Move create_channel and credentials from ::grpc_impl to ::grpc

Reverts: https://github.com/grpc/grpc/pull/18374 and
https://github.com/grpc/grpc/pull/18444

Credentials and create_channel are very closely intertwined, so it is
easier to migrate them together.

BUILD

@@ -225,7 +225,6 @@ GRPCXX_PUBLIC_HDRS = [
     "include/grpcpp/completion_queue.h",
     "include/grpcpp/completion_queue_impl.h",
     "include/grpcpp/create_channel.h",
-    "include/grpcpp/create_channel_impl.h",
     "include/grpcpp/create_channel_posix.h",
     "include/grpcpp/create_channel_posix_impl.h",
     "include/grpcpp/ext/health_check_service_server_builder_option.h",
@@ -254,7 +253,6 @@ GRPCXX_PUBLIC_HDRS = [
     "include/grpcpp/security/auth_metadata_processor.h",
     "include/grpcpp/security/auth_metadata_processor_impl.h",
     "include/grpcpp/security/credentials.h",
-    "include/grpcpp/security/credentials_impl.h",
     "include/grpcpp/security/server_credentials.h",
     "include/grpcpp/security/server_credentials_impl.h",
     "include/grpcpp/security/tls_credentials_options.h",

BUILD.gn

@@ -1225,7 +1225,6 @@ config("grpc_config") {
         "include/grpcpp/completion_queue.h",
         "include/grpcpp/completion_queue_impl.h",
         "include/grpcpp/create_channel.h",
-        "include/grpcpp/create_channel_impl.h",
         "include/grpcpp/create_channel_posix.h",
         "include/grpcpp/create_channel_posix_impl.h",
         "include/grpcpp/ext/health_check_service_server_builder_option.h",
@@ -1312,7 +1311,6 @@ config("grpc_config") {
         "include/grpcpp/security/auth_metadata_processor.h",
         "include/grpcpp/security/auth_metadata_processor_impl.h",
         "include/grpcpp/security/credentials.h",
-        "include/grpcpp/security/credentials_impl.h",
         "include/grpcpp/security/server_credentials.h",
         "include/grpcpp/security/server_credentials_impl.h",
         "include/grpcpp/security/tls_credentials_options.h",

CMakeLists.txt

@@ -2875,7 +2875,6 @@ foreach(_hdr
   include/grpcpp/security/auth_metadata_processor.h
   include/grpcpp/security/auth_metadata_processor_impl.h
   include/grpcpp/security/credentials.h
-  include/grpcpp/security/credentials_impl.h
   include/grpcpp/security/server_credentials.h
   include/grpcpp/security/server_credentials_impl.h
   include/grpcpp/security/tls_credentials_options.h
@@ -3568,7 +3567,6 @@ foreach(_hdr
   include/grpcpp/security/auth_metadata_processor.h
   include/grpcpp/security/auth_metadata_processor_impl.h
   include/grpcpp/security/credentials.h
-  include/grpcpp/security/credentials_impl.h
   include/grpcpp/security/server_credentials.h
   include/grpcpp/security/server_credentials_impl.h
   include/grpcpp/security/tls_credentials_options.h

Makefile

@@ -5072,7 +5072,6 @@ PUBLIC_HEADERS_CXX += \
     include/grpcpp/security/auth_metadata_processor.h \
     include/grpcpp/security/auth_metadata_processor_impl.h \
     include/grpcpp/security/credentials.h \
-    include/grpcpp/security/credentials_impl.h \
     include/grpcpp/security/server_credentials.h \
     include/grpcpp/security/server_credentials_impl.h \
     include/grpcpp/security/tls_credentials_options.h \
@@ -5770,7 +5769,6 @@ PUBLIC_HEADERS_CXX += \
     include/grpcpp/security/auth_metadata_processor.h \
     include/grpcpp/security/auth_metadata_processor_impl.h \
     include/grpcpp/security/credentials.h \
-    include/grpcpp/security/credentials_impl.h \
     include/grpcpp/security/server_credentials.h \
     include/grpcpp/security/server_credentials_impl.h \
     include/grpcpp/security/tls_credentials_options.h \

