xds/bootstrap: add plugin system for credentials specified in bootstrap file #5136
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dfawley
reviewed
Jan 27, 2022
dfawley
reviewed
Jan 31, 2022
dfawley
reviewed
Jan 31, 2022
menghanl
reviewed
Jan 31, 2022
dfawley
changed the title
menghanl
reviewed
Feb 1, 2022
menghanl
approved these changes
Feb 1, 2022
dfawley
reviewed
Feb 1, 2022
|
@anicr7 : Also, please don't mark conversations as resolved. We generally let the original commenter do that when they are satisfied. Thanks. |
registry implementations.
xds/credentials/*.go. Also add the relevant builders in the google creds package.
1. New bootstrap package that users can use. 2. Move insecure creds builder to google/creds. 3. Move registration to google/ and google/insecure.
credential/insecure instead. Don't use google/insecure in bootstrap.go as it leads to cyclic dependencies.
…undle() to return new transport credentials again
…e fails due to JSON parsing
anicr7
force-pushed
the
credentials_plugin_xds
branch
from
942161d
to
1fa6ba1
Compare
easwars
reviewed
Feb 1, 2022
credentials/insecure/insecure.go
Outdated
| } | ||
|
|
||
| // NewWithMode returns a new insecure Bundle. The mode is ignored. | ||
| func (insecureBundle) NewWithMode(_ string) (credentials.Bundle, error) { |
There was a problem hiding this comment.
Nit: since this method takes no other parameters, you could skip the _.
| // JSON config. | ||
| type insecureCredsBuilder struct{} | ||
|
|
||
| func (i *insecureCredsBuilder) Build(_ json.RawMessage) (credentials.Bundle, error) { |
There was a problem hiding this comment.
Same here and in other places. The _ can be skipped since it is the only parameter to the method.
easwars
approved these changes
Feb 1, 2022
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently the credentials used for communication with the xDS management
server is restricted to "google_default" and "insecure". There is no way
for users to inject custom credentials, even though the bootstrap can be
used to pass in different values.
This PR adds support for a new credentials package which can be used to
register supported credentials along with a name that can be recognized
by the bootstrap.
The xDS credential package also registers the currently supported
"google_default" and "insecure" options to maintain the status quo. To keep the
interface of the xDS Credentials builder clean, the insecure credentials now
satisfies the gRPC credentials bundle interface.
RELEASE NOTES: