grpc: optional interface to provide channel authority

[Aditya-Sood]

Also implements the same for unix resolver's builder

Fixes #5360

RELEASE NOTES:

• resolver: provide method for resolver to implement to override default channel authority (EXPERIMENTAL).

[codecov]

Codecov Report

Merging #6752 (1dd2231) into master (b046cca) will increase coverage by 0.12%.
Report is 39 commits behind head on master.
The diff coverage is 100.00%.

❗ Current head 1dd2231 differs from pull request most recent head fb65458. Consider uploading reports for the commit fb65458 to get more accurate results

Additional details and impacted files

[Aditya-Sood]

hi @dfawley, I have a couple queries:

1. I changed the name of the interface method to GetServiceAuthority() to keep the same name as the java method - is that fine?

2. The java method also places a couple more requirements on the implementation:

It must be from a trusted source, because if the authority is tampered with, RPCs may be sent to the attackers which may leak sensitive user data.
An implementation must generate it without blocking, typically in line, and must keep it unchanged. NameResolvers created from the same factory with the same argument must return the same authority.

Should we mention the same in our comments?

3. Regarding your comment about "escapeAuthority", I checked the java codebase and it seems to expect the percent-encoding from the name resolver like you mentioned (link to file):

assertThat(resolver.getServiceAuthority()).isEqualTo("path%2Fto%2Fservice");

I guess we could add a line in the comments for GetServiceAuthority() asking users to do the encoding as part of their concrete method (for the sake of conforming to existing implementations), and add a check at the time of assigning the value to cc.authority for our verification?

[dfawley]

Thank you for the PR! A few comments inline...

[dfawley]

Please delete the TODO below.

[dfawley]

Why cast it to any first? That shouldn't be needed.

[Aditya-Sood]

my bad, cc.resolverBuilder is already an interface type
thanks

[dfawley]

Go style generally doesn't like GetXYZ. OverrideAuthority makes more sense given the name of the interface; otherwise AuthorityForTarget or something like that could be okay.

[dfawley]

Please name the parameter target to be explicit, or don't name it at all, as t doesn't really add documentation value here, and it's not necessary to name.

[dfawley]

Optional: maybe just convert this into a few ifs and do the auth overrider as a compound if.

[Aditya-Sood]

@dfawley thank you for the review, I have pushed the review changes to the PR
could you also weigh-in on points (2) and (3) in #6752 (comment) and let me know if any further work is required?

[github-actions]

This PR is labeled as requiring an update from the reporter, and no update has been received after 6 days. If no update is provided in the next 7 days, this issue will be automatically closed.

[dfawley]

Go style: please name this ok instead of isAuthOverrider.

[dfawley]

Since t is unused, you can omit it entirely here.

[dfawley]

+@arvindbr8 for a second pass

[github-actions]

This PR is labeled as requiring an update from the reporter, and no update has been received after 6 days. If no update is provided in the next 7 days, this issue will be automatically closed.

[Aditya-Sood]

hi @arvindbr8, could you please review the PR and remove the reporter clarification status?

[easwars]

@Aditya-Sood : Thank you for your contribution!