google_mesh_ca_certificate_provider_factory.cc
Go to the documentation of this file.
1 //
2 //
3 // Copyright 2020 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18 
19 #include <grpc/support/port_platform.h>
20 
21 #include "src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h"
22 
23 #include <algorithm>
24 
25 #include "src/core/lib/iomgr/error.h"
26 #include "src/core/lib/json/json_util.h"
27 
28 namespace grpc_core {
29 
30 namespace {
31 
32 const char* kMeshCaPlugin = "meshCA";
33 
34 } // namespace
35 
36 //
37 // GoogleMeshCaCertificateProviderFactory::Config
38 //
39 
40 const char* GoogleMeshCaCertificateProviderFactory::Config::name() const {
41  return kMeshCaPlugin;
42 }
43 
44 std::string GoogleMeshCaCertificateProviderFactory::Config::ToString() const {
45  // TODO(yashykt): To be filled
46  return "{}";
47 }
48 
49 std::vector<grpc_error_handle>
50 GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectStsService(
51  const Json::Object& sts_service) {
52  std::vector<grpc_error_handle> error_list_sts_service;
53  if (!ParseJsonObjectField(sts_service, "token_exchange_service_uri",
54  &sts_config_.token_exchange_service_uri,
55  &error_list_sts_service, false)) {
56  sts_config_.token_exchange_service_uri =
57  "securetoken.googleapis.com"; // default
58  }
59  ParseJsonObjectField(sts_service, "resource", &sts_config_.resource,
60  &error_list_sts_service, false);
61  ParseJsonObjectField(sts_service, "audience", &sts_config_.audience,
62  &error_list_sts_service, false);
63  if (!ParseJsonObjectField(sts_service, "scope", &sts_config_.scope,
64  &error_list_sts_service, false)) {
65  sts_config_.scope =
66  "https://www.googleapis.com/auth/cloud-platform"; // default
67  }
68  ParseJsonObjectField(sts_service, "requested_token_type",
69  &sts_config_.requested_token_type,
70  &error_list_sts_service, false);
71  ParseJsonObjectField(sts_service, "subject_token_path",
72  &sts_config_.subject_token_path,
73  &error_list_sts_service);
74  ParseJsonObjectField(sts_service, "subject_token_type",
75  &sts_config_.subject_token_type,
76  &error_list_sts_service);
77  ParseJsonObjectField(sts_service, "actor_token_path",
78  &sts_config_.actor_token_path, &error_list_sts_service,
79  false);
80  ParseJsonObjectField(sts_service, "actor_token_type",
81  &sts_config_.actor_token_type, &error_list_sts_service,
82  false);
83  return error_list_sts_service;
84 }
85 
86 std::vector<grpc_error_handle>
87 GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectCallCredentials(
88  const Json::Object& call_credentials) {
89  std::vector<grpc_error_handle> error_list_call_credentials;
90  const Json::Object* sts_service = nullptr;
91  if (ParseJsonObjectField(call_credentials, "sts_service", &sts_service,
92  &error_list_call_credentials)) {
93  std::vector<grpc_error_handle> error_list_sts_service =
94  ParseJsonObjectStsService(*sts_service);
95  if (!error_list_sts_service.empty()) {
96  error_list_call_credentials.push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
97  "field:sts_service", &error_list_sts_service));
98  }
99  }
100  return error_list_call_credentials;
101 }
102 
103 std::vector<grpc_error_handle>
104 GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectGoogleGrpc(
105  const Json::Object& google_grpc) {
106  std::vector<grpc_error_handle> error_list_google_grpc;
107  if (!ParseJsonObjectField(google_grpc, "target_uri", &endpoint_,
108  &error_list_google_grpc, false)) {
109  endpoint_ = "meshca.googleapis.com"; // Default target
110  }
111  const Json::Array* call_credentials_array = nullptr;
112  if (ParseJsonObjectField(google_grpc, "call_credentials",
113  &call_credentials_array, &error_list_google_grpc)) {
114  if (call_credentials_array->size() != 1) {
115  error_list_google_grpc.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
116  "field:call_credentials error:Need exactly one entry."));
117  } else {
118  const Json::Object* call_credentials = nullptr;
119  if (ExtractJsonType((*call_credentials_array)[0], "call_credentials[0]",
120  &call_credentials, &error_list_google_grpc)) {
121  std::vector<grpc_error_handle> error_list_call_credentials =
122  ParseJsonObjectCallCredentials(*call_credentials);
123  if (!error_list_call_credentials.empty()) {
124  error_list_google_grpc.push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
125  "field:call_credentials", &error_list_call_credentials));
