support dual credentials in google_default_credentials#39770
support dual credentials in google_default_credentials#39770anniefrchz wants to merge 23 commits intogrpc:masterfrom
Conversation
anniefrchz
added
the
release notes: no
grpc-checks
bot
added
bloat/none
per-call-memory/neutral
per-channel-memory/neutral
labels
rockspore
left a comment
rockspore
left a comment
There was a problem hiding this comment.
Thanks a lot for the PR! Mostly LGTM. Left a few minor comments.
| } | ||
|
|
||
| grpc_channel_credentials* | ||
| grpc_google_default_credentials_create_with_dual_call_credentials( |
There was a problem hiding this comment.
We don't need this New API. Instead we can modify the existing grpc_google_default_credentials_create by adding a second argument, which can default to nullptr.
| GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME, | ||
| GRPC_ALTS_TRANSPORT_SECURITY_TYPE); | ||
| tls_creds_ = MakeRefCounted<grpc_md_only_test_credentials>( | ||
| GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME, "tls"); |
There was a problem hiding this comment.
nit: You could use GRPC_TLS_TRANSPORT_SECURITY_TYPE.
| GRPC_ALTS_TRANSPORT_SECURITY_TYPE); | ||
| tls_creds_ = MakeRefCounted<grpc_md_only_test_credentials>( | ||
| GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME, "tls"); | ||
| dual_creds_ = MakeRefCounted<DualCallCredentials>(tls_creds_->Ref(), |
There was a problem hiding this comment.
nit: Could we call the google_default_..._create API to make the coverage slightly more thorough?
include/grpc/credentials.h
Outdated
| grpc_call_credentials* call_credentials); | ||
|
|
||
| GRPCAPI grpc_channel_credentials* | ||
| grpc_google_default_credentials_create_with_dual_call_credentials( |
There was a problem hiding this comment.
We can just modify the API above.
There was a problem hiding this comment.
Becase this is a backwards compatible C API, we cannot use default arguments so we need ot create the second API with 2 arguments regardless.
rockspore
left a comment
rockspore
left a comment
There was a problem hiding this comment.
Thanks! LGTM. Adding @markdroth to take a pass since we touched the grpc_google_default_credentials_create API.
include/grpc/credentials.h
Outdated
| mechanism. | ||
|
|
||
| The caller may specify a secondary alts credentials objects to attach to the | ||
| channel for ALTS connections. Whenever the channel connection require them, |
There was a problem hiding this comment.
Probably more accurate to say: if an alts credentials object is specified, it will be used if the underlying channel type is alts.
|
Please fix the following failure: from the failings tests, e.g. https://source.cloud.google.com/results/invocations/2a220610-2ab8-4a1e-a0e9-0574492772cf |
src/core/credentials/transport/google_default/google_default_credentials.h
Outdated
Show resolved
Hide resolved
rockspore
left a comment
rockspore
left a comment
There was a problem hiding this comment.
Thanks for the refactoring effort! Some minor comments.
src/core/credentials/transport/google_default/google_default_credentials.cc
Outdated
Show resolved
Hide resolved
test/core/credentials/transport/google_default/google_default_call_credentials_test.cc
Show resolved
Hide resolved
markdroth
left a comment
markdroth
left a comment
There was a problem hiding this comment.
This looks much better! Just a few remaining comments, all fairly minor.
src/core/credentials/transport/google_default/google_default_credentials.cc
Outdated
Show resolved
Hide resolved
src/core/credentials/transport/google_default/google_default_credentials.cc
Outdated
Show resolved
Hide resolved
src/core/credentials/transport/google_default/google_default_credentials.cc
Outdated
Show resolved
Hide resolved
Closes grpc#39770 COPYBARA_INTEGRATE_REVIEW=grpc#39770 from anniefrchz:directpath2 35c0f4f PiperOrigin-RevId: 775501652
Closes grpc#39770 COPYBARA_INTEGRATE_REVIEW=grpc#39770 from anniefrchz:directpath2 35c0f4f PiperOrigin-RevId: 775501652
5 participants
No description provided.