-
Notifications
You must be signed in to change notification settings - Fork 10.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Eliminate gRPC insecure build #25586
Conversation
@jiangtaoli2016 F.Y.I. |
@yihuazhang what is the motivation for getting rid of the insecure targets? I added myself as a reviewer as I'd like to check that the BUILD / cmake / other build systems changes make sense - please let me know once this is ready for review (and please wait for LGTM from me). |
@yihuazhang can you please also provide a list of the "public" insecure targets that you're planning to remove? |
@jtattermusch This is something we've been wanting to do for a while. For context, see the internal design doc at go/higher-security-for-grpc. |
Thanks @jtattermusch for chiming in and sorry for lacking the context. The doc Mark pointed contains more details about the motivation of this PR. PLMK if you have any questions. Regarding the insecure builds, I think |
Oh I see, I thought you're going to be removing the |
It seems the failed tests are not related to this PR. F.Y.I. @markdroth, the PR is ready for a review. No rush though (I expect you might be busy due to perf). @jtattermusch SG. I will let you know once Mark approved this PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for doing this, Yihua! I've been wanting to see this change for a long time.
Jan, your review will be most welcome. I'm sure you can help us spot anything we might inadvertantly break here.
Please let me know if you have any questions. Thanks!
Reviewed 12 of 27 files at r1, 3 of 17 files at r2, 8 of 8 files at r3, 5 of 8 files at r4.
Reviewable status: all files reviewed, 8 unresolved discussions (waiting on @jtattermusch and @yihuazhang)
BUILD, line 130 at r3 (raw file):
] GRPC_SECURE_PUBLIC_HDRS = [
This list can probably go away now, and grpc_security.h can be added to GRPC_PUBLIC_HDRS
instead.
BUILD, line 134 at r3 (raw file):
] # TODO(ctiller): layer grpc atop grpc_unsecure, layer grpc++ atop grpc++_unsecure
This TODO can go away now.
BUILD, line 300 at r3 (raw file):
grpc_cc_library( name = "grpc_unsecure",
We need to clean up the conditional compilation structure that we currently have for secure vs. insecure builds.
We have the grpc_unsecure
target for insecure builds and the grpc_secure
target for secure builds. The two targets actually build a slightly different set of files. Some specifics:
- The insecure build includes init_unsecure.cc and grpc_unsecure_plugin_registry.cc, whereas the secure build includes init_secure.cc and grpc_plugin_registry.cc.
- Both secure and insecure builds depend on
grpc_transport_chttp2_client_insecure
andgrpc_transport_chttp2_server_insecure
(which definegrpc_insecure_channel_create()
andgrpc_server_add_insecure_http2_port()
), but the secure build additionally depends ongrpc_transport_chttp2_client_secure
andgrpc_transport_chttp2_server_secure
(which definegrpc_server_add_secure_http2_port()
andgrpc_secure_channel_create()
).
I think what we want here is to eliminate the conditional compilation and make the secure target a simple layer on top of the insecure target that adds the dependencies for the credential types (which bring in the SSL library dependency).
Here are some specific changes we should make:
- Move the code from init_secure.cc directly into init.cc, and remove init_secure.cc and init_unsecure.cc. Also remove the relevant declarations in init.h, since those functions can now be static inside of init.cc.
- Move the code from grpc_plugin_registry.cc into init.cc and remove both grpc_plugin_registry.cc and grpc_unsecure_plugin_registry.cc.
- Eliminate
grpc_insecure_channel_create()
andgrpc_server_add_insecure_http2_port()
from the API and renamegrpc_server_add_secure_http2_port()
andgrpc_secure_channel_create()
to justgrpc_server_add_http2_port()
andgrpc_channel_create()
. This will require a gRFC. As part of this, we should probably move their declarations from grpc_security.h to grpc.h. And instead of the code being in src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc and src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc, it should be moved to the existing src/core/ext/transport/chttp2/client/chttp2_connector.cc and src/core/ext/transport/chttp2/server/chttp2_server.cc files.
BUILD, line 1313 at r3 (raw file):
grpc_cc_library( name = "grpc_lb_policy_grpclb",
Here's another case where we have some conditional compilation for insecure builds that needs to be cleaned up.
We currently have two targets for grpclb, one for insecure builds (this one) and another for secure builds (the next one, grpc_lb_policy_grpclb_secure
). The only difference between the two is that the insecure one uses the file grpclb_channel.cc, whereas the secure one uses the file grpclb_channel_secure.cc. Both files provide the interface defined in grpclb_channel.h, but with different implementations for the two different builds. And we have the build dependencies set up such that insecure builds and secure builds depend on the right version of this target.
This difference is no longer needed now that insecure builds are going away. Instead, let's do the following:
- Move the code from grpclb_channel_secure.cc directly into grpclb.cc.
- Remove the files grpclb_channel.h, grpclb_channel.cc, and grpclb_channel_secure.cc.
- Remove the
grpc_lb_policy_grpclb_secure
target. - Remove the
grpc_lb_policy_grpclb_secure
dependency from thegrpc
target, and addgrpc_lb_policy_grpclb
as a dependency ofgrpc_common
. - Change the
grpc_lb_policy_grpclb
target to depend ongrpc_transport_chttp2_client_secure
instead ofgrpc_transport_chttp2_client_insecure
.
BUILD, line 1847 at r3 (raw file):
grpc_cc_library( name = "grpc_secure_base",
Suggest calling this grpc_security_base
.
BUILD, line 1860 at r3 (raw file):
"src/core/lib/security/transport/server_auth_filter.cc", "src/core/lib/security/transport/tsi_error.cc", "src/core/tsi/transport_security.cc",
These TSI files are already present in the tsi
target, and they should not be in more than one build target. I think we still need the tsi
target, because there are internal callers like GFE that depend on TSI without necessarily depending on gRPC, so we can't just remove that target. So we'll need to make this target depend on the tsi
target.
Of course, we can't just depend on the tsi
target as it currently exists, because that would pull in the SSL library dependency that we're trying to eliminate here. To avoid this, I suggest the following:
- Move the "base" TSI files (like src/core/tsi/transport_security.cc) into a new target called
tsi_base
, which can be a dependency of both this target and thetsi
target. - For each credential type, move the TSI files into a new target called
tsi_${type}_credentials
, which can be a dependency of both thetsi
target and the correspondinggrpc_${type}_credentials
target. (For example, a file like src/core/tsi/fake_transport_security.cc would be in a target calledtsi_fake_credentials
, which would be a dependency of both thetsi
target and thegrpc_fake_credentials
target, so thegrpc_fake_credentials
target would not need to directly include that .cc file.)
BUILD, line 1944 at r3 (raw file):
name = "grpc_alts_credentials", srcs = [ "src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c",
These upb files should not be repeated here. Instead, add a dependency on the existing alts_upb
target.
src/core/lib/security/security_connector/security_connector.h, line 45 at r3 (raw file):
#define GRPC_ARG_SECURITY_CONNECTOR "grpc.security_connector" #define GRPC_SSL_URL_SCHEME "https"
This seems like the wrong place for this definition, since there is nothing SSL-specific in this file. I think this should be kept where it was originally, in ssl_utils.h. Was there some reason you needed to move it?
Thanks @markdroth for the detailed feedback, and sorry for the delayed action! Regarding the comments - |
The C-core API is not a public API, and we don't offer a backward-compatibility guarantee for it. We are required to publish a gRFC for C-core API changes, but we are not required to make non-breaking changes. In general, the only callers of the C-core API should be C++ and the wrapped languages, so we are in control of all the call sites. We should be able to update them as part of this PR. If there's some reason that it's hard to update the callers at the same time, I'm not opposed to keeping the old APIs for a short time to ease the transition (e.g., to allow us to spread the changes out across multiple PRs). But I don't want to be left supporting duplicate APIs for a long period of time. Also, note that there are subtle behavioral differences between |
Ah you are right. Now I remember that we do not need to maintain backward compatibility for C-core surface API changes. After we change all wrapped languages to use the new way of creating an insecure channel, I am not sure if it is going to break any of their internal tests that rely on the subtle difference between old and new behaviors you mentioned (e.g., when communicating call credentials on the channel created via the old API, the call credentials will get ignored but RPC still succeeds while RPC will fail when communicating the call credentials over the channel created via the new API). |
We usually have to update these callers as well. But we can deal with that when we're ready to try importing this change.
Yes. We'll need to update any affected tests as part of this PR. |
I apologize for taking so long to address the comments. I finally got time working on it, and it is my top priority now. While working on it, I found the following two issues:
|
The existing
I don't think we can remove this, since there are still use-cases where people want to create a channel from an fd. But since we always assume that the fd is insecure in this case, we can just change the implementation of this function to do the same thing as |
216e7ad
to
709090e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 12 of 40 files reviewed, 8 unresolved discussions (waiting on @jtattermusch and @markdroth)
BUILD, line 130 at r3 (raw file):
Previously, markdroth (Mark D. Roth) wrote…
This list can probably go away now, and grpc_security.h can be added to
GRPC_PUBLIC_HDRS
instead.
Done.
BUILD, line 134 at r3 (raw file):
Previously, markdroth (Mark D. Roth) wrote…
This TODO can go away now.
Done.
BUILD, line 300 at r3 (raw file):
Previously, markdroth (Mark D. Roth) wrote…
We need to clean up the conditional compilation structure that we currently have for secure vs. insecure builds.
We have the
grpc_unsecure
target for insecure builds and thegrpc_secure
target for secure builds. The two targets actually build a slightly different set of files. Some specifics:
- The insecure build includes init_unsecure.cc and grpc_unsecure_plugin_registry.cc, whereas the secure build includes init_secure.cc and grpc_plugin_registry.cc.
- Both secure and insecure builds depend on
grpc_transport_chttp2_client_insecure
andgrpc_transport_chttp2_server_insecure
(which definegrpc_insecure_channel_create()
andgrpc_server_add_insecure_http2_port()
), but the secure build additionally depends ongrpc_transport_chttp2_client_secure
andgrpc_transport_chttp2_server_secure
(which definegrpc_server_add_secure_http2_port()
andgrpc_secure_channel_create()
).I think what we want here is to eliminate the conditional compilation and make the secure target a simple layer on top of the insecure target that adds the dependencies for the credential types (which bring in the SSL library dependency).
Here are some specific changes we should make:
- Move the code from init_secure.cc directly into init.cc, and remove init_secure.cc and init_unsecure.cc. Also remove the relevant declarations in init.h, since those functions can now be static inside of init.cc.
- Move the code from grpc_plugin_registry.cc into init.cc and remove both grpc_plugin_registry.cc and grpc_unsecure_plugin_registry.cc.
- Eliminate
grpc_insecure_channel_create()
andgrpc_server_add_insecure_http2_port()
from the API and renamegrpc_server_add_secure_http2_port()
andgrpc_secure_channel_create()
to justgrpc_server_add_http2_port()
andgrpc_channel_create()
. This will require a gRFC. As part of this, we should probably move their declarations from grpc_security.h to grpc.h. And instead of the code being in src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc and src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc, it should be moved to the existing src/core/ext/transport/chttp2/client/chttp2_connector.cc and src/core/ext/transport/chttp2/server/chttp2_server.cc files.
