Merge pull request grpc#24843 from yashykt/insecureservercreds

Experimental API for xDS server credentials

BUILD

@@ -391,9 +391,11 @@ grpc_cc_library(
     name = "grpc++_xds_credentials",
     srcs = [
         "src/cpp/client/xds_credentials.cc",
+        "src/cpp/server/xds_server_credentials.cc",
     ],
     hdrs = [
         "src/cpp/client/secure_credentials.h",
+        "src/cpp/server/secure_server_credentials.h",
     ],
     language = "c++",
     deps = [

BUILD.gn

@@ -1479,6 +1479,7 @@ config("grpc_config") {
         "src/cpp/server/server_credentials.cc",
         "src/cpp/server/server_posix.cc",
         "src/cpp/server/thread_pool_interface.h",
+        "src/cpp/server/xds_server_credentials.cc",
         "src/cpp/thread_manager/thread_manager.cc",
         "src/cpp/thread_manager/thread_manager.h",
         "src/cpp/util/byte_buffer_cc.cc",

CMakeLists.txt

@@ -2715,6 +2715,7 @@ add_library(grpc++
   src/cpp/server/server_context.cc
   src/cpp/server/server_credentials.cc
   src/cpp/server/server_posix.cc
+  src/cpp/server/xds_server_credentials.cc
   src/cpp/thread_manager/thread_manager.cc
   src/cpp/util/byte_buffer_cc.cc
   src/cpp/util/status.cc

Makefile

@@ -2904,6 +2904,7 @@ LIBGRPC++_SRC = \
     src/cpp/server/server_context.cc \
     src/cpp/server/server_credentials.cc \
     src/cpp/server/server_posix.cc \
+    src/cpp/server/xds_server_credentials.cc \
     src/cpp/thread_manager/thread_manager.cc \
     src/cpp/util/byte_buffer_cc.cc \
     src/cpp/util/status.cc \
@@ -4915,6 +4916,7 @@ src/cpp/ext/proto_server_reflection_plugin.cc: $(OPENSSL_DEP)
 src/cpp/server/channelz/channelz_service.cc: $(OPENSSL_DEP)
 src/cpp/server/channelz/channelz_service_plugin.cc: $(OPENSSL_DEP)
 src/cpp/server/secure_server_credentials.cc: $(OPENSSL_DEP)
+src/cpp/server/xds_server_credentials.cc: $(OPENSSL_DEP)
 src/cpp/util/error_details.cc: $(OPENSSL_DEP)
 src/csharp/ext/grpc_csharp_ext.c: $(OPENSSL_DEP)
 endif

build_autogenerated.yaml

@@ -2353,6 +2353,7 @@ libs:
   - src/cpp/server/server_context.cc
   - src/cpp/server/server_credentials.cc
   - src/cpp/server/server_posix.cc
+  - src/cpp/server/xds_server_credentials.cc
   - src/cpp/thread_manager/thread_manager.cc
   - src/cpp/util/byte_buffer_cc.cc
   - src/cpp/util/status.cc

gRPC-C++.podspec

@@ -762,6 +762,7 @@ Pod::Spec.new do |s|
                       'src/cpp/server/server_credentials.cc',
                       'src/cpp/server/server_posix.cc',
                       'src/cpp/server/thread_pool_interface.h',
+                      'src/cpp/server/xds_server_credentials.cc',
                       'src/cpp/thread_manager/thread_manager.cc',
                       'src/cpp/thread_manager/thread_manager.h',
                       'src/cpp/util/byte_buffer_cc.cc',

grpc.def

@@ -153,6 +153,7 @@ EXPORTS
     grpc_tls_server_authorization_check_config_create
     grpc_tls_server_authorization_check_config_release
     grpc_xds_credentials_create
+    grpc_xds_server_credentials_create
     grpc_raw_byte_buffer_create
     grpc_raw_compressed_byte_buffer_create
     grpc_byte_buffer_copy

grpc.gyp

@@ -1434,6 +1434,7 @@
         'src/cpp/server/server_context.cc',
         'src/cpp/server/server_credentials.cc',
         'src/cpp/server/server_posix.cc',
+        'src/cpp/server/xds_server_credentials.cc',
         'src/cpp/thread_manager/thread_manager.cc',
         'src/cpp/util/byte_buffer_cc.cc',
         'src/cpp/util/status.cc',

