mirror of https://github.com/grpc/grpc-java.git
rls: use channel creds to create resolvingOobChannel
This commit is contained in:
ZHANG Dapeng
GitHub
parent
9437783838
commit
9bb9fef6b0
|
|
@ -139,8 +139,13 @@ final class CachingRlsLbClient {
|
|||
timeProvider);
|
||||
RlsRequestFactory requestFactory = new RlsRequestFactory(lbPolicyConfig.getRouteLookupConfig());
|
||||
rlsPicker = new RlsPicker(requestFactory);
|
||||
ManagedChannelBuilder<?> rlsChannelBuilder =
|
||||
helper.createResolvingOobChannelBuilder(rlsConfig.getLookupService());
|
||||
// It is safe to use helper.getUnsafeChannelCredentials() because the client authenticates the
|
||||
// RLS server using the same authority as the backends, even though the RLS server’s addresses
|
||||
// will be looked up differently than the backends; overrideAuthority(helper.getAuthority()) is
|
||||
// called to impose the authority security restrictions.
|
||||
ManagedChannelBuilder<?> rlsChannelBuilder = helper.createResolvingOobChannelBuilder(
|
||||
rlsConfig.getLookupService(), helper.getUnsafeChannelCredentials());
|
||||
rlsChannelBuilder.overrideAuthority(helper.getAuthority());
|
||||
logger = helper.getChannelLogger();
|
||||
if (enableOobChannelDirectPath) {
|
||||
logger.log(
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ import com.google.common.collect.ImmutableMap;
|
|||
import com.google.common.util.concurrent.SettableFuture;
|
||||
import io.grpc.Attributes;
|
||||
import io.grpc.CallOptions;
|
||||
import io.grpc.ChannelCredentials;
|
||||
import io.grpc.ChannelLogger;
|
||||
import io.grpc.ConnectivityState;
|
||||
import io.grpc.EquivalentAddressGroup;
|
||||
|
|
@ -536,7 +537,8 @@ public class CachingRlsLbClientTest {
|
|||
private final class FakeHelper extends Helper {
|
||||
|
||||
@Override
|
||||
public ManagedChannelBuilder<?> createResolvingOobChannelBuilder(String target) {
|
||||
public ManagedChannelBuilder<?> createResolvingOobChannelBuilder(
|
||||
String target, ChannelCredentials creds) {
|
||||
try {
|
||||
grpcCleanupRule.register(
|
||||
InProcessServerBuilder.forName(target)
|
||||
|
|
@ -579,7 +581,18 @@ public class CachingRlsLbClientTest {
|
|||
|
||||
@Override
|
||||
public String getAuthority() {
|
||||
throw new UnsupportedOperationException();
|
||||
return DEFAULT_TARGET;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ChannelCredentials getUnsafeChannelCredentials() {
|
||||
// In test we don't do any authentication.
|
||||
return new ChannelCredentials() {
|
||||
@Override
|
||||
public ChannelCredentials withoutBearerTokens() {
|
||||
return this;
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import com.google.common.collect.ImmutableList;
|
|||
import com.google.common.collect.ImmutableMap;
|
||||
import io.grpc.Attributes;
|
||||
import io.grpc.CallOptions;
|
||||
import io.grpc.ChannelCredentials;
|
||||
import io.grpc.ChannelLogger;
|
||||
import io.grpc.ConnectivityState;
|
||||
import io.grpc.ConnectivityStateInfo;
|
||||
|
|
@ -376,7 +377,7 @@ public class RlsLoadBalancerTest {
|
|||
.setAddresses(ImmutableList.of(new EquivalentAddressGroup(mock(SocketAddress.class))))
|
||||
.setLoadBalancingPolicyConfig(parsedConfigOrError.getConfig())
|
||||
.build());
|
||||
verify(helper).createResolvingOobChannelBuilder(anyString());
|
||||
verify(helper).createResolvingOobChannelBuilder(anyString(), any(ChannelCredentials.class));
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
|
|
@ -429,7 +430,8 @@ public class RlsLoadBalancerTest {
|
|||
}
|
||||
|
||||
@Override
|
||||
public ManagedChannelBuilder<?> createResolvingOobChannelBuilder(String target) {
|
||||
public ManagedChannelBuilder<?> createResolvingOobChannelBuilder(
|
||||
String target, ChannelCredentials creds) {
|
||||
try {
|
||||
grpcCleanupRule.register(
|
||||
InProcessServerBuilder.forName(target)
|
||||
|
|
@ -475,6 +477,18 @@ public class RlsLoadBalancerTest {
|
|||
return "fake-bigtable.googleapis.com";
|
||||
}
|
||||
|
||||
@Override
|
||||
public ChannelCredentials getUnsafeChannelCredentials() {
|
||||
// In test we don't do any authentication.
|
||||
return new ChannelCredentials() {
|
||||
@Override
|
||||
public ChannelCredentials withoutBearerTokens() {
|
||||
return this;
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public ScheduledExecutorService getScheduledExecutorService() {
|
||||
return fakeScheduledExecutorService;
|
||||
|
|
|
|||
Loading…
Reference in New Issue