alts: add Google Default Channel implementation

[jiangtaoli2016]

experimenting

[ejona86]

A few drive-by comments.

[ejona86]

What's going on here?

[jiangtaoli2016]

It is the same as ALTS channel builder and internal version of channel builder. Is there a problem here to set keepAliveWithoutCalls(true)?

[ejona86]

All three of these settings are inappropriate when using TLS. The keepalive time will cause failures when going through GFE.

[jiangtaoli2016]

I see Can I just delete these 3 lines (lines 77-79)? Or you have better suggestion?

[ejona86]

@jiangtaoli2016, if you don't need them, removing them will work.

[jiangtaoli2016]

Done.

[ejona86]

This needs to be referenced counted. We can't have resources/threads live forever. That'll cause memory leaks in environments with custom ClassLoaders. You can create a SharedResourceHolder.Resource for it.

Many environments are quite temperamental when it comes to creating new threads, so it looks like we'll also want it to be lazily initialized, the first time ALTS is used in this channel.

[jiangtaoli2016]

I've created #4755. Let fix this quarter in a separate PR. It would be fairly easy to unref the channel if nobody is using it. I like to keep the thread open until application closes. Otherwise keep creating/closing thread could also be expensive. Is there concept of fiber (i.e., lightweight thread) in Java?

[ejona86]

I like to keep the thread open until application closes.

No. The threads are actually the primary problem.

Otherwise keep creating/closing thread could also be expensive.

This is what our SharedResourceHolder deals with, to a degree. It waits a second before actually freeing, in case there will be another use soon. In general though, we would expect users to have a long-lived Channel, so there shouldn't be rampant thread creation.

Is there concept of fiber (i.e., lightweight thread) in Java?

Nope. I wish.

[jiangtaoli2016]

Let me take a look at SharedResourceHolder. I may schedule a mtg with you and @carl-mastrangelo. I remember old time ago, @carl-mastrangelo and I thought about SharedResourceHolder, but we did not use it. I don't remember the exact reason.

[jiangtaoli2016]

@ejona86 Code revised with unit tests. Could you please take a look?

[ejona86]

:-/ You squashed the changes all together. Please don't do that next time, as it means I can't see any changes you've made since last time I looked.

[jiangtaoli2016]

Sorry about squashing. In grpc c core PRs, reviewable is often used, thus squashing is not an issue there.

The difference between first version and a few days back is that I added unit tests. I also revised GoogleDefaultProtocolNegotiator.java to add a testing-only constructor.

PTAL. I will squash in the end before merge.

[ejona86]

This requires dependencies on google-http-client and google-http-client-jackson2, transitively. So it will also pull in jackson-core-asl, org.apache.httpcomponents:httpclient, and maybe j2objc-annotations.

[jiangtaoli2016]

Is there a better library to depends on? DefaultChannel needs to call GoogleCredentials.getApplicationDefault().

[ejona86]

To my knowledge... no.

[jiangtaoli2016]

Shall we add a comment on ALTS that alts artifact will depend on all these?

[ejona86]

No, it would just be a dependency in the BUILD.bzl file. Note that if we were doing this "right" we would have a third_party/ directory that would pull in the maven_jar and include all the proper dependencies.

[jiangtaoli2016]

Ack. Thanks for clarification.

[ejona86]

Is this version necessary/helpful? It seems just a target string would be more than enough. People wouldn't need to pass in ipv6 addresses here, nor would it even be common to specify a port.

[jiangtaoli2016]

Okay, let remove this forAddress()

[jiangtaoli2016]

Oops, if I remove this forAddress(), tests will fail on https://github.com/grpc/grpc-java/blob/master/interop-testing/src/test/java/io/grpc/ChannelAndServerBuilderTest.java#L91, because GoogleDefaultChannelBuilder extends ForwardingChannelBuilder and it supposes to define forAddress().

[ejona86]

Oh, that's right, ManagedChannelBuilder.forAddress exists. Yeah, we will want this function to exist here.

[ejona86]

I'd prefer this to be called in the constructor, to avoid mutating the builder during build().

[jiangtaoli2016]

done.

[ejona86]

Why isn't this an interceptor? It could be added to the underlying channel with delegate().intercept() (probably from the builder's constructor).

[jiangtaoli2016]

Is there benefit to use interceptor here?

[ejona86]

You would only implement newCall (actually interceptCall, but it's basically the same thing). All the other methods aren't necessary.

[ejona86]

This is a pretty common exception. I'm not wild about hiding it behind a RuntimeException. Options:

1. Throw from forTarget()
2. Throw from build()
3. If it throws, package that up into a CallCredentials or an Interceptor to fail calls on this Channel.

Maybe there's some other options.

[jiangtaoli2016]

We can throw IOException from build(). But we need to declare build() can throws IOException in ManagedChannelBuilder and ForwardingChannelBuilder. Revise.

[ejona86]

But we need to declare build() can throws IOException in ManagedChannelBuilder and ForwardingChannelBuilder.

Oh, yeah, we would need to change those. Changing those would break API though. That means (2) is not possible.

[ejona86]

Is this the argument that's being used cross-language?

[jiangtaoli2016]

This naming of "custom_credentials_type" come from grpc c core. Although I don't like this argument name, it is better to keep it so that interop tests can work in the future.

[jiangtaoli2016]

@ejona86 code revised. PTAL

[ejona86]

As I said before, this change is not backward compatible and thus not acceptable. Please revert, along with all the other exception handling you added elsewhere to make this possible. One of the other options is still possible, but we can't add new exceptions to pre-existing stable methods.

[jiangtaoli2016]

This is reason I throw RuntimeException in the first place. We cannot throw at forTarget(), at build(). We cannot throw at ClientInterceptor.

It looks throwing RumtimeException is the best option, IMO.

[ejona86]

Why can't we throw in forTarget()? While the ClientInterceptor can't throw, it can fail the RPC.

[jiangtaoli2016]

In ALTS, we check and fail (throws runtime exception) when we detect app is not running on GCP. Similarly, when a user tries to use GoogleDefaultChannel and if it does not run on GCP and he/she does not provide google credentials, we shall fail early (e.g., through runtime exception) rather than waiting SSL handshake succeed and then fail during rpc call (e.g., through per call interceptor). What do you think @ejona86 ?

[ejona86]

In ALTS, we check and fail (throws runtime exception) when we detect app is not running on GCP.

That sounds wrong. Can you point me to that code?

Similarly, when a user tries to use GoogleDefaultChannel and if it does not run on GCP and he/she does not provide google credentials, we shall fail early (e.g., through runtime exception)

I don't much problem with failing early. I have a problem with using a RuntimeException for a common case that the user should really handle.

[jiangtaoli2016]

Code revised. If we fail to at getApplicationDefault(), instead of throws exception, we fail at each RPC call. @ejona86 If you are happy with the change, I can do similar trick on ALTS in the next PR.

[ejona86]

As a general rule, log an error or propagate the error, but not both. Remove this log statement.

[jiangtaoli2016]

Got it! log statement removed.

[ejona86]

Don't throw away the exception. Instead, pass it via withCause(e). At that point you shouldn't include e.getMessage() in the description.

[ejona86]

Nit: we don't tend to end in punctuation.

[jiangtaoli2016]

Thanks @ejona86 for review! Let me squash and merge. Two more PRs coming.