include/grpc/grpc_security.h

@@ -1034,10 +1034,17 @@ grpc_channel_credentials* grpc_insecure_credentials_create();
 /**
  * EXPERIMENTAL API - Subject to change
  *
- * This method creates an XDS channel credentials object.
+ * This method creates an insecure server credentials object.
+ */
+grpc_server_credentials* grpc_insecure_server_credentials_create();
+
+/**
+ * EXPERIMENTAL API - Subject to change
+ *
+ * This method creates an xDS channel credentials object.
  *
- * Creating a channel with credentials of this type indicates that an xDS
- * channel should get credentials configuration from the xDS control plane.
+ * Creating a channel with credentials of this type indicates that the channel
+ * should get credentials configuration from the xDS control plane.
  *
  * \a fallback_credentials are used if the channel target does not have the
  * 'xds:///' scheme or if the xDS control plane does not provide information on
@@ -1047,6 +1054,20 @@ grpc_channel_credentials* grpc_insecure_credentials_create();
 GRPCAPI grpc_channel_credentials* grpc_xds_credentials_create(
     grpc_channel_credentials* fallback_credentials);
 
+/**
+ * EXPERIMENTAL API - Subject to change
+ *
+ * This method creates an xDS server credentials object.
+ *
+ * \a fallback_credentials are used if the xDS control plane does not provide
+ * information on how to fetch credentials dynamically.
+ *
+ * Does NOT take ownership of the \a fallback_credentials. (Internally takes
+ * a ref to the object.)
+ */
+GRPCAPI grpc_server_credentials* grpc_xds_server_credentials_create(
+    grpc_server_credentials* fallback_credentials);
+
 #ifdef __cplusplus
 }
 #endif

include/grpcpp/security/server_credentials.h

@@ -32,6 +32,8 @@ struct grpc_server;
 namespace grpc {
 
 class Server;
+class ServerCredentials;
+class SecureServerCredentials;
 /// Options to create ServerCredentials with SSL
 struct SslServerCredentialsOptions {
   /// \warning Deprecated
@@ -58,6 +60,12 @@ struct SslServerCredentialsOptions {
   grpc_ssl_client_certificate_request_type client_certificate_request;
 };
 
+namespace experimental {
+/// Builds Xds ServerCredentials given fallback credentials
+std::shared_ptr<ServerCredentials> XdsServerCredentials(
+    const std::shared_ptr<ServerCredentials>& fallback_credentials);
+}  // namespace experimental
+
 /// Wrapper around \a grpc_server_credentials, a way to authenticate a server.
 class ServerCredentials {
  public:
@@ -71,12 +79,30 @@ class ServerCredentials {
  private:
   friend class Server;
 
+  // We need this friend declaration for access to Insecure() and
+  // AsSecureServerCredentials(). When these two functions are no longer
+  // necessary, this friend declaration can be removed too.
+  friend std::shared_ptr<ServerCredentials>
+  grpc::experimental::XdsServerCredentials(
+      const std::shared_ptr<ServerCredentials>& fallback_credentials);
+
   /// Tries to bind \a server to the given \a addr (eg, localhost:1234,
   /// 192.168.1.1:31416, [::1]:27182, etc.)
   ///
   /// \return bound port number on success, 0 on failure.
   // TODO(dgq): the "port" part seems to be a misnomer.
   virtual int AddPortToServer(const std::string& addr, grpc_server* server) = 0;
+
+  // TODO(yashykt): This is a hack since InsecureServerCredentials() cannot use
+  // grpc_insecure_server_credentials_create() and should be removed after
+  // insecure builds are removed from gRPC.
+  virtual bool IsInsecure() const { return false; }
+
+  // TODO(yashkt): This is a hack that should be removed once we remove insecure
+  // builds and the indirect method of adding ports to a server.
+  virtual SecureServerCredentials* AsSecureServerCredentials() {
+    return nullptr;
+  }
 };
 