Done. I will work on gRFC in parallel.
BUILD, line 1313 at r3 (raw file):
Previously, markdroth (Mark D. Roth) wrote…
Here's another case where we have some conditional compilation for insecure builds that needs to be cleaned up.
We currently have two targets for grpclb, one for insecure builds (this one) and another for secure builds (the next one,
grpc_lb_policy_grpclb_secure
). The only difference between the two is that the insecure one uses the file grpclb_channel.cc, whereas the secure one uses the file grpclb_channel_secure.cc. Both files provide the interface defined in grpclb_channel.h, but with different implementations for the two different builds. And we have the build dependencies set up such that insecure builds and secure builds depend on the right version of this target.This difference is no longer needed now that insecure builds are going away. Instead, let's do the following:
- Move the code from grpclb_channel_secure.cc directly into grpclb.cc.
- Remove the files grpclb_channel.h, grpclb_channel.cc, and grpclb_channel_secure.cc.
- Remove the
grpc_lb_policy_grpclb_secure
target.- Remove the
grpc_lb_policy_grpclb_secure
dependency from thegrpc
target, and addgrpc_lb_policy_grpclb
as a dependency ofgrpc_common
.- Change the
grpc_lb_policy_grpclb
target to depend ongrpc_transport_chttp2_client_secure
instead ofgrpc_transport_chttp2_client_insecure
.
Done.
BUILD, line 1847 at r3 (raw file):
Previously, markdroth (Mark D. Roth) wrote…
Suggest calling this
grpc_security_base
.
Done.
BUILD, line 1860 at r3 (raw file):
Previously, markdroth (Mark D. Roth) wrote…
These TSI files are already present in the
tsi
target, and they should not be in more than one build target. I think we still need thetsi
target, because there are internal callers like GFE that depend on TSI without necessarily depending on gRPC, so we can't just remove that target. So we'll need to make this target depend on thetsi
target.Of course, we can't just depend on the
tsi
target as it currently exists, because that would pull in the SSL library dependency that we're trying to eliminate here. To avoid this, I suggest the following:
- Move the "base" TSI files (like src/core/tsi/transport_security.cc) into a new target called
tsi_base
, which can be a dependency of both this target and thetsi
target.- For each credential type, move the TSI files into a new target called
tsi_${type}_credentials
, which can be a dependency of both thetsi
target and the correspondinggrpc_${type}_credentials
target. (For example, a file like src/core/tsi/fake_transport_security.cc would be in a target calledtsi_fake_credentials
, which would be a dependency of both thetsi
target and thegrpc_fake_credentials
target, so thegrpc_fake_credentials
target would not need to directly include that .cc file.)
Done.
BUILD, line 1944 at r3 (raw file):
Previously, markdroth (Mark D. Roth) wrote…
These upb files should not be repeated here. Instead, add a dependency on the existing
alts_upb
target.
Done.
src/core/lib/security/security_connector/security_connector.h, line 45 at r3 (raw file):
Previously, markdroth (Mark D. Roth) wrote…
This seems like the wrong place for this definition, since there is nothing SSL-specific in this file. I think this should be kept where it was originally, in ssl_utils.h. Was there some reason you needed to move it?
GRPC_SSL_URL_SCHEME
is currently defined in ssl_utils.h
and used in client_auth_filter.cc
. ssl_utils.h
belongs to tsi_ssl_credentials
target that brings in openssl dependency, while client_auth_filter.cc
belongs to grpc_security_base
that cannot depend on openssl.
There are only two constants related to the URL scheme - 1) GRPC_SSL_URL_SCHEME
and 2) GRPC_FAKE_SECURITY_URL_SCHEME
, and I moved both of them to security_connector.h
so that it does not just include SSL-specific in the file. Also since grpc_security_connector
takes the url scheme as a parameter, I think it makes sense to define those two constants in this header file.
Regarding the comment on |
F.Y.I. @markdroth, I think I addressed all of your comments, but there are still some build issues related to the wrapped languages. Let me first fix them, and I will let you know when it's ready for the next round of review. |
Yes, I was thinking that Alternatively, it would also be okay to rename |
+1 for the |
If we do actually have users that want to be able to use creds with |
Let's do it... I'll track down who it was later.
…On Fri, Jul 9, 2021 at 2:36 PM Mark D. Roth ***@***.***> wrote:
If we do actually have users that want to be able to use creds with
create_channel_from_fd(), then let's go ahead and do that. It will save
us the step of writing a separate gRFC for that change later.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#25586 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACNG45LXJHWFEGOUMUHADFLTW5TUNANCNFSM4YM4AVBA>
.
|
Hi @markdroth, I might need your help in debugging the following two C++ test failures (you can find more detailed error log in https://source.cloud.google.com/results/invocations/9f96e1d1-5afd-474b-bdfa-00422ee15243/targets):
The only change that could be relevant is to convert the |
The change has been successfully imported yesterday. I will probably give it a week to gain enough confidence that the change will not get reverted. |
commit 1baca37a9e2adc08c6a7c7a1dd9c0018e26a02e5 Author: donnadionne <donnadionne@google.com> Date: Fri Feb 11 16:16:26 2022 -0800 Applying aggregate ringhash policy (#28861) * Applying aggregate ringhash policy * Fixing according to code review comments. * typo commit b8ee9ac7e5601e84f04d9af4f8219e7201dc0079 Author: Richard Belleville <gnossen@gmail.com> Date: Fri Feb 11 15:18:18 2022 -0800 Make Compatible with Bazel 5.0 (#28683) * See what happens when we remove NDK * Try to debug Kokoro in a super hacky way * And echo the external IP too * Attempt to fix NDK installation * And actually run the portion of the code I need to test out * Clean up * Actually test against bazel 5 * Put export in proper file * Make android an optional dependency * Escape paths for Windows * Revert switch to Bazel 5.0 commit 55e4af1b140a8d43c895c70bc5d1857e0a98ac6b Author: Ashitha Santhosh <55257063+ashithasantosh@users.noreply.github.com> Date: Fri Feb 11 14:03:24 2022 -0800 Revert "Revert "Update to rbac policy struct and end2end authz test. (#27074)" (#28552)" (#28620) This reverts commit 8ca42ec6f88c7cd0c45afa02eb61edd75af00246. commit 066a310df1fe9d68a00f346bd36e6c965d62e528 Author: Richard Belleville <gnossen@gmail.com> Date: Fri Feb 11 13:43:01 2022 -0800 Revert "Revert "Reimplement Gevent Integration (#28276)" (#28862)" (#28863) This reverts commit c02784bfa37f5e290c59506db08839d88363ceb3. commit c02784bfa37f5e290c59506db08839d88363ceb3 Author: Richard Belleville <gnossen@gmail.com> Date: Fri Feb 11 13:02:28 2022 -0800 Revert "Reimplement Gevent Integration (#28276)" (#28862) This reverts commit 27bc6fe7797e43298dc931b96dc57322d0852a9f. commit df943da2c4c6362e7518bfba4278fb6f08cda4a9 Author: Craig Tiller <ctiller@google.com> Date: Fri Feb 11 12:47:35 2022 -0800 Promise based sleeps (#28722) * Promise based sleep * Embrace absl::Status * Automated change: Fix sanity tests * Add another test, fix bug * fix * fix * review feedback Co-authored-by: ctiller <ctiller@users.noreply.github.com> commit 6565584c7b0392711c5e9f32dc5698aedf209514 Author: Esun Kim <veblush@google.com> Date: Fri Feb 11 10:31:25 2022 -0800 Bump the minimum gcc to 5 (#28786) commit 9d73b3e85a4acc38adf520f3d7d8094302760a29 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Fri Feb 11 18:58:04 2022 +0100 Use ninja for all grpc_csharp_ext builds on windows (#28841) * cleanup C# win artifact build * build C# basictests on win with ninja * specify default parallelism for C# win artifact * honor GRPC_PYTHON_BUILD_EXT_COMPILER_JOBS in build_artifact_python.bat * set --inner_jobs for windows grpc_build_artifact job * fixup C# build picking env variables from C core build * get rid of no longer needed NativeDependenciesConfiguration C# setting commit fc6f0277a4659eeba56b2f755e369b06ba82c806 Author: AJ Heller <hork@google.com> Date: Fri Feb 11 08:47:36 2022 -0800 Update third_party/protobuf to v3.19.4 (#28842) * Update third_party/protobuf * run tools/distrib/python/make_grpcio_tools.py * update build_handwritten.yaml * regenerate projects commit e324bf5eeefcefc8868dc45eaec43c39a71d2146 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Fri Feb 11 09:59:51 2022 +0100 Speed up windows C/C++ builds by using cmake Ninja generator (#28833) * support building C/C++ with ninja * make cmake_ninja_vs2015 build the default for C/C++ * fix vcvarsall location for vs2017 commit 27bc6fe7797e43298dc931b96dc57322d0852a9f Author: Richard Belleville <rbellevi@google.com> Date: Thu Feb 10 18:25:12 2022 -0800 Reimplement Gevent Integration (#28276) * WIP * Add gevent test suite run under Bazel. * Fix things up * Yapf * Fix up Bazel files * Make py_grpc_test fancier * Attempt to fix Windows RBE * Attempt to kick GitHub * Fix Python 2 runs * Yet more fixes * And the patch file too * I am an idiot * Mark gevent tests flaky * Try to make rules_python more tolerant * Typo * Exclude reconnect test from gevent * Remove unnecessary parts of patch * Buildifier * You saw nothing * isort * Move py_grpc_test to an internal-only file * Review comments * More reviewer comments * Review * Add initial changes for gevent * WIP. Run completion_queue_next in a threadpool * WIP. * WIP * Re-remove skip annotation * Finally working * Reactivate tests * Clean up * Move C++ threading utilities to grpc.pxi * Unbreak sync stack * Refix test flake * WIP. Trying to get things working properly * Move test stuff to test runner * Clean up * Can't handle exceptions if you don't compile with exceptions * Remove debug stuff unintentionally left in * Add greenlet switch loggging and fix threading issue * Only run a greenlet scheduling greenlet when there are open channels * Format * Add threadpool modifications to old runner * And actually import gevent commit 09e7e7456b2b976815be98b568b0043c5d1d4e13 Author: Craig Tiller <ctiller@google.com> Date: Thu Feb 10 16:07:11 2022 -0800 Uniquify channel args keys (#28799) Ensures only one value for each key in channel args... may cause breakage for some usages where two values are being passed in a channel_arg and whatever arbitrary order we were reading them was used. Workarounds are in place for things we know about. commit 6166815d11eaf1fbf033a1042611889161b9964b Author: Mark D. Roth <roth@google.com> Date: Thu Feb 10 15:11:09 2022 -0800 chttp2: add trace message when receiving RST_STREAM (#28828) commit cd4261b946d87a732b5b2bb83a826644a1f418f4 Author: Lidi Zheng <lidiz@google.com> Date: Thu Feb 10 14:14:56 2022 -0800 Support musllinux binary wheels on x64 and x86 (#28092) * Support musllinux binary wheels * Skip aarach64 for now * Consolidate the difference of mktemp * Extend linux artifact building time && install bash for distribtest * Stop using grpc.tools, use grpc_tools * Update the README to use grpc_tools * Force static link libc++ for alpine binaries * Rebase recent build script changes * Install ccache for musllinux distribtest images * Revert timeout change to grpc_build_artifacts commit 64fd698172ba827e56f6b589dcb9d5aef52e9890 Author: Ashitha Santhosh <55257063+ashithasantosh@users.noreply.github.com> Date: Thu Feb 10 14:09:29 2022 -0800 Reduce log traffic at INFO level by logging only for denied requests (#28829) commit 20aec3b2c142b18f244209a49e7dc4a373198498 Author: Yash Tibrewal <yashkt@google.com> Date: Thu Feb 10 13:36:18 2022 -0800 Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status (#28827) * Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status * Remove log * Fix * Revert "Convert filter to a promise (#28815)" This reverts commit 361809aabbbf73f1e167e8ea342f9bce0116a205. * Add testing commit 9cb0747ab0f613d78ce775984fe5399aaed8ffd3 Author: Craig Tiller <ctiller@google.com> Date: Thu Feb 10 12:18:33 2022 -0800 Improve promise-based-filter APIs (#28839) * Improve promise-based-filter APIs * review feedback * comment * fix commit 66cf5ea6e070be3a2b81ddb519ef9ecd0022c876 Author: Craig Tiller <ctiller@google.com> Date: Thu Feb 10 11:53:24 2022 -0800 Fix use after free (#28840) Previously we'd use an explicit arena->Destroy() call to free memory. This change makes the arena a scoped pointer, and in doing so lets the grpc_metadata_batch destructors run prior to the arena being destroyed, preventing a use-after-free we've seen in production code. commit b458db9246a38ec3faa131044bed38020b19f9f2 Author: yihuaz <yihuaz@google.com> Date: Thu Feb 10 11:17:18 2022 -0800 Eliminate gRPC insecure build (#25586) * force submit * fix test error * remove is_client from local tsi and its callsites * fix too_many_pings_test * add missing dep commit dd84445074920912ec0d6f7ccc7699ac5b588153 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Thu Feb 10 19:12:52 2022 +0100 More cleanup of docker run machinery. (#28734) * update copyrights as per review comments * docker run.sh cleanup: unnecessary to set CONFIG Originally added in as https://github.com/grpc/grpc/pull/2225/files#diff-156ef223959550cc6280d4747c600c187f275e5bb1a8f73c297e282898bf5a60R34 and no longer needed. * XML_REPORT env variable is not used anywhere, run_tests_cmd carries the args * remove unnecessary POST_GIT_STEP setting It was originally added in gcc4.4 compatibility test and gcc4.4 is no longer supported https://github.com/grpc/grpc/pull/5384 * more docker_run.sh cleanup commit 14169dd0c5d8c9baf6773902e6fca1accd78d7e4 Author: scwhittle <scwhittle@users.noreply.github.com> Date: Thu Feb 10 18:48:57 2022 +0100 [issue #28771] Fix pick_first policy to clear selected_ when deleting subchannel_list_ (#28824) * [issue #28771] Fix pick_first policy to clear selected_ when promoting a pending subchannel list to the active subchannel list when all subchannels have been attempted and are in an error state. * address comments * revert idle_filter commit 172120f6b4404ea99d9ba7730c3595cb7fed0a0e Author: Yousuk Seung <ysseung@google.com> Date: Wed Feb 9 15:33:17 2022 -0800 Move XdsChannelCreds to CoreConfiguration (#28746) * Move XdsChannelCreds to CoreConfiguration * move xDS channel creds files to src/core/lib/security/credentials/xds * Change back to returning a RefCountedPtr. * make remove "xds_" from xds_channel_* files. * Renamed to address comments. * clang fix * Fix another clang error commit 4169f24dccb635dedd29f2b342532f98b70a7ae3 Author: Craig Tiller <ctiller@google.com> Date: Wed Feb 9 11:14:47 2022 -0800 Revert "Revert "Transport channel arg (#28802)" (#28818)" (#28820) This reverts commit 2532cf5321bcacf9b22a5c031b0e742a9e04bb37. commit 08181286e326b6e68339d89ad598bbce39587c2f Author: Ming-Chuan <mingcl@google.com> Date: Wed Feb 9 13:54:27 2022 +0800 Add a ChannelArguments option for sepcify custom binder intent (#28723) User can use `grpc::ChannelArguments::SetString("grpc.binder.custom_android_intent_action_name", "...")` to set custom binder intent. commit 361809aabbbf73f1e167e8ea342f9bce0116a205 Author: Craig Tiller <ctiller@google.com> Date: Tue Feb 8 20:54:17 2022 -0800 Convert filter to a promise (#28815) * Convert filter to a promise * copy/paste fix * fix commit 8adc21f78df9c0f4e97af250e48494bff679b21e Author: Esun Kim <veblush@google.com> Date: Tue Feb 8 16:24:26 2022 -0800 Removed grpc_error_string usage (#28819) commit 2532cf5321bcacf9b22a5c031b0e742a9e04bb37 Author: Craig Tiller <ctiller@google.com> Date: Tue Feb 8 15:18:44 2022 -0800 Revert "Transport channel arg (#28802)" (#28818) This reverts commit 99e339136d85c93725813ec85a035358b82058c3. commit f55c7ebeb4f36dd1c057b3901abe60bce946d414 Author: Craig Tiller <ctiller@google.com> Date: Tue Feb 8 14:49:41 2022 -0800 Non-encodable tweaking (#28733) * log non-encodables * add a place to capture errors into trailing metadata without risking encoding it * bs commit 99e339136d85c93725813ec85a035358b82058c3 Author: Craig Tiller <ctiller@google.com> Date: Tue Feb 8 14:11:07 2022 -0800 Transport channel arg (#28802) Instead of passing transport optionally as an argument adjacent to channel args, pass it as a channel arg directly. Doing so does not affect semantics, but does allow a cleaner API for channel creation which will become increasingly important as we move towards promises. Co-authored-by: ctiller <ctiller@users.noreply.github.com> commit 84101427d0a699e65837af43f4f0ac326c7a2aca Author: Esun Kim <veblush@google.com> Date: Tue Feb 8 12:53:21 2022 -0800 Fix CFStreamEndpointTests (#28812) commit d5fc37f706162a148c5e1dfd0c382d8996e71f24 Author: Mark D. Roth <roth@google.com> Date: Tue Feb 8 11:12:23 2022 -0800 rls: add routeLookupChannelServiceConfig field to LB policy config (#28731) * rls: add routeLookupChannelServiceConfig field to LB policy config * fix error refcount bug commit dacf3eca970f577c169bed6afad77a9bdfc94612 Author: David E. Weekly <david@weekly.org> Date: Tue Feb 8 08:00:12 2022 -1000 Add grpc-swift to language list (#28743) Swift doesn't seem to be on this "front page" list, but development is vibrant and seems officially supported. commit 79d7959c3d626be69f400e54a5dd21db33afa6c1 Author: ZHANG Dapeng <zdapeng@google.com> Date: Tue Feb 8 09:49:00 2022 -0800 Update client_matrix for Java v1.43.1 (#28368) * Update client_matrix for Java v1.43.0 * Bump java version again commit 0ec0479ded1f8c291610bee0f6a5771e416edfc2 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Tue Feb 8 18:41:56 2022 +0100 run_tests.py cleanup and simplification (#28808) * only support cmake for CLanguage in run_tests.py * add support for run_tests.py build step environ * switch C/C++ run_tests.py build to build_cxx script * CLanguage cleanup * build C# entirely with build_csharp script * move entire PHP build to build_php.sh * fixup C# build on linux and mac * run_dep_checks Makefile target is deprecated * get rid of the "makefile" logic in run_tests.py * fixup C# build on linux and mac * XML_REPORT env variable is useless for --use_docker runs * add a TODO * move "main" functionality towards end of run_tests.py * use self.args instead of global * yapf format * remove the no longer useful --update_submodules features of run_tests.py * fix check_epollexclusive check in run_tests.py commit caa67ccc5e877f7c1c71eb8de6d004ad7155f60e Author: Craig Tiller <ctiller@google.com> Date: Mon Feb 7 20:10:49 2022 -0800 Ban std::random_device (#28638) commit b25a5b667b99f60bff951a35da916cc0b3b4a59b Author: donnadionne <donnadionne@google.com> Date: Mon Feb 7 18:31:28 2022 -0800 passing repo manager to markdroth (#28796) commit ccd8d577d063f97d02ce80a134c33cf51de530d1 Author: Paulo Castello da Costa <6579971+paulosjca@users.noreply.github.com> Date: Mon Feb 7 17:06:15 2022 -0800 Fix python os import. (#28805) commit bfd1bcfc094fb2a5c69487b8054239bd994f87e3 Author: AJ Heller <hork@google.com> Date: Mon Feb 7 16:38:55 2022 -0800 Fix -Wunused-value build error in c2p resolver (#28806) commit 5a4ba15346f2dc75960e91148f5f77aa682e0f6a Author: Esun Kim <veblush@google.com> Date: Mon Feb 7 14:06:24 2022 -0800 Fix build & test errors when `GRPC_ERROR_IS_ABSEIL_STATUS` enabled. (#28784) * Fix xds_bootstrap_test * Fix sanity test * Fix ev_apple * Fix debug_location commit e89152cacd74a3a0b0836602abb93fb6e54ca3cd Author: Paulo Castello da Costa <6579971+paulosjca@users.noreply.github.com> Date: Mon Feb 7 12:11:20 2022 -0800 Unfreeze benchmarks reference to test-infra repo. (#28801) Follow-up to #28797. commit abc0f3e88185340c4778631f1bc38fa8fcb6b26a Author: Wanlin Du <67486458+wanlin31@users.noreply.github.com> Date: Mon Feb 7 14:08:00 2022 -0600 Update templates (#28797) This pr updates the templates required by the change made in grpc/test-infra#267. commit 64082940a5e9f9129968acf590bdc2d259debbb8 Author: apolcyn <apolcyn@google.com> Date: Mon Feb 7 11:36:33 2022 -0800 Fix google c2p resolver shutdown during metadata server queries (#28519) * Fix c2p resolver shutdown during metadata server queries * handle lame channels in XDS client commit 9ffd1a7b0a240e65534942dcabf4d3828d0c6be1 Author: Yash Tibrewal <yashkt@google.com> Date: Fri Feb 4 17:36:26 2022 -0800 Fix for