New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
s2a: Add gRPC S2A #11113
base: master
Are you sure you want to change the base?
s2a: Add gRPC S2A #11113
Conversation
e83fee8
to
1991e37
Compare
Thanks @rmehta19. Can you PTAL at the test failures? |
604f9a0
to
3c867c9
Compare
@matthewstevenson88, I made 2 changes and it looks like 2/3 linux runs are passing. tests(11) is failing with an error in code that was not affected by this PR, so I don't think that failure is related. The changes:
|
@@ -0,0 +1,79 @@ | |||
// Copyright 2022 Google LLC |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to confirm, this proto will be removed from this PR once the other PR is merged?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe we will maintain a copy of the protos in this directory. IIUC, there is an automated process that syncs protos in grpc-proto to protos here. Context: grpc/grpc-proto#12
E.g. ALTS protos are maintained here: alts/src/main/proto/grpc/gcp
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense, thanks for clarifying!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You'll want to add s2a
to the list of modules we copy protos for:
grpc-java/buildscripts/sync-protos.sh
Line 11 in 06df25b
for project in alts grpclb services rls interop-testing; do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
b7b51bc
to
73cc37a
Compare
Done -- thank you for the review @matthewstevenson88! |
s2a/src/main/java/io/grpc/s2a/handshaker/ConnectionIsClosedException.java
Outdated
Show resolved
Hide resolved
s2a/src/main/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenFetcher.java
Outdated
Show resolved
Hide resolved
@BeforeClass | ||
public static void setUpClass() { | ||
// Set the token that the client will use to authenticate to the S2A. | ||
JCommander.newBuilder().addObject(FLAGS).build().parse(SET_TOKEN); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're using jcommander to just set a static field. This is many more steps than just having a package-private field/setter. Let's not add a dependency on jcommander.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done: refactored and removed the JCommander dependency.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To make sure I understand, s2a is the public API, and s2a/channel and s2a/handshaker are internal APIs. Are those internal APIs to be used anywhere, even within Google?
* Configures gRPC to use S2A for transport security when establishing a secure channel. Only for | ||
* use on the client side of a gRPC connection. | ||
*/ | ||
@NotThreadSafe |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Credentials must be thread-safe. Should this be on the Builder instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the Builder is the one that's not thread safe -- done.
@@ -0,0 +1,79 @@ | |||
// Copyright 2022 Google LLC |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You'll want to add s2a
to the list of modules we copy protos for:
grpc-java/buildscripts/sync-protos.sh
Line 11 in 06df25b
for project in alts grpclb services rls interop-testing; do |
Correct s2a is the public api, s2a/handshaker and s2a/channel are internal APIs to only be used within the s2a package. |
d52ee0c
to
38f72be
Compare
s2a/src/test/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java
Show resolved
Hide resolved
s2a/src/test/java/io/grpc/s2a/handshaker/tokenmanager/SingleTokenAccessTokenManagerTest.java
Show resolved
Hide resolved
import java.util.logging.Logger; | ||
|
||
/** A fake S2Av2 server that should be used for testing only. */ | ||
public final class FakeS2AServer extends S2AServiceGrpc.S2AServiceImplBase { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For Fake classes - I saw that gRPC java uses mockito quite extensively. Suggesting checking with Eric if this 'fake' style is ok or needs to be migrated to mocks
Add S2A Java client to gRPC Java.
Context: https://github.com/google/s2a-go/blob/main/README.md