build_autogenerated.yaml

@@ -2329,7 +2329,6 @@ libs:
   - include/grpcpp/completion_queue.h
   - include/grpcpp/completion_queue_impl.h
   - include/grpcpp/create_channel.h
-  - include/grpcpp/create_channel_impl.h
   - include/grpcpp/create_channel_posix.h
   - include/grpcpp/create_channel_posix_impl.h
   - include/grpcpp/ext/health_check_service_server_builder_option.h
@@ -2416,7 +2415,6 @@ libs:
   - include/grpcpp/security/auth_metadata_processor.h
   - include/grpcpp/security/auth_metadata_processor_impl.h
   - include/grpcpp/security/credentials.h
-  - include/grpcpp/security/credentials_impl.h
   - include/grpcpp/security/server_credentials.h
   - include/grpcpp/security/server_credentials_impl.h
   - include/grpcpp/security/tls_credentials_options.h
@@ -2721,7 +2719,6 @@ libs:
   - include/grpcpp/completion_queue.h
   - include/grpcpp/completion_queue_impl.h
   - include/grpcpp/create_channel.h
-  - include/grpcpp/create_channel_impl.h
   - include/grpcpp/create_channel_posix.h
   - include/grpcpp/create_channel_posix_impl.h
   - include/grpcpp/ext/health_check_service_server_builder_option.h
@@ -2808,7 +2805,6 @@ libs:
   - include/grpcpp/security/auth_metadata_processor.h
   - include/grpcpp/security/auth_metadata_processor_impl.h
   - include/grpcpp/security/credentials.h
-  - include/grpcpp/security/credentials_impl.h
   - include/grpcpp/security/server_credentials.h
   - include/grpcpp/security/server_credentials_impl.h
   - include/grpcpp/security/tls_credentials_options.h

gRPC-C++.podspec

@@ -167,7 +167,6 @@ Pod::Spec.new do |s|
                       'include/grpcpp/security/auth_metadata_processor.h',
                       'include/grpcpp/security/auth_metadata_processor_impl.h',
                       'include/grpcpp/security/credentials.h',
-                      'include/grpcpp/security/credentials_impl.h',
                       'include/grpcpp/security/server_credentials.h',
                       'include/grpcpp/security/server_credentials_impl.h',
                       'include/grpcpp/security/tls_credentials_options.h',

include/grpcpp/create_channel.h

@@ -1,6 +1,6 @@
 /*
  *
- * Copyright 2019 gRPC authors.
+ * Copyright 2015 gRPC authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,38 +19,59 @@
 #ifndef GRPCPP_CREATE_CHANNEL_H
 #define GRPCPP_CREATE_CHANNEL_H
 
-#include <grpcpp/create_channel_impl.h>
+#include <memory>
+
+#include <grpcpp/channel.h>
+#include <grpcpp/impl/codegen/client_interceptor.h>
+#include <grpcpp/security/credentials.h>
 #include <grpcpp/support/channel_arguments.h>
+#include <grpcpp/support/config.h>
 
 namespace grpc {
-
-static inline std::shared_ptr<::grpc::Channel> CreateChannel(
+/// Create a new \a Channel pointing to \a target.
+///
+/// \param target The URI of the endpoint to connect to.
+/// \param creds Credentials to use for the created channel. If it does not
+/// hold an object or is invalid, a lame channel (one on which all operations
+/// fail) is returned.
+std::shared_ptr<Channel> CreateChannel(
     const grpc::string& target,
-    const std::shared_ptr<ChannelCredentials>& creds) {
-  return ::grpc_impl::CreateChannelImpl(target, creds);
-}
+    const std::shared_ptr<ChannelCredentials>& creds);
 
