Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xds: implement XdsServerCredentials #7636

Merged
merged 3 commits into from Nov 18, 2020
Merged

xds: implement XdsServerCredentials #7636

merged 3 commits into from Nov 18, 2020

Conversation

sanjaypujare
Copy link
Contributor

Will remove the useXdsSecurity* methods from XdsServerBuilder in the next PR.

ejona86
ejona86 approved these changes Nov 18, 2020
View reviewed changes
Copy link
Member

@ejona86 ejona86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The builder should completely stop using ProtocolNegotiator when removing the old builder methods.

ejona86
ejona86 requested changes Nov 18, 2020
View reviewed changes
Copy link
Member

@ejona86 ejona86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, this exposes problems. If a user calls useTransportSecurity() it won't have any effect and won't give them an appropriate error.

@sanjaypujare
Copy link
Contributor Author

Actually, this exposes problems. If a user calls useTransportSecurity() it won't have any effect and won't give them an appropriate error.

So instead of delegating these calls to the delegate would it be okay to create a TlsServerCredentials using the passed File arguments?

@sanjaypujare
Copy link
Contributor Author

The builder should completely stop using ProtocolNegotiator when removing the old builder methods.

I have removed the fallbackNegotiator. Only buildServer uses/accepts a ProtocolNegotiator but that is a test-only method. Are there any other instances of the use of ProtocolNegotiator that should be removed?

@ejona86
Copy link
Member

ejona86 commented Nov 18, 2020

So instead of delegating these calls to the delegate would it be okay to create a TlsServerCredentials using the passed File arguments?

If you used the ServerCredentials factory method for NettyServerBuilder, then you wouldn't have a problem as NettyServerBuilder will fail any protocol negotiator changes when using ServerCredentials.

You need to use the proper factory method of NettyServerBuilder based on whether ServerCredentials is provided or not.

Are there any other instances of the use of ProtocolNegotiator that should be removed?

Yes, I explicitly mentioned useTransportSecurity().

ejona86
ejona86 approved these changes Nov 18, 2020
View reviewed changes
Copy link
Member

@ejona86 ejona86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I rewrote the XdsServerBuilder changes. They are pretty small now, but use the old code path for the old code and new code path for new code.

Don't forget to fill out the ExperimentalApi URI.

@sanjaypujare sanjaypujare merged commit 620d266 into grpc:master Nov 18, 2020
@sanjaypujare sanjaypujare deleted the xds-server-creds branch November 18, 2020 20:46
dfawley pushed a commit to dfawley/grpc-java that referenced this pull request Jan 15, 2021
@sanjaypujare @ejona86 @dfawley
xds: implement XdsServerCredentials (grpc#7636)
b637130 
Co-authored-by: Eric Anderson <ejona@google.com>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ejona86 ejona86 ejona86 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@sanjaypujare @ejona86