 /// Builds SSL ServerCredentials given SSL specific options

src/core/ext/filters/client_channel/lb_policy/xds/cds.cc

@@ -449,7 +449,7 @@ grpc_error* CdsLb::UpdateXdsCertificateProvider(
   grpc_channel_credentials* channel_credentials =
       grpc_channel_credentials_find_in_args(args_);
   if (channel_credentials == nullptr ||
-      channel_credentials->type() != XdsCredentials::kCredentialsTypeXds) {
+      channel_credentials->type() != kCredentialsTypeXds) {
     xds_certificate_provider_ = nullptr;
     return GRPC_ERROR_NONE;
   }

src/core/lib/security/credentials/insecure/insecure_credentials.cc

@@ -30,22 +30,35 @@ constexpr char kCredentialsTypeInsecure[] = "insecure";
 
 class InsecureCredentials final : public grpc_channel_credentials {
  public:
-  explicit InsecureCredentials()
-      : grpc_channel_credentials(kCredentialsTypeInsecure) {}
+  InsecureCredentials() : grpc_channel_credentials(kCredentialsTypeInsecure) {}
 
-  grpc_core::RefCountedPtr<grpc_channel_security_connector>
-  create_security_connector(
-      grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
+  RefCountedPtr<grpc_channel_security_connector> create_security_connector(
+      RefCountedPtr<grpc_call_credentials> call_creds,
       const char* /* target_name */, const grpc_channel_args* /* args */,
       grpc_channel_args** /* new_args */) override {
     return MakeRefCounted<InsecureChannelSecurityConnector>(
         Ref(), std::move(call_creds));
   }
 };
 
+class InsecureServerCredentials final : public grpc_server_credentials {
+ public:
+  InsecureServerCredentials()
+      : grpc_server_credentials(kCredentialsTypeInsecure) {}
+
+  RefCountedPtr<grpc_server_security_connector> create_security_connector()
+      override {
+    return MakeRefCounted<InsecureServerSecurityConnector>(Ref());
+  }
+};
+
 }  // namespace
 }  // namespace grpc_core
 
 grpc_channel_credentials* grpc_insecure_credentials_create() {
   return new grpc_core::InsecureCredentials();
 }
+
+grpc_server_credentials* grpc_insecure_server_credentials_create() {
+  return new grpc_core::InsecureServerCredentials();
+}

src/core/lib/security/credentials/xds/xds_credentials.cc

@@ -27,7 +27,7 @@
 
 namespace grpc_core {
 
-constexpr const char XdsCredentials::kCredentialsTypeXds[];
+const char kCredentialsTypeXds[] = "Xds";
 
 namespace {
 
@@ -47,6 +47,10 @@ void ServerAuthCheckDestroy(void* config_user_data) {
 
 }  // namespace
 
+//
+// XdsCredentials
+//
+
 RefCountedPtr<grpc_channel_security_connector>
 XdsCredentials::create_security_connector(
     RefCountedPtr<grpc_call_credentials> call_creds, const char* target_name,
@@ -96,10 +100,26 @@ XdsCredentials::create_security_connector(
   return security_connector;
 }
 
+//
+// XdsServerCredentials
+//
+
+RefCountedPtr<grpc_server_security_connector>
+XdsServerCredentials::create_security_connector() {
+  // TODO(yashkt): Fill this
+  return fallback_credentials_->create_security_connector();
+}
+
 }  // namespace grpc_core
 
 grpc_channel_credentials* grpc_xds_credentials_create(
     grpc_channel_credentials* fallback_credentials) {
   GPR_ASSERT(fallback_credentials != nullptr);
   return new grpc_core::XdsCredentials(fallback_credentials->Ref());
 }
+
+grpc_server_credentials* grpc_xds_server_credentials_create(
+    grpc_server_credentials* fallback_credentials) {
+  GPR_ASSERT(fallback_credentials != nullptr);
+  return new grpc_core::XdsServerCredentials(fallback_credentials->Ref());
+}

src/core/lib/security/credentials/xds/xds_credentials.h

@@ -27,23 +27,35 @@
 
 namespace grpc_core {
 
+extern const char kCredentialsTypeXds[];
+
 class XdsCredentials final : public grpc_channel_credentials {
  public:
-  static constexpr const char kCredentialsTypeXds[] = "Xds";
-
   explicit XdsCredentials(
-      grpc_core::RefCountedPtr<grpc_channel_credentials> fallback_credentials)
+      RefCountedPtr<grpc_channel_credentials> fallback_credentials)
       : grpc_channel_credentials(kCredentialsTypeXds),
         fallback_credentials_(std::move(fallback_credentials)) {}
 