-static inline std::shared_ptr<::grpc::Channel> CreateCustomChannel(
+/// Create a new \em custom \a Channel pointing to \a target.
+///
+/// \warning For advanced use and testing ONLY. Override default channel
+/// arguments only if necessary.
+///
+/// \param target The URI of the endpoint to connect to.
+/// \param creds Credentials to use for the created channel. If it does not
+/// hold an object or is invalid, a lame channel (one on which all operations
+/// fail) is returned.
+/// \param args Options for channel creation.
+std::shared_ptr<Channel> CreateCustomChannel(
     const grpc::string& target,
     const std::shared_ptr<ChannelCredentials>& creds,
-    const ChannelArguments& args) {
-  return ::grpc_impl::CreateCustomChannelImpl(target, creds, args);
-}
+    const ChannelArguments& args);
 
 namespace experimental {
-
-static inline std::shared_ptr<::grpc::Channel>
-CreateCustomChannelWithInterceptors(
+/// Create a new \em custom \a Channel pointing to \a target with \a
+/// interceptors being invoked per call.
+///
+/// \warning For advanced use and testing ONLY. Override default channel
+/// arguments only if necessary.
+///
+/// \param target The URI of the endpoint to connect to.
+/// \param creds Credentials to use for the created channel. If it does not
+/// hold an object or is invalid, a lame channel (one on which all operations
+/// fail) is returned.
+/// \param args Options for channel creation.
+std::shared_ptr<Channel> CreateCustomChannelWithInterceptors(
     const grpc::string& target,
     const std::shared_ptr<ChannelCredentials>& creds,
     const ChannelArguments& args,
     std::vector<
         std::unique_ptr<experimental::ClientInterceptorFactoryInterface>>
-        interceptor_creators) {
-  return ::grpc_impl::experimental::CreateCustomChannelWithInterceptors(
-      target, creds, args, std::move(interceptor_creators));
-}
-
+        interceptor_creators);
 }  // namespace experimental
 }  // namespace grpc
 

include/grpcpp/create_channel_impl.h

@@ -1,78 +0,0 @@
-/*
- *
- * Copyright 2015 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPCPP_CREATE_CHANNEL_IMPL_H
-#define GRPCPP_CREATE_CHANNEL_IMPL_H
-
-#include <memory>
-
-#include <grpcpp/channel.h>
-#include <grpcpp/impl/codegen/client_interceptor.h>
-#include <grpcpp/security/credentials.h>
-#include <grpcpp/support/channel_arguments.h>
-#include <grpcpp/support/config.h>
-
-namespace grpc_impl {
-/// Create a new \a Channel pointing to \a target.
-///
-/// \param target The URI of the endpoint to connect to.
-/// \param creds Credentials to use for the created channel. If it does not
-/// hold an object or is invalid, a lame channel (one on which all operations
-/// fail) is returned.
-std::shared_ptr<::grpc::Channel> CreateChannelImpl(
-    const grpc::string& target,
-    const std::shared_ptr<::grpc::ChannelCredentials>& creds);
-
-/// Create a new \em custom \a Channel pointing to \a target.
-///
-/// \warning For advanced use and testing ONLY. Override default channel
-/// arguments only if necessary.
-///
-/// \param target The URI of the endpoint to connect to.
-/// \param creds Credentials to use for the created channel. If it does not
-/// hold an object or is invalid, a lame channel (one on which all operations
-/// fail) is returned.
-/// \param args Options for channel creation.
-std::shared_ptr<::grpc::Channel> CreateCustomChannelImpl(
-    const grpc::string& target,
-    const std::shared_ptr<::grpc::ChannelCredentials>& creds,
-    const ::grpc::ChannelArguments& args);
-
-namespace experimental {
-/// Create a new \em custom \a Channel pointing to \a target with \a
-/// interceptors being invoked per call.
-///
-/// \warning For advanced use and testing ONLY. Override default channel
-/// arguments only if necessary.
-///
-/// \param target The URI of the endpoint to connect to.
-/// \param creds Credentials to use for the created channel. If it does not
-/// hold an object or is invalid, a lame channel (one on which all operations
-/// fail) is returned.
-/// \param args Options for channel creation.
-std::shared_ptr<::grpc::Channel> CreateCustomChannelWithInterceptors(
-    const grpc::string& target,
-    const std::shared_ptr<grpc::ChannelCredentials>& creds,
-    const ::grpc::ChannelArguments& args,
-    std::vector<
-        std::unique_ptr<grpc::experimental::ClientInterceptorFactoryInterface>>
-        interceptor_creators);
-}  // namespace experimental
-}  // namespace grpc_impl
-
-#endif  // GRPCPP_CREATE_CHANNEL_IMPL_H

include/grpcpp/impl/codegen/client_context_impl.h

@@ -58,6 +58,7 @@ struct grpc_call;
 
 namespace grpc {
 
+class CallCredentials;
 class ChannelInterface;
 
 namespace internal {
@@ -88,7 +89,6 @@ class ClientCallbackUnaryImpl;
 class ClientContextAccessor;
 }  // namespace internal
 
