client: set auth header to localhost for unix target

clientconn.go

@@ -245,6 +245,7 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 
 	// Determine the resolver to use.
 	cc.parsedTarget = grpcutil.ParseTarget(cc.target)
+	unixScheme := strings.HasPrefix(cc.parsedTarget.Endpoint, "unix:")
 	channelz.Infof(logger, cc.channelzID, "parsed scheme: %q", cc.parsedTarget.Scheme)
 	resolverBuilder := cc.getResolver(cc.parsedTarget.Scheme)
 	if resolverBuilder == nil {
@@ -267,6 +268,8 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 		cc.authority = creds.Info().ServerName
 	} else if cc.dopts.insecure && cc.dopts.authority != "" {
 		cc.authority = cc.dopts.authority
+	} else if unixScheme {
+		cc.authority = "localhost"
 	} else {
 		// Use endpoint from "scheme://authority/endpoint" as the default
 		// authority for ClientConn.

internal/grpcutil/target.go

@@ -43,6 +43,9 @@ func split2(s, sep string) (string, string, bool) {
 // target}.
 func ParseTarget(target string) (ret resolver.Target) {
 	var ok bool
+	if strings.HasPrefix(target, "unix:") {
+		return resolver.Target{Endpoint: target}
+	}
 	ret.Scheme, ret.Endpoint, ok = split2(target, "://")
 	if !ok {
 		return resolver.Target{Endpoint: target}

test/end2end_test.go

@@ -7179,3 +7179,119 @@ func (s) TestCanceledRPCCallOptionRace(t *testing.T) {
 	}
 	wg.Wait()
 }
+
+// unixServer is used to test servers listening over a unix socket.
+type unixServer struct {
+	// Guarantees we satisfy this interface; panics if unimplemented methods are called.
+	testpb.TestServiceServer
+
+	// Customizable implementations of server handlers.
+	emptyCall func(ctx context.Context, in *testpb.Empty) (*testpb.Empty, error)
+
+	// A client connected to this service the test may use.  Created in Start().
+	client testpb.TestServiceClient
+	cc     *grpc.ClientConn
+	s      *grpc.Server
+
+	cleanups []func() // Lambdas executed in Stop(); populated by Start().
+}
+
+func (us *unixServer) EmptyCall(ctx context.Context, in *testpb.Empty) (*testpb.Empty, error) {
+	return us.emptyCall(ctx, in)
+}
+
+func (us *unixServer) Start(network, address, target string) error {
+	lis, err := net.Listen(network, address)
+	if err != nil {
+		return err
+	}
+	us.cleanups = append(us.cleanups, func() { lis.Close() })
+
+	s := grpc.NewServer()
+	testpb.RegisterTestServiceServer(s, us)
+	go s.Serve(lis)
+	us.cleanups = append(us.cleanups, s.Stop)
+	us.s = s
+
+	cc, err := grpc.Dial(target, grpc.WithInsecure())
+	if err != nil {
+		return fmt.Errorf("grpc.Dial(%q) = %v", target, err)
+	}
+	us.cc = cc
+	if err := us.waitForReady(cc); err != nil {
+		return err
+	}
+	us.cleanups = append(us.cleanups, func() { cc.Close() })
+
+	us.client = testpb.NewTestServiceClient(cc)
+
+	return nil
+}
+
+func (us *unixServer) waitForReady(cc *grpc.ClientConn) error {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	for {
+		s := cc.GetState()
+		if s == connectivity.Ready {
+			return nil
+		}
+		if !cc.WaitForStateChange(ctx, s) {
+			return ctx.Err()
+		}
+	}
+}
+
+func (us *unixServer) Stop() {
+	for i := len(us.cleanups) - 1; i >= 0; i-- {
+		us.cleanups[i]()
+	}
+}
+
+func runUnixTest(t *testing.T, address, target, expectedAuthority string) {
+	if err := os.RemoveAll(address); err != nil {
+		t.Fatalf("Error removing socket file %v: %v\n", address, err)
+	}
+	us := &unixServer{
+		emptyCall: func(ctx context.Context, in *testpb.Empty) (*testpb.Empty, error) {
+			if md, ok := metadata.FromIncomingContext(ctx); ok {
+				if auths, ok := md[":authority"]; ok {
+					if len(auths) < 1 {
+						return nil, status.Error(codes.Unauthenticated, "no authority header")
+					}
+					if auths[0] != expectedAuthority {
+						return nil, status.Error(codes.Unauthenticated, fmt.Sprintf("invalid authority header %v, expected %v", auths[0], expectedAuthority))
+					}
+				} else {
+					return nil, status.Error(codes.Unauthenticated, "no authority header")
+				}
+			} else {
+				return nil, status.Error(codes.Unauthenticated, "failed to parse metadata")
+			}
+			return &testpb.Empty{}, nil
+		},
+	}
+	if err := us.Start("unix", address, target); err != nil {
+		t.Fatalf("Error starting endpoint server: %v\n", err)
+		return
+	}
+	defer us.Stop()
+	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
+	defer cancel()
+	_, err := us.client.EmptyCall(ctx, &testpb.Empty{})
+	if err != nil {
+		t.Errorf("us.client.EmptyCall(_, _) = _, %v; want _, nil\n", err)
+	}
+}
+
+func (s) TestUnix1(t *testing.T) {
+	runUnixTest(t, "sock.sock", "unix:sock.sock", "localhost")
+}
+
+func (s) TestUnix2(t *testing.T) {
+	runUnixTest(t, "/tmp/sock.sock", "unix:/tmp/sock.sock", "localhost")
+}
+
+func (s) TestUnix3(t *testing.T) {
+	runUnixTest(t, "/tmp/sock.sock", "unix:///tmp/sock.sock", "localhost")
+}