• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2022 The gRPC Authors
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package io.grpc.xds;
18 
19 import static com.google.common.base.Preconditions.checkArgument;
20 import static com.google.common.base.Preconditions.checkNotNull;
21 
22 import com.google.common.annotations.VisibleForTesting;
23 import com.google.common.collect.ImmutableMap;
24 import io.grpc.InternalServiceProviders;
25 import java.util.ArrayList;
26 import java.util.Collections;
27 import java.util.HashMap;
28 import java.util.LinkedHashSet;
29 import java.util.List;
30 import java.util.Map;
31 import java.util.logging.Level;
32 import java.util.logging.Logger;
33 import javax.annotation.Nullable;
34 import javax.annotation.concurrent.GuardedBy;
35 import javax.annotation.concurrent.ThreadSafe;
36 
37 /**
38  * Registry of {@link XdsCredentialsProvider}s. The {@link #getDefaultRegistry default
39  * instance} loads providers at runtime through the Java service provider mechanism.
40  */
41 @ThreadSafe
42 final class XdsCredentialsRegistry {
43   private static final Logger logger = Logger.getLogger(XdsCredentialsRegistry.class.getName());
44   private static XdsCredentialsRegistry instance;
45 
46   @GuardedBy("this")
47   private final LinkedHashSet<XdsCredentialsProvider> allProviders = new LinkedHashSet<>();
48 
49   /**
50    * Generated from {@code allProviders}. Is mapping from scheme key to the
51    * highest priority {@link XdsCredentialsProvider}.
52    * Is replaced instead of mutating.
53    */
54   @GuardedBy("this")
55   private ImmutableMap<String, XdsCredentialsProvider> effectiveProviders = ImmutableMap.of();
56 
57   /**
58    * Register a provider.
59    *
60    * <p>If the provider's {@link XdsCredentialsProvider#isAvailable isAvailable()}
61    * returns {@code false}, this method will throw {@link IllegalArgumentException}.
62    *
63    * <p>Providers will be used in priority order. In case of ties, providers are used
64    * in registration order.
65    */
register(XdsCredentialsProvider provider)66   public synchronized void register(XdsCredentialsProvider provider) {
67     addProvider(provider);
68     refreshProviders();
69   }
70 
addProvider(XdsCredentialsProvider provider)71   private synchronized void addProvider(XdsCredentialsProvider provider) {
72     checkArgument(provider.isAvailable(), "isAvailable() returned false");
73     allProviders.add(provider);
74   }
75 
76   /**
77    * Deregisters a provider. No-op if the provider is not in the registry.
78    *
79    * @param provider the provider that was added to the register via
80    *                 {@link #register}.
81    */
deregister(XdsCredentialsProvider provider)82   public synchronized void deregister(XdsCredentialsProvider provider) {
83     allProviders.remove(provider);
84     refreshProviders();
85   }
86 
refreshProviders()87   private synchronized void refreshProviders() {
88     Map<String, XdsCredentialsProvider> refreshedProviders = new HashMap<>();
89     int maxPriority = Integer.MIN_VALUE;
90     // We prefer first-registered providers.
91     for (XdsCredentialsProvider provider : allProviders) {
92       String credsName = provider.getName();
93       XdsCredentialsProvider existing = refreshedProviders.get(credsName);
94       if (existing == null || existing.priority() < provider.priority()) {
95         refreshedProviders.put(credsName, provider);
96       }
97       if (maxPriority < provider.priority()) {
98         maxPriority = provider.priority();
99       }
100     }
101     effectiveProviders = ImmutableMap.copyOf(refreshedProviders);
102   }
103 
104   /**
105    * Returns the default registry that loads providers via the Java service loader
106    * mechanism.
107    */
getDefaultRegistry()108   public static synchronized XdsCredentialsRegistry getDefaultRegistry() {
109     if (instance == null) {
110       List<XdsCredentialsProvider> providerList = InternalServiceProviders.loadAll(
111               XdsCredentialsProvider.class,
112               getHardCodedClasses(),
113               XdsCredentialsProvider.class.getClassLoader(),
114               new XdsCredentialsProviderPriorityAccessor());
115       if (providerList.isEmpty()) {
116         logger.warning("No XdsCredsRegistry found via ServiceLoader, including for GoogleDefault, "
117             + "TLS and Insecure. This is probably due to a broken build.");
118       }
119       instance = new XdsCredentialsRegistry();
120       for (XdsCredentialsProvider provider : providerList) {
121         logger.fine("Service loader found " + provider);
122         if (provider.isAvailable()) {
123           instance.addProvider(provider);
124         }
125       }
126       instance.refreshProviders();
127     }
128     return instance;
129   }
130 
131   /**
132    * Returns effective providers map from scheme to the highest priority
133    * XdsCredsProvider of that scheme.
134    */
135   @VisibleForTesting
providers()136   synchronized Map<String, XdsCredentialsProvider> providers() {
137     return effectiveProviders;
138   }
139 
140   /**
141    * Returns the effective provider for the given xds credential name, or {@code null} if no
142    * suitable provider can be found.
143    * Each provider declares its name via {@link XdsCredentialsProvider#getName}.
144    */
145   @Nullable
getProvider(String name)146   public synchronized XdsCredentialsProvider getProvider(String name) {
147     return effectiveProviders.get(checkNotNull(name, "name"));
148   }
149 
150   @VisibleForTesting
getHardCodedClasses()151   static List<Class<?>> getHardCodedClasses() {
152     // Class.forName(String) is used to remove the need for ProGuard configuration. Note that
153     // ProGuard does not detect usages of Class.forName(String, boolean, ClassLoader):
154     // https://sourceforge.net/p/proguard/bugs/418/
155     ArrayList<Class<?>> list = new ArrayList<>();
156     try {
157       list.add(Class.forName("io.grpc.xds.internal.GoogleDefaultXdsCredentialsProvider"));
158     } catch (ClassNotFoundException e) {
159       logger.log(Level.WARNING, "Unable to find GoogleDefaultXdsCredentialsProvider", e);
160     }
161 
162     try {
163       list.add(Class.forName("io.grpc.xds.internal.InsecureXdsCredentialsProvider"));
164     }  catch (ClassNotFoundException e) {
165       logger.log(Level.WARNING, "Unable to find InsecureXdsCredentialsProvider", e);
166     }
167 
168     try {
169       list.add(Class.forName("io.grpc.xds.internal.TlsXdsCredentialsProvider"));
170     } catch (ClassNotFoundException e) {
171       logger.log(Level.WARNING, "Unable to find TlsXdsCredentialsProvider", e);
172     }
173 
174     return Collections.unmodifiableList(list);
175   }
176 
177   private static final class XdsCredentialsProviderPriorityAccessor
178           implements InternalServiceProviders.PriorityAccessor<XdsCredentialsProvider> {
179     @Override
isAvailable(XdsCredentialsProvider provider)180     public boolean isAvailable(XdsCredentialsProvider provider) {
181       return provider.isAvailable();
182     }
183 
184     @Override
getPriority(XdsCredentialsProvider provider)185     public int getPriority(XdsCredentialsProvider provider) {
186       return provider.priority();
187     }
188   }
189 }
190