-class CallCredentials;
 class Channel;
 class CompletionQueue;
 class ServerContext;
@@ -321,14 +321,14 @@ class ClientContext {
   ///
   /// \see  https://grpc.io/docs/guides/auth.html
   void set_credentials(
-      const std::shared_ptr<grpc_impl::CallCredentials>& creds);
+      const std::shared_ptr<grpc::CallCredentials>& creds);
 
   /// EXPERIMENTAL debugging API
   ///
   /// Returns the credentials for the client call. This should be used only in
   /// tests and for diagnostic purposes, and should not be used by application
   /// logic.
-  std::shared_ptr<grpc_impl::CallCredentials> credentials() { return creds_; }
+  std::shared_ptr<grpc::CallCredentials> credentials() { return creds_; }
 
   /// Return the compression algorithm the client call will request be used.
   /// Note that the gRPC runtime may decide to ignore this request, for example,
@@ -496,7 +496,7 @@ class ClientContext {
   bool call_canceled_;
   gpr_timespec deadline_;
   grpc::string authority_;
-  std::shared_ptr<grpc_impl::CallCredentials> creds_;
+  std::shared_ptr<grpc::CallCredentials> creds_;
   mutable std::shared_ptr<const grpc::AuthContext> auth_context_;
   struct census_context* census_context_;
   std::multimap<grpc::string, grpc::string> send_initial_metadata_;

include/grpcpp/security/credentials.h

@@ -19,123 +19,337 @@
 #ifndef GRPCPP_SECURITY_CREDENTIALS_H
 #define GRPCPP_SECURITY_CREDENTIALS_H
 
-#include <grpcpp/security/credentials_impl.h>
+#include <map>
+#include <memory>
+#include <vector>
+
+#include <grpc/grpc_security_constants.h>
+#include <grpcpp/channel.h>
+#include <grpcpp/impl/codegen/client_interceptor.h>
+#include <grpcpp/impl/codegen/grpc_library.h>
+#include <grpcpp/security/auth_context.h>
+#include <grpcpp/security/tls_credentials_options.h>
+#include <grpcpp/support/channel_arguments.h>
+#include <grpcpp/support/status.h>
+#include <grpcpp/support/string_ref.h>
+
+struct grpc_call;
 
 namespace grpc {
+class CallCredentials;
+class SecureCallCredentials;
+class SecureChannelCredentials;
+class ChannelCredentials;
 
-typedef ::grpc_impl::ChannelCredentials ChannelCredentials;
-typedef ::grpc_impl::CallCredentials CallCredentials;
-typedef ::grpc_impl::SslCredentialsOptions SslCredentialsOptions;
-typedef ::grpc_impl::SecureCallCredentials SecureCallCredentials;
-typedef ::grpc_impl::SecureChannelCredentials SecureChannelCredentials;
-typedef ::grpc_impl::MetadataCredentialsPlugin MetadataCredentialsPlugin;
+std::shared_ptr<Channel> CreateCustomChannel(
+    const grpc::string& target,
+    const std::shared_ptr<grpc::ChannelCredentials>& creds,
+    const grpc::ChannelArguments& args);
 
-static inline std::shared_ptr<grpc_impl::ChannelCredentials>
-GoogleDefaultCredentials() {
-  return ::grpc_impl::GoogleDefaultCredentials();
+namespace experimental {
+std::shared_ptr<grpc::Channel> CreateCustomChannelWithInterceptors(
+    const grpc::string& target,
+    const std::shared_ptr<grpc::ChannelCredentials>& creds,
+    const grpc::ChannelArguments& args,
+    std::vector<
+        std::unique_ptr<grpc::experimental::ClientInterceptorFactoryInterface>>
+        interceptor_creators);
 }
 
