From c5f1eda10f7c04368450b757bda7fe4b58d62844 Mon Sep 17 00:00:00 2001 From: Yihua Zhang Date: Mon, 2 Jul 2018 13:29:27 -0700 Subject: implement loca credentials --- BUILD | 6 + CMakeLists.txt | 41 + Makefile | 43 + build.yaml | 6 + config.m4 | 4 + config.w32 | 4 + gRPC-C++.podspec | 3 + gRPC-Core.podspec | 9 + grpc.def | 2 + grpc.gemspec | 6 + grpc.gyp | 3 + include/grpc/grpc_security.h | 30 + package.xml | 6 + .../credentials/local/local_credentials.cc | 77 + .../security/credentials/local/local_credentials.h | 40 + .../security_connector/local_security_connector.cc | 239 +++ .../security_connector/local_security_connector.h | 58 + src/core/tsi/local_transport_security.cc | 222 +++ src/core/tsi/local_transport_security.h | 51 + src/python/grpcio/grpc_core_dependencies.py | 3 + src/ruby/ext/grpc/rb_grpc_imports.generated.c | 4 + src/ruby/ext/grpc/rb_grpc_imports.generated.h | 6 + test/core/end2end/fixtures/h2_local.cc | 149 ++ test/core/end2end/gen_build_yaml.py | 4 + test/core/end2end/generate_tests.bzl | 1 + test/core/surface/public_headers_must_be_c89.c | 2 + tools/doxygen/Doxyfile.core.internal | 6 + tools/run_tests/generated/sources_and_headers.json | 27 + tools/run_tests/generated/tests.json | 1725 ++++++++++++++++++++ 29 files changed, 2777 insertions(+) create mode 100644 src/core/lib/security/credentials/local/local_credentials.cc create mode 100644 src/core/lib/security/credentials/local/local_credentials.h create mode 100644 src/core/lib/security/security_connector/local_security_connector.cc create mode 100644 src/core/lib/security/security_connector/local_security_connector.h create mode 100644 src/core/tsi/local_transport_security.cc create mode 100644 src/core/tsi/local_transport_security.h create mode 100644 test/core/end2end/fixtures/h2_local.cc diff --git a/BUILD b/BUILD index 8ce67e6d18..93e6312dac 100644 --- a/BUILD +++ b/BUILD @@ -1442,10 +1442,12 @@ grpc_cc_library( "src/core/lib/security/credentials/jwt/json_token.cc", "src/core/lib/security/credentials/jwt/jwt_credentials.cc", "src/core/lib/security/credentials/jwt/jwt_verifier.cc", + "src/core/lib/security/credentials/local/local_credentials.cc", "src/core/lib/security/credentials/oauth2/oauth2_credentials.cc", "src/core/lib/security/credentials/plugin/plugin_credentials.cc", "src/core/lib/security/credentials/ssl/ssl_credentials.cc", "src/core/lib/security/security_connector/alts_security_connector.cc", + "src/core/lib/security/security_connector/local_security_connector.cc", "src/core/lib/security/security_connector/security_connector.cc", "src/core/lib/security/transport/client_auth_filter.cc", "src/core/lib/security/transport/secure_endpoint.cc", @@ -1468,10 +1470,12 @@ grpc_cc_library( "src/core/lib/security/credentials/jwt/json_token.h", "src/core/lib/security/credentials/jwt/jwt_credentials.h", "src/core/lib/security/credentials/jwt/jwt_verifier.h", + "src/core/lib/security/credentials/local/local_credentials.h", "src/core/lib/security/credentials/oauth2/oauth2_credentials.h", "src/core/lib/security/credentials/plugin/plugin_credentials.h", "src/core/lib/security/credentials/ssl/ssl_credentials.h", "src/core/lib/security/security_connector/alts_security_connector.h", + "src/core/lib/security/security_connector/local_security_connector.h", "src/core/lib/security/security_connector/security_connector.h", "src/core/lib/security/transport/auth_filters.h", "src/core/lib/security/transport/secure_endpoint.h", @@ -1810,6 +1814,7 @@ grpc_cc_library( "src/core/tsi/alts/handshaker/alts_tsi_utils.cc", "src/core/tsi/alts_transport_security.cc", "src/core/tsi/fake_transport_security.cc", + "src/core/tsi/local_transport_security.cc", "src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc", "src/core/tsi/ssl/session_cache/ssl_session_cache.cc", "src/core/tsi/ssl/session_cache/ssl_session_openssl.cc", @@ -1823,6 +1828,7 @@ grpc_cc_library( "src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h", "src/core/tsi/alts/handshaker/alts_tsi_utils.h", "src/core/tsi/alts_transport_security.h", + "src/core/tsi/local_transport_security.h", "src/core/tsi/fake_transport_security.h", "src/core/tsi/ssl/session_cache/ssl_session.h", "src/core/tsi/ssl/session_cache/ssl_session_cache.h", diff --git a/CMakeLists.txt b/CMakeLists.txt index 4443539af3..3e9c4a8e2f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -433,6 +433,9 @@ endif() add_dependencies(buildtests_c h2_full+trace_test) add_dependencies(buildtests_c h2_full+workarounds_test) add_dependencies(buildtests_c h2_http_proxy_test) +if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX) +add_dependencies(buildtests_c h2_local_test) +endif() add_dependencies(buildtests_c h2_oauth2_test) add_dependencies(buildtests_c h2_proxy_test) add_dependencies(buildtests_c h2_sockpair_test) @@ -1125,10 +1128,12 @@ add_library(grpc src/core/lib/security/credentials/jwt/json_token.cc src/core/lib/security/credentials/jwt/jwt_credentials.cc src/core/lib/security/credentials/jwt/jwt_verifier.cc + src/core/lib/security/credentials/local/local_credentials.cc src/core/lib/security/credentials/oauth2/oauth2_credentials.cc src/core/lib/security/credentials/plugin/plugin_credentials.cc src/core/lib/security/credentials/ssl/ssl_credentials.cc src/core/lib/security/security_connector/alts_security_connector.cc + src/core/lib/security/security_connector/local_security_connector.cc src/core/lib/security/security_connector/security_connector.cc src/core/lib/security/transport/client_auth_filter.cc src/core/lib/security/transport/secure_endpoint.cc @@ -1201,6 +1206,7 @@ add_library(grpc src/core/ext/filters/deadline/deadline_filter.cc src/core/tsi/alts_transport_security.cc src/core/tsi/fake_transport_security.cc + src/core/tsi/local_transport_security.cc src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc src/core/tsi/ssl/session_cache/ssl_session_cache.cc src/core/tsi/ssl/session_cache/ssl_session_openssl.cc @@ -1546,10 +1552,12 @@ add_library(grpc_cronet src/core/lib/security/credentials/jwt/json_token.cc src/core/lib/security/credentials/jwt/jwt_credentials.cc src/core/lib/security/credentials/jwt/jwt_verifier.cc + src/core/lib/security/credentials/local/local_credentials.cc src/core/lib/security/credentials/oauth2/oauth2_credentials.cc src/core/lib/security/credentials/plugin/plugin_credentials.cc src/core/lib/security/credentials/ssl/ssl_credentials.cc src/core/lib/security/security_connector/alts_security_connector.cc + src/core/lib/security/security_connector/local_security_connector.cc src/core/lib/security/security_connector/security_connector.cc src/core/lib/security/transport/client_auth_filter.cc src/core/lib/security/transport/secure_endpoint.cc @@ -1600,6 +1608,7 @@ add_library(grpc_cronet src/core/ext/transport/chttp2/client/chttp2_connector.cc src/core/tsi/alts_transport_security.cc src/core/tsi/fake_transport_security.cc + src/core/tsi/local_transport_security.cc src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc src/core/tsi/ssl/session_cache/ssl_session_cache.cc src/core/tsi/ssl/session_cache/ssl_session_openssl.cc @@ -15258,6 +15267,38 @@ target_link_libraries(h2_http_proxy_test gpr ) +endif (gRPC_BUILD_TESTS) +if (gRPC_BUILD_TESTS) +if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX) + +add_executable(h2_local_test + test/core/end2end/fixtures/h2_local.cc +) + + +target_include_directories(h2_local_test + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR} + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include + PRIVATE ${_gRPC_SSL_INCLUDE_DIR} + PRIVATE ${_gRPC_PROTOBUF_INCLUDE_DIR} + PRIVATE ${_gRPC_ZLIB_INCLUDE_DIR} + PRIVATE ${_gRPC_BENCHMARK_INCLUDE_DIR} + PRIVATE ${_gRPC_CARES_INCLUDE_DIR} + PRIVATE ${_gRPC_GFLAGS_INCLUDE_DIR} + PRIVATE ${_gRPC_ADDRESS_SORTING_INCLUDE_DIR} + PRIVATE ${_gRPC_NANOPB_INCLUDE_DIR} +) + +target_link_libraries(h2_local_test + ${_gRPC_ALLTARGETS_LIBRARIES} + end2end_tests + grpc_test_util + grpc + gpr_test_util + gpr +) + +endif() endif (gRPC_BUILD_TESTS) if (gRPC_BUILD_TESTS) diff --git a/Makefile b/Makefile index d90755bb68..462e393abc 100644 --- a/Makefile +++ b/Makefile @@ -1304,6 +1304,7 @@ h2_full+pipe_test: $(BINDIR)/$(CONFIG)/h2_full+pipe_test h2_full+trace_test: $(BINDIR)/$(CONFIG)/h2_full+trace_test h2_full+workarounds_test: $(BINDIR)/$(CONFIG)/h2_full+workarounds_test h2_http_proxy_test: $(BINDIR)/$(CONFIG)/h2_http_proxy_test +h2_local_test: $(BINDIR)/$(CONFIG)/h2_local_test h2_oauth2_test: $(BINDIR)/$(CONFIG)/h2_oauth2_test h2_proxy_test: $(BINDIR)/$(CONFIG)/h2_proxy_test h2_sockpair_test: $(BINDIR)/$(CONFIG)/h2_sockpair_test @@ -1558,6 +1559,7 @@ buildtests_c: privatelibs_c \ $(BINDIR)/$(CONFIG)/h2_full+trace_test \ $(BINDIR)/$(CONFIG)/h2_full+workarounds_test \ $(BINDIR)/$(CONFIG)/h2_http_proxy_test \ + $(BINDIR)/$(CONFIG)/h2_local_test \ $(BINDIR)/$(CONFIG)/h2_oauth2_test \ $(BINDIR)/$(CONFIG)/h2_proxy_test \ $(BINDIR)/$(CONFIG)/h2_sockpair_test \ @@ -3568,10 +3570,12 @@ LIBGRPC_SRC = \ src/core/lib/security/credentials/jwt/json_token.cc \ src/core/lib/security/credentials/jwt/jwt_credentials.cc \ src/core/lib/security/credentials/jwt/jwt_verifier.cc \ + src/core/lib/security/credentials/local/local_credentials.cc \ src/core/lib/security/credentials/oauth2/oauth2_credentials.cc \ src/core/lib/security/credentials/plugin/plugin_credentials.cc \ src/core/lib/security/credentials/ssl/ssl_credentials.cc \ src/core/lib/security/security_connector/alts_security_connector.cc \ + src/core/lib/security/security_connector/local_security_connector.cc \ src/core/lib/security/security_connector/security_connector.cc \ src/core/lib/security/transport/client_auth_filter.cc \ src/core/lib/security/transport/secure_endpoint.cc \ @@ -3644,6 +3648,7 @@ LIBGRPC_SRC = \ src/core/ext/filters/deadline/deadline_filter.cc \ src/core/tsi/alts_transport_security.cc \ src/core/tsi/fake_transport_security.cc \ + src/core/tsi/local_transport_security.cc \ src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc \ src/core/tsi/ssl/session_cache/ssl_session_cache.cc \ src/core/tsi/ssl/session_cache/ssl_session_openssl.cc \ @@ -3988,10 +3993,12 @@ LIBGRPC_CRONET_SRC = \ src/core/lib/security/credentials/jwt/json_token.cc \ src/core/lib/security/credentials/jwt/jwt_credentials.cc \ src/core/lib/security/credentials/jwt/jwt_verifier.cc \ + src/core/lib/security/credentials/local/local_credentials.cc \ src/core/lib/security/credentials/oauth2/oauth2_credentials.cc \ src/core/lib/security/credentials/plugin/plugin_credentials.cc \ src/core/lib/security/credentials/ssl/ssl_credentials.cc \ src/core/lib/security/security_connector/alts_security_connector.cc \ + src/core/lib/security/security_connector/local_security_connector.cc \ src/core/lib/security/security_connector/security_connector.cc \ src/core/lib/security/transport/client_auth_filter.cc \ src/core/lib/security/transport/secure_endpoint.cc \ @@ -4042,6 +4049,7 @@ LIBGRPC_CRONET_SRC = \ src/core/ext/transport/chttp2/client/chttp2_connector.cc \ src/core/tsi/alts_transport_security.cc \ src/core/tsi/fake_transport_security.cc \ + src/core/tsi/local_transport_security.cc \ src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc \ src/core/tsi/ssl/session_cache/ssl_session_cache.cc \ src/core/tsi/ssl/session_cache/ssl_session_openssl.cc \ @@ -22956,6 +22964,38 @@ endif endif +H2_LOCAL_TEST_SRC = \ + test/core/end2end/fixtures/h2_local.cc \ + +H2_LOCAL_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(H2_LOCAL_TEST_SRC)))) +ifeq ($(NO_SECURE),true) + +# You can't build secure targets if you don't have OpenSSL. + +$(BINDIR)/$(CONFIG)/h2_local_test: openssl_dep_error + +else + + + +$(BINDIR)/$(CONFIG)/h2_local_test: $(H2_LOCAL_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libend2end_tests.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a + $(E) "[LD] Linking $@" + $(Q) mkdir -p `dirname $@` + $(Q) $(LD) $(LDFLAGS) $(H2_LOCAL_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libend2end_tests.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LDLIBS) $(LDLIBS_SECURE) -o $(BINDIR)/$(CONFIG)/h2_local_test + +endif + +$(OBJDIR)/$(CONFIG)/test/core/end2end/fixtures/h2_local.o: $(LIBDIR)/$(CONFIG)/libend2end_tests.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a + +deps_h2_local_test: $(H2_LOCAL_TEST_OBJS:.o=.dep) + +ifneq ($(NO_SECURE),true) +ifneq ($(NO_DEPS),true) +-include $(H2_LOCAL_TEST_OBJS:.o=.dep) +endif +endif + + H2_OAUTH2_TEST_SRC = \ test/core/end2end/fixtures/h2_oauth2.cc \ @@ -24349,10 +24389,12 @@ src/core/lib/security/credentials/iam/iam_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/jwt/json_token.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/jwt/jwt_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/jwt/jwt_verifier.cc: $(OPENSSL_DEP) +src/core/lib/security/credentials/local/local_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/oauth2/oauth2_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/plugin/plugin_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/ssl/ssl_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/security_connector/alts_security_connector.cc: $(OPENSSL_DEP) +src/core/lib/security/security_connector/local_security_connector.cc: $(OPENSSL_DEP) src/core/lib/security/security_connector/security_connector.cc: $(OPENSSL_DEP) src/core/lib/security/transport/client_auth_filter.cc: $(OPENSSL_DEP) src/core/lib/security/transport/secure_endpoint.cc: $(OPENSSL_DEP) @@ -24390,6 +24432,7 @@ src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc: $(OPE src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc: $(OPENSSL_DEP) src/core/tsi/alts_transport_security.cc: $(OPENSSL_DEP) src/core/tsi/fake_transport_security.cc: $(OPENSSL_DEP) +src/core/tsi/local_transport_security.cc: $(OPENSSL_DEP) src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc: $(OPENSSL_DEP) src/core/tsi/ssl/session_cache/ssl_session_cache.cc: $(OPENSSL_DEP) src/core/tsi/ssl/session_cache/ssl_session_openssl.cc: $(OPENSSL_DEP) diff --git a/build.yaml b/build.yaml index 3fa8366550..88a055e805 100644 --- a/build.yaml +++ b/build.yaml @@ -781,10 +781,12 @@ filegroups: - src/core/lib/security/credentials/jwt/json_token.h - src/core/lib/security/credentials/jwt/jwt_credentials.h - src/core/lib/security/credentials/jwt/jwt_verifier.h + - src/core/lib/security/credentials/local/local_credentials.h - src/core/lib/security/credentials/oauth2/oauth2_credentials.h - src/core/lib/security/credentials/plugin/plugin_credentials.h - src/core/lib/security/credentials/ssl/ssl_credentials.h - src/core/lib/security/security_connector/alts_security_connector.h + - src/core/lib/security/security_connector/local_security_connector.h - src/core/lib/security/security_connector/security_connector.h - src/core/lib/security/transport/auth_filters.h - src/core/lib/security/transport/secure_endpoint.h @@ -806,10 +808,12 @@ filegroups: - src/core/lib/security/credentials/jwt/json_token.cc - src/core/lib/security/credentials/jwt/jwt_credentials.cc - src/core/lib/security/credentials/jwt/jwt_verifier.cc + - src/core/lib/security/credentials/local/local_credentials.cc - src/core/lib/security/credentials/oauth2/oauth2_credentials.cc - src/core/lib/security/credentials/plugin/plugin_credentials.cc - src/core/lib/security/credentials/ssl/ssl_credentials.cc - src/core/lib/security/security_connector/alts_security_connector.cc + - src/core/lib/security/security_connector/local_security_connector.cc - src/core/lib/security/security_connector/security_connector.cc - src/core/lib/security/transport/client_auth_filter.cc - src/core/lib/security/transport/secure_endpoint.cc @@ -1070,6 +1074,7 @@ filegroups: headers: - src/core/tsi/alts_transport_security.h - src/core/tsi/fake_transport_security.h + - src/core/tsi/local_transport_security.h - src/core/tsi/ssl/session_cache/ssl_session.h - src/core/tsi/ssl/session_cache/ssl_session_cache.h - src/core/tsi/ssl_transport_security.h @@ -1078,6 +1083,7 @@ filegroups: src: - src/core/tsi/alts_transport_security.cc - src/core/tsi/fake_transport_security.cc + - src/core/tsi/local_transport_security.cc - src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc - src/core/tsi/ssl/session_cache/ssl_session_cache.cc - src/core/tsi/ssl/session_cache/ssl_session_openssl.cc diff --git a/config.m4 b/config.m4 index 3cf2b3e7b1..d4af0cfd91 100644 --- a/config.m4 +++ b/config.m4 @@ -275,10 +275,12 @@ if test "$PHP_GRPC" != "no"; then src/core/lib/security/credentials/jwt/json_token.cc \ src/core/lib/security/credentials/jwt/jwt_credentials.cc \ src/core/lib/security/credentials/jwt/jwt_verifier.cc \ + src/core/lib/security/credentials/local/local_credentials.cc \ src/core/lib/security/credentials/oauth2/oauth2_credentials.cc \ src/core/lib/security/credentials/plugin/plugin_credentials.cc \ src/core/lib/security/credentials/ssl/ssl_credentials.cc \ src/core/lib/security/security_connector/alts_security_connector.cc \ + src/core/lib/security/security_connector/local_security_connector.cc \ src/core/lib/security/security_connector/security_connector.cc \ src/core/lib/security/transport/client_auth_filter.cc \ src/core/lib/security/transport/secure_endpoint.cc \ @@ -351,6 +353,7 @@ if test "$PHP_GRPC" != "no"; then src/core/ext/filters/deadline/deadline_filter.cc \ src/core/tsi/alts_transport_security.cc \ src/core/tsi/fake_transport_security.cc \ + src/core/tsi/local_transport_security.cc \ src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc \ src/core/tsi/ssl/session_cache/ssl_session_cache.cc \ src/core/tsi/ssl/session_cache/ssl_session_openssl.cc \ @@ -697,6 +700,7 @@ if test "$PHP_GRPC" != "no"; then PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/google_default) PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/iam) PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/jwt) + PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/local) PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/oauth2) PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/plugin) PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/ssl) diff --git a/config.w32 b/config.w32 index ecdd941c98..0f219d3496 100644 --- a/config.w32 +++ b/config.w32 @@ -250,10 +250,12 @@ if (PHP_GRPC != "no") { "src\\core\\lib\\security\\credentials\\jwt\\json_token.cc " + "src\\core\\lib\\security\\credentials\\jwt\\jwt_credentials.cc " + "src\\core\\lib\\security\\credentials\\jwt\\jwt_verifier.cc " + + "src\\core\\lib\\security\\credentials\\local\\local_credentials.cc " + "src\\core\\lib\\security\\credentials\\oauth2\\oauth2_credentials.cc " + "src\\core\\lib\\security\\credentials\\plugin\\plugin_credentials.cc " + "src\\core\\lib\\security\\credentials\\ssl\\ssl_credentials.cc " + "src\\core\\lib\\security\\security_connector\\alts_security_connector.cc " + + "src\\core\\lib\\security\\security_connector\\local_security_connector.cc " + "src\\core\\lib\\security\\security_connector\\security_connector.cc " + "src\\core\\lib\\security\\transport\\client_auth_filter.cc " + "src\\core\\lib\\security\\transport\\secure_endpoint.cc " + @@ -326,6 +328,7 @@ if (PHP_GRPC != "no") { "src\\core\\ext\\filters\\deadline\\deadline_filter.cc " + "src\\core\\tsi\\alts_transport_security.cc " + "src\\core\\tsi\\fake_transport_security.cc " + + "src\\core\\tsi\\local_transport_security.cc " + "src\\core\\tsi\\ssl\\session_cache\\ssl_session_boringssl.cc " + "src\\core\\tsi\\ssl\\session_cache\\ssl_session_cache.cc " + "src\\core\\tsi\\ssl\\session_cache\\ssl_session_openssl.cc " + @@ -713,6 +716,7 @@ if (PHP_GRPC != "no") { FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\google_default"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\iam"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\jwt"); + FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\local"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\oauth2"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\plugin"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\ssl"); diff --git a/gRPC-C++.podspec b/gRPC-C++.podspec index ce8cc06bad..e2af9a0517 100644 --- a/gRPC-C++.podspec +++ b/gRPC-C++.podspec @@ -272,10 +272,12 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/jwt/json_token.h', 'src/core/lib/security/credentials/jwt/jwt_credentials.h', 'src/core/lib/security/credentials/jwt/jwt_verifier.h', + 'src/core/lib/security/credentials/local/local_credentials.h', 'src/core/lib/security/credentials/oauth2/oauth2_credentials.h', 'src/core/lib/security/credentials/plugin/plugin_credentials.h', 'src/core/lib/security/credentials/ssl/ssl_credentials.h', 'src/core/lib/security/security_connector/alts_security_connector.h', + 'src/core/lib/security/security_connector/local_security_connector.h', 'src/core/lib/security/security_connector/security_connector.h', 'src/core/lib/security/transport/auth_filters.h', 'src/core/lib/security/transport/secure_endpoint.h', @@ -335,6 +337,7 @@ Pod::Spec.new do |s| 'src/core/ext/filters/deadline/deadline_filter.h', 'src/core/tsi/alts_transport_security.h', 'src/core/tsi/fake_transport_security.h', + 'src/core/tsi/local_transport_security.h', 'src/core/tsi/ssl/session_cache/ssl_session.h', 'src/core/tsi/ssl/session_cache/ssl_session_cache.h', 'src/core/tsi/ssl_transport_security.h', diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec index 4006889c24..99cd621524 100644 --- a/gRPC-Core.podspec +++ b/gRPC-Core.podspec @@ -282,10 +282,12 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/jwt/json_token.h', 'src/core/lib/security/credentials/jwt/jwt_credentials.h', 'src/core/lib/security/credentials/jwt/jwt_verifier.h', + 'src/core/lib/security/credentials/local/local_credentials.h', 'src/core/lib/security/credentials/oauth2/oauth2_credentials.h', 'src/core/lib/security/credentials/plugin/plugin_credentials.h', 'src/core/lib/security/credentials/ssl/ssl_credentials.h', 'src/core/lib/security/security_connector/alts_security_connector.h', + 'src/core/lib/security/security_connector/local_security_connector.h', 'src/core/lib/security/security_connector/security_connector.h', 'src/core/lib/security/transport/auth_filters.h', 'src/core/lib/security/transport/secure_endpoint.h', @@ -345,6 +347,7 @@ Pod::Spec.new do |s| 'src/core/ext/filters/deadline/deadline_filter.h', 'src/core/tsi/alts_transport_security.h', 'src/core/tsi/fake_transport_security.h', + 'src/core/tsi/local_transport_security.h', 'src/core/tsi/ssl/session_cache/ssl_session.h', 'src/core/tsi/ssl/session_cache/ssl_session_cache.h', 'src/core/tsi/ssl_transport_security.h', @@ -694,10 +697,12 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/jwt/json_token.cc', 'src/core/lib/security/credentials/jwt/jwt_credentials.cc', 'src/core/lib/security/credentials/jwt/jwt_verifier.cc', + 'src/core/lib/security/credentials/local/local_credentials.cc', 'src/core/lib/security/credentials/oauth2/oauth2_credentials.cc', 'src/core/lib/security/credentials/plugin/plugin_credentials.cc', 'src/core/lib/security/credentials/ssl/ssl_credentials.cc', 'src/core/lib/security/security_connector/alts_security_connector.cc', + 'src/core/lib/security/security_connector/local_security_connector.cc', 'src/core/lib/security/security_connector/security_connector.cc', 'src/core/lib/security/transport/client_auth_filter.cc', 'src/core/lib/security/transport/secure_endpoint.cc', @@ -767,6 +772,7 @@ Pod::Spec.new do |s| 'src/core/ext/filters/deadline/deadline_filter.cc', 'src/core/tsi/alts_transport_security.cc', 'src/core/tsi/fake_transport_security.cc', + 'src/core/tsi/local_transport_security.cc', 'src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc', 'src/core/tsi/ssl/session_cache/ssl_session_cache.cc', 'src/core/tsi/ssl/session_cache/ssl_session_openssl.cc', @@ -864,10 +870,12 @@ Pod::Spec.new do |s| 'src/core/lib/security/credentials/jwt/json_token.h', 'src/core/lib/security/credentials/jwt/jwt_credentials.h', 'src/core/lib/security/credentials/jwt/jwt_verifier.h', + 'src/core/lib/security/credentials/local/local_credentials.h', 'src/core/lib/security/credentials/oauth2/oauth2_credentials.h', 'src/core/lib/security/credentials/plugin/plugin_credentials.h', 'src/core/lib/security/credentials/ssl/ssl_credentials.h', 'src/core/lib/security/security_connector/alts_security_connector.h', + 'src/core/lib/security/security_connector/local_security_connector.h', 'src/core/lib/security/security_connector/security_connector.h', 'src/core/lib/security/transport/auth_filters.h', 'src/core/lib/security/transport/secure_endpoint.h', @@ -927,6 +935,7 @@ Pod::Spec.new do |s| 'src/core/ext/filters/deadline/deadline_filter.h', 'src/core/tsi/alts_transport_security.h', 'src/core/tsi/fake_transport_security.h', + 'src/core/tsi/local_transport_security.h', 'src/core/tsi/ssl/session_cache/ssl_session.h', 'src/core/tsi/ssl/session_cache/ssl_session_cache.h', 'src/core/tsi/ssl_transport_security.h', diff --git a/grpc.def b/grpc.def index e7f93396b2..a81372f7d2 100644 --- a/grpc.def +++ b/grpc.def @@ -119,6 +119,8 @@ EXPORTS grpc_alts_credentials_options_destroy grpc_alts_credentials_create grpc_alts_server_credentials_create + grpc_local_credentials_create + grpc_local_server_credentials_create grpc_raw_byte_buffer_create grpc_raw_compressed_byte_buffer_create grpc_byte_buffer_copy diff --git a/grpc.gemspec b/grpc.gemspec index 21bd8e0b03..b0329c4ef8 100644 --- a/grpc.gemspec +++ b/grpc.gemspec @@ -215,10 +215,12 @@ Gem::Specification.new do |s| s.files += %w( src/core/lib/security/credentials/jwt/json_token.h ) s.files += %w( src/core/lib/security/credentials/jwt/jwt_credentials.h ) s.files += %w( src/core/lib/security/credentials/jwt/jwt_verifier.h ) + s.files += %w( src/core/lib/security/credentials/local/local_credentials.h ) s.files += %w( src/core/lib/security/credentials/oauth2/oauth2_credentials.h ) s.files += %w( src/core/lib/security/credentials/plugin/plugin_credentials.h ) s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.h ) s.files += %w( src/core/lib/security/security_connector/alts_security_connector.h ) + s.files += %w( src/core/lib/security/security_connector/local_security_connector.h ) s.files += %w( src/core/lib/security/security_connector/security_connector.h ) s.files += %w( src/core/lib/security/transport/auth_filters.h ) s.files += %w( src/core/lib/security/transport/secure_endpoint.h ) @@ -282,6 +284,7 @@ Gem::Specification.new do |s| s.files += %w( src/core/ext/filters/deadline/deadline_filter.h ) s.files += %w( src/core/tsi/alts_transport_security.h ) s.files += %w( src/core/tsi/fake_transport_security.h ) + s.files += %w( src/core/tsi/local_transport_security.h ) s.files += %w( src/core/tsi/ssl/session_cache/ssl_session.h ) s.files += %w( src/core/tsi/ssl/session_cache/ssl_session_cache.h ) s.files += %w( src/core/tsi/ssl_transport_security.h ) @@ -631,10 +634,12 @@ Gem::Specification.new do |s| s.files += %w( src/core/lib/security/credentials/jwt/json_token.cc ) s.files += %w( src/core/lib/security/credentials/jwt/jwt_credentials.cc ) s.files += %w( src/core/lib/security/credentials/jwt/jwt_verifier.cc ) + s.files += %w( src/core/lib/security/credentials/local/local_credentials.cc ) s.files += %w( src/core/lib/security/credentials/oauth2/oauth2_credentials.cc ) s.files += %w( src/core/lib/security/credentials/plugin/plugin_credentials.cc ) s.files += %w( src/core/lib/security/credentials/ssl/ssl_credentials.cc ) s.files += %w( src/core/lib/security/security_connector/alts_security_connector.cc ) + s.files += %w( src/core/lib/security/security_connector/local_security_connector.cc ) s.files += %w( src/core/lib/security/security_connector/security_connector.cc ) s.files += %w( src/core/lib/security/transport/client_auth_filter.cc ) s.files += %w( src/core/lib/security/transport/secure_endpoint.cc ) @@ -707,6 +712,7 @@ Gem::Specification.new do |s| s.files += %w( src/core/ext/filters/deadline/deadline_filter.cc ) s.files += %w( src/core/tsi/alts_transport_security.cc ) s.files += %w( src/core/tsi/fake_transport_security.cc ) + s.files += %w( src/core/tsi/local_transport_security.cc ) s.files += %w( src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc ) s.files += %w( src/core/tsi/ssl/session_cache/ssl_session_cache.cc ) s.files += %w( src/core/tsi/ssl/session_cache/ssl_session_openssl.cc ) diff --git a/grpc.gyp b/grpc.gyp index fcb5a3fdf9..6b3efe5c12 100644 --- a/grpc.gyp +++ b/grpc.gyp @@ -467,10 +467,12 @@ 'src/core/lib/security/credentials/jwt/json_token.cc', 'src/core/lib/security/credentials/jwt/jwt_credentials.cc', 