-  grpc_core::RefCountedPtr<grpc_channel_security_connector>
-  create_security_connector(
-      grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
-      const char* target_name, const grpc_channel_args* args,
-      grpc_channel_args** new_args) override;
+  RefCountedPtr<grpc_channel_security_connector> create_security_connector(
+      RefCountedPtr<grpc_call_credentials> call_creds, const char* target_name,
+      const grpc_channel_args* args, grpc_channel_args** new_args) override;
+
+ private:
+  RefCountedPtr<grpc_channel_credentials> fallback_credentials_;
+};
+
+class XdsServerCredentials final : public grpc_server_credentials {
+ public:
+  explicit XdsServerCredentials(
+      RefCountedPtr<grpc_server_credentials> fallback_credentials)
+      : grpc_server_credentials(kCredentialsTypeXds),
+        fallback_credentials_(std::move(fallback_credentials)) {}
+
+  RefCountedPtr<grpc_server_security_connector> create_security_connector()
+      override;
 
  private:
-  grpc_core::RefCountedPtr<grpc_channel_credentials> fallback_credentials_;
+  RefCountedPtr<grpc_server_credentials> fallback_credentials_;
 };
 
 }  // namespace grpc_core

src/core/lib/security/security_connector/insecure/insecure_security_connector.cc

@@ -28,6 +28,26 @@ namespace grpc_core {
 
 const char kInsecureTransportSecurityType[] = "insecure";
 
+namespace {
+
+RefCountedPtr<grpc_auth_context> MakeAuthContext() {
+  auto ctx = MakeRefCounted<grpc_auth_context>(nullptr);
+  grpc_auth_context_add_cstring_property(
+      ctx.get(), GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
+      kInsecureTransportSecurityType);
+  const char* security_level = tsi_security_level_to_string(TSI_SECURITY_NONE);
+  grpc_auth_context_add_property(ctx.get(),
+                                 GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME,
+                                 security_level, strlen(security_level));
+  return ctx;
+}
+
+}  // namespace
+
+RefCountedPtr<grpc_auth_context> TestOnlyMakeInsecureAuthContext() {
+  return MakeAuthContext();
+}
+
 // check_call_host and cancel_check_call_host are no-ops since we want to
 // provide an insecure channel.
 bool InsecureChannelSecurityConnector::check_call_host(
@@ -70,19 +90,32 @@ int InsecureChannelSecurityConnector::cmp(
       static_cast<const grpc_channel_security_connector*>(other_sc));
 }
 
-RefCountedPtr<grpc_auth_context>
-InsecureChannelSecurityConnector::MakeAuthContext() {
-  auto ctx = MakeRefCounted<grpc_auth_context>(nullptr);
-  grpc_auth_context_add_cstring_property(
-      ctx.get(), GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME,
-      kInsecureTransportSecurityType);
-  GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(
-                 ctx.get(), GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME) == 1);
-  const char* security_level = tsi_security_level_to_string(TSI_SECURITY_NONE);
-  grpc_auth_context_add_property(ctx.get(),
-                                 GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME,
-                                 security_level, strlen(security_level));
-  return ctx;
+// add_handshakers should have been a no-op but we need to add a minimalist
+// security handshaker so that check_peer is invoked and an auth_context is
+// created with the security level of TSI_SECURITY_NONE.
+void InsecureServerSecurityConnector::add_handshakers(
+    const grpc_channel_args* args, grpc_pollset_set* /* interested_parties */,
+    grpc_core::HandshakeManager* handshake_manager) {
+  tsi_handshaker* handshaker = nullptr;
+  // Re-use local_tsi_handshaker_create as a minimalist handshaker.
+  GPR_ASSERT(tsi_local_handshaker_create(false /* is_client */, &handshaker) ==
+             TSI_OK);
+  handshake_manager->Add(SecurityHandshakerCreate(handshaker, this, args));
+}
+
+void InsecureServerSecurityConnector::check_peer(
+    tsi_peer peer, grpc_endpoint* ep,
+    grpc_core::RefCountedPtr<grpc_auth_context>* auth_context,
+    grpc_closure* on_peer_checked) {
+  *auth_context = MakeAuthContext();
+  tsi_peer_destruct(&peer);
+  ExecCtx::Run(DEBUG_LOCATION, on_peer_checked, GRPC_ERROR_NONE);
+}
+
+int InsecureServerSecurityConnector::cmp(
+    const grpc_security_connector* other) const {
+  return server_security_connector_cmp(
+      static_cast<const grpc_server_security_connector*>(other));
 }
 
 }  // namespace grpc_core