s2a: Add gRPC S2A

[rmehta19]

Add S2A Java client to gRPC Java.

Context: https://github.com/google/s2a-go/blob/main/README.md

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: rmehta19 / name: Riya Mehta (739ee23, 44fe552, f94cc10, b35f145, d1f413b, 46691df, f47c560, 72630d8, 42cd3e8, 2dd1c7e, 217a3e4)

[matthewstevenson88]

Thanks @rmehta19. Can you PTAL at the test failures?

[rmehta19]

@matthewstevenson88, I made 2 changes and it looks like 2/3 linux runs are passing. tests(11) is failing with an error in code that was not affected by this PR, so I don't think that failure is related.

The changes:

• The build originally failed because the generated grpc code in this PR did not match the code generated by the codegen plugin. I couldn't easily compile the codegen myself(due to reasons explained in: protoc-gen-grpc-java not available on apple m1 #7690). So instead I used the latest published binary available on https://mvnrepository.com/artifact/io.grpc/protoc-gen-grpc-java (1.63) to generate S2AServiceGrpc.java (Created and used a separate simple maven project just to run the plugin and get grpc gen code). Then I changed line 8 & 9 of S2AServiceGrpc.java to match other generated code in this repo (ex:

  grpc-java/alts/src/generated/main/grpc/io/grpc/alts/internal/HandshakerServiceGrpc.java

  Lines 8 to 9 in fb9a108

  	value = "by gRPC proto compiler",
  	comments = "Source: grpc/gcp/handshaker.proto")

  ). This resolved the errors thrown by

  grpc-java/.github/workflows/testing.yml

  Lines 65 to 66 in 3c867c9

  	- name: Check for modified codegen
  	run: test -z "$(git status --porcelain)" || (git status && echo Error Working directory is not clean. Forget to commit generated files? && false)

• A failure in the tests was caused when IntegrationTest.java is in package io.grpc.s2a: GetAuthenticationMechanismsTest.java fails because the flag is not being set by JCommander (or perhaps it is getting overwritten). When I moved IntegrationTest.java into the same package as GetAuthenticationMechanismsTest.java: io.grpc.s2a.handshaker, this error does not happen.

[matthewstevenson88]

Just to confirm, this proto will be removed from this PR once the other PR is merged?

[rmehta19]

I believe we will maintain a copy of the protos in this directory. IIUC, there is an automated process that syncs protos in grpc-proto to protos here. Context: grpc/grpc-proto#12

E.g. ALTS protos are maintained here: alts/src/main/proto/grpc/gcp

[matthewstevenson88]

Makes sense, thanks for clarifying!

[ejona86]

You'll want to add s2a to the list of modules we copy protos for:

grpc-java/buildscripts/sync-protos.sh

Line 11 in 06df25b

for project in alts grpclb services rls interop-testing; do

[rmehta19]

Done

[matthewstevenson88]

LGTM, thanks @rmehta19! When you have a chance, please remove "draft" to the PR title and can we say a bit more in the CL description including pointing to the S2A-Go README (similar to what we did in the proto PR)?

After that, can we get sign-off from @erm-g and @ejona86?

[rmehta19]

LGTM, thanks @rmehta19! When you have a chance, please remove "draft" to the PR title and can we say a bit more in the CL description including pointing to the S2A-Go README (similar to what we did in the proto PR)?

After that, can we get sign-off from @erm-g and @ejona86?

Done -- thank you for the review @matthewstevenson88!

[ejona86]

You're using jcommander to just set a static field. This is many more steps than just having a package-private field/setter. Let's not add a dependency on jcommander.

[rmehta19]

Done: refactored and removed the JCommander dependency.

[ejona86]

To make sure I understand, s2a is the public API, and s2a/channel and s2a/handshaker are internal APIs. Are those internal APIs to be used anywhere, even within Google?

[ejona86]

Credentials must be thread-safe. Should this be on the Builder instead?

[rmehta19]

Yes, the Builder is the one that's not thread safe -- done.

[ejona86]

You'll want to add s2a to the list of modules we copy protos for:

grpc-java/buildscripts/sync-protos.sh

Line 11 in 06df25b

for project in alts grpclb services rls interop-testing; do

[rmehta19]

To make sure I understand, s2a is the public API, and s2a/channel and s2a/handshaker are internal APIs. Are those internal APIs to be used anywhere, even within Google?

Correct s2a is the public api, s2a/handshaker and s2a/channel are internal APIs to only be used within the s2a package.

cc: @matthewstevenson88

[rmehta19]

Thank you for reviewing @erm-g, @ejona86 ! I have addressed the comments in separate commits. PTAL when you get a chance, and provide any additional feedback.

[erm-g]

For Fake classes - I saw that gRPC java uses mockito quite extensively. Suggesting checking with Eric if this 'fake' style is ok or needs to be migrated to mocks