'src/core/lib/security/credentials/jwt/jwt_verifier.cc', + 'src/core/lib/security/credentials/local/local_credentials.cc', 'src/core/lib/security/credentials/oauth2/oauth2_credentials.cc', 'src/core/lib/security/credentials/plugin/plugin_credentials.cc', 'src/core/lib/security/credentials/ssl/ssl_credentials.cc', 'src/core/lib/security/security_connector/alts_security_connector.cc', + 'src/core/lib/security/security_connector/local_security_connector.cc', 'src/core/lib/security/security_connector/security_connector.cc', 'src/core/lib/security/transport/client_auth_filter.cc', 'src/core/lib/security/transport/secure_endpoint.cc', @@ -543,6 +545,7 @@ 'src/core/ext/filters/deadline/deadline_filter.cc', 'src/core/tsi/alts_transport_security.cc', 'src/core/tsi/fake_transport_security.cc', + 'src/core/tsi/local_transport_security.cc', 'src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc', 'src/core/tsi/ssl/session_cache/ssl_session_cache.cc', 'src/core/tsi/ssl/session_cache/ssl_session_openssl.cc', diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index b34fb70898..102d20fcf9 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -585,6 +585,36 @@ GRPCAPI grpc_channel_credentials* grpc_alts_credentials_create( GRPCAPI grpc_server_credentials* grpc_alts_server_credentials_create( const grpc_alts_credentials_options* options); +/** --- Local channel/server credentials --- **/ + +/** + * Type of local connection for which local channel/server credentials will be + * applied. It only supports UDS for now. + */ +typedef enum { UDS = 0 } grpc_local_connect_type; + +/** + * This method creates a local channel credential object. It is used for + * experimental purpose for now and subject to change. + * + * - type: local connection type + * + * It returns the created local channel credential object. + */ +GRPCAPI grpc_channel_credentials* grpc_local_credentials_create( + grpc_local_connect_type type); + +/** + * This method creates a local server credential object. It is used for + * experimental purpose for now and subject to change. + * + * - type: local connection type + * + * It returns the created local server credential object. + */ +GRPCAPI grpc_server_credentials* grpc_local_server_credentials_create( + grpc_local_connect_type type); + #ifdef __cplusplus } #endif diff --git a/package.xml b/package.xml index bab3bc1ba9..79175e50df 100644 --- a/package.xml +++ b/package.xml @@ -220,10 +220,12 @@ + + @@ -287,6 +289,7 @@ + @@ -636,10 +639,12 @@ + + @@ -712,6 +717,7 @@ + diff --git a/src/core/lib/security/credentials/local/local_credentials.cc b/src/core/lib/security/credentials/local/local_credentials.cc new file mode 100644 index 0000000000..9a2f646ba5 --- /dev/null +++ b/src/core/lib/security/credentials/local/local_credentials.cc @@ -0,0 +1,77 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include + +#include "src/core/lib/security/credentials/local/local_credentials.h" + +#include +#include +#include + +#include "src/core/lib/channel/channel_args.h" +#include "src/core/lib/security/security_connector/local_security_connector.h" + +#define GRPC_CREDENTIALS_TYPE_LOCAL "Local" + +static void local_credentials_destruct(grpc_channel_credentials* creds) {} + +static void local_server_credentials_destruct(grpc_server_credentials* creds) {} + +static grpc_security_status local_create_security_connector( + grpc_channel_credentials* creds, + grpc_call_credentials* request_metadata_creds, const char* target_name, + const grpc_channel_args* args, grpc_channel_security_connector** sc, + grpc_channel_args** new_args) { + return grpc_local_channel_security_connector_create( + creds, request_metadata_creds, args, target_name, sc); +} + +static grpc_security_status local_server_create_security_connector( + grpc_server_credentials* creds, grpc_server_security_connector** sc) { + return grpc_local_server_security_connector_create(creds, sc); +} + +static const grpc_channel_credentials_vtable local_credentials_vtable = { + local_credentials_destruct, local_create_security_connector, + /*duplicate_without_call_credentials=*/nullptr}; + +static const grpc_server_credentials_vtable local_server_credentials_vtable = { + local_server_credentials_destruct, local_server_create_security_connector}; + +grpc_channel_credentials* grpc_local_credentials_create( + grpc_local_connect_type connect_type) { + auto creds = static_cast( + gpr_zalloc(sizeof(grpc_local_credentials))); + creds->connect_type = connect_type; + creds->base.type = GRPC_CREDENTIALS_TYPE_LOCAL; + creds->base.vtable = &local_credentials_vtable; + gpr_ref_init(&creds->base.refcount, 1); + return &creds->base; +} + +grpc_server_credentials* grpc_local_server_credentials_create( + grpc_local_connect_type connect_type) { + auto creds = static_cast( + gpr_zalloc(sizeof(grpc_local_server_credentials))); + creds->connect_type = connect_type; + creds->base.type = GRPC_CREDENTIALS_TYPE_LOCAL; + creds->base.vtable = &local_server_credentials_vtable; + gpr_ref_init(&creds->base.refcount, 1); + return &creds->base; +} diff --git a/src/core/lib/security/credentials/local/local_credentials.h b/src/core/lib/security/credentials/local/local_credentials.h new file mode 100644 index 0000000000..47358b04bc --- /dev/null +++ b/src/core/lib/security/credentials/local/local_credentials.h @@ -0,0 +1,40 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_LOCAL_LOCAL_CREDENTIALS_H +#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_LOCAL_LOCAL_CREDENTIALS_H + +#include + +#include + +#include "src/core/lib/security/credentials/credentials.h" + +/* Main struct for grpc local channel credential. */ +typedef struct grpc_local_credentials { + grpc_channel_credentials base; + grpc_local_connect_type connect_type; +} grpc_local_credentials; + +/* Main struct for grpc local server credential. */ +typedef struct grpc_local_server_credentials { + grpc_server_credentials base; + grpc_local_connect_type connect_type; +} grpc_local_server_credentials; + +#endif /* GRPC_CORE_LIB_SECURITY_CREDENTIALS_LOCAL_LOCAL_CREDENTIALS_H */ diff --git a/src/core/lib/security/security_connector/local_security_connector.cc b/src/core/lib/security/security_connector/local_security_connector.cc new file mode 100644 index 0000000000..3fe72013bd --- /dev/null +++ b/src/core/lib/security/security_connector/local_security_connector.cc @@ -0,0 +1,239 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include + +#include "src/core/lib/security/security_connector/local_security_connector.h" + +#include +#include + +#include +#include +#include +#include + +#include "src/core/ext/filters/client_channel/client_channel.h" +#include "src/core/lib/channel/channel_args.h" +#include "src/core/lib/security/credentials/local/local_credentials.h" +#include "src/core/lib/security/transport/security_handshaker.h" +#include "src/core/tsi/local_transport_security.h" + +#define GRPC_UDS_URL_SCHEME "unix" +#define GRPC_LOCAL_TRANSPORT_SECURITY_TYPE "local" + +typedef struct { + grpc_channel_security_connector base; + char* target_name; +} grpc_local_channel_security_connector; + +typedef struct { + grpc_server_security_connector base; +} grpc_local_server_security_connector; + +static void local_channel_destroy(grpc_security_connector* sc) { + if (sc == nullptr) { + return; + } + auto c = reinterpret_cast(sc); + grpc_call_credentials_unref(c->base.request_metadata_creds); + grpc_channel_credentials_unref(c->base.channel_creds); + gpr_free(c->target_name); + gpr_free(sc); +} + +static void local_server_destroy(grpc_security_connector* sc) { + if (sc == nullptr) { + return; + } + auto c = reinterpret_cast(sc); + grpc_server_credentials_unref(c->base.server_creds); + gpr_free(sc); +} + +static void local_channel_add_handshakers( + grpc_channel_security_connector* sc, + grpc_handshake_manager* handshake_manager) { + tsi_handshaker* handshaker = nullptr; + GPR_ASSERT(local_tsi_handshaker_create(true /* is_client */, &handshaker) == + TSI_OK); + grpc_handshake_manager_add(handshake_manager, grpc_security_handshaker_create( + handshaker, &sc->base)); +} + +static void local_server_add_handshakers( + grpc_server_security_connector* sc, + grpc_handshake_manager* handshake_manager) { + tsi_handshaker* handshaker = nullptr; + GPR_ASSERT(local_tsi_handshaker_create(false /* is_client */, &handshaker) == + TSI_OK); + grpc_handshake_manager_add(handshake_manager, grpc_security_handshaker_create( + handshaker, &sc->base)); +} + +static int local_channel_cmp(grpc_security_connector* sc1, + grpc_security_connector* sc2) { + grpc_local_channel_security_connector* c1 = + reinterpret_cast(sc1); + grpc_local_channel_security_connector* c2 = + reinterpret_cast(sc2); + int c = grpc_channel_security_connector_cmp(&c1->base, &c2->base); + if (c != 0) return c; + return strcmp(c1->target_name, c2->target_name); +} + +static int local_server_cmp(grpc_security_connector* sc1, + grpc_security_connector* sc2) { + grpc_local_server_security_connector* c1 = + reinterpret_cast(sc1); + grpc_local_server_security_connector* c2 = + reinterpret_cast(sc2); + return grpc_server_security_connector_cmp(&c1->base, &c2->base); +} + +static grpc_security_status local_auth_context_create(grpc_auth_context** ctx) { + if (ctx == nullptr) { + gpr_log(GPR_ERROR, "Invalid arguments to local_auth_context_create()"); + return GRPC_SECURITY_ERROR; + } + /* Create auth context. */ + *ctx = grpc_auth_context_create(nullptr); + grpc_auth_context_add_cstring_property( + *ctx, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME, + GRPC_LOCAL_TRANSPORT_SECURITY_TYPE); + GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name( + *ctx, GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME) == 1); + return GRPC_SECURITY_OK; +} + +static void local_check_peer(grpc_security_connector* sc, tsi_peer peer, + grpc_auth_context** auth_context, + grpc_closure* on_peer_checked) { + grpc_security_status status; + status = local_auth_context_create(auth_context); + grpc_error* error = status == GRPC_SECURITY_OK + ? GRPC_ERROR_NONE + : GRPC_ERROR_CREATE_FROM_STATIC_STRING( + "Could not create local auth context"); + GRPC_CLOSURE_SCHED(on_peer_checked, error); +} + +static grpc_security_connector_vtable local_channel_vtable = { + local_channel_destroy, local_check_peer, local_channel_cmp}; + +static grpc_security_connector_vtable local_server_vtable = { + local_server_destroy, local_check_peer, local_server_cmp}; + +static bool local_check_call_host(grpc_channel_security_connector* sc, + const char* host, + grpc_auth_context* auth_context, + grpc_closure* on_call_host_checked, + grpc_error** error) { + grpc_local_channel_security_connector* local_sc = + reinterpret_cast(sc); + if (host == nullptr || local_sc == nullptr || + strcmp(host, local_sc->target_name) != 0) { + *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( + "local call host does not match target name"); + } + return true; +} + +static void local_cancel_check_call_host(grpc_channel_security_connector* sc, + grpc_closure* on_call_host_checked, + grpc_error* error) { + GRPC_ERROR_UNREF(error); +} + +grpc_security_status grpc_local_channel_security_connector_create( + grpc_channel_credentials* channel_creds, + grpc_call_credentials* request_metadata_creds, + const grpc_channel_args* args, const char* target_name, + grpc_channel_security_connector** sc) { + if (channel_creds == nullptr || sc == nullptr || target_name == nullptr) { + gpr_log( + GPR_ERROR, + "Invalid arguments to grpc_local_channel_security_connector_create()"); + return GRPC_SECURITY_ERROR; + } + // Check if local_connect_type is UDS. Only UDS is supported for now. + grpc_local_credentials* creds = + reinterpret_cast(channel_creds); + if (creds->connect_type != UDS) { + gpr_log(GPR_ERROR, + "Invalid local channel type to " + "grpc_local_channel_security_connector_create()"); + return GRPC_SECURITY_ERROR; + } + // Check if target_name is a valid UDS address. + const grpc_arg* server_uri_arg = + grpc_channel_args_find(args, GRPC_ARG_SERVER_URI); + const char* server_uri_str = grpc_channel_arg_get_string(server_uri_arg); + if (strncmp(GRPC_UDS_URL_SCHEME, server_uri_str, + strlen(GRPC_UDS_URL_SCHEME)) != 0) { + gpr_log(GPR_ERROR, + "Invalid target_name to " + "grpc_local_channel_security_connector_create()"); + return GRPC_SECURITY_ERROR; + } + auto c = static_cast( + gpr_zalloc(sizeof(grpc_local_channel_security_connector))); + gpr_ref_init(&c->base.base.refcount, 1); + c->base.base.vtable = &local_channel_vtable; + c->base.add_handshakers = local_channel_add_handshakers; + c->base.channel_creds = grpc_channel_credentials_ref(channel_creds); + c->base.request_metadata_creds = + grpc_call_credentials_ref(request_metadata_creds); + c->base.check_call_host = local_check_call_host; + c->base.cancel_check_call_host = local_cancel_check_call_host; + c->base.base.url_scheme = + creds->connect_type == UDS ? GRPC_UDS_URL_SCHEME : nullptr; + c->target_name = gpr_strdup(target_name); + *sc = &c->base; + return GRPC_SECURITY_OK; +} + +grpc_security_status grpc_local_server_security_connector_create( + grpc_server_credentials* server_creds, + grpc_server_security_connector** sc) { + if (server_creds == nullptr || sc == nullptr) { + gpr_log( + GPR_ERROR, + "Invalid arguments to grpc_local_server_security_connector_create()"); + return GRPC_SECURITY_ERROR; + } + // Check if local_connect_type is UDS. Only UDS is supported for now. + grpc_local_server_credentials* creds = + reinterpret_cast(server_creds); + if (creds->connect_type != UDS) { + gpr_log(GPR_ERROR, + "Invalid local server type to " + "grpc_local_server_security_connector_create()"); + return GRPC_SECURITY_ERROR; + } + auto c = static_cast( + gpr_zalloc(sizeof(grpc_local_server_security_connector))); + gpr_ref_init(&c->base.base.refcount, 1); + c->base.base.vtable = &local_server_vtable; + c->base.server_creds = grpc_server_credentials_ref(server_creds); + c->base.base.url_scheme = + creds->connect_type == UDS ? GRPC_UDS_URL_SCHEME : nullptr; + c->base.add_handshakers = local_server_add_handshakers; + *sc = &c->base; + return GRPC_SECURITY_OK; +} diff --git a/src/core/lib/security/security_connector/local_security_connector.h b/src/core/lib/security/security_connector/local_security_connector.h new file mode 100644 index 0000000000..a970a74788 --- /dev/null +++ b/src/core/lib/security/security_connector/local_security_connector.h @@ -0,0 +1,58 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOCAL_SECURITY_CONNECTOR_H +#define GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOCAL_SECURITY_CONNECTOR_H + +#include + +#include "src/core/lib/security/context/security_context.h" + +/** + * This method creates a local channel security connector. + * + * - channel_creds: channel credential instance. + * - request_metadata_creds: credential object which will be sent with each + * request. This parameter can be nullptr. + * - target_name: the name of the endpoint that the channel is connecting to. + * - args: channel args passed from the caller. + * - sc: address of local channel security connector instance to be returned + * from the method. + * + * It returns GRPC_SECURITY_OK on success, and an error stauts code on failure. + */ +grpc_security_status grpc_local_channel_security_connector_create( + grpc_channel_credentials* channel_creds, + grpc_call_credentials* request_metadata_creds, + const grpc_channel_args* args, const char* target_name, + grpc_channel_security_connector** sc); + +/** + * This method creates a local server security connector. + * + * - server_creds: server credential instance. + * - sc: address of local server security connector instance to be returned from + * the method. + * + * It returns GRPC_SECURITY_OK on success, and an error status code on failure. + */ +grpc_security_status grpc_local_server_security_connector_create( + grpc_server_credentials* server_creds, grpc_server_security_connector** sc); + +#endif /* GRPC_CORE_LIB_SECURITY_SECURITY_CONNECTOR_LOCAL_SECURITY_CONNECTOR_H \ + */ diff --git a/src/core/tsi/local_transport_security.cc b/src/core/tsi/local_transport_security.cc new file mode 100644 index 0000000000..2799098108 --- /dev/null +++ b/src/core/tsi/local_transport_security.cc @@ -0,0 +1,222 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include + +#include "src/core/tsi/local_transport_security.h" + +#include +#include +#include + +#include +#include +#include + +#include "src/core/lib/iomgr/exec_ctx.h" +#include "src/core/tsi/transport_security_grpc.h" + +#define TSI_LOCAL_PEER_IDENTITY "local" + +/* Main struct for local TSI zero-copy frame protector. */ +typedef struct local_zero_copy_grpc_protector { + tsi_zero_copy_grpc_protector base; +} local_zero_copy_grpc_protector; + +/* Main struct for local TSI handshaker result. */ +typedef struct local_tsi_handshaker_result { + tsi_handshaker_result base; + char* peer_identity; + bool is_client; +} local_tsi_handshaker_result; + +/* Main struct for local TSI handshaker. */ +typedef struct local_tsi_handshaker { + tsi_handshaker base; + bool is_client; +} local_tsi_handshaker; + +/* --- tsi_zero_copy_grpc_protector methods implementation. --- */ + +static tsi_result local_zero_copy_grpc_protector_protect( + tsi_zero_copy_grpc_protector* self, grpc_slice_buffer* unprotected_slices, + grpc_slice_buffer* protected_slices) { + if (self == nullptr || unprotected_slices == nullptr || + protected_slices == nullptr) { + gpr_log(GPR_ERROR, "Invalid nullptr arguments to zero-copy grpc protect."); + return TSI_INVALID_ARGUMENT; + } + grpc_slice_buffer_move_into(unprotected_slices, protected_slices); + return TSI_OK; +} + +static tsi_result local_zero_copy_grpc_protector_unprotect( + tsi_zero_copy_grpc_protector* self, grpc_slice_buffer* protected_slices, + grpc_slice_buffer* unprotected_slices) { + if (self == nullptr || unprotected_slices == nullptr || + protected_slices == nullptr) { + gpr_log(GPR_ERROR, + "Invalid nullptr arguments to zero-copy grpc unprotect."); + return TSI_INVALID_ARGUMENT; + } + grpc_slice_buffer_move_into(protected_slices, unprotected_slices); + return TSI_OK; +} + +static void local_zero_copy_grpc_protector_destroy( + tsi_zero_copy_grpc_protector* self) { + gpr_free(self); +} + +static const tsi_zero_copy_grpc_protector_vtable + local_zero_copy_grpc_protector_vtable = { + local_zero_copy_grpc_protector_protect, + local_zero_copy_grpc_protector_unprotect, + local_zero_copy_grpc_protector_destroy}; + +tsi_result local_zero_copy_grpc_protector_create( + tsi_zero_copy_grpc_protector** protector) { + if (grpc_core::ExecCtx::Get() == nullptr || protector == nullptr) { + gpr_log( + GPR_ERROR, + "Invalid nullptr arguments to local_zero_copy_grpc_protector create."); + return TSI_INVALID_ARGUMENT; + } + local_zero_copy_grpc_protector* impl = + static_cast(gpr_zalloc(sizeof(*impl))); + impl->base.vtable = &local_zero_copy_grpc_protector_vtable; + *protector = &impl->base; + return TSI_OK; +} + +/* --- tsi_handshaker_result