diff options
author | Hadrien Zalek <hzalek@google.com> | 2020-07-24 12:30:10 -0700 |
---|---|---|
committer | Hadrien Zalek <hzalek@google.com> | 2020-07-24 23:35:41 +0000 |
commit | 9b4675b8aba18f88cdb08004aac053ce16c4968a (patch) | |
tree | 900389d86d6c0d165b93722f60de46164ecc6255 /auth | |
parent | 332041b0592239d4bfe59bfd316f28c02f523570 (diff) | |
parent | 57043233bf5aecce92f0c6629b6ac46d9393ce8c (diff) | |
download | grpc-grpc-java-9b4675b8aba18f88cdb08004aac053ce16c4968a.tar.gz |
Merge tag 'upstream/v1.16.1' into HEAD
Update the Java gRPC implementation source to that of a released version
(v1.16.1) instead of some intermediate commit after v1.15.0.
Test: m grpc-java
Bug: 148404241
Change-Id: I9c072aee054a4aecc1bdf39adf45e9a243b907f5
Diffstat (limited to 'auth')
-rw-r--r-- | auth/src/main/java/io/grpc/auth/GoogleAuthLibraryCallCredentials.java | 21 | ||||
-rw-r--r-- | auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java | 124 |
2 files changed, 71 insertions, 74 deletions
diff --git a/auth/src/main/java/io/grpc/auth/GoogleAuthLibraryCallCredentials.java b/auth/src/main/java/io/grpc/auth/GoogleAuthLibraryCallCredentials.java index c258db1bc..32855e3bd 100644 --- a/auth/src/main/java/io/grpc/auth/GoogleAuthLibraryCallCredentials.java +++ b/auth/src/main/java/io/grpc/auth/GoogleAuthLibraryCallCredentials.java @@ -22,8 +22,7 @@ import com.google.auth.Credentials; import com.google.auth.RequestMetadataCallback; import com.google.common.annotations.VisibleForTesting; import com.google.common.io.BaseEncoding; -import io.grpc.Attributes; -import io.grpc.CallCredentials; +import io.grpc.CallCredentials2; import io.grpc.Metadata; import io.grpc.MethodDescriptor; import io.grpc.SecurityLevel; @@ -47,7 +46,7 @@ import javax.annotation.Nullable; /** * Wraps {@link Credentials} as a {@link CallCredentials}. */ -final class GoogleAuthLibraryCallCredentials implements CallCredentials { +final class GoogleAuthLibraryCallCredentials extends CallCredentials2 { private static final Logger log = Logger.getLogger(GoogleAuthLibraryCallCredentials.class.getName()); private static final JwtHelper jwtHelper @@ -88,15 +87,9 @@ final class GoogleAuthLibraryCallCredentials implements CallCredentials { public void thisUsesUnstableApi() {} @Override - public void applyRequestMetadata(MethodDescriptor<?, ?> method, Attributes attrs, - Executor appExecutor, final MetadataApplier applier) { - SecurityLevel security = attrs.get(ATTR_SECURITY_LEVEL); - if (security == null) { - // Although the API says ATTR_SECURITY_LEVEL is required, no one was really looking at it thus - // there may be transports that got away without setting it. Now we start to check it, it'd - // be less disruptive to tolerate nulls. - security = SecurityLevel.NONE; - } + public void applyRequestMetadata( + RequestInfo info, Executor appExecutor, final MetadataApplier applier) { + SecurityLevel security = info.getSecurityLevel(); if (requirePrivacy && security != SecurityLevel.PRIVACY_AND_INTEGRITY) { applier.fail(Status.UNAUTHENTICATED .withDescription("Credentials require channel with PRIVACY_AND_INTEGRITY security level. " @@ -104,10 +97,10 @@ final class GoogleAuthLibraryCallCredentials implements CallCredentials { return; } - String authority = checkNotNull(attrs.get(ATTR_AUTHORITY), "authority"); + String authority = checkNotNull(info.getAuthority(), "authority"); final URI uri; try { - uri = serviceUri(authority, method); + uri = serviceUri(authority, info.getMethodDescriptor()); } catch (StatusException e) { applier.fail(e.getStatus()); return; diff --git a/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java b/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java index 438dab0ff..d29668313 100644 --- a/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java +++ b/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java @@ -39,8 +39,8 @@ import com.google.common.collect.LinkedListMultimap; import com.google.common.collect.ListMultimap; import com.google.common.collect.Multimaps; import io.grpc.Attributes; -import io.grpc.CallCredentials; -import io.grpc.CallCredentials.MetadataApplier; +import io.grpc.CallCredentials2; +import io.grpc.CallCredentials2.MetadataApplier; import io.grpc.Metadata; import io.grpc.MethodDescriptor; import io.grpc.SecurityLevel; @@ -105,11 +105,8 @@ public class GoogleAuthLibraryCallCredentialsTest { .build(); private URI expectedUri = URI.create("https://testauthority/a.service"); - private final String authority = "testauthority"; - private final Attributes attrs = Attributes.newBuilder() - .set(CallCredentials.ATTR_AUTHORITY, authority) - .