a racy WorkSerializer shutdown (#28769) * Fix for a racy WorkSerializer shutdown * Reviewer comments * Additional test * Fix test compilation on cmake commit b8d3a0909276296671394e3087093bd8a39f023e Author: krestofur <83723727+krestofur@users.noreply.github.com> Date: Fri Feb 4 15:08:05 2022 -0800 Update CRL test credentials (#28794) * remove old files * update credentials * fix README commit 1dbda3b147793665f3845367b920637c79b7d0d6 Author: Menghan Li <menghanl@google.com> Date: Fri Feb 4 11:46:18 2022 -0800 xds/interop: move definition of flag force_cleanup so that it is defined in all scripts (#28791) commit c2da6f099f0a1a5d2fbe970a2f60e680543403f9 Author: Paulo Castello da Costa <6579971+paulosjca@users.noreply.github.com> Date: Fri Feb 4 10:59:12 2022 -0800 Fix benchmark jobs. (#28790) commit a8ba47ac55886e3682cd0d5d9cf890a9ae1cbcd0 Author: Yash Tibrewal <yashkt@google.com> Date: Thu Feb 3 21:24:45 2022 -0800 InsecureCredentials: singleton object (#28777) * InsecureCredentials: Allow special case comparison * Update security connector * Use a singleton object instead commit 608970f78309b219ef3c0219f1f1ed81a25a7f1a Author: Denny C. Dai <dennycd@google.com> Date: Thu Feb 3 16:17:35 2022 -0800 gRPC Package.swift patch (#28355) commit 36bfb56fc20f4e516fe0b8977e583a807452772b Author: Esun Kim <veblush@google.com> Date: Thu Feb 3 16:01:03 2022 -0800 Added iproute2 to grpc_flaky_network_in_docker.sh (#28785) commit 6069b3bcd6ad5188d163f0b9d438e0b38f1aa28e Author: Paulo Castello da Costa <6579971+paulosjca@users.noreply.github.com> Date: Thu Feb 3 15:15:44 2022 -0800 Freeze benchmarks reference to test-infra repo. (#28781) Freezing reference to account for incompatible change in grpc/test-infra#267. Will unfreeze once loadtest templates are updated. commit 342cb4457c0154a0881224870b5b07d44cdfc0b4 Author: Esun Kim <veblush@google.com> Date: Thu Feb 3 14:47:04 2022 -0800 Added a temporary trap to prevent Abseil-Status breakages. (#28766) * Added a new trap to prevent build errors with use_abseil_status enabled * Fix build errors. commit 3857b075773de62faf5c2669ac21f3882abe66fc Author: apolcyn <apolcyn@google.com> Date: Thu Feb 3 11:36:55 2022 -0800 Correct the c-ares gitmodule branch name (#28780) commit 9b42785db2d8883ec9f299bd78ba0821c35ac127 Author: Vignesh Babu <vigneshbabu@google.com> Date: Thu Feb 3 09:41:39 2022 -0800 Removing Te metadata key-value pairs sent through initial or trailing metadata (#28774) * Removing invalid Te metadata sent through initial or final metadata * tidying up code to unlaterally remove Te metadata commit dc9e8983100507fc486e042facf9838d9e7f5203 Author: Wanlin Du <67486458+wanlin31@users.noreply.github.com> Date: Thu Feb 3 11:35:47 2022 -0600 Allow --qps_server_target_override to replace the original server (#28686) This commit makes sure that the client's server target is only from the --qps_server_target_override, once the flag is in use. Any prior server targets are cleared away. commit 9bcabbac325780131a00428feaea70cd1bd2af9d Author: Craig Tiller <ctiller@google.com> Date: Wed Feb 2 23:12:35 2022 -0800 Disable flaky test (#28776) commit 92738290ab69ae9baa83fb79f436d1753f13f278 Author: Esun Kim <veblush@google.com> Date: Wed Feb 2 15:14:36 2022 -0800 Upgrade base-builder to the latest for blaze build (#28768) * Upgrade base-builder to the latest for blaze build * Fix warnings. * Added -Wno-deprecated-copy commit eb8af70ee0b0ae359c9fcb87ecaf577f0e51cf38 Author: Vignesh Babu <vigneshbabu@google.com> Date: Wed Feb 2 12:48:47 2022 -0800 Creating an event_engine_common library that contains code which all event engine implementations can depend on (#28765) * creating an event_engine_common library that contains code which all event engine implementations can depend on * adding event_engine_common dependency * regenerate projects * Automated change: Fix sanity tests * renaming file * regenerate projects Co-authored-by: Vignesh2208 <Vignesh2208@users.noreply.github.com> commit 2057bfd182c0bb45cfcc3cc5a15ff2617d6e2f3d Author: Esun Kim <veblush@google.com> Date: Wed Feb 2 11:03:26 2022 -0800 Upgrade clang to 13 for clang-format, clang-tidy, and sanity (#28763) commit 9317838084a02c800e434ba186120064cdf513fe Author: Vignesh Babu <vigneshbabu@google.com> Date: Wed Feb 2 10:36:09 2022 -0800 updating ChooseLbPolicy to revert to pick_first lb_policy if an unsupported lb_policy is passed through channel_args (#28651) * updating ChooseLbPolicy to revert to pick_first lb_policy if an unsupported lb_policy is passed through channel_args * addressing review comments * updating comment * adding check to ensure policy_name is not nullptr * initializing bool variable to avoid ubsan errors commit 4a35cf9dc9c1759d733edc29842114c845fd5b4d Author: Esun Kim <veblush@google.com> Date: Wed Feb 2 08:16:57 2022 -0800 Removed php warning options (#28716) commit 63398540b65c775de36f1e7e370c1800aca6637d Author: yifeizhuang <zivy@google.com> Date: Tue Feb 1 10:17:35 2022 -0800 fix (#28759) commit c8c1774ec465ed5ed26a8e856046ec75fc199eeb Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Tue Feb 1 11:33:56 2022 +0100 Revert "Revert "Cleanup run docker machinery in run_tests.py, task_runner.py and elsewhere (#28704)" (#28741)" (#28748) * Revert "Revert "Cleanup run docker machinery in run_tests.py, task_runner.py and elsewhere (#28704)" (#28741)" This reverts commit 9a79d44e9b60bdbfda78fe1b1fbe8ee86f14c1d4. * fix python distribtest failure on fedora34 commit 7b8fb43b33892b786f1cb8d8d5a086973169c9ac Author: Nikolai Semenov <semenov.nn@phystech.edu> Date: Tue Feb 1 05:36:46 2022 +0300 WriteOptions::clear_write_through method (#26774) * Add WriteOptions::clear_write_through method * Rearrange WriteOptions methods in a logical manner commit 60ee4454fbd1b62f91929c9b24ec5d05ac918711 Author: Esun Kim <veblush@google.com> Date: Mon Jan 31 18:30:03 2022 -0800 To Donna (#28757) commit 62c1b4f0139cd28c8c17c2f6ffefc8d391e46354 Author: yifeizhuang <zivy@google.com> Date: Mon Jan 31 12:36:40 2022 -0800 fix api_listener parsing logic (#28745) * Revert "Revert "Add api listener test for k8s (#27534)" (#28719)" This reverts commit c35b93f28d204e3d3df06bc4f3ccb856be2cbb22. Fix parsing logic of the RDS response from CSDS to support different response formats. Use common parsing logics from url_map in this test case for parsing. commit 2b9ffa18e4562e11d5cb68be2db192dd70522e09 Author: AJ Heller <hork@google.com> Date: Mon Jan 31 11:29:38 2022 -0800 Revert "Disable EventEngine smoke tests for ease of import (#28732)" (#28737) This reverts commit f42b2a7368923ac3f55d70c9a2aa28324837442d. commit 03031a89bbd2eca3d3e88a2638f27dfef7847418 Author: Craig Tiller <ctiller@google.com> Date: Mon Jan 31 10:52:16 2022 -0800 Server filter promise wrapper (#28687) * Sketch server filter promise wrapper * fixes * fix * fix * Fix comments * review feedback commit 33f5a5bb2cece217e2f647b5c8039c384687eea8 Author: Esun Kim <veblush@google.com> Date: Mon Jan 31 09:25:47 2022 -0800 Fix clang-tidy (#28717) commit 781100f765f09df40cd74c1ae5acbee51a13200d Author: Esun Kim <veblush@google.com> Date: Mon Jan 31 09:24:43 2022 -0800 Fix thread-analaysis warnings on client_channel (#28744) commit 436bd933f37173efa083cd4fdcdc301b666ce200 Author: Craig Tiller <ctiller@google.com> Date: Mon Jan 31 08:47:33 2022 -0800 Rewrite reclaimer queue (#28698) * New reclaimer queue * add test * Automated change: Fix sanity tests * faster test * fix memory ordering Co-authored-by: ctiller <ctiller@users.noreply.github.com> commit b9b6255993dad2a54669710db46fe0f9650cc9b2 Author: Sergii Tkachenko <sergiitk@google.com> Date: Fri Jan 28 11:51:14 2022 -0800 xds-k8s: Fix the issue with parsing Operation.metadata (#28736) 1. Solves an issue with unpacking Operation.metadata causing json_format.ParseError Can not find message descriptor by type_url 2. Improves the readability of the framework.infrastructure.gcp.api.OperationError commit 9a79d44e9b60bdbfda78fe1b1fbe8ee86f14c1d4 Author: Yash Tibrewal <yashkt@google.com> Date: Fri Jan 28 11:42:12 2022 -0800 Revert "Cleanup run docker machinery in run_tests.py, task_runner.py and elsewhere (#28704)" (#28741) This reverts commit be723121fca2a1055aa4078ffdb3a9f414634769. commit 2c4ae04e06927ef90ca723c82d9526caa15c9430 Author: Mark D. Roth <roth@google.com> Date: Fri Jan 28 10:50:32 2022 -0800 retry: fix memory leak caused by incorrectly replaying recv_message ops (#28718) commit 5c474b0c84afd72f1b0fe2d9261281a2dc63ce90 Author: Tamir Duberstein <tamird@google.com> Date: Fri Jan 28 13:00:54 2022 -0500 Relocate shared EventEngine APIs (#28721) Partially collapse `event_engine_factory.cc` into `event_engine.cc`. Add a new function `DefaultEventEngineFactory` which is used to set a default event engine factory at link time, separate from the factory that can be set at run time. Implemenet this function in `default_event_engine_factory.cc`. This allows alternative default event engine factories to be implemented without requiring the duplication of the implementations of `SetDefaultEventEngineFactory`, `CreateEventEngine`, and `GetDefaultEventEngine`. commit be723121fca2a1055aa4078ffdb3a9f414634769 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Fri Jan 28 11:46:36 2022 +0100 Cleanup run docker machinery in run_tests.py, task_runner.py and elsewhere (#28704) * attempt * slim down build_docker_and_run_tests.sh * HOST_GIT_ROOT is unused * config and arch variable no need to propagate to run_tests.py * unify unused LOCAL_GIT_ROOT to EXTERNAL_GIT_ROOT * mounting gcloud config seems useless * reorder docker args * cleanup * allow passing args to build_docker_and_run_tests.sh * converge build_docker_and_run_tests.sh and build_and_run_docker.sh * more convergence * convergence of docker runners * finalize convergence of run_docker scripts * GRPC_TEST_REPORT_BASE_DIR might not exist * adjust report copying * make report_dir and output_dir readable * alpine linux does not support cp -t commit 4a9cfa3130ee69b9de5ba5ad8b937030dea65594 Author: Yash Tibrewal <yashkt@google.com> Date: Thu Jan 27 21:27:47 2022 -0800 HTTP2: Add GrpcNetworkStreamState metadata (#28668) * HTTP2: Add GrpcNetworkStreamState metadata for calls that are not sent on wire and for those that are not seen by server * Generate projects * clang-tidy * Fix test * clang-tidy * Add a negative test * Fix for windows commit f42b2a7368923ac3f55d70c9a2aa28324837442d Author: AJ Heller <hork@google.com> Date: Thu Jan 27 17:17:31 2022 -0800 Disable EventEngine smoke tests for ease of import (#28732) This avoids having to do a cherry-pick import, and is harmless since there are no dependencies yet on the EventEngine. This test will be re-enabled shortly after both the import and related changes are finished. commit 3c7ae1fc0cfbf5a2ddd2253d39f1330278c7bb67 Author: Menghan Li <menghanl@google.com> Date: Thu Jan 27 11:29:50 2022 -0800 xds/cleanup: list leaked gcloud resources using API instead of gcloud command (#28720) commit 321379da54b7616cb5d55be37e466ca1ed179dbf Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Thu Jan 27 18:28:52 2022 +0100 run_tests.py print useful info for reproducing issues as epilogue. (#28726) * cleanup: remove the run_tests.py --forever option * print debug info at the end of run_tests.py commit 1289cdae2e65d40db77c456919b2d44f80f3c228 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Thu Jan 27 06:45:52 2022 +0100 Upgrade PHP docker images to debian11 (#28701) * upgrade PHP docker images to debian11 * regenerate dockerfiles * adjust testrunners to php debian11 images commit 5dfeec7a7e6882a08a6965a7925d7ba6a44172d9 Author: AJ Heller <hork@google.com> Date: Wed Jan 26 20:43:44 2022 -0800 Update docs for ServerAsyncResponseWriter::Finish object lifetimes (#28290) Fixes #28239 commit 1cdcd88fb1af19dc6ff0d1875905b6628c9ce6b3 Author: krestofur <83723727+krestofur@users.noreply.github.com> Date: Wed Jan 26 20:23:48 2022 -0800 Add experimental API for CRL checking support to gRPC C++ TlsCredentials (#28407) commit 47bc953a06a0240a843d99965e443c5309103e6c Author: AJ Heller <hork@google.com> Date: Wed Jan 26 18:13:29 2022 -0800 Matches the SetDefaultEventEngineFactory definition to its declaration (#28707) * Matches the SetDefaultEventEngineFactory definition to its declaration +`const` * Add smoke test for SetDefaultEventEngineFactory * Automated change: Fix sanity tests * anonymous namespace Co-authored-by: drfloob <drfloob@users.noreply.github.com> commit f33c587c2ab63407981f419cd06005cd79392856 Author: Ashitha Santhosh <55257063+ashithasantosh@users.noreply.github.com> Date: Wed Jan 26 16:41:17 2022 -0800 Cleanup host getter (#28547) * cleanup host getter * remove test commit 3002bd462adc8b632e6e7ba25a07b514360ea765 Author: Tamir Duberstein <tamird@google.com> Date: Wed Jan 26 19:03:43 2022 -0500 Ensure conformance tests are always linked (#28708) commit d222b5e3944222125bdc2d4aa55bf21bc883eb1f Author: Menghan Li <menghanl@google.com> Date: Wed Jan 26 15:15:53 2022 -0800 xds/cleanup: make resource prefixes configurable via flags (#28709) commit c35b93f28d204e3d3df06bc4f3ccb856be2cbb22 Author: Lidi Zheng <lidiz@google.com> Date: Wed Jan 26 15:05:36 2022 -0800 Revert "Add api listener test for k8s (#27534)" (#28719) This reverts commit b4b6862352f929d1d1543c1fa3d16ff3524bf459. commit ae810df5034e60c3395f40e1d562a22dae86b5f2 Author: Denny C. Dai <dennycd@google.com> Date: Wed Jan 26 14:28:37 2022 -0800 Patch GRPCCallOptions for missing property copy (#28696) all test pass, merge PR commit ff0ecd2ff45d5d1080dc8c1c6cb5c4647cfa9294 Author: Vignesh Babu <vigneshbabu@google.com> Date: Wed Jan 26 14:24:28 2022 -0800 sockaddr resolver: skip empty addresses in target URI (#28695) * Adding constraints to the number of parsed targets in a specified URI to prevent OOMs * removing hard limit on number of addresses in target uri commit a1d48e7e318c2d53c3d758c69e103180d01730af Author: Yash Tibrewal <yashkt@google.com> Date: Wed Jan 26 13:28:09 2022 -0800 WorkSerializer:s/uint32_t/uint64_t (#28712) commit d02a68016e3b57aadd8b6f6b50fc0800eb3c1fb1 Author: Craig Tiller <ctiller@google.com> Date: Wed Jan 26 12:37:46 2022 -0800 Channel stack builder name needs to be static (#28711) * Channel stack builder name needs to be static for stream refcount tracing * Add test commit a5be50532734bd340df3ef5578c75d041941f4d6 Author: Craig Tiller <ctiller@google.com> Date: Wed Jan 26 12:37:16 2022 -0800 Fix unknown target behavior, add a test (#28705) commit 2c1239c7fd6b8c1defde90ad3174dbd98c4f3fbc Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Wed Jan 26 18:58:28 2022 +0100 add back pip virtualenv back to ruby image for XDS tests (#28703) commit b0cdd3cba29928da3652bded596a64bda68c75c1 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Wed Jan 26 18:56:46 2022 +0100 Cleanup (followup for ccache addition) (#28702) * nit in python interop dockerfile * address TODO in prepare_ccache_symlinks_rc * enable ccache for C# and ruby distribtest jobs * use debian11 instead of bullseye consistently commit 890a9de53e7ab1f7836fce464f6c8da42d50b513 Author: Lidi Zheng <lidiz@google.com> Date: Wed Jan 26 09:25:01 2022 -0800 [xDS GKE] use randomized local forwarding port for parallism (#28694) * [xDS GKE] use randomized local forwarding port for parallism * Implement a PortForwarder class * Add missing types and remove unused code * Correct the error path * Split the connect logic from init commit ac139598f0a005cddd399f3ad3bf4c301851e7a8 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Wed Jan 26 18:13:48 2022 +0100 Upmerge 1.44.x branch into master (#28700) * xDS: Rbac filter updates (#28568) (#28608) * Bump version to v1.44.0-pre1 (on the release branch) (#28593) * bump version to 1.44.0-pre1 * regenerate projects * only apply "singleplatform" nuget suffix when actually needed (#28677) * Bump version to 1.44.0-pre2 (#28681) * bump version to 1.44.0-pre2 * regenerate projects Co-authored-by: Yash Tibrewal <yashkt@google.com> commit 997bec7f24cc1afab23877cb64d60934de84d0bd Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Wed Jan 26 17:36:02 2022 +0100 Revert "Fix some clang-tidy issue (#28679)" (#28699) This reverts commit b762dce2443d88bc8ec248fe8f5c76aff800bcc8. commit 26ee00db1e6a3cd413bafa3f9ba63b4cd2a77bb4 Author: Denny C. Dai <dennycd@google.com> Date: Tue Jan 25 17:56:21 2022 -0800 Fixing missing data for ios_unit_test (#28689) commit b762dce2443d88bc8ec248fe8f5c76aff800bcc8 Author: Esun Kim <veblush@google.com> Date: Tue Jan 25 16:19:39 2022 -0800 Fix some clang-tidy issue (#28679) * Fix clang-tidy * Generated projects commit adb8611da4e20b8ecc12e54fdf06101ab645a3d2 Author: Esun Kim <veblush@google.com> Date: Tue Jan 25 15:05:52 2022 -0800 Using tsan_macos config for cfstream_tsan test (#28690) commit 0fbb34295a72503b2a21678ffc2589e7175bd6c6 Author: Mark D. Roth <roth@google.com> Date: Tue Jan 25 15:04:53 2022 -0800 Revert "transport: add error attributes indicating stream network state (#28546)" (#28680) This reverts commit b2939f58d06def0b5995cfeb7a78e955ee2a8a86. commit 94adc741459afb5a6c303c89f0f9df0e7b13b7c4 Author: Esun Kim <veblush@google.com> Date: Tue Jan 25 13:49:57 2022 -0800 Fix dyld errors on macos (#28684) commit 1cf6b085f2d43649c6d6d475b965e6cea4e4a9a0 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Tue Jan 25 20:37:04 2022 +0100 Enable ccache in more builds (#28665) * upgrade ruby docker images to debian 11 * upgrade C# docker images to debian11 * update sanity dockerimage to debian11 * upgrade cxx interop to debian11 * add ccache to python interop images * enable use of ccache for interop tests * adjust run_tests.py to new docker images * add ccache to rake-compiler-dock docker images * improve prepare_ccache_symlinks_rc * enable use of ccache in rake-compiler-dock docker containers * add ccache support for python_manylinux2014_aarch64 * add ccache support for python_linux_armv7 * deduplicate python3.9 install * ccache for crosscompiled darwin gems is broken * fix bash -l resetting of PATH in grpc_artifact_python_linux_armv7 commit f1e79853ed3de5fdbbc6a2eb5530074b1c40e5b1 Author: Esun Kim <veblush@google.com> Date: Tue Jan 25 11:19:41 2022 -0800 Revert "Revert "Buildify Envoy upb (#28558)" (#28648)" (#28649) This reverts commit 01011ab259efcde54ff1eeea32d6febf3b103825. commit faa07774dace3835cf0bcf4451194d6a3a14c3c1 Author: Yash Tibrewal <yashkt@google.com> Date: Tue Jan 25 10:42:44 2022 -0800 Cleanup (#28672) commit 9f1663fb74e6f5977f6b4bf1ad8b8005ac8616d3 Author: apolcyn <apolcyn@google.com> Date: Tue Jan 25 10:41:18 2022 -0800 Upgrade c-ares to 1.17.2 (#28671) Upgrade c-ares dependency to 1.17.2 commit 6bf8e2248444ea331299e80a302f67cbf1de41b5 Author: apolcyn <apolcyn@google.com> Date: Tue Jan 25 10:37:05 2022 -0800 Add http cancel api (#28354) Add an API to cancel HTTP1 requests commit cf81e41162603d229d0c8ef05f137a0afbe1f3c6 Author: Craig Tiller <ctiller@google.com> Date: Tue Jan 25 10:26:00 2022 -0800 Remove direct reference to absl::Status in Activity (#28659) commit f23f1bb51fe9e8db2a1a11f7fe532745eb9e00a2 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Tue Jan 25 19:18:58 2022 +0100 Use ccache for selected C++ and python builds (with redis server as cache) (#28661) * add cmake support for ccache * cleanup: use --env-file for docker run invocations * make python build compatible with using ccache * enable building using ccache in selected kokoro jobs * print ccache stats and the end of run_tests.py commit 739e739322e15af0a7acc78136dbaba47a33e42a Author: Paulo Castello da Costa <6579971+paulosjca@users.noreply.github.com> Date: Tue Jan 25 10:12:25 2022 -0800 Update link to performance benchmarks dashboard. (#28635) commit 5993fa7558b51845f408a2a79b08bbd9d5ef82d0 Author: Esun Kim <veblush@google.com> Date: Tue Jan 25 09:59:01 2022 -0800 Fix bugprone-stringview-nullptr (#28678) commit 7138f1e854e5f69d6e8492b689dee02f3cb5ede5 Author: Yash Tibrewal <yashkt@google.com> Date: Tue Jan 25 08:49:50 2022 -0800 Repo manager - Esun (#28673) commit 27b6b45c329b7b4173f506c616d8119520f964fd Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Tue Jan 25 10:23:01 2022 +0100 Upgrade C++ and Python docker images to debian stable (debian 11) (#28664) * upgrade C++ and python docker images * regenerate