New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
core: Don't leak CallCredentials into OOB channels #7712
Conversation
The addition of CompositeChannelCredentials allowed CallCredentials to be passed to the ManagedChannel itself. But the implementation was buggy and used the call creds for out-of-band channels as well, which is inappropriate since they have a different authority. This also fixes a bug where resolving OOB channels would have CallCreds duplicated; that wasn't noticed or important because we don't use CallCreds in OOB channels. Fixes grpc#7643
@veblush, could you do one more test with this and post the log? I search for |
@ejona86 Sure. Would running my client with this PR be enough? |
@veblush, yeah. Patch this PR in and see if it resolves things. Any commit after the ChannelCredentials stuff was added would be fine. That means the commit you originally produced the issue should be fine to patch this into. |
I got 1.34.1.log by running gRPC Java 1.34.x with this PR cherry-picked. |
@veblush, excellent! That log shows this PR did successfully avoid including the call creds. So this PR should fix the original issue you experienced (even if we can't reproduce it now). |
core/src/test/java/io/grpc/internal/ManagedChannelImplTest.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. 2 comments added
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
The addition of CompositeChannelCredentials allowed CallCredentials to
be passed to the ManagedChannel itself. But the implementation was buggy
and used the call creds for out-of-band channels as well, which is
inappropriate since they have a different authority.
This also fixes a bug where resolving OOB channels would have CallCreds
duplicated; that wasn't noticed or important because we don't use
CallCreds in OOB channels.
Fixes #7643
Note that the originalTransportFactory usage vs oobTransportFactory usage is
subtle. If you use the wrong one then CallCreds are duplicated. That's not great,
but also not the worst thing that could happen.