-static inline std::shared_ptr<ChannelCredentials> SslCredentials(
-    const SslCredentialsOptions& options) {
-  return ::grpc_impl::SslCredentials(options);
-}
+/// A channel credentials object encapsulates all the state needed by a client
+/// to authenticate with a server for a given channel.
+/// It can make various assertions, e.g., about the client’s identity, role
+/// for all the calls on that channel.
+///
+/// \see https://grpc.io/docs/guides/auth.html
+class ChannelCredentials : private grpc::GrpcLibraryCodegen {
+ public:
+  ChannelCredentials();
+  ~ChannelCredentials();
 
-static inline std::shared_ptr<grpc_impl::CallCredentials>
-GoogleComputeEngineCredentials() {
-  return ::grpc_impl::GoogleComputeEngineCredentials();
-}
+ protected:
+  friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials(
+      const std::shared_ptr<ChannelCredentials>& channel_creds,
+      const std::shared_ptr<CallCredentials>& call_creds);
+
+  virtual SecureChannelCredentials* AsSecureCredentials() = 0;
+
+ private:
+  friend std::shared_ptr<grpc::Channel> CreateCustomChannel(
+      const grpc::string& target,
+      const std::shared_ptr<grpc::ChannelCredentials>& creds,
+      const grpc::ChannelArguments& args);
+
+  friend std::shared_ptr<grpc::Channel>
+  grpc::experimental::CreateCustomChannelWithInterceptors(
+      const grpc::string& target,
+      const std::shared_ptr<grpc::ChannelCredentials>& creds,
+      const grpc::ChannelArguments& args,
+      std::vector<std::unique_ptr<
+          grpc::experimental::ClientInterceptorFactoryInterface>>
+          interceptor_creators);
+
+  virtual std::shared_ptr<Channel> CreateChannelImpl(
+      const grpc::string& target, const ChannelArguments& args) = 0;
+
+  // This function should have been a pure virtual function, but it is
+  // implemented as a virtual function so that it does not break API.
+  virtual std::shared_ptr<Channel> CreateChannelWithInterceptors(
+      const grpc::string& /*target*/, const ChannelArguments& /*args*/,
+      std::vector<std::unique_ptr<
+          grpc::experimental::ClientInterceptorFactoryInterface>>
+      /*interceptor_creators*/) {
+    return nullptr;
+  }
+};
+
+/// A call credentials object encapsulates the state needed by a client to
+/// authenticate with a server for a given call on a channel.
+///
+/// \see https://grpc.io/docs/guides/auth.html
+class CallCredentials : private grpc::GrpcLibraryCodegen {
+ public:
+  CallCredentials();
+  ~CallCredentials();
+
+  /// Apply this instance's credentials to \a call.
+  virtual bool ApplyToCall(grpc_call* call) = 0;
+  virtual grpc::string DebugString() {
+    return "CallCredentials did not provide a debug string";
+  }
+
+ protected:
+  friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials(
+      const std::shared_ptr<ChannelCredentials>& channel_creds,
+      const std::shared_ptr<CallCredentials>& call_creds);
+
+  friend std::shared_ptr<CallCredentials> CompositeCallCredentials(
+      const std::shared_ptr<CallCredentials>& creds1,
+      const std::shared_ptr<CallCredentials>& creds2);
+
+  virtual SecureCallCredentials* AsSecureCredentials() = 0;
+};
+
+/// Options used to build SslCredentials.
+struct SslCredentialsOptions {
+  /// The buffer containing the PEM encoding of the server root certificates. If
+  /// this parameter is empty, the default roots will be used.  The default
+  /// roots can be overridden using the \a GRPC_DEFAULT_SSL_ROOTS_FILE_PATH
+  /// environment variable pointing to a file on the file system containing the
+  /// roots.
+  grpc::string pem_root_certs;
+
+  /// The buffer containing the PEM encoding of the client's private key. This
+  /// parameter can be empty if the client does not have a private key.
+  grpc::string pem_private_key;
+
+  /// The buffer containing the PEM encoding of the client's certificate chain.
+  /// This parameter can be empty if the client does not have a certificate
+  /// chain.
+  grpc::string pem_cert_chain;
+};
+
+// Factories for building different types of Credentials The functions may
+// return empty shared_ptr when credentials cannot be created. If a
+// Credentials pointer is returned, it can still be invalid when used to create
+// a channel. A lame channel will be created then and all rpcs will fail on it.
+
+/// Builds credentials with reasonable defaults.
+///
+/// \warning Only use these credentials when connecting to a Google endpoint.
+/// Using these credentials to connect to any other service may result in this
+/// service being able to impersonate your client for requests to Google
+/// services.
+std::shared_ptr<ChannelCredentials> GoogleDefaultCredentials();
+
+/// Builds SSL Credentials given SSL specific options
+std::shared_ptr<ChannelCredentials> SslCredentials(
+    const SslCredentialsOptions& options);
 
