Merge master

10 files changed, 54 insertions, 64 deletions

diff --git a/src/core/lib/security/credentials/alts/alts_credentials.cc b/src/core/lib/security/credentials/alts/alts_credentials.cc
index fa05d901bf..1fbef4ae0c 100644
--- a/src/core/lib/security/credentials/alts/alts_credentials.cc
+++ b/src/core/lib/security/credentials/alts/alts_credentials.cc
@@ -28,7 +28,7 @@
 #include <grpc/support/string_util.h>
 
 #include "src/core/lib/security/credentials/alts/check_gcp_environment.h"
-#include "src/core/lib/security/security_connector/alts_security_connector.h"
+#include "src/core/lib/security/security_connector/alts/alts_security_connector.h"
 
 #define GRPC_CREDENTIALS_TYPE_ALTS "Alts"
 #define GRPC_ALTS_HANDSHAKER_SERVICE_URL "metadata.google.internal:8080"
diff --git a/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc b/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc
index 0a39c6c485..118d18d119 100644
--- a/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc
+++ b/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc
@@ -72,7 +72,8 @@ static void target_service_account_destroy(
 static const grpc_alts_credentials_options_vtable vtable = {
     alts_client_options_copy, alts_client_options_destroy};
 
-grpc_alts_credentials_options* grpc_alts_credentials_client_options_create() {
+grpc_alts_credentials_options* grpc_alts_credentials_client_options_create(
+    void) {
   auto client_options = static_cast<grpc_alts_credentials_client_options*>(
       gpr_zalloc(sizeof(grpc_alts_credentials_client_options)));
   client_options->base.vtable = &vtable;
diff --git a/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc b/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc
index 62aa7a620a..1a59c45675 100644
--- a/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc
+++ b/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc
@@ -36,7 +36,8 @@ static void alts_server_options_destroy(
 static const grpc_alts_credentials_options_vtable vtable = {
     alts_server_options_copy, alts_server_options_destroy};
 
-grpc_alts_credentials_options* grpc_alts_credentials_server_options_create() {
+grpc_alts_credentials_options* grpc_alts_credentials_server_options_create(
+    void) {
   grpc_alts_credentials_server_options* server_options =
       static_cast<grpc_alts_credentials_server_options*>(
           gpr_zalloc(sizeof(*server_options)));
diff --git a/src/core/lib/security/credentials/credentials.h b/src/core/lib/security/credentials/credentials.h
index b486d25ab2..3878958b38 100644
--- a/src/core/lib/security/credentials/credentials.h
+++ b/src/core/lib/security/credentials/credentials.h
@@ -142,8 +142,8 @@ grpc_channel_credentials* grpc_channel_credentials_find_in_args(
 /* --- grpc_credentials_mdelem_array. --- */
 
 typedef struct {
-  grpc_mdelem* md;
-  size_t size;
+  grpc_mdelem* md = nullptr;
+  size_t size = 0;
 } grpc_credentials_mdelem_array;
 
 /// Takes a new ref to \a md.
diff --git a/src/core/lib/security/credentials/fake/fake_credentials.cc b/src/core/lib/security/credentials/fake/fake_credentials.cc
index 858ab6b41b..d3e0e8c816 100644
--- a/src/core/lib/security/credentials/fake/fake_credentials.cc
+++ b/src/core/lib/security/credentials/fake/fake_credentials.cc
@@ -29,6 +29,7 @@
 #include "src/core/lib/channel/channel_args.h"
 #include "src/core/lib/gpr/string.h"
 #include "src/core/lib/iomgr/executor.h"
+#include "src/core/lib/security/security_connector/fake/fake_security_connector.h"
 
 /* -- Fake transport security credentials. -- */
 
diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc
index c456ffaf5d..fcab252959 100644
--- a/src/core/lib/security/credentials/google_default/google_default_credentials.cc
+++ b/src/core/lib/security/credentials/google_default/google_default_credentials.cc
@@ -49,8 +49,8 @@
 
 /* -- Default credentials. -- */
 
-static grpc_channel_credentials* g_default_credentials = nullptr;
 static int g_compute_engine_detection_done = 0;
+static int g_need_compute_engine_creds = 0;
 static gpr_mu g_state_mu;
 static gpr_once g_once = GPR_ONCE_INIT;
 static grpc_core::internal::grpc_gce_tenancy_checker g_gce_tenancy_checker =
@@ -182,19 +182,13 @@ grpc_channel_credentials* grpc_google_default_credentials_create(void) {
   grpc_error* error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
       "Failed to create Google credentials");
   grpc_error* err;
+  int need_compute_engine_creds = 0;
   grpc_core::ExecCtx exec_ctx;
 
   GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ());
 
   gpr_once_init(&g_once, init_default_credentials);
 
-  gpr_mu_lock(&g_state_mu);
-
-  if (g_default_credentials != nullptr) {
-    result = grpc_channel_credentials_ref(g_default_credentials);
-    goto end;
-  }
-
   /* First, try the environment variable. */
   err = create_default_creds_from_path(
       gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR), &call_creds);
@@ -207,55 +201,50 @@ grpc_channel_credentials* grpc_google_default_credentials_create(void) {
   if (err == GRPC_ERROR_NONE) goto end;
   error = grpc_error_add_child(error, err);
 
+  gpr_mu_lock(&g_state_mu);
   /* At last try to see if we're on compute engine (do the detection only once
      since it requires a network test). */
   if (!g_compute_engine_detection_done) {
-    int need_compute_engine_creds = g_gce_tenancy_checker();
+    g_need_compute_engine_creds = g_gce_tenancy_checker();
     g_compute_engine_detection_done = 1;
-    if (need_compute_engine_creds) {
-      call_creds = grpc_google_compute_engine_credentials_create(nullptr);
-      if (call_creds == nullptr) {
-        error = grpc_error_add_child(
-            error, GRPC_ERROR_CREATE_FROM_STATIC_STRING(
-                       "Failed to get credentials from network"));
-      }
-    }
   }
+  need_compute_engine_creds = g_need_compute_engine_creds;
+  gpr_mu_unlock(&g_state_mu);
 
-end:
-  if (result == nullptr) {
-    if (call_creds != nullptr) {
-      /* Create google default credentials. */
-      auto creds = static_cast<grpc_google_default_channel_credentials*>(
-          gpr_zalloc(sizeof(grpc_google_default_channel_credentials)));
-      creds->base.vtable = &google_default_credentials_vtable;
-      creds->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_GOOGLE_DEFAULT;
-      gpr_ref_init(&creds->base.refcount, 1);
-      creds->ssl_creds =
-          grpc_ssl_credentials_create(nullptr, nullptr, nullptr, nullptr);
-      GPR_ASSERT(creds->ssl_creds != nullptr);
-      grpc_alts_credentials_options* options =
-          grpc_alts_credentials_client_options_create();
-      creds->alts_creds = grpc_alts_credentials_create(options);
-      grpc_alts_credentials_options_destroy(options);
-      /* Add a global reference so that it can be cached and re-served. */
-      g_default_credentials = grpc_composite_channel_credentials_create(
-          &creds->base, call_creds, nullptr);
-      GPR_ASSERT(g_default_credentials != nullptr);
-      grpc_channel_credentials_unref(&creds->base);
-      grpc_call_credentials_unref(call_creds);
-      result = grpc_channel_credentials_ref(g_default_credentials);
-    } else {
-      gpr_log(GPR_ERROR, "Could not create google default credentials.");
+  if (need_compute_engine_creds) {
+    call_creds = grpc_google_compute_engine_credentials_create(nullptr);
+    if (call_creds == nullptr) {
+      error = grpc_error_add_child(
+          error, GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+                     "Failed to get credentials from network"));
     }
   }
-  gpr_mu_unlock(&g_state_mu);
-  if (result == nullptr) {
-    GRPC_LOG_IF_ERROR("grpc_google_default_credentials_create", error);
+
+end:
+  if (call_creds != nullptr) {
+    /* Create google default credentials. */
+    auto creds = static_cast<grpc_google_default_channel_credentials*>(
+        gpr_zalloc(sizeof(grpc_google_default_channel_credentials)));
+    creds->base.vtable = &google_default_credentials_vtable;
+    creds->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_GOOGLE_DEFAULT;
+    gpr_ref_init(&creds->base.refcount, 1);
+    creds->ssl_creds =
+        grpc_ssl_credentials_create(nullptr, nullptr, nullptr, nullptr);
+    GPR_ASSERT(creds->ssl_creds != nullptr);
+    grpc_alts_credentials_options* options =
+        grpc_alts_credentials_client_options_create();
+    creds->alts_creds = grpc_alts_credentials_create(options);
+    grpc_alts_credentials_options_destroy(options);
+    result = grpc_composite_channel_credentials_create(&creds->base, call_creds,
+                                                       nullptr);
+    GPR_ASSERT(result != nullptr);
+    grpc_channel_credentials_unref(&creds->base);
+    grpc_call_credentials_unref(call_creds);
   } else {
-    GRPC_ERROR_UNREF(error);
+    gpr_log(GPR_ERROR, "Could not create google default credentials: %s",
+            grpc_error_string(error));
   }
-
+  GRPC_ERROR_UNREF(error);
   return result;
 }
 