methods implementation. --- */ + +static tsi_result handshaker_result_extract_peer( + const tsi_handshaker_result* self, tsi_peer* peer) { + return TSI_OK; +} + +static tsi_result handshaker_result_create_zero_copy_grpc_protector( + const tsi_handshaker_result* self, size_t* max_output_protected_frame_size, + tsi_zero_copy_grpc_protector** protector) { + if (self == nullptr || protector == nullptr) { + gpr_log(GPR_ERROR, + "Invalid arguments to create_zero_copy_grpc_protector()"); + return TSI_INVALID_ARGUMENT; + } + tsi_result ok = local_zero_copy_grpc_protector_create(protector); + if (ok != TSI_OK) { + gpr_log(GPR_ERROR, "Failed to create zero-copy grpc protector"); + } + return ok; +} + +static void handshaker_result_destroy(tsi_handshaker_result* self) { + if (self == nullptr) { + return; + } + local_tsi_handshaker_result* result = + reinterpret_cast( + const_cast(self)); + gpr_free(result->peer_identity); + gpr_free(result); +} + +static const tsi_handshaker_result_vtable result_vtable = { + handshaker_result_extract_peer, + handshaker_result_create_zero_copy_grpc_protector, + nullptr, /* handshaker_result_create_frame_protector */ + nullptr, /* handshaker_result_get_unused_bytes */ + handshaker_result_destroy}; + +static tsi_result create_handshaker_result(bool is_client, + tsi_handshaker_result** self) { + if (self == nullptr) { + gpr_log(GPR_ERROR, "Invalid arguments to create_handshaker_result()"); + return TSI_INVALID_ARGUMENT; + } + local_tsi_handshaker_result* result = + static_cast(gpr_zalloc(sizeof(*result))); + result->is_client = is_client; + result->base.vtable = &result_vtable; + /* Create a peer identity with random information that will be later converted + * to auth context. Without this peer identity, the santiy check in {client, + * server}_auth_filter that verifies if the peer's auth context is obtained + * during handshakes will fail. Since the peer identity information in auth + * context is only checked for its existence (not actually used), we only + * populate some random data and later will provision more meaningful peer if + * needed (e.g., peer's pid/uid/gid from credentials). + */ + result->peer_identity = gpr_strdup(TSI_LOCAL_PEER_IDENTITY); + *self = &result->base; + return TSI_OK; +} + +/* --- tsi_handshaker methods implementation. --- */ + +static tsi_result handshaker_next( + tsi_handshaker* self, const unsigned char* received_bytes, + size_t received_bytes_size, const unsigned char** bytes_to_send, + size_t* bytes_to_send_size, tsi_handshaker_result** result, + tsi_handshaker_on_next_done_cb cb, void* user_data) { + if (self == nullptr) { + gpr_log(GPR_ERROR, "Invalid arguments to handshaker_next()"); + return TSI_INVALID_ARGUMENT; + } + /* Note that there is no interaction between TSI peers, and all operations are + * local. + */ + local_tsi_handshaker* handshaker = + reinterpret_cast(self); + *bytes_to_send_size = 0; + create_handshaker_result(handshaker->is_client, result); + return TSI_OK; +} + +static void handshaker_destroy(tsi_handshaker* self) { + if (self == nullptr) { + return; + } + local_tsi_handshaker* handshaker = + reinterpret_cast(self); + gpr_free(handshaker); +} + +static const tsi_handshaker_vtable handshaker_vtable = { + nullptr, /* get_bytes_to_send_to_peer -- deprecated */ + nullptr, /* process_bytes_from_peer -- deprecated */ + nullptr, /* get_result -- deprecated */ + nullptr, /* extract_peer -- deprecated */ + nullptr, /* create_frame_protector -- deprecated */ + handshaker_destroy, + handshaker_next, + nullptr, /* shutdown */ +}; + +tsi_result local_tsi_handshaker_create(bool is_client, tsi_handshaker** self) { + if (self == nullptr) { + gpr_log(GPR_ERROR, "Invalid arguments to local_tsi_handshaker_create()"); + return TSI_INVALID_ARGUMENT; + } + local_tsi_handshaker* handshaker = + static_cast(gpr_zalloc(sizeof(*handshaker))); + handshaker->is_client = is_client; + handshaker->base.vtable = &handshaker_vtable; + *self = &handshaker->base; + return TSI_OK; +} diff --git a/src/core/tsi/local_transport_security.h b/src/core/tsi/local_transport_security.h new file mode 100644 index 0000000000..17213ecf35 --- /dev/null +++ b/src/core/tsi/local_transport_security.h @@ -0,0 +1,51 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef GRPC_CORE_TSI_LOCAL_TRANSPORT_SECURITY_H +#define GRPC_CORE_TSI_LOCAL_TRANSPORT_SECURITY_H + +#include + +#include + +#include "src/core/tsi/transport_security.h" +#include "src/core/tsi/transport_security_interface.h" + +#define TSI_LOCAL_NUM_OF_PEER_PROPERTIES 1 +#define TSI_LOCAL_PROCESS_ID_PEER_PROPERTY "process_id" + +/** + * Main struct for local TSI handshaker. All APIs in the header are + * thread-comptabile. + */ +typedef struct local_tsi_handshaker local_tsi_handshaker; + +/** + * This method creates a local TSI handshaker instance. + * + * - is_client: boolean value indicating if the handshaker is used at the client + * (is_client = true) or server (is_client = false) side. The parameter is + * added for future extension. + * - self: address of local TSI handshaker instance to be returned from the + * method. + * + * It returns TSI_OK on success and an error status code on failure. + */ +tsi_result local_tsi_handshaker_create(bool is_client, tsi_handshaker** self); + +#endif /* GRPC_CORE_TSI_LOCAL_TRANSPORT_SECURITY_H */ diff --git a/src/python/grpcio/grpc_core_dependencies.py b/src/python/grpcio/grpc_core_dependencies.py index 05d4786f3f..1746020b72 100644 --- a/src/python/grpcio/grpc_core_dependencies.py +++ b/src/python/grpcio/grpc_core_dependencies.py @@ -249,10 +249,12 @@ CORE_SOURCE_FILES = [ 'src/core/lib/security/credentials/jwt/json_token.cc', 'src/core/lib/security/credentials/jwt/jwt_credentials.cc', 'src/core/lib/security/credentials/jwt/jwt_verifier.cc', + 'src/core/lib/security/credentials/local/local_credentials.cc', 'src/core/lib/security/credentials/oauth2/oauth2_credentials.cc', 'src/core/lib/security/credentials/plugin/plugin_credentials.cc', 'src/core/lib/security/credentials/ssl/ssl_credentials.cc', 'src/core/lib/security/security_connector/alts_security_connector.cc', + 'src/core/lib/security/security_connector/local_security_connector.cc', 'src/core/lib/security/security_connector/security_connector.cc', 'src/core/lib/security/transport/client_auth_filter.cc', 'src/core/lib/security/transport/secure_endpoint.cc', @@ -325,6 +327,7 @@ CORE_SOURCE_FILES = [ 'src/core/ext/filters/deadline/deadline_filter.cc', 'src/core/tsi/alts_transport_security.cc', 'src/core/tsi/fake_transport_security.cc', + 'src/core/tsi/local_transport_security.cc', 'src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc', 'src/core/tsi/ssl/session_cache/ssl_session_cache.cc', 'src/core/tsi/ssl/session_cache/ssl_session_openssl.cc', diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.c b/src/ruby/ext/grpc/rb_grpc_imports.generated.c index 031699ce8e..6b1bcf6fcd 100644 --- a/src/ruby/ext/grpc/rb_grpc_imports.generated.c +++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.c @@ -142,6 +142,8 @@ grpc_alts_credentials_client_options_add_target_service_account_type grpc_alts_c grpc_alts_credentials_options_destroy_type grpc_alts_credentials_options_destroy_import; grpc_alts_credentials_create_type grpc_alts_credentials_create_import; grpc_alts_server_credentials_create_type grpc_alts_server_credentials_create_import; +grpc_local_credentials_create_type grpc_local_credentials_create_import; +grpc_local_server_credentials_create_type grpc_local_server_credentials_create_import; grpc_raw_byte_buffer_create_type grpc_raw_byte_buffer_create_import; grpc_raw_compressed_byte_buffer_create_type grpc_raw_compressed_byte_buffer_create_import; grpc_byte_buffer_copy_type grpc_byte_buffer_copy_import; @@ -388,6 +390,8 @@ void grpc_rb_load_imports(HMODULE library) { grpc_alts_credentials_options_destroy_import = (grpc_alts_credentials_options_destroy_type) GetProcAddress(library, "grpc_alts_credentials_options_destroy"); grpc_alts_credentials_create_import = (grpc_alts_credentials_create_type) GetProcAddress(library, "grpc_alts_credentials_create"); grpc_alts_server_credentials_create_import = (grpc_alts_server_credentials_create_type) GetProcAddress(library, "grpc_alts_server_credentials_create"); + grpc_local_credentials_create_import = (grpc_local_credentials_create_type) GetProcAddress(library, "grpc_local_credentials_create"); + grpc_local_server_credentials_create_import = (grpc_local_server_credentials_create_type) GetProcAddress(library, "grpc_local_server_credentials_create"); grpc_raw_byte_buffer_create_import = (grpc_raw_byte_buffer_create_type) GetProcAddress(library, "grpc_raw_byte_buffer_create"); grpc_raw_compressed_byte_buffer_create_import = (grpc_raw_compressed_byte_buffer_create_type) GetProcAddress(library, "grpc_raw_compressed_byte_buffer_create"); grpc_byte_buffer_copy_import = (grpc_byte_buffer_copy_type) GetProcAddress(library, "grpc_byte_buffer_copy"); diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.h b/src/ruby/ext/grpc/rb_grpc_imports.generated.h index 474405ae3f..20052c28a4 100644 --- a/src/ruby/ext/grpc/rb_grpc_imports.generated.h +++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.h @@ -401,6 +401,12 @@ extern grpc_alts_credentials_create_type grpc_alts_credentials_create_import; typedef grpc_server_credentials*(*grpc_alts_server_credentials_create_type)(const grpc_alts_credentials_options* options); extern grpc_alts_server_credentials_create_type grpc_alts_server_credentials_create_import; #define