Age | Commit message (Collapse) | Author |
|
|
|
The gRPC documentation recommends that most users use the Netty Shaded
library for Transport Layer Security (TLS) on non-Android platforms. The
library prepackages netty-tcnative on BoringSSL which makes it easier to
use.
Note that this change essentially restores the module which was deleted
in a previous commit. This new binary is imported for the same version
that the source is currently at and does not cause any runtime issues.
Test: m grpc-java-netty-shaded
Bug: 148404241
Change-Id: I7ae611add53627d2c00beeeac829fa31069d5594
|
|
Remove the build module for the shaded library which causes issues at
runtime due to missing symbols. This happens because the jar is prebuilt
from an older version of gRPC and is no longer compatible with the
current source.
Additionally, the grpc-java module should not statically link against a
specific transport jar that contains service providers. Doing so forces
an automatically-loaded implementation on users.
Test: m grpc-java
Bug: 148404241
Change-Id: I77589c05756b55146648d726ea6e235f1887ac38
|
|
Test: make grpc-java
Bug: None
Change-Id: Ibf9d369637f8cd780c42936c11b4bd67541f1a93
|
|
|
|
This is the first step of smoothly changing the CallCredentials API.
Security level and authority are parameters required to be passed to
applyRequestMetadata(). This change wraps them, along with
MethodDescriptor and the transport attributes to RequestInfo, which is
more clear to the implementers.
ATTR_SECURITY_LEVEL is moved to the internal GrpcAttributes and
annotated as TransportAttr, because transports are required to set it,
but no user is actually reading them from
{Client,Server}Call.getAttributes().
ATTR_AUTHORITY is removed, because no transport is overriding it.
All involved interfaces are changed to abstract classes, as this will
make further API changes smoother.
The CallCredentials name is stabilized, thus we first introduce
CallCredentials2, ask CallCredentials implementations to migrate to
it, while GRPC accepting both at the same time, then replace
CallCredentials with CallCredentials2.
|
|
|
|
Resolves #4135
|
|
This notifies the negotiator when it will no longer be used, allowing it
to clean up any resources.
|
|
Now there is a clear lifetime of ProtocolNegotiator.
|
|
This will be the replacement for TransportCreationParamsFilterFactory
and matches somewhat what used to be done and what is done on
server-side.
|
|
|
|
This simplifies the construction paradigm and leads to the eventual
removal of TransportCreationParamsFilterFactory. The eventual end goal
is to be able to shut down ProtocolNegotiators as is necessary for ALTS.
The only reason the initialization was delayed was for 'authority', so
we now plumb the authority through GrpcHttp2ConnectionHandler.
|
|
|
|
It appears to be stable now. Ran for 1000s of times. I do see some
general flakiness in TransportTest, but it applies to the tests in
general and isn't specific to this one test. It is:
```
org.mockito.exceptions.verification.WantedButNotInvoked:
Wanted but not invoked:
listener.transportReady();
-> at io.grpc.internal.testing.AbstractTransportTest.startTransport(AbstractTransportTest.java:1815)
Actually, there were zero interactions with this mock.
```
This flake is not seen often because it occurs less frequently when
running all the tests (~.1% vs 1%). One of the early tests must warm
something up to make it less likely.
|
|
This is a safer way to hide the classes, because they will not appear
in public targets for some build configurations.
|
|
This is an API used to coordinate across packages and must live in
`io.grpc`.
Prepending `Internal` makes it easier to detect and hide this class
from public visibility when using certain build tools.
fixes #4796
|
|
There's no good way to provide users of ALTS a choice between grpc-netty
and grpc-netty-shaded. Since Netty is not exposed through the ALTS API
surface, we opt for the shaded version as it has fewer deployment
issues. However, this also means that we _can't_ expose any Netty API,
like EventLoopGroup.
|
|
This is needed internally for building netty transports outside of a channel.
|
|
|
|
Passing a promise to WriteQueue was only misused to add a listener on
the promise before issuing the write. Although in this case the listener
ordering will be "random" because listeners are being added from two
different threads, in general we always want to add a listener after the
write returns to let any lower-level listeners be registered first.
