Revert "Move google_default channel_credentials out of `include/grpc/…

…grpc_security.h` (grpc#31786)" (grpc#31822) This reverts commit 3d59abc.
librato · Dec 6, 2022 · 0d3fcb4 · 0d3fcb4
1 parent 4d7df55
commit 0d3fcb4
Show file tree

Hide file tree

Showing 25 changed files with 30 additions and 88 deletions.
diff --git a/BUILD b/BUILD
@@ -194,7 +194,6 @@ GPR_PUBLIC_HDRS = [
 GRPC_PUBLIC_HDRS = [
     "include/grpc/byte_buffer.h",
     "include/grpc/byte_buffer_reader.h",
-    "include/grpc/channel_credentials/google_default.h",
     "include/grpc/compression.h",
     "include/grpc/fork.h",
     "include/grpc/grpc.h",

diff --git a/CMakeLists.txt b/CMakeLists.txt
diff --git a/Makefile b/Makefile
diff --git a/build_autogenerated.yaml b/build_autogenerated.yaml
diff --git a/gRPC-Core.podspec b/gRPC-Core.podspec
diff --git a/grpc.def b/grpc.def
diff --git a/grpc.gemspec b/grpc.gemspec
diff --git a/include/grpc/channel_credentials/google_default.h b/include/grpc/channel_credentials/google_default.h
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h
@@ -131,6 +131,27 @@ typedef struct grpc_call_credentials grpc_call_credentials;
    The creator of the credentials object is responsible for its release. */
 GRPCAPI void grpc_call_credentials_release(grpc_call_credentials* creds);
 
+/** Creates default credentials to connect to a google gRPC service.
+   WARNING: Do NOT use this credentials to connect to a non-google service as
+   this could result in an oauth2 token leak. The security level of the
+   resulting connection is GRPC_PRIVACY_AND_INTEGRITY.
+
+   If specified, the supplied call credentials object will be attached to the
+   returned channel credentials object. The call_credentials object must remain
+   valid throughout the lifetime of the returned grpc_channel_credentials
+   object. It is expected that the call credentials object was generated
+   according to the Application Default Credentials mechanism and asserts the
+   identity of the default service account of the machine. Supplying any other
+   sort of call credential will result in undefined behavior, up to and
+   including the sudden and unexpected failure of RPCs.
+
+   If nullptr is supplied, the returned channel credentials object will use a
+   call credentials object based on the Application Default Credentials
+   mechanism.
+*/
+GRPCAPI grpc_channel_credentials* grpc_google_default_credentials_create(
+    grpc_call_credentials* call_credentials);
+
 /** Callback for getting the SSL roots override from the application.
    In case of success, *pem_roots_certs must be set to a NULL terminated string
    containing the list of PEM encoded root certificates. The ownership is passed

diff --git a/include/grpc/module.modulemap b/include/grpc/module.modulemap
@@ -5,7 +5,6 @@ framework module grpc {
 header "byte_buffer.h"
   header "byte_buffer_reader.h"
   header "census.h"
-  header "channel_credentials/google_default.h"
   header "compression.h"
   header "fork.h"
   header "grpc.h"

diff --git a/package.xml b/package.xml
diff --git a/src/core/lib/security/credentials/channel_creds_registry_init.cc b/src/core/lib/security/credentials/channel_creds_registry_init.cc
@@ -22,7 +22,6 @@
 
 #include "absl/strings/string_view.h"
 
-#include <grpc/channel_credentials/google_default.h>
 #include <grpc/grpc.h>
 #include <grpc/grpc_security.h>
 

diff --git a/src/core/lib/security/credentials/google_default/google_default_credentials.cc b/src/core/lib/security/credentials/google_default/google_default_credentials.cc
@@ -32,7 +32,6 @@
 #include "absl/strings/strip.h"
 #include "absl/types/optional.h"
 
-#include <grpc/channel_credentials/google_default.h>
 #include <grpc/grpc_security.h>  // IWYU pragma: keep
 #include <grpc/grpc_security_constants.h>
 #include <grpc/impl/codegen/grpc_types.h>

diff --git a/src/cpp/client/secure_credentials.cc b/src/cpp/client/secure_credentials.cc
@@ -29,7 +29,6 @@
 #include "absl/strings/str_join.h"
 #include "absl/types/optional.h"
 
