-
Notifications
You must be signed in to change notification settings - Fork 10.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add missing security field to channelz Socket #25593
Conversation
20fc633
to
44fab06
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 0 of 6 files reviewed, 1 unresolved discussion (waiting on @yashykt)
src/core/ext/transport/chttp2/transport/chttp2_transport.cc, line 366 at r1 (raw file):
} if (channelz_enabled) { auto sec = grpc_core::channelz::SocketNode::Security::GetFromChannelArgs(
is sec used here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 0 of 6 files reviewed, 1 unresolved discussion (waiting on @veblush)
src/core/ext/transport/chttp2/transport/chttp2_transport.cc, line 366 at r1 (raw file):
Previously, veblush (Esun Kim) wrote…
is sec used here?
Removed. Thanks for catching that! Looks like it got left over from testing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for doing this! Just a couple of minor comments.
Reviewed 5 of 6 files at r1, 1 of 1 files at r2.
Reviewable status: all files reviewed, 3 unresolved discussions (waiting on @veblush and @yashykt)
src/core/lib/channel/channelz.cc, line 376 at r2 (raw file):
case ModelType::kOther: if (other) { data["other"] = tls->RenderJson();
Shouldn't this use *other
instead of tls->RenderJson()
?
test/cpp/end2end/channelz_service_test.cc, line 145 at r2 (raw file):
} args->SetSslTargetNameOverride("foo.test.google.fr"); // TODO(yashykt): Switch to using C++ API once b/173823806 is fixed.
Is that bug a problem here? We're not using the custom verification config here, unless I'm missing something.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: all files reviewed, 3 unresolved discussions (waiting on @markdroth and @veblush)
src/core/lib/channel/channelz.cc, line 376 at r2 (raw file):
Previously, markdroth (Mark D. Roth) wrote…
Shouldn't this use
*other
instead oftls->RenderJson()
?
Thanks for catching this. Making this change in #25624
test/cpp/end2end/channelz_service_test.cc, line 145 at r2 (raw file):
Previously, markdroth (Mark D. Roth) wrote…
Is that bug a problem here? We're not using the custom verification config here, unless I'm missing something.
You are right. I just copied over the code from existing tests but this should not be needed here. Making the change in #25624
As per
grpc/src/proto/grpc/channelz/channelz.proto
Line 240 in fcd43e9
Sockets
should expose security information.Currently, we are able to get the remote's peer certificate from
grpc_auth_context
once the security handshake is done, but we don't have any other information. This PR exposes the remote's peer certificates as part of the channelz's Socket information.cc @markdroth @ZhenLian
This change is