dockerfiles * upgrade grpc_artifact_python docker images * adjust run_tests scripts to dockerimages upgrades commit e4107caf26977503f19f56970074762ac202bd37 Author: Craig Tiller <ctiller@google.com> Date: Mon Jan 24 15:28:08 2022 -0800 c++-ize channel stack builder (#28660) * c++-ize channel stack builder * Automated change: Fix sanity tests * Automated change: Fix sanity tests * fixes * comment * move functions out of line * Automated change: Fix sanity tests * review feedback Co-authored-by: ctiller <ctiller@users.noreply.github.com> commit e523825c75aba052a3e36362fc20cdb9abca0b8d Author: Menghan Li <menghanl@google.com> Date: Mon Jan 24 13:27:13 2022 -0800 xds/cleanup: update build in cleanup kokoro script (#28654) commit 17c6a486cd2d71716bb7eb071d6e67160ae370cf Author: Craig Tiller <ctiller@google.com> Date: Mon Jan 24 09:05:32 2022 -0800 Expose promise-ness to filter proper (#28658) * Expose promise-ness to filter proper * Make transports able to export promises too * Add make promise op to transport commit 9454ab091243b0539ac9ba578e9ae9d5de5d26f0 Author: Craig Tiller <ctiller@google.com> Date: Mon Jan 24 08:21:13 2022 -0800 Non-encodable attributes for metadata map (#28650) * Non-encodable attributes for metadata map * trying to placate msvc14 * better test * trying to placate msvc14 * placate older compilers * docs commit 9bc0732b440a8ae6f74c658d8ed07fb3c57b8102 Author: Easwar Swaminathan <easwars@google.com> Date: Mon Jan 24 08:04:57 2022 -0800 Add v1.43.0 release of grpc-go to interop matrix (#28359) commit 05e17e92390d4685f1418f535604a201a7f8e1a3 Author: Ming-Chuan <mingcl@google.com> Date: Sat Jan 22 15:43:20 2022 +0800 [BinderTransport] Suppress internal Java checkSignatures warning (#28611) commit 230349e23939537fdd86d72a2ed1c3d5fe075ac2 Author: Craig Tiller <ctiller@google.com> Date: Fri Jan 21 19:49:11 2022 -0800 Public APIs need ExecCtx (#28655) commit b4b6862352f929d1d1543c1fa3d16ff3524bf459 Author: yifeizhuang <zivy@google.com> Date: Fri Jan 21 15:07:19 2022 -0800 Add api listener test for k8s (#27534) This ports the api listener test case to k8s. commit d2042c1c057a63b32d43abc806a7b20a84c53bb5 Author: Craig Tiller <ctiller@google.com> Date: Fri Jan 21 14:50:07 2022 -0800 Convert client_authority_filter to a promise. (#28565) * Initial ideation * progress * progress * x * Automated change: Fix sanity tests * erorrs * better ordering * working on it * xx * comment * comment * Get metadata pointer semantics temporarily right * fix * fix * fix * fix * fix * retry: send at most one cancel_stream op on each call attempt * fixes * revert earlier change * split filter defn from impl * add tests * fixes * Automated change: Fix sanity tests * review feedback * review feedback Co-authored-by: ctiller <ctiller@users.noreply.github.com> Co-authored-by: Mark D. Roth <roth@google.com> commit 55d7631a997bfd043ac78e3834ad00665d60c655 Author: Esun Kim <veblush@google.com> Date: Fri Jan 21 14:47:04 2022 -0800 Bump clang 12 to 13 (#28639) commit dff6ccf8874fc290783f6694cb483bf9f7171a9e Author: Craig Tiller <ctiller@google.com> Date: Fri Jan 21 14:41:49 2022 -0800 Experiment: Share the log encoder between metadata maps (#28503) commit 4fdab23143c373262209f98006805674c0521093 Author: Mark D. Roth <roth@google.com> Date: Fri Jan 21 12:22:12 2022 -0800 xds: percent-encode authority name in default client listener template (#28641) commit 55db347396b2d53141a0aa7f32e6a95fbed296fb Author: donnadionne <donnadionne@google.com> Date: Fri Jan 21 10:55:58 2022 -0800 LRS changes for federation (#28504) * Passing xds server object instead of just a string name * Adding xds server to policy * Refactor ToJson * Using XdsServer for load reporting * code review comments * fixing code review comments * Taking care of lifetime of the XdsServer key * code review comments * Fixing channel_state storage and re-run tests (1 assert hit) * Checking for server in the bootstrap file * Adding LRS test * adding a bootstrap file ToJson and parse test * fixing code review comments * fixing code review comments. * fixing test * break out the federation lrs test * Fixed last bit of code review comments * fixing error message to be more precise commit 01011ab259efcde54ff1eeea32d6febf3b103825 Author: Esun Kim <veblush@google.com> Date: Fri Jan 21 08:35:13 2022 -0800 Revert "Buildify Envoy upb (#28558)" (#28648) This reverts commit 97584d834609de74b2b57eedea67a18924f31276. commit 6cdeb9de1ad3e85e736f2a12e675172e18377c60 Author: Mark D. Roth <roth@google.com> Date: Fri Jan 21 07:39:44 2022 -0800 retry: send at most one cancel_stream op on each call attempt (#28607) commit 97584d834609de74b2b57eedea67a18924f31276 Author: Esun Kim <veblush@google.com> Date: Thu Jan 20 22:29:58 2022 -0800 Buildify Envoy upb (#28558) * Buildigy xds * Generate project * Buildify envoy * Added new upb files * Removed unused upb targets * Fix grpc_cel_engine * Update envoy-api to the latest * Regen upb * Regen projects * Fix bazel build on MacOS * More fix on bazel mac * Disable grpc_tool_test on Mac * Regen projects commit b4d8ec269781eb92e732b66f4dc6b3c3cd4c0881 Author: AJ Heller <hork@google.com> Date: Thu Jan 20 17:41:43 2022 -0800 s/TOOD/TODO/ (#28517) commit 0a4bbb9510d503b45f9265b570fdf61bbf01f713 Author: Craig Tiller <ctiller@google.com> Date: Thu Jan 20 16:24:50 2022 -0800 Add tests for parsed metadata (#28622) * tests for parsed metadata * more-tests * more-tests commit 86c483a6782356d09a199e2263d40f886227b4a5 Author: Mark D. Roth <roth@google.com> Date: Thu Jan 20 13:34:58 2022 -0800 fix priority policy to cancel failover timer on IDLE and add test (#28563) commit ee8a90e4462f0fe956d4526a0915102aa17604c7 Author: Craig Tiller <ctiller@google.com> Date: Thu Jan 20 13:01:09 2022 -0800 Fix rng in rls (#28637) commit 74a2cb6e2b58baa63c9d8e771f6e5bfd2014a0fd Author: Craig Tiller <ctiller@google.com> Date: Thu Jan 20 12:47:33 2022 -0800 Revert "Revert "Reland slice changes (#28601)" (#28615)" (#28624) * Revert "Revert "Reland slice changes (#28601)" (#28615)" This reverts commit 939bbfc336519371f90d0e2acec84828be412f77. * Change random seed back to nanoseconds commit 5c3319c62d78b750cca190ff8a74abc595a09608 Author: Denny C. Dai <dennycd@google.com> Date: Thu Jan 20 10:13:09 2022 -0800 Remove openssl extern c wrapping (#28629) commit 881da3e94107281eefa90501979d5bebd50d4b01 Author: Mark D. Roth <roth@google.com> Date: Thu Jan 20 09:26:19 2022 -0800 core: improve documentation for GRPC_ARG_DNS_ENABLE_SRV_QUERIES (#28634) commit 88ff7f0d3f09cfd577740c88c119f69942e50d08 Author: Paulo Castello da Costa <6579971+paulosjca@users.noreply.github.com> Date: Thu Jan 20 08:14:25 2022 -0800 Format top-level README. (#28610) Format with `prettier` in preparation for further changes. commit 257183f5ec5e0f8278effff49e3101f1e7b35b98 Author: James Newton-King <james@newtonking.com> Date: Fri Jan 21 00:30:29 2022 +1300 Grpc.Core.Api nullable fixes (#28616) commit 402981be8ed73d8303dbafb69975c59144012adf Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Thu Jan 20 09:23:06 2022 +0100 Bump version to 1.45.0-dev (#28553) * bump version to 1.45.0-dev * regenerate projects commit f873ae644b744527ecfae954c5836fc5a0a87167 Author: Craig Tiller <ctiller@google.com> Date: Wed Jan 19 22:49:04 2022 -0800 Leak static table (#28623) commit 9f090a3a32ae565e79eb9ce602c28b413f455142 Author: Mark D. Roth <roth@google.com> Date: Wed Jan 19 13:57:15 2022 -0800 xds: accept SelfConfigSource for RDS and EDS ConfigSources (#28618) commit bb69e9351cd0a34bedf94fca4b5288774234eb2c Author: Yash Tibrewal <yashkt@google.com> Date: Wed Jan 19 10:43:36 2022 -0800 Add file comment (#28606) commit 939bbfc336519371f90d0e2acec84828be412f77 Author: Craig Tiller <ctiller@google.com> Date: Wed Jan 19 09:40:19 2022 -0800 Revert "Reland slice changes (#28601)" (#28615) This reverts commit b33e0d40aff4541ea91f4ff1b9299bd6ad068db4. commit fda615860069c46b16e8350e1ce20a3f7b3f482a Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Wed Jan 19 18:28:27 2022 +0100 Build ruby artifacts in parallel (#28243) * build ruby artifacts in parallel * fine tune grpc_distribtests_ruby.sh parallelism * fine tune linux/grpc_build_artifacts.sh parallelism * cleanup in bundle_install_wrapper * address review comments commit bf3ceddaacae821260ea8d01ffbc07d809a1d60e Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Wed Jan 19 18:24:01 2022 +0100 allow running instances of DepFileUtilTest in parallel (#28612) commit b3446680af659df246db293aeaa1de03670273f9 Author: Mark D. Roth <roth@google.com> Date: Wed Jan 19 07:52:29 2022 -0800 fix grpc_transport_stream_op_batch_string() to handle binary metadata (#28609) commit aeea02fab8c73d91e420360f8bdf015715ad6f45 Author: Vignesh Babu <vigneshbabu@google.com> Date: Tue Jan 18 14:44:55 2022 -0800 TLS Session Keys export for GRPC C++ (#26812) * Adding TLS Key export logic to core and c++ wrappers * Adding and end2end cpp tls key export test and updating broken test due to interface changes * regenerate projects * updating tls key export core logic with addition of APIs to grpc_security.h * undoing changes to tls_security_connector_test * regenerate projects * changing the logging format enum name as per GRFC comments * regenerate projects * removing some commented code * updating changes as per review comments * adding GRPCAPI annotations to functions defined in grpc_security.h * regenerate projects * fixed some code styling issues * removing grpc_security.h include from tls_credentials_options.h * updating files as per review comments * minor fixes * moving some code around * removing key log format from tls session key log config and converting it to a simple string * regenerate projects * fixing mistakes in recent merge with master * regenerate projects * regenerate projects * fixing some distrib and snity errors * fixing formatting errors * fixing more sanity checks and raising supported openssl versions to 1.1.1 * updating min supported openssl version to 1.1.1 * updating min supported openssl version in tls_key_export_test * updating test to fix incorrect vector initialization * updating as per latest