grpc
/
grpc-go
mirror of https://github.com/grpc/grpc-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

credentials/alts: Remove the enable_untrusted_alts flag (#1931)

This commit is contained in:
Cesar Ghali 2018-03-19 18:27:44 -07:00 committed by GitHub
parent b96718f8f0
commit 8124abf74e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
credentials/alts/alts.go
View File

@ -25,7 +25,6 @@ package alts
import (
"errors"
"flag"
"fmt"
"net"
"sync"
@ -52,9 +51,8 @@ const (
)
var (
enableUntrustedALTS = flag.Bool("enable_untrusted_alts", false, "Enables ALTS in untrusted mode. Enabling this mode is risky since we cannot ensure that the application is running on GCP with a trusted handshaker service.")
once sync.Once
maxRPCVersion = &altspb.RpcProtocolVersions_Version{
once sync.Once
maxRPCVersion = &altspb.RpcProtocolVersions_Version{
Major: protocolVersionMaxMajor,
Minor: protocolVersionMaxMinor,
}
@ -65,7 +63,7 @@ var (
// ErrUntrustedPlatform is returned from ClientHandshake and
// ServerHandshake is running on a platform where the trustworthiness of
// the handshaker service is not guaranteed.
ErrUntrustedPlatform = errors.New("untrusted platform, use enable_untrusted_alts flag at your own risk")
ErrUntrustedPlatform = errors.New("untrusted platform")
)
// AuthInfo exposes security information from the ALTS handshake to the
@ -119,14 +117,9 @@ func NewServerCreds() credentials.TransportCredentials {
}
func newALTS(side core.Side, accounts []string) credentials.TransportCredentials {
// Make sure flags are parsed before accessing enableUntrustedALTS.
once.Do(func() {
flag.Parse()
vmOnGCP = isRunningOnGCP()
})
if *enableUntrustedALTS {
grpclog.Warning("untrusted ALTS mode is enabled and we cannot guarantee the trustworthiness of the ALTS handshaker service.")
}
return &altsTC{
info: &credentials.ProtocolInfo{
@ -140,7 +133,7 @@ func newALTS(side core.Side, accounts []string) credentials.TransportCredentials
// ClientHandshake implements the client side handshake protocol.
func (g *altsTC) ClientHandshake(ctx context.Context, addr string, rawConn net.Conn) (_ net.Conn, _ credentials.AuthInfo, err error) {
if !*enableUntrustedALTS && !vmOnGCP {
if !vmOnGCP {
return nil, nil, ErrUntrustedPlatform
}
@ -194,7 +187,7 @@ func (g *altsTC) ClientHandshake(ctx context.Context, addr string, rawConn net.C
// ServerHandshake implements the server side ALTS handshaker.
func (g *altsTC) ServerHandshake(rawConn net.Conn) (_ net.Conn, _ credentials.AuthInfo, err error) {
if !*enableUntrustedALTS && !vmOnGCP {
if !vmOnGCP {
return nil, nil, ErrUntrustedPlatform
}
// Connecting to ALTS handshaker service.