126  }
127  }
128  }
129  }
130 
131  return error_list_google_grpc;
132 }
133 
134 std::vector<grpc_error_handle>
135 GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectGrpcServices(
136  const Json::Object& grpc_service) {
137  std::vector<grpc_error_handle> error_list_grpc_services;
138  const Json::Object* google_grpc = nullptr;
139  if (ParseJsonObjectField(grpc_service, "google_grpc", &google_grpc,
140  &error_list_grpc_services)) {
141  std::vector<grpc_error_handle> error_list_google_grpc =
142  ParseJsonObjectGoogleGrpc(*google_grpc);
143  if (!error_list_google_grpc.empty()) {
144  error_list_grpc_services.push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
145  "field:google_grpc", &error_list_google_grpc));
146  }
147  }
148  if (!ParseJsonObjectFieldAsDuration(grpc_service, "timeout", &timeout_,
149  &error_list_grpc_services, false)) {
150  timeout_ = Duration::Seconds(10); // 10sec default
151  }
152  return error_list_grpc_services;
153 }
154 
155 std::vector<grpc_error_handle>
156 GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectServer(
157  const Json::Object& server) {
158  std::vector<grpc_error_handle> error_list_server;
159  std::string api_type;
160  if (ParseJsonObjectField(server, "api_type", &api_type, &error_list_server,
161  false)) {
162  if (api_type != "GRPC") {
163  error_list_server.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
164  "field:api_type error:Only GRPC is supported"));
165  }
166  }
167  const Json::Array* grpc_services = nullptr;
168  if (ParseJsonObjectField(server, "grpc_services", &grpc_services,
169  &error_list_server)) {
170  if (grpc_services->size() != 1) {
171  error_list_server.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
172  "field:grpc_services error:Need exactly one entry"));
173  } else {
174  const Json::Object* grpc_service = nullptr;
175  if (ExtractJsonType((*grpc_services)[0], "grpc_services[0]",
176  &grpc_service, &error_list_server)) {
177  std::vector<grpc_error_handle> error_list_grpc_services =
178  ParseJsonObjectGrpcServices(*grpc_service);
179  if (!error_list_grpc_services.empty()) {
180  error_list_server.push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
181  "field:grpc_services", &error_list_grpc_services));
182  }
183  }
184  }
185  }
186  return error_list_server;
187 }
188 
189 RefCountedPtr<GoogleMeshCaCertificateProviderFactory::Config>
190 GoogleMeshCaCertificateProviderFactory::Config::Parse(
191  const Json& config_json, grpc_error_handle* error) {
192  auto config =
193  MakeRefCounted<GoogleMeshCaCertificateProviderFactory::Config>();
194  if (config_json.type() != Json::Type::OBJECT) {
195  *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
196  "error:config type should be OBJECT.");
197  return nullptr;
198  }
199  std::vector<grpc_error_handle> error_list;
200  const Json::Object* server = nullptr;
201  if (ParseJsonObjectField(config_json.object_value(), "server", &server,
202  &error_list)) {
203  std::vector<grpc_error_handle> error_list_server =
204  config->ParseJsonObjectServer(*server);
205  if (!error_list_server.empty()) {
206  error_list.push_back(
207  GRPC_ERROR_CREATE_FROM_VECTOR("field:server", &error_list_server));
208  }
209  }
210  if (!ParseJsonObjectFieldAsDuration(
211  config_json.object_value(), "certificate_lifetime",
212  &config->certificate_lifetime_, &error_list, false)) {
213  config->certificate_lifetime_ = Duration::Hours(24); // 24hrs default
214  }
215  if (!ParseJsonObjectFieldAsDuration(
216  config_json.object_value(), "renewal_grace_period",
217  &config->renewal_grace_period_, &error_list, false)) {
218  config->renewal_grace_period_ = Duration::Hours(12); // 12hrs default
219  }
220  std::string key_type;
221  if (ParseJsonObjectField(config_json.object_value(), "key_type", &key_type,
222  &error_list, false)) {
223  if (key_type != "RSA") {
224  error_list.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
225  "field:key_type error:Only RSA is supported."));
226  }
227  }
228  if (!ParseJsonObjectField(config_json.object_value(), "key_size",
229  &config->key_size_, &error_list, false)) {
230  config->key_size_ = 2048; // default 2048 bit key size
231  }
232  if (!ParseJsonObjectField(config_json.object_value(), "location",
233  &config->location_, &error_list, false)) {
234  // GCE/GKE Metadata server needs to be contacted to get the value.
235  }
236  if (!error_list.empty()) {
237  *error = GRPC_ERROR_CREATE_FROM_VECTOR(
238  "Error parsing google Mesh CA config", &error_list);
239  return nullptr;
240  }
241  return config;
242 }
243 
244 //
245 // GoogleMeshCaCertificateProviderFactory
246 //
247 
248 const char* GoogleMeshCaCertificateProviderFactory::name() const {
249  return kMeshCaPlugin;
250 }
251 
252 RefCountedPtr<CertificateProviderFactory::Config>
253 GoogleMeshCaCertificateProviderFactory::CreateCertificateProviderConfig(
254  const Json& config_json, grpc_error_handle* error) {
255  return GoogleMeshCaCertificateProviderFactory::Config::Parse(config_json,
256  error);
257 }
258 
259 } // namespace grpc_core
grpc_core::Json::Array
std::vector< Json > Array
Definition: src/core/lib/json/json.h:55
grpc_core::Duration::Hours
static constexpr Duration Hours(int64_t hours)
Definition: src/core/lib/gprpp/time.h:143
grpc_core::Json::type
Type type() const
Definition: src/core/lib/json/json.h:174
grpc_core::Json::Type::OBJECT
@ OBJECT
grpc_core
Definition: call_metric_recorder.h:31
testing::internal::string
::std::string string
Definition: bloaty/third_party/protobuf/third_party/googletest/googletest/include/gtest/internal/gtest-port.h:881
error
grpc_error_handle error
Definition: retry_filter.cc:499
grpc_core::Json::object_value
const Object & object_value() const
Definition: src/core/lib/json/json.h:177
grpc_core::GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectGrpcServices
std::vector< grpc_error_handle > ParseJsonObjectGrpcServices(const Json::Object &grpc_service)
Definition: google_mesh_ca_certificate_provider_factory.cc:135
GRPC_ERROR_CREATE_FROM_VECTOR
#define GRPC_ERROR_CREATE_FROM_VECTOR(desc, error_list)
Definition: error.h:314
grpc_core::GoogleMeshCaCertificateProviderFactory::name
const char * name() const override
Definition: google_mesh_ca_certificate_provider_factory.cc:248
grpc_core::RefCountedPtr
Definition: ref_counted_ptr.h:35
grpc_core::GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectCallCredentials
std::vector< grpc_error_handle > ParseJsonObjectCallCredentials(const Json::Object &call_credentials)
Definition: google_mesh_ca_certificate_provider_factory.cc:87
grpc_core::GoogleMeshCaCertificateProviderFactory::Config::Parse
static RefCountedPtr< Config > Parse(const Json &config_json, grpc_error_handle *error)
Definition: google_mesh_ca_certificate_provider_factory.cc:190
grpc_core::GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectStsService
std::vector< grpc_error_handle > ParseJsonObjectStsService(const Json::Object &sts_service)
Definition: google_mesh_ca_certificate_provider_factory.cc:50
config
struct config_s config
Json
JSON (JavaScript Object Notation).
Definition: third_party/bloaty/third_party/protobuf/conformance/third_party/jsoncpp/json.h:227
grpc_core::GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectServer
std::vector< grpc_error_handle > ParseJsonObjectServer(const Json::Object &server)
Definition: google_mesh_ca_certificate_provider_factory.cc:156
grpc_core::GoogleMeshCaCertificateProviderFactory::Config::name
const char * name() const override
Definition: google_mesh_ca_certificate_provider_factory.cc:40
google_mesh_ca_certificate_provider_factory.h
json_util.h
grpc_core::GoogleMeshCaCertificateProviderFactory::CreateCertificateProviderConfig
RefCountedPtr< CertificateProviderFactory::Config > CreateCertificateProviderConfig(const Json &config_json, grpc_error_handle *error) override
Definition: google_mesh_ca_certificate_provider_factory.cc:253
grpc_core::GoogleMeshCaCertificateProviderFactory::Config::ToString
std::string ToString() const override
Definition: google_mesh_ca_certificate_provider_factory.cc:44
error.h
GRPC_ERROR_CREATE_FROM_STATIC_STRING
#define GRPC_ERROR_CREATE_FROM_STATIC_STRING(desc)
Definition: error.h:291
grpc_core::ExtractJsonType
bool ExtractJsonType(const Json &json, absl::string_view field_name, NumericType *output, std::vector< grpc_error_handle > *error_list)
Definition: src/core/lib/json/json_util.h:99
grpc_core::Json::Object
std::map< std::string, Json > Object
Definition: src/core/lib/json/json.h:54
endpoint_
grpc_endpoint * endpoint_
Definition: settings_timeout_test.cc:232
server
Definition: examples/python/async_streaming/server.py:1
grpc_core::Duration::Seconds
static constexpr Duration Seconds(int64_t seconds)
Definition: src/core/lib/gprpp/time.h:151
config_s
Definition: bloaty/third_party/zlib/deflate.c:120
api_type
zend_class_entry * api_type
Definition: bloaty/third_party/protobuf/php/ext/google/protobuf/message.c:1768
grpc_core::ParseJsonObjectFieldAsDuration
bool ParseJsonObjectFieldAsDuration(const Json::Object &object, absl::string_view field_name, Duration *output, std::vector< grpc_error_handle > *error_list, bool required)
Definition: src/core/lib/json/json_util.cc:107
grpc_error
Definition: error_internal.h:42
key_type
upb_fieldtype_t key_type
Definition: bloaty/third_party/protobuf/php/ext/google/protobuf/protobuf.h:1071
grpc_core::ParseJsonObjectField
bool ParseJsonObjectField(const Json::Object &object, absl::string_view field_name, T *output, std::vector< grpc_error_handle > *error_list, bool required=true)
Definition: src/core/lib/json/json_util.h:136
port_platform.h
grpc_core::GoogleMeshCaCertificateProviderFactory::Config::ParseJsonObjectGoogleGrpc
std::vector< grpc_error_handle > ParseJsonObjectGoogleGrpc(const Json::Object &google_grpc)
Definition: google_mesh_ca_certificate_provider_factory.cc:104

grpc
Author(s):
autogenerated on Fri May 16 2025 02:58:39