comments * fixing sanity checks * addressing review comments * fixing sanity checks * fixed c++ comment style * Automated change: Fix sanity tests * fixing review comments Co-authored-by: Vignesh2208 <Vignesh2208@users.noreply.github.com> commit 0f60be8e8a9bb8de6ad84b2f603666b7363e4925 Author: Lidi Zheng <lidiz@google.com> Date: Tue Jan 18 13:32:54 2022 -0800 Increase the Python protobuf requirement to >=3.12.0 (#28604) commit 0fb47cd886895a015c85568c6863b5158db41e3d Author: Mark D. Roth <roth@google.com> Date: Tue Jan 18 13:25:07 2022 -0800 pick_first: make TRANSIENT_FAILURE sticky (#28571) commit a215992f0e16328b0efd570b96c6c333ae52d4d0 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Tue Jan 18 20:09:49 2022 +0100 speedup C# basictests: only build C# once for coreclr and mono tests (#28587) * only build C# once for coreclr and mono tests * one more attempt * only build C# once for coreclr and mono commit b08aba1c2a622730c00f460f79dbec71ac7a5147 Author: AJ Heller <hork@google.com> Date: Tue Jan 18 10:29:41 2022 -0800 repomgr->yashykt (#28602) commit fd1f89a28b1ea9312a47e96662f4d78682593b89 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Tue Jan 18 19:14:42 2022 +0100 speedup grpc_csharp_distribtests (#28560) commit 869417057989471aadae5082c8a4485ee1a0d0dc Author: Easwar Swaminathan <easwars@google.com> Date: Tue Jan 18 10:11:37 2022 -0800 tools: set psm-security-python timeout to 3h (#28574) commit 7924a5fde7cf2827806c1d97765f2af5802c55a5 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Tue Jan 18 18:45:13 2022 +0100 add task_runner.py --inner_jobs support for C++ distribtests (#28594) * add support for task_runner.py --inner_jobs for C++ distribtests * fine tune linux c++ distribtests parallelism * yapf code commit b33e0d40aff4541ea91f4ff1b9299bd6ad068db4 Author: Craig Tiller <ctiller@google.com> Date: Tue Jan 18 09:29:49 2022 -0800 Reland slice changes (#28601) * Revert "Revert "Eliminate slice interning (#28363)" (#28598)" This reverts commit 03bf69960024930edf6160f46b1f00f5d636e25c. * fix? commit 10694d167917b444de85dcac29ac56252d1e6dbe Author: perjoh <perjoh@users.noreply.github.com> Date: Tue Jan 18 16:17:28 2022 +0100 Memory leak fix on windows in grpc_tcp_create() (#27457) * Avoid using memset on types with non POD data members. * add todo Co-authored-by: Jan Tattermusch <jtattermusch@google.com> commit 03bf69960024930edf6160f46b1f00f5d636e25c Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Tue Jan 18 15:44:18 2022 +0100 Revert "Eliminate slice interning (#28363)" (#28598) This reverts commit 6703186b7a18f4c5cf71eb3eaef47e514c946f08. commit 1caa3e8cfdc11fa0c68aaafeb1c8440b736819a6 Author: Yash Tibrewal <yashkt@google.com> Date: Tue Jan 18 04:46:40 2022 -0800 xDS: Rbac filter updates (#28568) commit 93733de2532c390433691478765979db297a32d7 Author: Ming-Chuan <mingcl@google.com> Date: Tue Jan 18 15:01:01 2022 +0800 Add SameSignatureSecurityPolicy for binder transport (#27816) Tested signing example server and example client APKs with different debug key, worked as intended. commit 6703186b7a18f4c5cf71eb3eaef47e514c946f08 Author: Craig Tiller <ctiller@google.com> Date: Mon Jan 17 20:25:45 2022 -0800 Eliminate slice interning (#28363) Eliminate slice interning, and structures in slices to support it. Reduces grpc_slice_refcount from 40 bytes (+ a required 8 bytes elsewhere) to 16 bytes. Removes a pointer dereference for every slice ref/unref. Co-authored-by: ctiller <ctiller@users.noreply.github.com> commit 8015ae1648c0766339ae9f6a0dcea73437df7735 Author: Lidi Zheng <lidiz@google.com> Date: Fri Jan 14 14:12:06 2022 -0800 Remove the explicit IO platform setting (#28569) commit 353eb9aab267181096d12dc9b3a91089ac4e264e Author: Lidi Zheng <lidiz@google.com> Date: Fri Jan 14 12:58:57 2022 -0800 Update the fork-support doc (#28567) commit cf43542bafe188ed8d1956ca4a688dd201b9e23f Author: Anton Danielsson <danielsson.anton@gmail.com> Date: Fri Jan 14 21:54:40 2022 +0100 Add bundle destination for cmake install commands (#28454) * Add bundle destination for cmake install commands Fixes the problem: "no BUNDLE DESTINATION for MACOSX_BUNDLE" when building for iOS * Automated change: Fix sanity tests Co-authored-by: anton-danielsson <anton-danielsson@users.noreply.github.com> commit e3e2191daad368e682497eafbf7a52741467199b Author: Craig Tiller <ctiller@google.com> Date: Fri Jan 14 12:36:04 2022 -0800 Shrink parsed metadata bloat a little (#28498) commit 6b95e9769e241afc43e8ae70b24bdac49570ee59 Author: AJ Heller <hork@google.com> Date: Fri Jan 14 11:26:27 2022 -0800 Log errors for unsupported fork scenarios in Python (#28566) Previously it logged info-level warnings. This also now returns early from prefork if the polling strategy is not set, or otherwise not supported. See #28557 commit e59dcd5c876bca511579f938c5cb6cf78543bc56 Author: Mark D. Roth <roth@google.com> Date: Fri Jan 14 09:34:39 2022 -0800 xds: force-enable retries in xds_end2end_test to make things work internally (#28564) commit 7069770ee0068dcde5ea86426979c71d5a47f09d Author: Lidi Zheng <lidiz@google.com> Date: Fri Jan 14 09:25:33 2022 -0800 Merge the 3 repeating Python binary compilations (Attempt 2) (#28543) * Revert "Revert "Merge the 3 repeating Python binary compilations (#28500)" (#28539)" This reverts commit 0554cbee9cfcb58c3fe7c55300f6f447998c1963. * Update hardcoded Python path * Repect existing images and only use new path for newer releases * fix interop_matrix testcases Co-authored-by: Jan Tattermusch <jtattermusch@google.com> commit 227d65367c9030db3fc8957eeabc5238d831395e Author: Mark D. Roth <roth@google.com> Date: Fri Jan 14 08:21:32 2022 -0800 rls: fix various bugs in adaptive throttling code (#28477) * rls: fix adaptive throttling window size * clang-format * fix adaptive throttling logic and fix FailedRlsRequestWithoutDefaultTarget test commit 8ca42ec6f88c7cd0c45afa02eb61edd75af00246 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Fri Jan 14 16:45:38 2022 +0100 Revert "Update to rbac policy struct and end2end authz test. (#27074)" (#28552) This reverts commit b64167a0340990566120a0a11e373d72e019330f. commit 3788b9142bf54d30c99f3ab5fc2cab0d78fbface Author: Ming-Chuan <mingcl@google.com> Date: Fri Jan 14 15:15:29 2022 +0800 [BinderTransport] Remove some logs (#28462) commit c02fe64bea690d6717633a3f35e570a70f8f547e Author: Yousuk Seung <ysseung@google.com> Date: Thu Jan 13 23:00:10 2022 -0800 Support custom xDS channel creds (#28486) This patch introduces a factory to allow supporting custom xDS channel creds. Three types currently supported (fake, insecure, google_default) are registered by default for backward-compatibility. commit 17859fb6b5d82b3836ad6ca224e33be9bced4d9a Author: Craig Tiller <ctiller@google.com> Date: Thu Jan 13 22:09:35 2022 -0800 Stop N**2 symbol name lengths (#28502) * Experiment: Try to stop N**2 symbol name lengths * Better copysink * clean up tests * fix clang-tidy * fix * typo? * fix * comment * Automated change: Fix sanity tests Co-authored-by: ctiller <ctiller@users.noreply.github.com> commit e0a3a513a93dba7e02df8f38397ea823c70a9361 Author: Esun Kim <veblush@google.com> Date: Thu Jan 13 16:11:56 2022 -0800 Buildify upb targets for validate & udpa (#28531) * Buildify upb targets for validate & udpa * Fix sanity test commit fd3dbcb3715107566949902054cf97d4a877dba7 Author: Sergii Tkachenko <sergiitk@google.com> Date: Thu Jan 13 16:00:33 2022 -0800 xds-k8s: Fix ModuleNotFoundError: No module named 'packaging' (#28556) `packaging` was explicitly used in xds_url_map_testcase.py, but wasn't added to the requirements.txt. It (unintentionally) worked before because `packaging` is a transitive dependency of `google-api-python-client@1.12.8` via `google-api-core@1.31.5`. With `google-api-python-client` upgraded to `1.12.10`, it's not the case anymore. commit d4e09406c1f07912fd4e8f2b70878b3687686db4 Author: dmaclach <dmaclach@gmail.com> Date: Thu Jan 13 15:30:25 2022 -0800 [OBJC] Don't add unnecessary prefixes to service class names (#28554) * [OBJC] Don't add unnecessary prefixes to service class names This is the same semantics as the Objective-C protoc. This prevents cases where you have an RPC named `FOOOpener` and a objc class prefix of `FOO` becoming `FOOFOOOpener`. * Update objective_c_generator_helpers.h Apply "sanity" check * Update objective_c_generator_helpers.h Fix up bad namespacing * Update objective_c_generator_helpers.h adding `::std::string`. Not quite sure why it's needed, but apparently it's a thing. * Update objective_c_generator_helpers.h Missing semi-colon. Hopefully caffeine will kick in at some point today... thanks tvl. * Automated change: Fix sanity tests Co-authored-by: dmaclach <dmaclach@users.noreply.github.com> commit b38b70620003e65da97aac5499589024aa9e64b8 Author: Esun Kim <veblush@google.com> Date: Thu Jan 13 11:10:43 2022 -0800 Removed meshca.proto (#28535) commit b2939f58d06def0b5995cfeb7a78e955ee2a8a86 Author: Mark D. Roth <roth@google.com> Date: Thu Jan 13 09:58:46 2022 -0800 transport: add error attributes indicating stream network state (#28546) * transport: add error attributes indicating stream network state * add missing case commit 32b087e6741b15d302fc4a4ea0fb205ae1d41954 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Thu Jan 13 14:58:48 2022 +0100 Ruby artifact speedup (#28542) * fix ruby native extension build parallelism defaults * allow overriding ruby artifact build parallelism with GRPC_RUBY_BUILD_PROCS * honor --inner_jobs for ruby artifact build * always start building ruby artifacts first * fine tune grpc_distribtests_ruby.sh * address review feedback * strip newline from nproc output commit e22f07dc4ccecfd4193814a98a19351700504fe0 Author: AJ Heller <hork@google.com> Date: Wed Jan 12 16:01:48 2022 -0800 Fix tautological unsigned comparison (#28537) * Fix invalid unsigned comparison This also enables the -Wtype-limits warning, which is included in GCC's -Wextra, but not in Clang's -Wextra. commit b64167a0340990566120a0a11e373d72e019330f Author: Ashitha Santhosh <55257063+ashithasantosh@users.noreply.github.com> Date: Wed Jan 12 15:13:35 2022 -0800 Update to rbac policy struct and end2end authz test. (#27074) * Empty principals checks for authenticated connection * fix sanity check * clang-format * principals:[] will result in ANY * minor correction after merging * clang-format * formatting * clang-format * remove unnecessary header * Remove unnecessary target from BUILD commit 69bd058e2cce3f6e8d3bf3be7b9a972f3c4963c7 Author: Craig Tiller <ctiller@google.com> Date: Wed Jan 12 11:46:48 2022 -0800 fix mac build? (#28541) commit 114d3883898142e8b008a7138552a59df274d5ad Author: Yash Tibrewal <yashkt@google.com> Date: Wed Jan 12 11:41:06 2022 -0800 Fix xDS client for multiple watchers (#28521) * Fix XdsClient for multiple watchers * Reviewer comment commit 5c30de312b5e167ec769edb208d517f8e69b2307 Author: Mark D. Roth <roth@google.com> Date: Wed Jan 12 10:09:06 2022 -0800 xds: handle percent-encoding in new-style resource names (#28515) commit d61b564ac086cb71c0cd7165540c98c83c743e83 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Wed Jan 12 18:39:29 2022 +0100 Update third_party/boringssl-with-bazel (#28510) * Update third_party/boringssl-with-bazel * regenerate projects * regenerate boringssl prefix headers * Increase boringssl podspec version * regenerate projects (2nd time) commit 29c25a190bc7818031d3963489e59a79686b9ffe Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Wed Jan 12 18:35:37 2022 +0100 Upmerge v1.43.x branch to master (#28526) * Added virtualenv to ruby and php73 docker for psm (#28263) (#28264) * Bump version to v1.43.0-pre1 (#28249) * Bump version to v1.43.0-pre1 * Regenerate projects * minimalist backport of #28228 (#28298) * Replace C2P resolver env var with experimental scheme suffix (#28294) (#28300) * pin rake-compiler at 1.1.1 (#28321) * To v1.43.0 (#28350) * Removed -pre1 from the version * Generate projects * Fix resource quota not getting passed through (#28318) (#28329) * backport #28362 to 1.43.x (#28374) * Don't gem install rake-compiler on macos setup scripts (#28415) (#28439) * Don't gem install rake-compiler on macos setup scripts * Use xds-test-server-5 as the GCE interop server (#28399) (#28445) Co-authored-by: Esun Kim <veblush@google.com> Co-authored-by: apolcyn <apolcyn@google.com> Co-authored-by: Craig Tiller <ctiller@google.com> Co-authored-by: Lidi Zheng <lidiz@google.com> commit 42c08b9b562a6493c48e770f5b91ef16509838a2 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Wed Jan 12 18:35:07 2022 +0100 Update third_party/protobuf to v3.19.2 (#28511) * Update third_party/protobuf * run tools/distrib/python/make_grpcio_tools.py * regenerate protos for csharp, ruby, php * update build_handwritten.yaml * regenerate projects commit 54036ef62d97f4fea4655cd0e11377414ace2f1d Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Wed Jan 12 18:31:26 2022 +0100 bump C-core version for upcoming release (#28527) * bump C-core version for upcoming release * regenerate projects commit 0554cbee9cfcb58c3fe7c55300f6f447998c1963 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Wed Jan 12 18:31:02 2022 +0100 Revert "Merge the 3 repeating Python binary compilations (#28500)" (#28539) This reverts commit 2d4f3c56001cd1e1f85734b2f7c5ce5f2797c38a. commit c0f18e2bd6825eb07063faf463519ae28e33f5b6 Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Wed Jan 12 18:10:26 2022 +0100 another fixup for #27846 (#28540) commit e29bdfe4e8662d743eb9c86651ef89e822efb58b Author: Craig Tiller <ctiller@google.com> Date: Wed Jan 12 07:00:02 2022 -0800 Add a test for includes without paths (#28532) * Add a test for includes without paths * fix path * fix * Automated change: Fix sanity tests Co-authored-by: ctiller <ctiller@users.noreply.github.com> commit 98999225bea7c5cb381e84c7b6a660705ce9fdaa Author: Jan Tattermusch <jtattermusch@users.noreply.github.com> Date: Wed Jan 12 14:56:28 2022 +0100 Speedup linux portability build_only tests (#28461) * try speeding up linux portability test * remove gcc8.3 portability test * c-ares is the default resolver on linux * dont set parallel run_tests jobs too high * original parallelism might lead to better results commit 2d4f3c56001cd1e1f85734b2f7c5ce5f2797c38a Author: Lidi Zheng <lidiz@google.com> Date: Tue Jan 11 17:14:22 2022 -0800 Merge the 3 repeating Python binary compilations (#28500) * Merge the 3 repeating Python binary compilations * Restore grpcio_metadata.py * run_tests.py is running on <3.6 * Restore the Windows gevent version pin commit 9ffbc2d3606192c13e64e6d83353c6eda51ad960 Author: Yash Tibrewal <yashkt@google.com> Date: Tue Jan 11 15:02:12 2022 -0800 XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments commit 44763b471f6d427c84ac7e22ad334d2fa92397fa Author: Craig Ti…
Fixes joyrex2001#23. See also grpc/grpc#25586, and particularly compare to the changes in the first-party PHP extension.
Fixes joyrex2001#23. See also grpc/grpc#25586, and particularly compare to the changes in the first-party PHP extension.
Fixes joyrex2001#23. See also grpc/grpc#25586, and particularly compare to the changes in the first-party PHP extension.
Fixes joyrex2001#23. See also grpc/grpc#25586, and particularly compare to the changes in the first-party PHP extension.
Fixes joyrex2001#23. See also grpc/grpc#25586, and particularly compare to the changes in the first-party PHP extension.
Fixes #23. See also grpc/grpc#25586, and particularly compare to the changes in the first-party PHP extension.
This addresses a long-standing TODO that we couldn't do prior to #25586. For details, see internal doc go/grpc-rls-callcreds-to-server.
* nixpkgs.nix: Bump to 2022-04-22. * release.nix: Unmark data-diverse as broken. * *.nix: Adjust to nixpkgs update. * cbits: Adjust to removal of insecure build. See grpc/grpc#25586 * Do not make secure connections mandatory Instead of making secure connections mandatory, use insecure credentials to keep existing API unchanged. * release.nix: Make sure .sh scripts are executable before wrapping. It seems as though the `./Setup sdist` now unsets the executable bit. * README: Update supported gRPC version. --------- Co-authored-by: Raghu Kaippully <raghuk@arista.com>
…insecure creds (#36176) Forked from #35957 This PR refactors the credentials types to remove Secure and Insecure Channel and Call credentials types. We standardize on a `c_creds()` accessor method for all credentials types, which can now be treated uniformly. This notably removes special-case handling of insecure credentials. The special code-paths for insecure creds are no longer necessary in the wake of #25586. Closes #36176 COPYBARA_INTEGRATE_REVIEW=#36176 from drfloob:fork/35957/creds-API fd64d59 PiperOrigin-RevId: 621008166
…ial handling for insecure creds This PR refactors the credentials types to remove Secure and Insecure Channel and Call credentials types. We standardize on a `c_creds()` accessor method for all credentials types, which can now be treated uniformly. This notably removes special-case handling of insecure credentials. The special code-paths for insecure creds are no longer necessary after #25586. ---- DO NOT SUBMIT. This PR is for testing purposes only. [cl/621192395](http://cl/621192395) PiperOrigin-RevId: 621192395
…ial handling for insecure creds This PR refactors the credentials types to remove Secure and Insecure Channel and Call credentials types. We standardize on a `c_creds()` accessor method for all credentials types, which can now be treated uniformly. This notably removes special-case handling of insecure credentials. The special code-paths for insecure creds are no longer necessary after #25586. ---- DO NOT SUBMIT. This PR is for testing purposes only. [cl/621192395](http://cl/621192395) PiperOrigin-RevId: 621192395
…ial handling for insecure creds This PR refactors the credentials types to remove Secure and Insecure Channel and Call credentials types. We standardize on a `c_creds()` accessor method for all credentials types, which can now be treated uniformly. This notably removes special-case handling of insecure credentials. The special code-paths for insecure creds are no longer necessary after #25586. ---- DO NOT SUBMIT. This PR is for testing purposes only. [cl/621192395](http://cl/621192395) PiperOrigin-RevId: 621192395
…ial handling for insecure creds This PR refactors the credentials types to remove Secure and Insecure Channel and Call credentials types. We standardize on a `c_creds()` accessor method for all credentials types, which can now be treated uniformly. This notably removes special-case handling of insecure credentials. The special code-paths for insecure creds are no longer necessary after #25586. ---- DO NOT SUBMIT. This PR is for testing purposes only. [cl/621192395](http://cl/621192395) PiperOrigin-RevId: 621192395
…ial handling for insecure creds This PR refactors the credentials types to remove Secure and Insecure Channel and Call credentials types. We standardize on a `c_creds()` accessor method for all credentials types, which can now be treated uniformly. This notably removes special-case handling of insecure credentials. The special code-paths for insecure creds are no longer necessary after #25586. ---- DO NOT SUBMIT. This PR is for testing purposes only. [cl/621192395](http://cl/621192395) PiperOrigin-RevId: 621192395
…ial handling for insecure creds This PR refactors the credentials types to remove Secure and Insecure Channel and Call credentials types. We standardize on a `c_creds()` accessor method for all credentials types, which can now be treated uniformly. This notably removes special-case handling of insecure credentials. The special code-paths for insecure creds are no longer necessary after #25586. ---- DO NOT SUBMIT. This PR is for testing purposes only. [cl/621192395](http://cl/621192395) PiperOrigin-RevId: 621192395
This PR is a part of the effort for removing gRPC insecure build so that all gRPC targets can depend on secure builds. Another purpose of this PR is to refactor the BUILD file so that for the targets that do not rely on SSL, they will not link
libssl
targets.After this PR, there will be the following continuous efforts.
This change is