Propagate CallCredentials.ATTR_SECURITY_LEVEL from transports

Previously no transport provided the key so CallCredentials would always see the security as NONE.
2018-05-02 09:02:00 -07:00 · 2018-05-02 09:02:00 -07:00 · e41e054776
parent 27439876f2
commit e41e054776
6 changed files with 33 additions and 13 deletions
--- a/core/src/main/java/io/grpc/inprocess/InProcessTransport.java
+++ b/core/src/main/java/io/grpc/inprocess/InProcessTransport.java
@ -24,6 +24,7 @@ import com.google.common.base.MoreObjects;
 import com.google.common.util.concurrent.ListenableFuture;
 import com.google.common.util.concurrent.SettableFuture;
 import io.grpc.Attributes;
+import io.grpc.CallCredentials;
 import io.grpc.CallOptions;
 import io.grpc.Compressor;
 import io.grpc.Deadline;
@ -32,6 +33,7 @@ import io.grpc.DecompressorRegistry;
 import io.grpc.Grpc;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
+import io.grpc.SecurityLevel;
 import io.grpc.ServerStreamTracer;
 import io.grpc.Status;
 import io.grpc.internal.Channelz.SocketStats;
@ -88,6 +90,9 @@ final class InProcessTransport implements ServerTransport, ConnectionClientTrans
  private Set<InProcessStream> streams = new HashSet<InProcessStream>();
  @GuardedBy("this")
  private List<ServerStreamTracer.Factory> serverStreamTracerFactories;
+  private final Attributes attributes = Attributes.newBuilder()
+      .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.PRIVACY_AND_INTEGRITY)
+      .build();

  public InProcessTransport(String name, String authority, String userAgent) {
    this.name = name;
@ -224,7 +229,7 @@ final class InProcessTransport implements ServerTransport, ConnectionClientTrans

  @Override
  public Attributes getAttributes() {
-    return Attributes.EMPTY;
+    return attributes;
  }

  @Override
--- a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
+++ b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java
@ -313,8 +313,7 @@ class NettyClientTransport implements ConnectionClientTransport {

  @Override
  public Attributes getAttributes() {
-    // TODO(zhangkun83): fill channel security attributes
-    return Attributes.EMPTY;
+    return handler.getAttributes();
  }

  @Override
--- a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
+++ b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java
@ -22,8 +22,10 @@ import static io.grpc.netty.GrpcSslContexts.NEXT_PROTOCOL_VERSIONS;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
 import io.grpc.Attributes;
+import io.grpc.CallCredentials;
 import io.grpc.Grpc;
 import io.grpc.Internal;
+import io.grpc.SecurityLevel;
 import io.grpc.Status;
 import io.grpc.internal.Channelz;
 import io.grpc.internal.GrpcUtil;
@ -645,6 +647,7 @@ public final class ProtocolNegotiators {
                Attributes.newBuilder()
                    .set(Grpc.TRANSPORT_ATTR_SSL_SESSION, session)
                    .set(Grpc.TRANSPORT_ATTR_REMOTE_ADDR, ctx.channel().remoteAddress())
+                    .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.PRIVACY_AND_INTEGRITY)
                    .build(),
                new Channelz.Security(new Channelz.Tls(session)));
            writeBufferedAndRemove(ctx);
@ -692,6 +695,7 @@ public final class ProtocolNegotiators {
          Attributes
              .newBuilder()
              .set(Grpc.TRANSPORT_ATTR_REMOTE_ADDR, ctx.channel().remoteAddress())
+              .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.NONE)
              .build(),
          /*securityInfo=*/ null);
      super.channelActive(ctx);
@ -734,6 +738,7 @@ public final class ProtocolNegotiators {
            Attributes
                .newBuilder()
                .set(Grpc.TRANSPORT_ATTR_REMOTE_ADDR, ctx.channel().remoteAddress())
+                .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.NONE)
                .build(),
            /*securityInfo=*/ null);
      } else if (evt == HttpClientUpgradeHandler.UpgradeEvent.UPGRADE_REJECTED) {
--- a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
+++ b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java
@ -503,17 +503,10 @@ public class NettyClientTransportTest {
    address = TestUtils.testServerAddress(12345);
    authority = GrpcUtil.authorityFromHostAndPort(address.getHostString(), address.getPort());

-    NettyClientTransport transport = newTransport(
-        new ProtocolNegotiator() {
-          @Override
-          public Handler newHandler(GrpcHttp2ConnectionHandler handler) {
-            return null;
-          }
-        });
+    NettyClientTransport transport = newTransport(new NoopProtocolNegotiator());
+    callMeMaybe(transport.start(clientTransportListener));

    assertEquals(Attributes.EMPTY, transport.getAttributes());
-
-    transports.clear();
  }

  @Test
--- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
+++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java
@ -31,11 +31,13 @@ import com.squareup.okhttp.HttpUrl;
 import com.squareup.okhttp.Request;
 import com.squareup.okhttp.internal.http.StatusLine;
 import io.grpc.Attributes;
+import io.grpc.CallCredentials;
 import io.grpc.CallOptions;
 import io.grpc.Grpc;
 import io.grpc.Metadata;
 import io.grpc.MethodDescriptor;
 import io.grpc.MethodDescriptor.MethodType;
+import io.grpc.SecurityLevel;
 import io.grpc.Status;
 import io.grpc.Status.Code;
 import io.grpc.StatusException;
@ -478,12 +480,13 @@ class OkHttpClientTransport implements ConnectionClientTransport {
          sock.setTcpNoDelay(true);
          source = Okio.buffer(Okio.source(sock));
          sink = Okio.buffer(Okio.sink(sock));
-          // TODO(zhangkun83): fill channel security attributes
          // The return value of OkHttpTlsUpgrader.upgrade is an SSLSocket that has this info
          attributes = Attributes
              .newBuilder()
              .set(Grpc.TRANSPORT_ATTR_REMOTE_ADDR, sock.getRemoteSocketAddress())
              .set(Grpc.TRANSPORT_ATTR_SSL_SESSION, sslSession)
+              .set(CallCredentials.ATTR_SECURITY_LEVEL,
+                  sslSession == null ? SecurityLevel.NONE : SecurityLevel.PRIVACY_AND_INTEGRITY)
              .build();
        } catch (StatusException e) {
          startGoAway(0, ErrorCode.INTERNAL_ERROR, e.getStatus());
--- a/testing/src/main/java/io/grpc/internal/testing/AbstractTransportTest.java
+++ b/testing/src/main/java/io/grpc/internal/testing/AbstractTransportTest.java
@ -44,6 +44,7 @@ import com.google.common.collect.Lists;
 import com.google.common.util.concurrent.MoreExecutors;
 import com.google.common.util.concurrent.SettableFuture;
 import io.grpc.Attributes;
+import io.grpc.CallCredentials;
 import io.grpc.CallOptions;
 import io.grpc.ClientStreamTracer;
 import io.grpc.Grpc;
@ -56,6 +57,7 @@ import io.grpc.internal.Channelz.TransportStats;
 import io.grpc.internal.ClientStream;
 import io.grpc.internal.ClientStreamListener;
 import io.grpc.internal.ClientTransport;
+import io.grpc.internal.ConnectionClientTransport;
 import io.grpc.internal.Instrumented;
 import io.grpc.internal.InternalServer;
 import io.grpc.internal.IoUtils;
@ -334,6 +336,19 @@ public abstract class AbstractTransportTest {
    verify(mockClientTransportListener, never()).transportInUse(anyBoolean());
  }

+  @Test
+  public void checkClientAttributes() throws Exception {
+    server.start(serverListener);
+    client = newClientTransport(server);
+    assumeTrue(client instanceof ConnectionClientTransport);
+    ConnectionClientTransport connectionClient = (ConnectionClientTransport) client;
+    startTransport(connectionClient, mockClientTransportListener);
+    verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportReady();
+
+    assertNotNull("security level should be set in client attributes",
+        connectionClient.getAttributes().get(CallCredentials.ATTR_SECURITY_LEVEL));
+  }
+
  @Test
  public void serverAlreadyListening() throws Exception {
    client = null;