1 /*
2 *
3 * Copyright 2018 gRPC authors.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 */
18
19 #include <grpc/support/port_platform.h>
20
21 #include "src/core/ext/filters/client_channel/xds/xds_channel.h"
22
23 #include <string.h>
24
25 #include "absl/container/inlined_vector.h"
26
27 #include <grpc/grpc_security.h>
28 #include <grpc/support/alloc.h>
29 #include <grpc/support/string_util.h>
30
31 #include "src/core/ext/filters/client_channel/client_channel.h"
32 #include "src/core/ext/filters/client_channel/server_address.h"
33 #include "src/core/lib/channel/channel_args.h"
34 #include "src/core/lib/gpr/string.h"
35 #include "src/core/lib/iomgr/sockaddr_utils.h"
36 #include "src/core/lib/security/credentials/credentials.h"
37 #include "src/core/lib/security/credentials/fake/fake_credentials.h"
38 #include "src/core/lib/security/transport/target_authority_table.h"
39 #include "src/core/lib/slice/slice_internal.h"
40
41 namespace grpc_core {
42
ModifyXdsChannelArgs(grpc_channel_args * args)43 grpc_channel_args* ModifyXdsChannelArgs(grpc_channel_args* args) {
44 absl::InlinedVector<const char*, 1> args_to_remove;
45 absl::InlinedVector<grpc_arg, 2> args_to_add;
46 // Substitute the channel credentials with a version without call
47 // credentials: the load balancer is not necessarily trusted to handle
48 // bearer token credentials.
49 grpc_channel_credentials* channel_credentials =
50 grpc_channel_credentials_find_in_args(args);
51 RefCountedPtr<grpc_channel_credentials> creds_sans_call_creds;
52 if (channel_credentials != nullptr) {
53 creds_sans_call_creds =
54 channel_credentials->duplicate_without_call_credentials();
55 GPR_ASSERT(creds_sans_call_creds != nullptr);
56 args_to_remove.emplace_back(GRPC_ARG_CHANNEL_CREDENTIALS);
57 args_to_add.emplace_back(
58 grpc_channel_credentials_to_arg(creds_sans_call_creds.get()));
59 }
60 grpc_channel_args* result = grpc_channel_args_copy_and_add_and_remove(
61 args, args_to_remove.data(), args_to_remove.size(), args_to_add.data(),
62 args_to_add.size());
63 // Clean up.
64 grpc_channel_args_destroy(args);
65 return result;
66 }
67
CreateXdsChannel(const XdsBootstrap & bootstrap,const grpc_channel_args & args,grpc_error ** error)68 grpc_channel* CreateXdsChannel(const XdsBootstrap& bootstrap,
69 const grpc_channel_args& args,
70 grpc_error** error) {
71 grpc_channel_credentials* creds = nullptr;
72 RefCountedPtr<grpc_channel_credentials> creds_to_unref;
73 if (!bootstrap.server().channel_creds.empty()) {
74 for (size_t i = 0; i < bootstrap.server().channel_creds.size(); ++i) {
75 if (bootstrap.server().channel_creds[i].type == "google_default") {
76 creds = grpc_google_default_credentials_create();
77 break;
78 } else if (bootstrap.server().channel_creds[i].type == "fake") {
79 creds = grpc_fake_transport_security_credentials_create();
80 break;
81 }
82 }
83 if (creds == nullptr) {
84 *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
85 "no supported credential types found");
86 return nullptr;
87 }
88 creds_to_unref.reset(creds);
89 } else {
90 creds = grpc_channel_credentials_find_in_args(&args);
91 if (creds == nullptr) {
92 // Built with security but parent channel is insecure.
93 return grpc_insecure_channel_create(bootstrap.server().server_uri.c_str(),
94 &args, nullptr);
95 }
96 }
97 const char* arg_to_remove = GRPC_ARG_CHANNEL_CREDENTIALS;
98 grpc_channel_args* new_args =
99 grpc_channel_args_copy_and_remove(&args, &arg_to_remove, 1);
100 grpc_channel* channel = grpc_secure_channel_create(
101 creds, bootstrap.server().server_uri.c_str(), new_args, nullptr);
102 grpc_channel_args_destroy(new_args);
103 return channel;
104 }
105
106 } // namespace grpc_core
107