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.PRIVACY_AND_INTEGRITY) - .build(); + private static final String AUTHORITY = "testauthority"; + private static final SecurityLevel SECURITY_LEVEL = SecurityLevel.PRIVACY_AND_INTEGRITY; private ArrayList<Runnable> pendingRunnables = new ArrayList<>(); @@ -155,7 +152,7 @@ public class GoogleAuthLibraryCallCredentialsTest { GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials); - callCredentials.applyRequestMetadata(method, attrs, executor, applier); + callCredentials.applyRequestMetadata(new RequestInfoImpl(), executor, applier); verify(credentials).getRequestMetadata(eq(expectedUri)); verify(applier).apply(headersCaptor.capture()); @@ -177,7 +174,7 @@ public class GoogleAuthLibraryCallCredentialsTest { GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials); - callCredentials.applyRequestMetadata(method, attrs, executor, applier); + callCredentials.applyRequestMetadata(new RequestInfoImpl(), executor, applier); verify(credentials).getRequestMetadata(eq(expectedUri)); verify(applier).fail(statusCaptor.capture()); @@ -193,7 +190,7 @@ public class GoogleAuthLibraryCallCredentialsTest { GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials); - callCredentials.applyRequestMetadata(method, attrs, executor, applier); + callCredentials.applyRequestMetadata(new RequestInfoImpl(), executor, applier); verify(credentials).getRequestMetadata(eq(expectedUri)); verify(applier).fail(statusCaptor.capture()); @@ -209,7 +206,7 @@ public class GoogleAuthLibraryCallCredentialsTest { GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials); - callCredentials.applyRequestMetadata(method, attrs, executor, applier); + callCredentials.applyRequestMetadata(new RequestInfoImpl(), executor, applier); verify(credentials).getRequestMetadata(eq(expectedUri)); verify(applier).fail(statusCaptor.capture()); @@ -229,7 +226,7 @@ public class GoogleAuthLibraryCallCredentialsTest { GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials); for (int i = 0; i < 3; i++) { - callCredentials.applyRequestMetadata(method, attrs, executor, applier); + callCredentials.applyRequestMetadata(new RequestInfoImpl(), executor, applier); } verify(credentials, times(3)).getRequestMetadata(eq(expectedUri)); @@ -255,14 +252,11 @@ public class GoogleAuthLibraryCallCredentialsTest { return token; } }; - // Security level should not impact non-GoogleCredentials - Attributes securityNone = attrs.toBuilder() - .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.NONE) - .build(); GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials); - callCredentials.applyRequestMetadata(method, securityNone, executor, applier); + callCredentials.applyRequestMetadata( + new RequestInfoImpl(SecurityLevel.NONE), executor, applier); assertEquals(1, runPendingRunnables()); verify(applier).apply(headersCaptor.capture()); @@ -276,13 +270,11 @@ public class GoogleAuthLibraryCallCredentialsTest { public void googleCredential_privacyAndIntegrityAllowed() { final AccessToken token = new AccessToken("allyourbase", new Date(Long.MAX_VALUE)); final Credentials credentials = GoogleCredentials.create(token); - Attributes privacy = attrs.toBuilder() - .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.PRIVACY_AND_INTEGRITY) - .build(); GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials); - callCredentials.applyRequestMetadata(method, privacy, executor, applier); + callCredentials.applyRequestMetadata( + new RequestInfoImpl(SecurityLevel.PRIVACY_AND_INTEGRITY), executor, applier); runPendingRunnables(); verify(applier).apply(headersCaptor.capture()); @@ -297,33 +289,11 @@ public class GoogleAuthLibraryCallCredentialsTest { final AccessToken token = new AccessToken("allyourbase", new Date(Long.MAX_VALUE)); final Credentials credentials = GoogleCredentials.create(token); // Anything less than PRIVACY_AND_INTEGRITY should fail - Attributes integrity = attrs.toBuilder() - .