grpc_alts_server_credentials_create grpc_alts_server_credentials_create_import +typedef grpc_channel_credentials*(*grpc_local_credentials_create_type)(grpc_local_connect_type type); +extern grpc_local_credentials_create_type grpc_local_credentials_create_import; +#define grpc_local_credentials_create grpc_local_credentials_create_import +typedef grpc_server_credentials*(*grpc_local_server_credentials_create_type)(grpc_local_connect_type type); +extern grpc_local_server_credentials_create_type grpc_local_server_credentials_create_import; +#define grpc_local_server_credentials_create grpc_local_server_credentials_create_import typedef grpc_byte_buffer*(*grpc_raw_byte_buffer_create_type)(grpc_slice* slices, size_t nslices); extern grpc_raw_byte_buffer_create_type grpc_raw_byte_buffer_create_import; #define grpc_raw_byte_buffer_create grpc_raw_byte_buffer_create_import diff --git a/test/core/end2end/fixtures/h2_local.cc b/test/core/end2end/fixtures/h2_local.cc new file mode 100644 index 0000000000..9588a4ed0f --- /dev/null +++ b/test/core/end2end/fixtures/h2_local.cc @@ -0,0 +1,149 @@ +/* + * + * Copyright 2015 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "test/core/end2end/end2end_tests.h" + +#include +#include +#include + +#include +#include +#include +#include + +#include "src/core/ext/filters/client_channel/client_channel.h" +#include "src/core/ext/filters/http/server/http_server_filter.h" +#include "src/core/ext/transport/chttp2/transport/chttp2_transport.h" +#include "src/core/lib/channel/connected_channel.h" +#include "src/core/lib/gpr/host_port.h" +#include "src/core/lib/gpr/string.h" +#include "src/core/lib/security/credentials/credentials.h" +#include "src/core/lib/surface/channel.h" +#include "src/core/lib/surface/server.h" +#include "test/core/util/port.h" +#include "test/core/util/test_config.h" + +typedef struct fullstack_fixture_data { + char* localaddr; +} fullstack_fixture_data; + +static int unique = 1; + +static grpc_end2end_test_fixture chttp2_create_fixture_fullstack( + grpc_channel_args* client_args, grpc_channel_args* server_args) { + grpc_end2end_test_fixture f; + fullstack_fixture_data* ffd = static_cast( + gpr_malloc(sizeof(fullstack_fixture_data))); + memset(&f, 0, sizeof(f)); + + gpr_asprintf(&ffd->localaddr, "unix:/tmp/grpc_fullstack_test.%d.%d", getpid(), + unique++); + + f.fixture_data = ffd; + f.cq = grpc_completion_queue_create_for_next(nullptr); + f.shutdown_cq = grpc_completion_queue_create_for_pluck(nullptr); + + return f; +} + +void chttp2_init_client_fullstack(grpc_end2end_test_fixture* f, + grpc_channel_args* client_args) { + grpc_channel_credentials* creds = grpc_local_credentials_create(UDS); + fullstack_fixture_data* ffd = + static_cast(f->fixture_data); + f->client = + grpc_secure_channel_create(creds, ffd->localaddr, client_args, nullptr); + GPR_ASSERT(f->client != nullptr); + grpc_channel_credentials_release(creds); +} + +static int fail_server_auth_check(grpc_channel_args* server_args) { + size_t i; + if (server_args == nullptr) return 0; + for (i = 0; i < server_args->num_args; i++) { + if (strcmp(server_args->args[i].key, FAIL_AUTH_CHECK_SERVER_ARG_NAME) == + 0) { + return 1; + } + } + return 0; +} + +static void process_auth_failure(void* state, grpc_auth_context* ctx, + const grpc_metadata* md, size_t md_count, + grpc_process_auth_metadata_done_cb cb, + void* user_data) { + GPR_ASSERT(state == nullptr); + cb(user_data, nullptr, 0, nullptr, 0, GRPC_STATUS_UNAUTHENTICATED, nullptr); +} + +void chttp2_init_server_fullstack(grpc_end2end_test_fixture* f, + grpc_channel_args* server_args) { + grpc_server_credentials* creds = grpc_local_server_credentials_create(UDS); + fullstack_fixture_data* ffd = + static_cast(f->fixture_data); + if (f->server) { + grpc_server_destroy(f->server); + } + f->server = grpc_server_create(server_args, nullptr); + grpc_server_register_completion_queue(f->server, f->cq, nullptr); + if (fail_server_auth_check(server_args)) { + grpc_auth_metadata_processor processor = {process_auth_failure, nullptr, + nullptr}; + grpc_server_credentials_set_auth_metadata_processor(creds, processor); + } + GPR_ASSERT( + grpc_server_add_secure_http2_port(f->server, ffd->localaddr, creds)); + grpc_server_credentials_release(creds); + grpc_server_start(f->server); +} + +void chttp2_tear_down_fullstack(grpc_end2end_test_fixture* f) { + fullstack_fixture_data* ffd = + static_cast(f->fixture_data); + gpr_free(ffd->localaddr); + gpr_free(ffd); +} + +/* All test configurations */ +static grpc_end2end_test_config configs[] = { + {"chttp2/fullstack_local", + FEATURE_MASK_SUPPORTS_DELAYED_CONNECTION | + FEATURE_MASK_SUPPORTS_CLIENT_CHANNEL | + FEATURE_MASK_SUPPORTS_AUTHORITY_HEADER | + FEATURE_MASK_SUPPORTS_PER_CALL_CREDENTIALS, + nullptr, chttp2_create_fixture_fullstack, chttp2_init_client_fullstack, + chttp2_init_server_fullstack, chttp2_tear_down_fullstack}, +}; + +int main(int argc, char** argv) { + size_t i; + + grpc_test_init(argc, argv); + grpc_end2end_tests_pre_init(); + grpc_init(); + + for (i = 0; i < sizeof(configs) / sizeof(*configs); i++) { + grpc_end2end_tests(argc, argv, configs[i]); + } + + grpc_shutdown(); + + return 0; +} diff --git a/test/core/end2end/gen_build_yaml.py b/test/core/end2end/gen_build_yaml.py index d5c23262e3..39b9ba4a19 100755 --- a/test/core/end2end/gen_build_yaml.py +++ b/test/core/end2end/gen_build_yaml.py @@ -35,6 +35,9 @@ default_secure_fixture_options = default_unsecure_fixture_options._replace( uds_fixture_options = default_unsecure_fixture_options._replace( dns_resolver=False, platforms=['linux', 'mac', 'posix'], exclude_iomgrs=['uv']) +local_fixture_options = default_secure_fixture_options._replace( + dns_resolver=False, platforms=['linux', 'mac', 'posix'], + exclude_iomgrs=['uv']) fd_unsecure_fixture_options = default_unsecure_fixture_options._replace( dns_resolver=False, fullstack=False, platforms=['linux', 'mac', 'posix'], exclude_iomgrs=['uv'], client_channel=False) @@ -71,6 +74,7 @@ END2END_FIXTURES = { 'h2_sockpair+trace': socketpair_unsecure_fixture_options._replace( ci_mac=False, tracing=True, large_writes=False, exclude_iomgrs=['uv']), 'h2_ssl': default_secure_fixture_options, + 'h2_local': local_fixture_options, 'h2_ssl_proxy': default_secure_fixture_options._replace( includes_proxy=True, ci_mac=False, exclude_iomgrs=['uv']), 'h2_uds': uds_fixture_options, diff --git a/test/core/end2end/generate_tests.bzl b/test/core/end2end/generate_tests.bzl index 39b11d08ad..db2886d8e3 100755 --- a/test/core/end2end/generate_tests.bzl +++ b/test/core/end2end/generate_tests.bzl @@ -66,6 +66,7 @@ END2END_FIXTURES = { 'h2_sockpair+trace': fixture_options(fullstack=False, dns_resolver=False, tracing=True, client_channel=False), 'h2_ssl': fixture_options(secure=True), + 'h2_local': fixture_options(secure=True, dns_resolver=False, platforms=['linux', 'mac', 'posix']), 'h2_ssl_proxy': fixture_options(includes_proxy=True, secure=True), 'h2_uds': fixture_options(dns_resolver=False, platforms=['linux', 'mac', 'posix']), diff --git a/test/core/surface/public_headers_must_be_c89.c b/test/core/surface/public_headers_must_be_c89.c index 29083061bb..14adcb8499 100644 --- a/test/core/surface/public_headers_must_be_c89.c +++ b/test/core/surface/public_headers_must_be_c89.c @@ -177,6 +177,8 @@ int main(int argc, char **argv) { printf("%lx", (unsigned long) grpc_alts_credentials_options_destroy); printf("%lx", (unsigned long) grpc_alts_credentials_create); printf("%lx", (unsigned long) grpc_alts_server_credentials_create); + printf("%lx", (unsigned long) grpc_local_credentials_create); + printf("%lx", (unsigned long) grpc_local_server_credentials_create); printf("%lx", (unsigned long) grpc_raw_byte_buffer_create); printf("%lx", (unsigned long) grpc_raw_compressed_byte_buffer_create); printf("%lx", (unsigned long) grpc_byte_buffer_copy); diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal index e60260991e..8007aa3fac 100644 --- a/tools/doxygen/Doxyfile.core.internal +++ b/tools/doxygen/Doxyfile.core.internal @@ -1337,6 +1337,8 @@ src/core/lib/security/credentials/jwt/jwt_credentials.cc \ src/core/lib/security/credentials/jwt/jwt_credentials.h \ src/core/lib/security/credentials/jwt/jwt_verifier.cc \ src/core/lib/security/credentials/jwt/jwt_verifier.h \ +src/core/lib/security/credentials/local/local_credentials.cc \ +src/core/lib/security/credentials/local/local_credentials.h \ src/core/lib/security/credentials/oauth2/oauth2_credentials.cc \ src/core/lib/security/credentials/oauth2/oauth2_credentials.h \ src/core/lib/security/credentials/plugin/plugin_credentials.cc \ @@ -1345,6 +1347,8 @@ src/core/lib/security/credentials/ssl/ssl_credentials.cc \ src/core/lib/security/credentials/ssl/ssl_credentials.h \ src/core/lib/security/security_connector/alts_security_connector.cc \ src/core/lib/security/security_connector/alts_security_connector.h \ +src/core/lib/security/security_connector/local_security_connector.cc \ +src/core/lib/security/security_connector/local_security_connector.h \ src/core/lib/security/security_connector/security_connector.cc \ src/core/lib/security/security_connector/security_connector.h \ src/core/lib/security/transport/auth_filters.h \ @@ -1489,6 +1493,8 @@ src/core/tsi/alts_transport_security.cc \ src/core/tsi/alts_transport_security.h \ src/core/tsi/fake_transport_security.cc \ src/core/tsi/fake_transport_security.h \ +src/core/tsi/local_transport_security.cc \ +src/core/tsi/local_transport_security.h \ src/core/tsi/ssl/session_cache/ssl_session.h \ src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc \ src/core/tsi/ssl/session_cache/ssl_session_cache.cc \ diff --git a/tools/run_tests/generated/sources_and_headers.json b/tools/run_tests/generated/sources_and_headers.json index 9d450d683c..89b199d45b 100644 --- a/tools/run_tests/generated/sources_and_headers.json +++ b/tools/run_tests/generated/sources_and_headers.json @@ -6028,6 +6028,24 @@ "third_party": false, "type": "target" }, + { + "deps": [ + "end2end_tests", + "gpr", + "gpr_test_util", + "grpc", + "grpc_test_util" + ], + "headers": [], + "is_filegroup": false, + "language": "c", + "name": "h2_local_test", + "src": [ + "test/core/end2end/fixtures/h2_local.cc" + ], + "third_party": false, + "type": "target" + }, { "deps": [ "end2end_tests", @@ -10245,10 +10263,12 @@ "src/core/lib/security/credentials/jwt/json_token.h", "src/core/lib/security/credentials/jwt/jwt_credentials.h", "src/core/lib/security/credentials/jwt/jwt_verifier.h", + "src/core/lib/security/credentials/local/local_credentials.h", "src/core/lib/security/credentials/oauth2/oauth2_credentials.h", "src/core/lib/security/credentials/plugin/plugin_credentials.h", "src/core/lib/security/credentials/ssl/ssl_credentials.h", "src/core/lib/security/security_connector/alts_security_connector.h", + "src/core/lib/security/security_connector/local_security_connector.h", "src/core/lib/security/security_connector/security_connector.h", "src/core/lib/security/transport/auth_filters.h", "src/core/lib/security/transport/secure_endpoint.h", @@ -10286,6 +10306,8 @@ "src/core/lib/security/credentials/jwt/jwt_credentials.h", "src/core/lib/security/credentials/jwt/jwt_verifier.cc", "src/core/lib/security/credentials/jwt/jwt_verifier.h", + "src/core/lib/security/credentials/local/local_credentials.cc", + "src/core/lib/security/credentials/local/local_credentials.h", "src/core/lib/security/credentials/oauth2/oauth2_credentials.cc", "src/core/lib/security/credentials/oauth2/oauth2_credentials.h", "src/core/lib/security/credentials/plugin/plugin_credentials.cc", @@ -10294,6 +10316,8 @@ "src/core/lib/security/credentials/ssl/ssl_credentials.h", "src/core/lib/security/security_connector/alts_security_connector.cc", "src/core/lib/security/security_connector/alts_security_connector.h", + "src/core/lib/security/security_connector/local_security_connector.cc", + "src/core/lib/security/security_connector/local_security_connector.h", "src/core/lib/security/security_connector/security_connector.cc", "src/core/lib/security/security_connector/security_connector.h", "src/core/lib/security/transport/auth_filters.h", @@ -10789,6 +10813,7 @@ "headers": [ "src/core/tsi/alts_transport_security.h", "src/core/tsi/fake_transport_security.h", + "src/core/tsi/local_transport_security.h", "src/core/tsi/ssl/session_cache/ssl_session.h", "src/core/tsi/ssl/session_cache/ssl_session_cache.h", "src/core/tsi/ssl_transport_security.h", @@ -10803,6 +10828,8 @@ "src/core/tsi/alts_transport_security.h", "src/core/tsi/fake_transport_security.cc", "src/core/tsi/fake_transport_security.h", + "src/core/tsi/local_transport_security.cc", + "src/core/tsi/local_transport_security.h", "src/core/tsi/ssl/session_cache/ssl_session.h", "src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc", "src/core/tsi/ssl/session_cache/ssl_session_cache.cc", diff --git a/tools/run_tests/generated/tests.json b/tools/run_tests/generated/tests.json index 094ba13ad3..b04b36d5ce 100644 --- a/tools/run_tests/generated/tests.json +++ b/tools/run_tests/generated/tests.json @@ -22106,6 +22106,1731 @@ "posix" ] }, + { + "args": [ + "authority_not_supported" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "bad_hostname" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "bad_ping" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "binary_metadata" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "call_creds" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "cancel_after_accept" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "cancel_after_client_done" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "cancel_after_invoke" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "cancel_after_round_trip" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "cancel_before_invoke" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "cancel_in_a_vacuum" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "cancel_with_status" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "channelz" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "compressed_payload" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "connectivity" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "disappearing_server" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": true, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "empty_batch" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "filter_call_init_fails" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "filter_causes_close" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "filter_latency" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "filter_status_code" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "graceful_server_shutdown" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "high_initial_seqno" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "hpack_size" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "idempotent_request" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "invoke_large_request" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "keepalive_timeout" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "large_metadata" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "max_concurrent_streams" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "max_connection_age" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "max_connection_idle" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "max_message_length" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "negative_deadline" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "network_status_change" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "no_error_on_hotpath" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "no_logging" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "no_op" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "payload" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "ping" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "ping_pong_streaming" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "registered_call" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "request_with_flags" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "request_with_payload" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "resource_quota_server" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_cancellation" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_disabled" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_exceeds_buffer_size_in_initial_batch" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_exceeds_buffer_size_in_subsequent_batch" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_non_retriable_status" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_non_retriable_status_before_recv_trailing_metadata_started" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_recv_initial_metadata" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_recv_message" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_server_pushback_delay" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_server_pushback_disabled" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_streaming" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_streaming_after_commit" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_streaming_succeeds_before_replay_finished" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_throttled" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "retry_too_many_attempts" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "server_finishes_request" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "shutdown_finishes_calls" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "shutdown_finishes_tags" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "simple_cacheable_request" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "simple_delayed_request" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "simple_metadata" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "simple_request" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "stream_compression_compressed_payload" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "stream_compression_payload" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "stream_compression_ping_pong_streaming" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "streaming_error_response" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "trailing_metadata" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "workaround_cronet_compression" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "write_buffering" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, + { + "args": [ + "write_buffering_at_end" + ], + "ci_platforms": [ + "linux", + "mac", + "posix" + ], + "cpu_cost": 0.1, + "exclude_configs": [], + "exclude_iomgrs": [ + "uv" + ], + "flaky": false, + "language": "c", + "name": "h2_local_test", + "platforms": [ + "linux", + "mac", + "posix" + ] + }, { "args": [ "authority_not_supported" -- cgit v1.2.3