diff --git a/core/src/main/java/io/grpc/inprocess/InProcessTransport.java b/core/src/main/java/io/grpc/inprocess/InProcessTransport.java index 77f94ad7d9..90e5016cd8 100644 --- a/core/src/main/java/io/grpc/inprocess/InProcessTransport.java +++ b/core/src/main/java/io/grpc/inprocess/InProcessTransport.java @@ -24,6 +24,7 @@ import com.google.common.base.MoreObjects; import com.google.common.util.concurrent.ListenableFuture; import com.google.common.util.concurrent.SettableFuture; import io.grpc.Attributes; +import io.grpc.CallCredentials; import io.grpc.CallOptions; import io.grpc.Compressor; import io.grpc.Deadline; @@ -32,6 +33,7 @@ import io.grpc.DecompressorRegistry; import io.grpc.Grpc; import io.grpc.Metadata; import io.grpc.MethodDescriptor; +import io.grpc.SecurityLevel; import io.grpc.ServerStreamTracer; import io.grpc.Status; import io.grpc.internal.Channelz.SocketStats; @@ -88,6 +90,9 @@ final class InProcessTransport implements ServerTransport, ConnectionClientTrans private Set streams = new HashSet(); @GuardedBy("this") private List serverStreamTracerFactories; + private final Attributes attributes = Attributes.newBuilder() + .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.PRIVACY_AND_INTEGRITY) + .build(); public InProcessTransport(String name, String authority, String userAgent) { this.name = name; @@ -224,7 +229,7 @@ final class InProcessTransport implements ServerTransport, ConnectionClientTrans @Override public Attributes getAttributes() { - return Attributes.EMPTY; + return attributes; } @Override diff --git a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java index a5aa771a26..7fbc1607d9 100644 --- a/netty/src/main/java/io/grpc/netty/NettyClientTransport.java +++ b/netty/src/main/java/io/grpc/netty/NettyClientTransport.java @@ -313,8 +313,7 @@ class NettyClientTransport implements ConnectionClientTransport { @Override public Attributes getAttributes() { - // TODO(zhangkun83): fill channel security attributes - return Attributes.EMPTY; + return handler.getAttributes(); } @Override diff --git a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java index 93d58e7aaf..a9245faf0d 100644 --- a/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java +++ b/netty/src/main/java/io/grpc/netty/ProtocolNegotiators.java @@ -22,8 +22,10 @@ import static io.grpc.netty.GrpcSslContexts.NEXT_PROTOCOL_VERSIONS; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Preconditions; import io.grpc.Attributes; +import io.grpc.CallCredentials; import io.grpc.Grpc; import io.grpc.Internal; +import io.grpc.SecurityLevel; import io.grpc.Status; import io.grpc.internal.Channelz; import io.grpc.internal.GrpcUtil; @@ -645,6 +647,7 @@ public final class ProtocolNegotiators { Attributes.newBuilder() .set(Grpc.TRANSPORT_ATTR_SSL_SESSION, session) .set(Grpc.TRANSPORT_ATTR_REMOTE_ADDR, ctx.channel().remoteAddress()) + .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.PRIVACY_AND_INTEGRITY) .build(), new Channelz.Security(new Channelz.Tls(session))); writeBufferedAndRemove(ctx); @@ -692,6 +695,7 @@ public final class ProtocolNegotiators { Attributes .newBuilder() .set(Grpc.TRANSPORT_ATTR_REMOTE_ADDR, ctx.channel().remoteAddress()) + .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.NONE) .build(), /*securityInfo=*/ null); super.channelActive(ctx); @@ -734,6 +738,7 @@ public final class ProtocolNegotiators { Attributes .newBuilder() .set(Grpc.TRANSPORT_ATTR_REMOTE_ADDR, ctx.channel().remoteAddress()) + .set(CallCredentials.ATTR_SECURITY_LEVEL, SecurityLevel.NONE) .build(), /*securityInfo=*/ null); } else if (evt == HttpClientUpgradeHandler.UpgradeEvent.UPGRADE_REJECTED) { diff --git a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java index 83687e33f6..56320bbe23 100644 --- a/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java +++ b/netty/src/test/java/io/grpc/netty/NettyClientTransportTest.java @@ -503,17 +503,10 @@ public class NettyClientTransportTest { address = TestUtils.testServerAddress(12345); authority = GrpcUtil.authorityFromHostAndPort(address.getHostString(), address.getPort()); - NettyClientTransport transport = newTransport( - new ProtocolNegotiator() { - @Override - public Handler newHandler(GrpcHttp2ConnectionHandler handler) { - return null; - } - }); + NettyClientTransport transport = newTransport(new NoopProtocolNegotiator()); + callMeMaybe(transport.start(clientTransportListener)); assertEquals(Attributes.EMPTY, transport.getAttributes()); - - transports.clear(); } @Test diff --git a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java index e223fc3481..2828c7da20 100644 --- a/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java +++ b/okhttp/src/main/java/io/grpc/okhttp/OkHttpClientTransport.java @@ -31,11 +31,13 @@ import com.squareup.okhttp.HttpUrl; import com.squareup.okhttp.Request; import com.squareup.okhttp.internal.http.StatusLine; import io.grpc.Attributes; +import io.grpc.CallCredentials; import io.grpc.CallOptions; import io.grpc.Grpc; import io.grpc.Metadata; import io.grpc.MethodDescriptor; import io.grpc.MethodDescriptor.MethodType; +import io.grpc.SecurityLevel; import io.grpc.Status; import io.grpc.Status.Code; import io.grpc.StatusException; @@ -478,12 +480,13 @@ class OkHttpClientTransport implements ConnectionClientTransport { sock.setTcpNoDelay(true); source = Okio.buffer(Okio.source(sock)); sink = Okio.buffer(Okio.sink(sock)); - // TODO(zhangkun83): fill channel security attributes // The return value of OkHttpTlsUpgrader.upgrade is an SSLSocket that has this info attributes = Attributes .newBuilder() .set(Grpc.TRANSPORT_ATTR_REMOTE_ADDR, sock.getRemoteSocketAddress()) .set(Grpc.TRANSPORT_ATTR_SSL_SESSION, sslSession) + .set(CallCredentials.ATTR_SECURITY_LEVEL, + sslSession == null ? SecurityLevel.NONE : SecurityLevel.PRIVACY_AND_INTEGRITY) .build(); } catch (StatusException e) { startGoAway(0, ErrorCode.INTERNAL_ERROR, e.getStatus()); diff --git a/testing/src/main/java/io/grpc/internal/testing/AbstractTransportTest.java b/testing/src/main/java/io/grpc/internal/testing/AbstractTransportTest.java index 6847e7586b..2bd2d4570a 100644 --- a/testing/src/main/java/io/grpc/internal/testing/AbstractTransportTest.java +++ b/testing/src/main/java/io/grpc/internal/testing/AbstractTransportTest.java @@ -44,6 +44,7 @@ import com.google.common.collect.Lists; import com.google.common.util.concurrent.MoreExecutors; import com.google.common.util.concurrent.SettableFuture; import io.grpc.Attributes; +import io.grpc.CallCredentials; import io.grpc.CallOptions; import io.grpc.ClientStreamTracer; import io.grpc.Grpc; @@ -56,6 +57,7 @@ import io.grpc.internal.Channelz.TransportStats; import io.grpc.internal.ClientStream; import io.grpc.internal.ClientStreamListener; import io.grpc.internal.ClientTransport; +import io.grpc.internal.ConnectionClientTransport; import io.grpc.internal.Instrumented; import io.grpc.internal.InternalServer; import io.grpc.internal.IoUtils; @@ -334,6 +336,19 @@ public abstract class AbstractTransportTest { verify(mockClientTransportListener, never()).transportInUse(anyBoolean()); } + @Test + public void checkClientAttributes() throws Exception { + server.start(serverListener); + client = newClientTransport(server); + assumeTrue(client instanceof ConnectionClientTransport); + ConnectionClientTransport connectionClient = (ConnectionClientTransport) client; + startTransport(connectionClient, mockClientTransportListener); + verify(mockClientTransportListener, timeout(TIMEOUT_MS)).transportReady(); + + assertNotNull("security level should be set in client attributes", + connectionClient.getAttributes().get(CallCredentials.ATTR_SECURITY_LEVEL)); + } + @Test public void serverAlreadyListening() throws Exception { client = null;