grpc
/
grpc-go
mirror of https://github.com/grpc/grpc-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

credentials/alts: Remove the enable_untrusted_alts flag (#1931)

This commit is contained in:
Cesar Ghali 2018-03-19 18:27:44 -07:00 committed by GitHub
parent b96718f8f0
commit 8124abf74e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
credentials/alts/alts.go
View File

@ -25,7 +25,6 @@ package alts
import ( import (
"errors" "errors"
"flag"
"fmt" "fmt"
"net" "net"
"sync" "sync"
@ -52,9 +51,8 @@ const (
) )
var ( var (
enableUntrustedALTS = flag.Bool("enable_untrusted_alts", false, "Enables ALTS in untrusted mode. Enabling this mode is risky since we cannot ensure that the application is running on GCP with a trusted handshaker service.") once sync.Once
once sync.Once maxRPCVersion = &altspb.RpcProtocolVersions_Version{
maxRPCVersion = &altspb.RpcProtocolVersions_Version{
Major: protocolVersionMaxMajor, Major: protocolVersionMaxMajor,
Minor: protocolVersionMaxMinor, Minor: protocolVersionMaxMinor,
} }
@ -65,7 +63,7 @@ var (
// ErrUntrustedPlatform is returned from ClientHandshake and // ErrUntrustedPlatform is returned from ClientHandshake and
// ServerHandshake is running on a platform where the trustworthiness of // ServerHandshake is running on a platform where the trustworthiness of
// the handshaker service is not guaranteed. // the handshaker service is not guaranteed.
ErrUntrustedPlatform = errors.New("untrusted platform, use enable_untrusted_alts flag at your own risk") ErrUntrustedPlatform = errors.New("untrusted platform")
) )
// AuthInfo exposes security information from the ALTS handshake to the // AuthInfo exposes security information from the ALTS handshake to the
@ -119,14 +117,9 @@ func NewServerCreds() credentials.TransportCredentials {
} }
func newALTS(side core.Side, accounts []string) credentials.TransportCredentials { func newALTS(side core.Side, accounts []string) credentials.TransportCredentials {
// Make sure flags are parsed before accessing enableUntrustedALTS.
once.Do(func() { once.Do(func() {
flag.Parse()
vmOnGCP = isRunningOnGCP() vmOnGCP = isRunningOnGCP()
}) })
if *enableUntrustedALTS {
grpclog.Warning("untrusted ALTS mode is enabled and we cannot guarantee the trustworthiness of the ALTS handshaker service.")
}
return &altsTC{ return &altsTC{
info: &credentials.ProtocolInfo{ info: &credentials.ProtocolInfo{
@ -140,7 +133,7 @@ func newALTS(side core.Side, accounts []string) credentials.TransportCredentials
// ClientHandshake implements the client side handshake protocol. // ClientHandshake implements the client side handshake protocol.
func (g *altsTC) ClientHandshake(ctx context.Context, addr string, rawConn net.Conn) (_ net.Conn, _ credentials.AuthInfo, err error) { func (g *altsTC) ClientHandshake(ctx context.Context, addr string, rawConn net.Conn) (_ net.Conn, _ credentials.AuthInfo, err error) {
if !*enableUntrustedALTS && !vmOnGCP { if !vmOnGCP {
return nil, nil, ErrUntrustedPlatform return nil, nil, ErrUntrustedPlatform
} }
@ -194,7 +187,7 @@ func (g *altsTC) ClientHandshake(ctx context.Context, addr string, rawConn net.C
// ServerHandshake implements the server side ALTS handshaker. // ServerHandshake implements the server side ALTS handshaker.
func (g *altsTC) ServerHandshake(rawConn net.Conn) (_ net.Conn, _ credentials.AuthInfo, err error) { func (g *altsTC) ServerHandshake(rawConn net.Conn) (_ net.Conn, _ credentials.AuthInfo, err error) {
if !*enableUntrustedALTS && !vmOnGCP { if !vmOnGCP {
return nil, nil, ErrUntrustedPlatform return nil, nil, ErrUntrustedPlatform
} }
// Connecting to ALTS handshaker service. // Connecting to ALTS handshaker service.