[call-v3] Convert server auth filter (grpc#35299)

Closes grpc#35299 COPYBARA_INTEGRATE_REVIEW=grpc#35299 from ctiller:v3-server-auth 32c3ee4 PiperOrigin-RevId: 591000230
sergiitk · Dec 14, 2023 · b455726 · b455726
1 parent a0cab83
commit b455726
Show file tree

Hide file tree

Showing 26 changed files with 554 additions and 143 deletions.
diff --git a/BUILD b/BUILD
@@ -1763,6 +1763,7 @@ grpc_cc_library(
         "//src/core:lib/security/credentials/plugin/plugin_credentials.cc",
         "//src/core:lib/security/security_connector/security_connector.cc",
         "//src/core:lib/security/transport/client_auth_filter.cc",
+        "//src/core:lib/security/transport/legacy_server_auth_filter.cc",
         "//src/core:lib/security/transport/secure_endpoint.cc",
         "//src/core:lib/security/transport/security_handshaker.cc",
         "//src/core:lib/security/transport/server_auth_filter.cc",

diff --git a/CMakeLists.txt b/CMakeLists.txt
diff --git a/Makefile b/Makefile
diff --git a/Package.swift b/Package.swift
diff --git a/bazel/experiments.bzl b/bazel/experiments.bzl
diff --git a/build_autogenerated.yaml b/build_autogenerated.yaml
diff --git a/config.m4 b/config.m4
diff --git a/config.w32 b/config.w32
diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec
diff --git a/grpc.gemspec b/grpc.gemspec
diff --git a/grpc.gyp b/grpc.gyp
diff --git a/package.xml b/package.xml
diff --git a/src/core/lib/channel/promise_based_filter.h b/src/core/lib/channel/promise_based_filter.h
@@ -63,6 +63,7 @@
 #include "src/core/lib/promise/poll.h"
 #include "src/core/lib/promise/promise.h"
 #include "src/core/lib/promise/race.h"
+#include "src/core/lib/promise/try_seq.h"
 #include "src/core/lib/resource_quota/arena.h"
 #include "src/core/lib/slice/slice_buffer.h"
 #include "src/core/lib/surface/call.h"
@@ -330,54 +331,88 @@ auto MapResult(void (Derived::Call::*fn)(ServerMetadata&), Promise x,
   });
 }
 
-inline auto RunCall(const NoInterceptor*, CallArgs call_args,
-                    NextPromiseFactory next_promise_factory, void*) {
-  return next_promise_factory(std::move(call_args));
-}
+template <typename Interceptor, typename Derived, typename SfinaeVoid = void>
+struct RunCallImpl;
 
 template <typename Derived>
-inline auto RunCall(void (Derived::Call::*fn)(ClientMetadata& md),
-                    CallArgs call_args, NextPromiseFactory next_promise_factory,
-                    FilterCallData<Derived>* call_data) {
-  GPR_DEBUG_ASSERT(fn == &Derived::Call::OnClientInitialMetadata);
-  call_data->call.OnClientInitialMetadata(*call_args.client_initial_metadata);
-  return next_promise_factory(std::move(call_args));
-}
+struct RunCallImpl<const NoInterceptor*, Derived> {
+  static auto Run(CallArgs call_args, NextPromiseFactory next_promise_factory,
+                  void*) {
+    return next_promise_factory(std::move(call_args));
+  }
+};
 
 template <typename Derived>
-inline auto RunCall(
-    ServerMetadataHandle (Derived::Call::*fn)(ClientMetadata& md),
-    CallArgs call_args, NextPromiseFactory next_promise_factory,
-    FilterCallData<Derived>* call_data) -> ArenaPromise<ServerMetadataHandle> {
-  GPR_DEBUG_ASSERT(fn == &Derived::Call::OnClientInitialMetadata);
-  auto return_md = call_data->call.OnClientInitialMetadata(
-      *call_args.client_initial_metadata);
-  if (return_md == nullptr) return next_promise_factory(std::move(call_args));
-  return Immediate(std::move(return_md));
-}
+struct RunCallImpl<void (Derived::Call::*)(ClientMetadata& md), Derived> {
+  static auto Run(CallArgs call_args, NextPromiseFactory next_promise_factory,
+                  FilterCallData<Derived>* call_data) {
+    call_data->call.OnClientInitialMetadata(*call_args.client_initial_metadata);
+    return next_promise_factory(std::move(call_args));
+  }
+};
 
 template <typename Derived>
-inline auto RunCall(ServerMetadataHandle (Derived::Call::*fn)(
-                        ClientMetadata& md, Derived* channel),
-                    CallArgs call_args, NextPromiseFactory next_promise_factory,
-                    FilterCallData<Derived>* call_data)
-    -> ArenaPromise<ServerMetadataHandle> {
-  GPR_DEBUG_ASSERT(fn == &Derived::Call::OnClientInitialMetadata);
-  auto return_md = call_data->call.OnClientInitialMetadata(
-      *call_args.client_initial_metadata, call_data->channel);
-  if (return_md == nullptr) return next_promise_factory(std::move(call_args));
-  return Immediate(std::move(return_md));
-}
+struct RunCallImpl<ServerMetadataHandle (Derived::Call::*)(ClientMetadata& md),
+                   Derived> {
+  static auto Run(CallArgs call_args, NextPromiseFactory next_promise_factory,
+                  FilterCallData<Derived>* call_data)
+      -> ArenaPromise<ServerMetadataHandle> {
+    auto return_md = call_data->call.OnClientInitialMetadata(
+        *call_args.client_initial_metadata);
+    if (return_md == nullptr) return next_promise_factory(std::move(call_args));
+    return Immediate(std::move(return_md));
+  }
+};
 
