[internal/patch/grpc-go] Add patch to grpc-go dependency

DataDog · Jan 24, 2022 · 95fe859 · 95fe859
1 parent b9b9a7c
commit 95fe859
Show file tree

Hide file tree

Showing 5 changed files with 154 additions and 0 deletions.
diff --git a/go.mod b/go.mod
@@ -35,6 +35,9 @@ replace (
 	google.golang.org/grpc => github.com/grpc/grpc-go v1.28.0
 )
 
+// HACK: Add `insecure` package (added on grpc-go v1.34) to support packages using it (notably go.opentelemetry/collector)
+replace google.golang.org/grpc/credentials/insecure => ./internal/patch/grpc-go-insecure
+
 replace (
 	github.com/DataDog/datadog-agent/pkg/obfuscate => ./pkg/obfuscate
 	github.com/DataDog/datadog-agent/pkg/otlp/model => ./pkg/otlp/model

diff --git a/internal/patch/grpc-go-insecure/README.md b/internal/patch/grpc-go-insecure/README.md
@@ -0,0 +1,26 @@
+# `google.golang.org/grpc/credentials/insecure` patch
+
+## What is this?
+
+This is a copy of the contents of the `google.golang.org/grpc/credentials/insecure` package as of [commit db9fdf706d400bfc4d54665e1f06e863ed407f45](https://github.com/grpc/grpc-go/blob/9cb411380883ddbf69467b4ba1099817c0fe6c61/credentials/insecure/insecure.go).
+
+It is exposed as a module and declares its path to be `google.golang.org/grpc/credentials/insecure`.
+
+## What is the motivation behind this?
+
+We need this because of a 'dependency hell' situation:
+
+1. `grpc-go` makes breaking changes between minor releases of their module. 
+2. etcd v3.5.0 [depends on a `grpc-go` API which was removed in v1.30](https://github.com/etcd-io/etcd/issues/12124). We depend on etcd v3.5.0 indirectly via Kubernetes v0.21.5.
+3. `go.opentelemetry.io/collector` v0.42.0 and above depends on the `google.golang.org/grpc/credentials/insecure` package, which was added in v1.34. We depend on the Collector dependency directly.
+
+This situation would be solved by bumping Kubernetes to v0.22.0 or above, which depends on etcd v3.6.0+, which does not make use of the removed grpc-go API.
+However, Kubernetes can't be upgraded above v0.21.x, because of another 'dependency hell': [it depends on v0.20 of `go.opentelemetry.io/otel`](https://github.com/kubernetes/kubernetes/issues/106536).
+
+This module is used to solve this dependency hell, by adding the `google.golang.org/grpc/credentials/insecure` package into version v1.28 of grpc-go.
+
+It is the smallest patch that can be applied to solve this particular 'dependency hell' issue with grpc-go. It will not fix other issues when packages depend on other, newer packages.
+
+## When can it be removed?
+
+This must be removed when grpc-go is bumped above v1.34.0.
diff --git a/internal/patch/grpc-go-insecure/go.mod b/internal/patch/grpc-go-insecure/go.mod
@@ -0,0 +1,6 @@
+module google.golang.org/grpc/credentials/insecure
+
+go 1.16
+
+// Should match the version we replace on the main go.mod
+require google.golang.org/grpc v1.28.0
diff --git a/internal/patch/grpc-go-insecure/go.sum b/internal/patch/grpc-go-insecure/go.sum
diff --git a/internal/patch/grpc-go-insecure/insecure.go b/internal/patch/grpc-go-insecure/insecure.go
@@ -0,0 +1,72 @@
+/*
+ *
+ * Copyright 2020 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package insecure provides an implementation of the
+// credentials.TransportCredentials interface which disables transport security.
+package insecure
+
+import (
+	"context"
+	"net"
+
+	"google.golang.org/grpc/credentials"
+)
+
+// NewCredentials returns a credentials which disables transport security.
+//
+// Note that using this credentials with per-RPC credentials which require
+// transport security is incompatible and will cause grpc.Dial() to fail.
+func NewCredentials() credentials.TransportCredentials {
+	return insecureTC{}
+}
+
+// insecureTC implements the insecure transport credentials. The handshake
+// methods simply return the passed in net.Conn and set the security level to
+// NoSecurity.
+type insecureTC struct{}
+
+func (insecureTC) ClientHandshake(ctx context.Context, _ string, conn net.Conn) (net.Conn, credentials.AuthInfo, error) {
+	return conn, info{credentials.CommonAuthInfo{SecurityLevel: credentials.NoSecurity}}, nil
+}
+
+func (insecureTC) ServerHandshake(conn net.Conn) (net.Conn, credentials.AuthInfo, error) {
+	return conn, info{credentials.CommonAuthInfo{SecurityLevel: credentials.NoSecurity}}, nil
+}
+
+func (insecureTC) Info() credentials.ProtocolInfo {
+	return credentials.ProtocolInfo{SecurityProtocol: "insecure"}
+}
+
+func (insecureTC) Clone() credentials.TransportCredentials {
+	return insecureTC{}
+}
+
+func (insecureTC) OverrideServerName(string) error {
+	return nil
+}
+
+// info contains the auth information for an insecure connection.
+// It implements the AuthInfo interface.
+type info struct {
+	credentials.CommonAuthInfo
+}
+
+// AuthType returns the type of info as a string.
+func (info) AuthType() string {
+	return "insecure"
+}