_credentials base; grpc_ssl_config config; |