 template <typename Derived>
-inline auto RunCall(void (Derived::Call::*fn)(ClientMetadata& md,
-                                              Derived* channel),
-                    CallArgs call_args, NextPromiseFactory next_promise_factory,
-                    FilterCallData<Derived>* call_data) {
-  GPR_DEBUG_ASSERT(fn == &Derived::Call::OnClientInitialMetadata);
-  call_data->call.OnClientInitialMetadata(*call_args.client_initial_metadata,
-                                          call_data->channel);
-  return next_promise_factory(std::move(call_args));
+struct RunCallImpl<ServerMetadataHandle (Derived::Call::*)(ClientMetadata& md,
+                                                           Derived* channel),
+                   Derived> {
+  static auto Run(CallArgs call_args, NextPromiseFactory next_promise_factory,
+                  FilterCallData<Derived>* call_data)
+      -> ArenaPromise<ServerMetadataHandle> {
+    auto return_md = call_data->call.OnClientInitialMetadata(
+        *call_args.client_initial_metadata, call_data->channel);
+    if (return_md == nullptr) return next_promise_factory(std::move(call_args));
+    return Immediate(std::move(return_md));
+  }
+};
+
+template <typename Derived>
+struct RunCallImpl<
+    void (Derived::Call::*)(ClientMetadata& md, Derived* channel), Derived> {
+  static auto Run(CallArgs call_args, NextPromiseFactory next_promise_factory,
+                  FilterCallData<Derived>* call_data) {
+    call_data->call.OnClientInitialMetadata(*call_args.client_initial_metadata,
+                                            call_data->channel);
+    return next_promise_factory(std::move(call_args));
+  }
+};
+
+template <typename Derived, typename Promise>
+struct RunCallImpl<
+    Promise (Derived::Call::*)(ClientMetadata& md, Derived* channel), Derived,
+    absl::void_t<decltype(StatusCast<ServerMetadataHandle>(
+        std::declval<PromiseResult<Promise>>))>> {
+  static auto Run(CallArgs call_args, NextPromiseFactory next_promise_factory,
+                  FilterCallData<Derived>* call_data) {
+    ClientMetadata& md_ref = *call_args.client_initial_metadata;
+    return TrySeq(
+        call_data->call.OnClientInitialMetadata(md_ref, call_data->channel),
+        [call_args = std::move(call_args),
+         next_promise_factory = std::move(next_promise_factory)]() mutable {
+          return next_promise_factory(std::move(call_args));
+        });
+  }
+};
+
+template <typename Interceptor, typename Derived>
+auto RunCall(Interceptor interceptor, CallArgs call_args,
+             NextPromiseFactory next_promise_factory,
+             FilterCallData<Derived>* call_data) {
+  GPR_DEBUG_ASSERT(interceptor == &Derived::Call::OnClientInitialMetadata);
+  return RunCallImpl<Interceptor, Derived>::Run(
+      std::move(call_args), std::move(next_promise_factory), call_data);
 }
 
 inline void InterceptClientToServerMessage(const NoInterceptor*, void*,
@@ -558,6 +593,30 @@ inline void InterceptClientInitialMetadata(
       });
 }
 
+// Returning a promise that resolves to something that can be cast to
+// ServerMetadataHandle also counts
+template <typename Promise, typename Derived>
+absl::void_t<decltype(StatusCast<ServerMetadataHandle>(
+    std::declval<PromiseResult<Promise>>))>
+InterceptClientInitialMetadata(Promise (Derived::Call::*promise_factory)(
+                                   ClientMetadata& md, Derived* channel),
+                               typename Derived::Call* call, Derived* channel,
+                               CallSpineInterface* call_spine) {
+  GPR_DEBUG_ASSERT(promise_factory == &Derived::Call::OnClientInitialMetadata);
+  call_spine->client_initial_metadata().receiver.InterceptAndMap(
+      [call, call_spine, channel](ClientMetadataHandle md) {
+        ClientMetadata& md_ref = *md;
+        return Map(call->OnClientInitialMetadata(md_ref, channel),
+                   [md = std::move(md),
+                    call_spine](PromiseResult<Promise> status) mutable
+                   -> absl::optional<ClientMetadataHandle> {
+                     if (IsStatusOk(status)) return std::move(md);
+                     return call_spine->Cancel(
+                         StatusCast<ServerMetadataHandle>(std::move(status)));
+                   });
+      });
+}
+
 template <typename CallArgs>
 inline void InterceptServerInitialMetadata(const NoInterceptor*, void*,
                                            const CallArgs&) {}
@@ -903,6 +962,8 @@ MakeFilterCall(Derived* derived) {
 //   the filter can return nullptr for success, or a metadata handle for
 //   failure (in which case the call will be aborted).
 //   useful for cases where the exact metadata returned needs to be customized.
+// It's also acceptable to return a promise that resolves to the
+// relevant return type listed above.
 // Finally, OnFinalize can be added to intecept call finalization.
 // It must have one of the signatures:
 // - static const NoInterceptor OnFinalize: