grpc: implement WithInsecure() using the insecure package #4718
Conversation
|
Fixes #4716. |
easwars
force-pushed
the
merge_insecures
branch
from
321c8cd
to
d13f4ab
Compare
|
Now, that we have the URL parsing and other changes merged, I've brought this PR back to life. |
dialoptions.go
Outdated
| @@ -303,7 +303,7 @@ func WithReturnConnectionError() DialOption { | |||
| // set. | |||
There was a problem hiding this comment.
Can we spiff up this docstring, please? Indicate it selects the insecure.NewCredentials() and that it is equivalent to doing that. Also clarify that it is incompatible with WithCredsBundle and per-RPC creds that RequireTransportSecurity. Should we call it deprecated and recommend the more "pure" form?
There was a problem hiding this comment.
Clarified things in this docstring. Marked it as deprecated.
Also clarified the same thing on insecure.NewCredentials().
There was a problem hiding this comment.
(got here via staticcheck deprecation failures.)
Q: insecure is still declared experimental. Is that still the case or is it safe to take in use?
There was a problem hiding this comment.
The insecure package is marked experimental. When we add new APIs, it is standard practice to mark them experimental as it gives us the flexibility to change things going forward based on user feedback etc. Once we are confident about the API, we usually remove the experimental tag.
insecure.NewCredentials is the way going forward.
clientconn.go
Outdated
| if transportCreds == nil { | ||
| transportCreds = cc.dopts.copts.CredsBundle.TransportCredentials() | ||
| } | ||
| if transportCreds != nil && transportCreds.Info().SecurityProtocol == "insecure" { |
There was a problem hiding this comment.
Why is transportCreds != nil not sufficient?
There was a problem hiding this comment.
Sorry, I was pointing out that it is unnecessary.
I suppose the bundle could have a nil TransportCredentials() in it. But then we should call that an error, too (on its own), right?
There was a problem hiding this comment.
Yeah, that was exactly the case for which I added the nil check.
Hmm, since we don't allow not configuring a transport credentials, I think it is valid to error out when we have a bundle with nil transport creds. But the Bundle interface does not document that it should not contain a nil transport credentials.
Do you think this will be a behavior change that can break people or you think it is better to enforce it?
There was a problem hiding this comment.
Nobody should be taking advantage of that loophole. Bundles are experimental, as well. Let's update the documentation to say transport credentials are required (and may be insecure.NewCredentials() if needed), and enforce it here as well.
There was a problem hiding this comment.
Done. Added the constraint, related documentation and test.
test/insecure_creds_test.go
Outdated
| desc: "send PerRPCCredentials via CallOptions", | ||
| perRPCCredsViaDialOptions: false, | ||
| perRPCCredsViaCallOptions: true, | ||
| func (s) TestInsecureCredsWith_PerRPCCredentials_AsCallOption(t *testing.T) { |
There was a problem hiding this comment.
Should the first underscore be before With?
test/insecure_creds_test.go
Outdated
| const wantErr = "transport: cannot send secure credentials on an insecure connection" | ||
| c := testpb.NewTestServiceClient(cc) | ||
| if _, err = c.EmptyCall(ctx, &testpb.Empty{}, copts...); err == nil || !strings.Contains(err.Error(), wantErr) { | ||
| t.Fatalf("InsecureCredsWithPerRPCCredentials/send_PerRPCCredentials_via_CallOptions = %v; want %s", err, wantErr) |
There was a problem hiding this comment.
This error is no longer accurate. Also I'm not sure why the name of the test is in the error message in the first place. :)
credentials/credentials.go
Outdated
| @@ -178,8 +178,14 @@ type TransportCredentials interface { | |||
| // | |||
| // This API is experimental. | |||
| type Bundle interface { | |||
| // TransportCredentials returns the transport credentials from the Bundle. | |||
| // | |||
| // Implementations must return non-nil transport credentials. | |||
There was a problem hiding this comment.
Mention insecure credentials here?
| TransportCredentials() TransportCredentials | ||
|
|
||
| // PerRPCCredentials returns the per-RPC credentials from the Bundle. |
There was a problem hiding this comment.
"May be nil if per-RPC credentials are not needed"?
We have an insecure transport credentials implementation in the
insecurepackage. This PR changes the implementation ofWithInsecure()to use that instead of setting a different field inside ofdialOptions.RELEASE NOTES:
grpc.WithInsecureusinginsecure.NewCredentials* Markgrpc.WithInsecureas deprecated * Make it mandatory forcredentials.Bundleto return non-nilTransportCredentials