@@ -266,21 +255,17 @@ void set_gce_tenancy_checker_for_testing(grpc_gce_tenancy_checker checker) {
   g_gce_tenancy_checker = checker;
 }
 
-}  // namespace internal
-}  // namespace grpc_core
-
 void grpc_flush_cached_google_default_credentials(void) {
   grpc_core::ExecCtx exec_ctx;
   gpr_once_init(&g_once, init_default_credentials);
   gpr_mu_lock(&g_state_mu);
-  if (g_default_credentials != nullptr) {
-    grpc_channel_credentials_unref(g_default_credentials);
-    g_default_credentials = nullptr;
-  }
   g_compute_engine_detection_done = 0;
   gpr_mu_unlock(&g_state_mu);
 }
 
+}  // namespace internal
+}  // namespace grpc_core
+
 /* -- Well known credentials path. -- */
 
 static grpc_well_known_credentials_path_getter creds_path_getter = nullptr;
diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.h b/src/core/lib/security/credentials/google_default/google_default_credentials.h
index a7dd0ea8ae..b9e2efb04f 100644
--- a/src/core/lib/security/credentials/google_default/google_default_credentials.h
+++ b/src/core/lib/security/credentials/google_default/google_default_credentials.h
@@ -45,8 +45,6 @@ typedef struct {
   grpc_channel_credentials* ssl_creds;
 } grpc_google_default_channel_credentials;
 
-void grpc_flush_cached_google_default_credentials(void);
-
 namespace grpc_core {
 namespace internal {
 
@@ -54,6 +52,9 @@ typedef bool (*grpc_gce_tenancy_checker)(void);
 
 void set_gce_tenancy_checker_for_testing(grpc_gce_tenancy_checker checker);
 
+// TEST-ONLY. Reset the internal global state.
+void grpc_flush_cached_google_default_credentials(void);
+
 }  // namespace internal
 }  // namespace grpc_core
 
diff --git a/src/core/lib/security/credentials/local/local_credentials.cc b/src/core/lib/security/credentials/local/local_credentials.cc
index 9a2f646ba5..3ccfa2b908 100644
--- a/src/core/lib/security/credentials/local/local_credentials.cc
+++ b/src/core/lib/security/credentials/local/local_credentials.cc
@@ -25,7 +25,7 @@
 #include <grpc/support/log.h>
 
 #include "src/core/lib/channel/channel_args.h"
-#include "src/core/lib/security/security_connector/local_security_connector.h"
+#include "src/core/lib/security/security_connector/local/local_security_connector.h"
 
 #define GRPC_CREDENTIALS_TYPE_LOCAL "Local"
 
diff --git a/src/core/lib/security/credentials/plugin/plugin_credentials.cc b/src/core/lib/security/credentials/plugin/plugin_credentials.cc
index 73946ce039..4015124298 100644
--- a/src/core/lib/security/credentials/plugin/plugin_credentials.cc
+++ b/src/core/lib/security/credentials/plugin/plugin_credentials.cc
@@ -102,8 +102,7 @@ static grpc_error* process_plugin_result(
     } else {
       for (size_t i = 0; i < num_md; ++i) {
         grpc_mdelem mdelem =
-            grpc_mdelem_from_slices(grpc_slice_ref_internal(md[i].key),
-                                    grpc_slice_ref_internal(md[i].value));
+            grpc_mdelem_create(md[i].key, md[i].value, nullptr);
         grpc_credentials_mdelem_array_add(r->md_array, mdelem);
         GRPC_MDELEM_UNREF(mdelem);
       }
diff --git a/src/core/lib/security/credentials/ssl/ssl_credentials.h b/src/core/lib/security/credentials/ssl/ssl_credentials.h
index 712d34c733..0fba413876 100644
--- a/src/core/lib/security/credentials/ssl/ssl_credentials.h
+++ b/src/core/lib/security/credentials/ssl/ssl_credentials.h
@@ -22,6 +22,8 @@
 
 #include "src/core/lib/security/credentials/credentials.h"
 
+#include "src/core/lib/security/security_connector/ssl/ssl_security_connector.h"
+
 typedef struct {
   grpc_channel_credentials base;
   grpc_ssl_config config;