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.INTEGRITY) - .build(); - - GoogleAuthLibraryCallCredentials callCredentials = - new GoogleAuthLibraryCallCredentials(credentials); - callCredentials.applyRequestMetadata(method, integrity, executor, applier); - runPendingRunnables(); - - verify(applier).fail(statusCaptor.capture()); - Status status = statusCaptor.getValue(); - assertEquals(Status.Code.UNAUTHENTICATED, status.getCode()); - } - - @Test - public void googleCredential_nullSecurityDenied() { - final AccessToken token = new AccessToken("allyourbase", new Date(Long.MAX_VALUE)); - final Credentials credentials = GoogleCredentials.create(token); - // Null should not (for the moment) crash in horrible ways. In the future this could be changed, - // since it technically isn't allowed per the API. - Attributes integrity = attrs.toBuilder() - .set(CallCredentials.ATTR_SECURITY_LEVEL, null) - .build(); GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials); - callCredentials.applyRequestMetadata(method, integrity, executor, applier); + callCredentials.applyRequestMetadata( + new RequestInfoImpl(SecurityLevel.INTEGRITY), executor, applier); runPendingRunnables(); verify(applier).fail(statusCaptor.capture()); @@ -335,20 +305,12 @@ public class GoogleAuthLibraryCallCredentialsTest { public void serviceUri() throws Exception { GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials); - callCredentials.applyRequestMetadata(method, - Attributes.newBuilder() - .setAll(attrs) - .set(CallCredentials.ATTR_AUTHORITY, "example.com:443") - .build(), - executor, applier); + callCredentials.applyRequestMetadata( + new RequestInfoImpl("example.com:443"), executor, applier); verify(credentials).getRequestMetadata(eq(new URI("https://example.com/a.service"))); - callCredentials.applyRequestMetadata(method, - Attributes.newBuilder() - .setAll(attrs) - .set(CallCredentials.ATTR_AUTHORITY, "example.com:123") - .build(), - executor, applier); + callCredentials.applyRequestMetadata( + new RequestInfoImpl("example.com:123"), executor, applier); verify(credentials).getRequestMetadata(eq(new URI("https://example.com:123/a.service"))); } @@ -366,7 +328,7 @@ public class GoogleAuthLibraryCallCredentialsTest { GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials); - callCredentials.applyRequestMetadata(method, attrs, executor, applier); + callCredentials.applyRequestMetadata(new RequestInfoImpl(), executor, applier); assertEquals(0, runPendingRunnables()); verify(applier).apply(headersCaptor.capture()); @@ -393,7 +355,7 @@ public class GoogleAuthLibraryCallCredentialsTest { GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials); - callCredentials.applyRequestMetadata(method, attrs, executor, applier); + callCredentials.applyRequestMetadata(new RequestInfoImpl(), executor, applier); assertEquals(1, runPendingRunnables()); verify(applier).apply(headersCaptor.capture()); @@ -412,7 +374,7 @@ public class GoogleAuthLibraryCallCredentialsTest { assertNull(GoogleAuthLibraryCallCredentials.createJwtHelperOrNull(null)); GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials, null); - callCredentials.applyRequestMetadata(method, attrs, executor, applier); + callCredentials.applyRequestMetadata(new RequestInfoImpl(), executor, applier); verify(credentials).getRequestMetadata(eq(expectedUri)); verify(applier).apply(headersCaptor.capture()); @@ -430,4 +392,46 @@ public class GoogleAuthLibraryCallCredentialsTest { } return savedPendingRunnables.size(); } + + private final class RequestInfoImpl extends CallCredentials2.RequestInfo { + final String authority; + final SecurityLevel securityLevel; + + RequestInfoImpl() { + this(AUTHORITY, SECURITY_LEVEL); + } + + RequestInfoImpl(SecurityLevel securityLevel) { + this(AUTHORITY, securityLevel); + } + + RequestInfoImpl(String authority) { + this(authority, SECURITY_LEVEL); + } + + RequestInfoImpl(String authority, SecurityLevel securityLevel) { + this.authority = authority; + this.securityLevel = securityLevel; + } + + @Override + public MethodDescriptor<?, ?> getMethodDescriptor() { + return method; + } + + @Override + public SecurityLevel getSecurityLevel() { + return securityLevel; + } + + @Override + public String getAuthority() { + return authority; + } + + @Override + public Attributes getTransportAttrs() { + return Attributes.EMPTY; + } + } } |