Future work can resolve the "random" listener order by passing the
listener to the WriteQueue and adding the listener from the event loop.
|
|
This avoids warnings of Gradle 5 deprecation.
|
|
Enable testing on Java 9+ in TlsTest, to prevent future regressions.
Fixes #4620
|
|
This lets the NameResolver/LB coordinate with the negotiator, like is
necessary with ALTS on GCP.
|
|
Most of the changes are changing the signature of newClientTransport.
Since this is annoying, I choose to introduce a ClientTransportOptions
object to avoid the churn in the future.
With ClientTransportOptions in place, there's only a few lines necessary
of plumbing for the Attributes: add the field to ClientTransportOptions
and populate it in InternalSubchannel. There are no consumers of the
field in this commit.
|
|
Unused variables in tests were deleted. The unused variable in Netty
was a future that needed completing; that was a bug.
|
|
A new RPC starts with the following steps:
1. Pick a READY transport
2. the READY transport calls `transport.newStream()`
3. the new stream calls `stream.start()`
4. `stream.start()` invokes or enqueus `writeHeaders()` (or for GET request, noop)
A racy GOAWAY could happen between 3 and 4, and by the retry spec, the RPC should be transparent-retry-able in this case. For Netty and OkHttp transport implementation, before step 4, (even if step 1, 2, and 3 excluding 4 are made atomic,) the http2-stream for the RPC is not created, so the current transparent retry logic does not apply and need fix.
Of course, if step 1, 2, and 3 including 4 are made atomic, and not with GET, there will be no such problem.
|
|
This PR adds an automatic gradle format checker and reformats all the *.gradle files. After this, new changes to *.gradle files will fail to build if not in good format, just like checkStyle failure.
|
|
Previously no transport provided the key so CallCredentials would always
see the security as NONE.
|
|
|
|
This is the same practice as #2833
|
|
This fixes the warning:
`Tag @link: reference not found: Channelz.Security`
Javadoc `@link` is simplistic in its processing of '.' and thinks if a
dot exists it means it is part of the package name. You're forced to use
the full name of nested classes.
|
|
By adding inner class annotations without introducing external dependencies.
|
|
Use MoreObjects.toStringHelper and use only the log id's long value,
because the class name is already present in the toStringHelper.
|
|
|
|
API (#4399)
On server side, `maxMessageSize` is deprecated for
`maxInboundMessageSize` to match the channel builder.
Update usages to use new setter.
|
|
Pull the TLS info from the SSLSession object for TLS, and AltsContext for ALTS.
|
|
Previous version is not actually extendable from other packages.
|
|
|
|
Delegate the actual heavy lifting to a helper class that can be easily swapped
at runtime.
|
|
Allow ServerBuilder to read certs from InputStream, not just from a
File.
|
|
NettySocketSupport is responsible for making the low level calls to
get and populate the TcpInfo structure.
|
|
Move registration to separate future and wait for it.
|
|
Fix linter complaint because comment does not match arg name.
|
|
The peer socket is read from TRANSPORT_ATTR_REMOTE_ADDR from the
stream attributes. We only log the peer on receive initial metadata.
The call id assumes census is available. The call ID read from the
context via SERVER_CALL_ID_CONTEXT_KEY on server side, and read from
CallOptions via CLIENT_CALL_ID_CALLOPTION_KEY on client side. The
value is copied from CONTEXT_SPAN_KEY which is set by census.
Pass around CallId with two longs, not a byte[].
|
|
Server listen sockets differ from normal sockets in that they do not
have a remote address, do not have stats on calls started/failed/etc,
and do not have security info.
|
|
For okhttp, expose the standard options from the Socket object.
For netty, expose all the `io.netty.channel.ChannelOption`s of the
`channel.config()`.
|
|
resolves #3442
|
|
Always set the remote address, no reason why this should be a TLS-only
feature. This is needed for channelz, and is especially useful in unit
tests where we are using plaintext.
This PR adds the attr for plaintext.
|
|
|