auth: fix builder invocation for converting Google service account to Jwt access credential (backport 1.21.x) #6122
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Backport of grpc#5718 I see more cases of wrapping Helper and Subchannel during the work of XdsLoadBalancer, we will require that all methods that involve mutable state to be called from the Synchronization Context. We will start logging warnings first, and make them throw in a future release. Helper.createSubchannel() is already doing so. This change adds warnings to the other eligible methods. grpc#5015
…ection(). (grpc#5738) Contrary to grpc#5736, we will still keep the sync-context requirement of requestConnection(), because it prevents API fragmentation. PickFirstLoadBalancer is the only known violator. We will fix it on master, but we don't want to make that change on 1.21.x because the release is soon. We simply remove the warning in this release so that users won't be annoyed. This supersedes grpc#5736
We check for idle mode the first time we try newStream(), but failed to when newStream races with reprocess(). This would normally be a very rare race, except when you consider that AbstractChannelBuilder will call managedChannel.enterIdle() when the network changes. Fixes grpc#5729
* examples: make tls example easier to run * Make the ca cert able to be verified by the server cert in openssl * Make the port number consistent in each example (easy to copy paste wrong one) * use correct netty-tcnative * address comments
Also fix tcnative for Maven. The version had only been updated for gradle. The wrong version would cause a crash with NoSuchMethodError.
We think NameResolver.Listener2 may still change, so don't yet encourage people to migrate. Fixes grpc#5764
This is a cherry-pick of grpc#5858
Depending on jdk:toolchain causes java_grpc_library to always use the
_default_ toolchain, even if the user tried to override it. Changing to
:current_java_toolchain allows the rule to use the user-selected
toolchain when overridden.
Tested by adding to BUILD:
load("@bazel_tools//tools/jdk:default_java_toolchain.bzl", "default_java_toolchain")
default_java_toolchain(
name = "mychain",
misc = ["-Amy=flag"],
visibility = ["//visibility:public"],
)
And then verifying -Amy=flag is in the output of:
bazel aquery --java_toolchain=:mychain services:_reflection_java_grpc
Fixes grpc#5841
Prior to 745aa0a, this target was visible publicly.
Http2ControlFrameLimitEncoder is from Netty. It is copied here as a temporary measure until we upgrade to the version of Netty that includes the class. See CVE-2019-9515
… Jwt access credential (grpc#6106) * Fixed mistaken method invocation for privateKeyId getter/setter. * Added test coverage to verify jwt credentials are applied to request metadata correctly. * No need to expose serviceUri method for testing.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #6105 .
Backport of #6106.