Change plugin credentials API to support both sync and async modes#12374
Change plugin credentials API to support both sync and async modes#12374markdroth merged 16 commits intogrpc:masterfrom
Conversation
markdroth
requested review from
apolcyn,
jboeuf,
kpayson64,
murgatroid99 and
stanley-cheung
|
|
stanley-cheung
left a comment
stanley-cheung
left a comment
There was a problem hiding this comment.
PHP code LGTM. Tested some scenarios where these auth callbacks were invoked and the tests passed. Fixed some compile errors in markdroth#4. Please review. Thanks!
Fixed some PHP errors
|
@murgatroid99: Just to confirm, am I correct that node will always run the callback in a different thread? |
|
|
|
In Node, everything is run in the same thread, but the callback will be called outside of the call stack of the original call. |
|
@markdroth and @jtattermusch PTAL for markdroth#5 ruby changes LGTM |
Guarantee that c# auth callbacks are async to core
|
@kpayson64, it looks like there are some Cython build failures due to not being able to find the Any idea what I need to do to resolve this? Thanks! |
|
|
|
|
|
|
|
|
| @@ -125,6 +140,7 @@ static bool plugin_get_request_metadata(grpc_exec_ctx *exec_ctx, | |||
| grpc_closure *on_request_metadata, | |||
| grpc_error **error) { | |||
| grpc_plugin_credentials *c = (grpc_plugin_credentials *)creds; | |||
There was a problem hiding this comment.
@markdroth Could you add traces to track the begin/end of the sync/async request? It helps to debug potential deadlock issues mentioned here: #11553 (comment)
|
|
jboeuf
left a comment
jboeuf
left a comment
There was a problem hiding this comment.
LGTM. A few cosmetic comments. Thanks for the fix!
include/grpc/grpc_security.h
Outdated
| void *reserved; | ||
| } grpc_auth_metadata_context; | ||
|
|
||
| /** Maximum number of credentials returnable by a credentials plugin via |
There was a problem hiding this comment.
Maximum number of metadata as opposed to credentials.
src/cpp/client/secure_credentials.cc
Outdated
| std::bind(&MetadataCredentialsPluginWrapper::InvokePlugin, w, context, | ||
| cb, user_data)); | ||
| cb, user_data, nullptr, nullptr, nullptr, nullptr)); | ||
| return false; |
There was a problem hiding this comment.
Since we're returning an int here, should this be 0 instead?
src/cpp/client/secure_credentials.cc
Outdated
| // Synchronous return. | ||
| w->InvokePlugin(context, cb, user_data, creds_md, num_creds_md, status, | ||
| error_details); | ||
| return true; |
|
|
||
| /** Maximum number of credentials returnable by a credentials plugin via | ||
| a synchronous return. */ | ||
| #define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX 4 |
There was a problem hiding this comment.
Can we make it configurable? Php need to get the callback always invoked on the same thread. Thus Php may use a larger threshold to make sure it's always sync.
There was a problem hiding this comment.
No, we can't make it configurable. For performance reasons, we need to allocate space for the return parameters on the stack instead of heap-allocating it, so the number has to be set at compile time.
This limitation may go away in the future with some metadata API changes that @ctiller has in mind. But for now, if PHP needs to have a plugin return more then 4 metadata elements, then it needs to use the async API.
|
|
|
|
11 participants
This fixes a pre-existing problem where plugin credentials would sometimes invoke the callback in the same thread, thus creating a new exec_ctx in an unsafe way.
It also helps pave the way for the call combiner change.Julien: Please review all code, with particular emphasis on the API change.
Ken: Please review python changes.
Stanley: Please review PHP changes.
Alex: Please review csharp and ruby changes.
Michael: Please review node changes.
Please let me know if you have any questions. Thanks!