Upgrade to 0.7.1

Test: build, TH Change-Id: I3cb2c39b931e2b5c5b1a0bf775c6185c0e521da8
author: Jeff Vander Stoep <jeffv@google.com> 2020-11-19 19:03:52 +0100
committer: Jeff Vander Stoep <jeffv@google.com> 2020-11-23 12:00:30 +0100
commit: 08902cf05eddf53e0ba8ccd8a4b12d615d3445e3 (patch)
tree: 780528631811bd11e8ff44b3c485e8ee2b1972f9 /grpc/src/core/lib/security/credentials/google_default/google_default_credentials.cc
parent: 98a8525e013e1356d5914fbf7a20a142bdc96f7b (diff)
download: grpcio-sys-08902cf05eddf53e0ba8ccd8a4b12d615d3445e3.tar.gz
1 files changed, 67 insertions, 51 deletions
diff --git a/grpc/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/grpc/src/core/lib/security/credentials/google_default/google_default_credentials.cc
index 58e550ed..9162bad4 100644
--- a/grpc/src/core/lib/security/credentials/google_default/google_default_credentials.cc
+++ b/grpc/src/core/lib/security/credentials/google_default/google_default_credentials.cc
@@ -49,6 +49,8 @@ using grpc_core::Json;
 /* -- Constants. -- */
 
 #define GRPC_COMPUTE_ENGINE_DETECTION_HOST "metadata.google.internal."
+#define GRPC_GOOGLE_CREDENTIAL_CREATION_ERROR \
+  "Failed to create Google credentials"
 
 /* -- Default credentials. -- */
 
@@ -57,7 +59,6 @@ using grpc_core::Json;
  * means the detection is done via network test that is unreliable and the
  * unreliable result should not be referred by successive calls. */
 static int g_metadata_server_available = 0;
-static int g_is_on_gce = 0;
 static gpr_mu g_state_mu;
 /* Protect a metadata_server_detector instance that can be modified by more than
  * one gRPC threads */
@@ -68,13 +69,12 @@ static grpc_core::internal::grpc_gce_tenancy_checker g_gce_tenancy_checker =
 
 static void init_default_credentials(void) { gpr_mu_init(&g_state_mu); }
 
-typedef struct {
+struct metadata_server_detector {
   grpc_polling_entity pollent;
   int is_done;
   int success;
   grpc_http_response response;
-} metadata_server_detector;
-
+};
 grpc_core::RefCountedPtr<grpc_channel_security_connector>
 grpc_google_default_channel_credentials::create_security_connector(
     grpc_core::RefCountedPtr<grpc_call_credentials> call_creds,
@@ -90,7 +90,7 @@ grpc_google_default_channel_credentials::create_security_connector(
   bool use_alts =
       is_grpclb_load_balancer || is_backend_from_grpclb_load_balancer;
   /* Return failure if ALTS is selected but not running on GCE. */
-  if (use_alts && !g_is_on_gce) {
+  if (use_alts && alts_creds_ == nullptr) {
     gpr_log(GPR_ERROR, "ALTS is selected, but not running on GCE.");
     return nullptr;
   }
@@ -217,24 +217,21 @@ static int is_metadata_server_reachable() {
 
 /* Takes ownership of creds_path if not NULL. */
 static grpc_error* create_default_creds_from_path(
-    char* creds_path, grpc_core::RefCountedPtr<grpc_call_credentials>* creds) {
+    const std::string& creds_path,
+    grpc_core::RefCountedPtr<grpc_call_credentials>* creds) {
   grpc_auth_json_key key;
   grpc_auth_refresh_token token;
   grpc_core::RefCountedPtr<grpc_call_credentials> result;
   grpc_slice creds_data = grpc_empty_slice();
   grpc_error* error = GRPC_ERROR_NONE;
   Json json;
-  grpc_core::StringView str;
-  if (creds_path == nullptr) {
+  if (creds_path.empty()) {
     error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("creds_path unset");
     goto end;
   }
-  error = grpc_load_file(creds_path, 0, &creds_data);
+  error = grpc_load_file(creds_path.c_str(), 0, &creds_data);
   if (error != GRPC_ERROR_NONE) goto end;
-  str = grpc_core::StringView(
-      reinterpret_cast<char*>(GRPC_SLICE_START_PTR(creds_data)),
-      GRPC_SLICE_LENGTH(creds_data));
-  json = Json::Parse(str, &error);
+  json = Json::Parse(grpc_core::StringViewFromSlice(creds_data), &error);
   if (error != GRPC_ERROR_NONE) goto end;
   if (json.type() != Json::Type::OBJECT) {
     error = grpc_error_set_str(
@@ -272,42 +269,18 @@ static grpc_error* create_default_creds_from_path(
 
 end:
   GPR_ASSERT((result == nullptr) + (error == GRPC_ERROR_NONE) == 1);
-  if (creds_path != nullptr) gpr_free(creds_path);
   grpc_slice_unref_internal(creds_data);
   *creds = result;
   return error;
 }
 
-grpc_channel_credentials* grpc_google_default_credentials_create() {
-  grpc_channel_credentials* result = nullptr;
-  grpc_core::RefCountedPtr<grpc_call_credentials> call_creds;
-  grpc_error* error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
-      "Failed to create Google credentials");
-  grpc_error* err;
-  grpc_core::ExecCtx exec_ctx;
-
-  GRPC_API_TRACE("grpc_google_default_credentials_create(void)", 0, ());
-
+static void update_tenancy() {
   gpr_once_init(&g_once, init_default_credentials);
-
-  /* First, try the environment variable. */
-  err = create_default_creds_from_path(
-      gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR), &call_creds);
-  if (err == GRPC_ERROR_NONE) goto end;
-  error = grpc_error_add_child(error, err);
-
-  /* Then the well-known file. */
-  err = create_default_creds_from_path(
-      grpc_get_well_known_google_credentials_file_path(), &call_creds);
-  if (err == GRPC_ERROR_NONE) goto end;
-  error = grpc_error_add_child(error, err);
-
-  gpr_mu_lock(&g_state_mu);
+  grpc_core::MutexLock lock(&g_state_mu);
 