-#include <grpc/channel_credentials/google_default.h>
 #include <grpc/event_engine/event_engine.h>
 #include <grpc/grpc_security_constants.h>
 #include <grpc/impl/codegen/gpr_types.h>

diff --git a/src/php/ext/grpc/channel_credentials.c b/src/php/ext/grpc/channel_credentials.c
@@ -27,7 +27,6 @@
 #include <ext/spl/spl_exceptions.h>
 #include <zend_exceptions.h>
 
-#include <grpc/channel_credentials/google_default.h>
 #include <grpc/support/alloc.h>
 #include <grpc/support/string_util.h>
 

diff --git a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi
@@ -552,6 +552,7 @@ cdef extern from "grpc/grpc_security.h":
   void grpc_set_ssl_roots_override_callback(
       grpc_ssl_roots_override_callback cb) nogil
 
+  grpc_channel_credentials *grpc_google_default_credentials_create(grpc_call_credentials* call_credentials) nogil
   grpc_channel_credentials *grpc_ssl_credentials_create(
       const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair,
       verify_peer_options *verify_options, void *reserved) nogil
@@ -666,7 +667,7 @@ cdef extern from "grpc/grpc_security.h":
   ctypedef struct grpc_alts_credentials_options:
     # We don't care about the internals (and in fact don't know them)
     pass
-
+ 
   grpc_channel_credentials *grpc_alts_credentials_create(
     const grpc_alts_credentials_options *options)
   grpc_server_credentials *grpc_alts_server_credentials_create(
@@ -678,9 +679,6 @@ cdef extern from "grpc/grpc_security.h":
   void grpc_alts_credentials_client_options_add_target_service_account(grpc_alts_credentials_options *options, const char *service_account)
 
 
-cdef extern from "grpc/channel_credentials/google_default.h":
-  grpc_channel_credentials *grpc_google_default_credentials_create(grpc_call_credentials* call_credentials) nogil
-
 
 cdef extern from "grpc/compression.h":
 

diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.c b/src/ruby/ext/grpc/rb_grpc_imports.generated.c
diff --git a/src/ruby/ext/grpc/rb_grpc_imports.generated.h b/src/ruby/ext/grpc/rb_grpc_imports.generated.h
diff --git a/test/core/security/credentials_test.cc b/test/core/security/credentials_test.cc
@@ -33,7 +33,6 @@
 #include "absl/strings/str_format.h"
 #include "absl/strings/str_replace.h"
 
-#include <grpc/channel_credentials/google_default.h>
 #include <grpc/grpc_security.h>
 #include <grpc/slice.h>
 #include <grpc/support/alloc.h>

diff --git a/test/core/security/print_google_default_creds_token.cc b/test/core/security/print_google_default_creds_token.cc
@@ -19,7 +19,6 @@
 #include <stdio.h>
 #include <string.h>
 
-#include <grpc/channel_credentials/google_default.h>
 #include <grpc/grpc.h>
 #include <grpc/grpc_security.h>
 #include <grpc/slice.h>

diff --git a/test/core/surface/public_headers_must_be_c89.c b/test/core/surface/public_headers_must_be_c89.c
diff --git a/tools/doxygen/Doxyfile.c++ b/tools/doxygen/Doxyfile.c++
@@ -880,7 +880,6 @@ include/grpc++/support/time.h \
 include/grpc/byte_buffer.h \
 include/grpc/byte_buffer_reader.h \
 include/grpc/census.h \
-include/grpc/channel_credentials/google_default.h \
 include/grpc/compression.h \
 include/grpc/event_engine/endpoint_config.h \
 include/grpc/event_engine/event_engine.h \

diff --git a/tools/doxygen/Doxyfile.c++.internal b/tools/doxygen/Doxyfile.c++.internal
diff --git a/tools/doxygen/Doxyfile.core b/tools/doxygen/Doxyfile.core
@@ -810,7 +810,6 @@ doc/xds-test-descriptions.md \
 include/grpc/byte_buffer.h \
 include/grpc/byte_buffer_reader.h \
 include/grpc/census.h \
-include/grpc/channel_credentials/google_default.h \
 include/grpc/compression.h \
 include/grpc/event_engine/endpoint_config.h \
 include/grpc/event_engine/event_engine.h \

diff --git a/tools/doxygen/Doxyfile.core.internal b/tools/doxygen/Doxyfile.core.internal