-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
credentials: fix PerRPCCredentials w/RequireTransportSecurity and security levels #3995
Conversation
@dfawley Do you mind taking a look? |
I think there might be an issue with pointer-vs-struct receiver. Try making the insecure creds return |
Or even: just delete it and return |
Thanks a lot @dfawley. Using I also tried directly returning If we decide to use |
We could make this implement
We could change this.
I don't understand this. Why modify all other credentials? What does |
PCMIIW, for other credentials, shouldn't we also return a pointer to a corresponding Regarding |
Hmm, I think the fix for everyone here might be to make grpc-go/credentials/credentials.go Line 95 in 89faf1c
We should also be testing our creds implementations to make sure
No, if we need to return
Actually, let's not do this. But I think we should unexport |
9ef1e2b
to
386b266
Compare
Thanks Doug. The problem is resolved after following your suggestion!
Agreed. There are 6 credentials to be tested. Do you want me to fix them in this PR or a separate one? I am fine with either way.
I am wondering if we should keep it as it is (keep exporting) to make it consistent with other credentials (TLS)? Also, if we unexport it, every time we want to retrieve a security level from |
Whatever is easier for you is fine.
Unless there is useful information in it, there should be no reason to export it.
Really we don't expect anybody to be doing this, though, besides |
SG. Let me handle them in a separate PR.
That makes sense. Let me add a helper function |
f5c5fae
to
4e0b213
Compare
Let's not add this until it's necessary. |
4e0b213
to
21ae702
Compare
SG. I removed |
credentials/local/local_test.go
Outdated
type internalInfo interface { | ||
GetCommonAuthInfo() credentials.CommonAuthInfo | ||
} | ||
if info, ok := clientAuthInfo.(internalInfo); ok { | ||
clientSecLevel = info.GetCommonAuthInfo().SecurityLevel | ||
} else { | ||
return credentials.Invalid, fmt.Errorf("Error at client-side: client's AuthInfo does not implement GetCommonAuthInfo()") | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd say make a helper:
func getSecurityLevel(ai AuthInfo) credentials.SecurityLevel {
if c, ok := ai.(interface { GetCommonAuthInfo() credentials.CommonAuthInfo }); ok {
return c.GetCommonAuthInfo().SecurityLevel
}
return credentials.InvalidSecurityLevel // Let's rename this enum value; it's not specific enough to be exported
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah that's much more concise. Done!
internal/transport/http2_client.go
Outdated
@@ -231,9 +231,22 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts | |||
contextWithHandshakeInfo := internal.NewClientHandshakeInfoContext.(func(context.Context, credentials.ClientHandshakeInfo) context.Context) | |||
connectCtx = contextWithHandshakeInfo(connectCtx, credentials.ClientHandshakeInfo{Attributes: addr.Attributes}) | |||
conn, authInfo, err = transportCreds.ClientHandshake(connectCtx, addr.ServerName, conn) | |||
type internalInfo interface { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmmmm, maybe CheckSecurityLevel
should accept an AuthInfo
instead of a Context
. Does this cause too many changes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, consider it done!
@@ -241,7 +241,7 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts | |||
if cd.RequireTransportSecurity() { | |||
if ci, ok := authInfo.(internalInfo); ok { | |||
secLevel := ci.GetCommonAuthInfo().SecurityLevel | |||
if secLevel != credentials.Invalid && secLevel < credentials.PrivacyAndIntegrity { | |||
if secLevel != credentials.InvalidSecurityLevel && secLevel < credentials.PrivacyAndIntegrity { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking we could use CheckSecurityeLevel
here, but I see this is different from CheckSecurityLevel
because Invalid
is not okay here. LGTM, but please move internalInfo
so it's defined immediately above to limit its scope (or use it inline).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
It seems the test failure in |
Yes, that failure is not related. I filed an issue to track that: #4022. |
This PR attempts to add the per-callcheck discussed in #3974.