   /* Try a platform-provided hint for GCE. */
   if (!g_metadata_server_available) {
-    g_is_on_gce = g_gce_tenancy_checker();
-    g_metadata_server_available = g_is_on_gce;
+    g_metadata_server_available = g_gce_tenancy_checker();
   }
   /* TODO: Add a platform-provided hint for GAE. */
 
@@ -315,19 +288,64 @@ grpc_channel_credentials* grpc_google_default_credentials_create() {
   if (!g_metadata_server_available) {
     g_metadata_server_available = is_metadata_server_reachable();
   }
-  gpr_mu_unlock(&g_state_mu);
+}
+
+static bool metadata_server_available() {
+  grpc_core::MutexLock lock(&g_state_mu);
+  return static_cast<bool>(g_metadata_server_available);
+}
 
-  if (g_metadata_server_available) {
+static grpc_core::RefCountedPtr<grpc_call_credentials> make_default_call_creds(
+    grpc_error** error) {
+  grpc_core::RefCountedPtr<grpc_call_credentials> call_creds;
+  grpc_error* err;
+
+  /* First, try the environment variable. */
+  char* path_from_env = gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR);
+  if (path_from_env != nullptr) {
+    err = create_default_creds_from_path(path_from_env, &call_creds);
+    gpr_free(path_from_env);
+    if (err == GRPC_ERROR_NONE) return call_creds;
+    *error = grpc_error_add_child(*error, err);
+  }
+
+  /* Then the well-known file. */
+  err = create_default_creds_from_path(
+      grpc_get_well_known_google_credentials_file_path(), &call_creds);
+  if (err == GRPC_ERROR_NONE) return call_creds;
+  *error = grpc_error_add_child(*error, err);
+
+  update_tenancy();
+
+  if (metadata_server_available()) {
     call_creds = grpc_core::RefCountedPtr<grpc_call_credentials>(
         grpc_google_compute_engine_credentials_create(nullptr));
     if (call_creds == nullptr) {
-      error = grpc_error_add_child(
-          error, GRPC_ERROR_CREATE_FROM_STATIC_STRING(
-                     "Failed to get credentials from network"));
+      *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+          GRPC_GOOGLE_CREDENTIAL_CREATION_ERROR);
+      *error = grpc_error_add_child(
+          *error, GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+                      "Failed to get credentials from network"));
     }
   }
 
-end:
+  return call_creds;
+}
+
+grpc_channel_credentials* grpc_google_default_credentials_create(
+    grpc_call_credentials* call_credentials) {
+  grpc_channel_credentials* result = nullptr;
+  grpc_core::RefCountedPtr<grpc_call_credentials> call_creds(call_credentials);
+  grpc_error* error = nullptr;
+  grpc_core::ExecCtx exec_ctx;
+
+  GRPC_API_TRACE("grpc_google_default_credentials_create(%p)", 1,
+                 (call_credentials));
+
+  if (call_creds == nullptr) {
+    call_creds = make_default_call_creds(&error);
+  }
+
   if (call_creds != nullptr) {
     /* Create google default credentials. */
     grpc_channel_credentials* ssl_creds =
@@ -340,10 +358,8 @@ end:
     grpc_alts_credentials_options_destroy(options);
     auto creds =
         grpc_core::MakeRefCounted<grpc_google_default_channel_credentials>(
-            alts_creds != nullptr ? alts_creds->Ref() : nullptr,
-            ssl_creds != nullptr ? ssl_creds->Ref() : nullptr);
-    if (ssl_creds) ssl_creds->Unref();
-    if (alts_creds) alts_creds->Unref();
+            grpc_core::RefCountedPtr<grpc_channel_credentials>(alts_creds),
+            grpc_core::RefCountedPtr<grpc_channel_credentials>(ssl_creds));
     result = grpc_composite_channel_credentials_create(
         creds.get(), call_creds.get(), nullptr);
     GPR_ASSERT(result != nullptr);
@@ -377,7 +393,7 @@ void grpc_flush_cached_google_default_credentials(void) {
 
 static grpc_well_known_credentials_path_getter creds_path_getter = nullptr;
 
-char* grpc_get_well_known_google_credentials_file_path(void) {
+std::string grpc_get_well_known_google_credentials_file_path(void) {
   if (creds_path_getter != nullptr) return creds_path_getter();
   return grpc_get_well_known_google_credentials_file_path_impl();
 }
author	Jeff Vander Stoep <jeffv@google.com>	2020-11-19 19:03:52 +0100
committer	Jeff Vander Stoep <jeffv@google.com>	2020-11-23 12:00:30 +0100
commit	08902cf05eddf53e0ba8ccd8a4b12d615d3445e3 (patch)
tree	780528631811bd11e8ff44b3c485e8ee2b1972f9 /grpc/src/core/lib/security/credentials/google_default/google_default_credentials.cc
parent	98a8525e013e1356d5914fbf7a20a142bdc96f7b (diff)
download	grpcio-sys-08902cf05eddf53e0ba8ccd8a4b12d615d3445e3.tar.gz