-/// Constant for maximum auth token lifetime.
-constexpr long kMaxAuthTokenLifetimeSecs =
-    ::grpc_impl::kMaxAuthTokenLifetimeSecs;
+/// Builds credentials for use when running in GCE
+///
+/// \warning Only use these credentials when connecting to a Google endpoint.
+/// Using these credentials to connect to any other service may result in this
+/// service being able to impersonate your client for requests to Google
+/// services.
+std::shared_ptr<CallCredentials> GoogleComputeEngineCredentials();
 
-static inline std::shared_ptr<grpc_impl::CallCredentials>
-ServiceAccountJWTAccessCredentials(
+constexpr long kMaxAuthTokenLifetimeSecs = 3600;
+
+/// Builds Service Account JWT Access credentials.
+/// json_key is the JSON key string containing the client's private key.
+/// token_lifetime_seconds is the lifetime in seconds of each Json Web Token
+/// (JWT) created with this credentials. It should not exceed
+/// \a kMaxAuthTokenLifetimeSecs or will be cropped to this value.
+std::shared_ptr<CallCredentials> ServiceAccountJWTAccessCredentials(
     const grpc::string& json_key,
-    long token_lifetime_seconds = grpc::kMaxAuthTokenLifetimeSecs) {
-  return ::grpc_impl::ServiceAccountJWTAccessCredentials(
-      json_key, token_lifetime_seconds);
-}
+    long token_lifetime_seconds = kMaxAuthTokenLifetimeSecs);
 
-static inline std::shared_ptr<grpc_impl::CallCredentials>
-GoogleRefreshTokenCredentials(const grpc::string& json_refresh_token) {
-  return ::grpc_impl::GoogleRefreshTokenCredentials(json_refresh_token);
-}
+/// Builds refresh token credentials.
+/// json_refresh_token is the JSON string containing the refresh token along
+/// with a client_id and client_secret.
+///
+/// \warning Only use these credentials when connecting to a Google endpoint.
+/// Using these credentials to connect to any other service may result in this
+/// service being able to impersonate your client for requests to Google
+/// services.
+std::shared_ptr<CallCredentials> GoogleRefreshTokenCredentials(
+    const grpc::string& json_refresh_token);
 
-static inline std::shared_ptr<grpc_impl::CallCredentials>
-AccessTokenCredentials(const grpc::string& access_token) {
-  return ::grpc_impl::AccessTokenCredentials(access_token);
-}
+/// Builds access token credentials.
+/// access_token is an oauth2 access token that was fetched using an out of band
+/// mechanism.
+///
+/// \warning Only use these credentials when connecting to a Google endpoint.
+/// Using these credentials to connect to any other service may result in this
+/// service being able to impersonate your client for requests to Google
+/// services.
+std::shared_ptr<CallCredentials> AccessTokenCredentials(
+    const grpc::string& access_token);
 
-static inline std::shared_ptr<grpc_impl::CallCredentials> GoogleIAMCredentials(
+/// Builds IAM credentials.
+///
+/// \warning Only use these credentials when connecting to a Google endpoint.
+/// Using these credentials to connect to any other service may result in this
+/// service being able to impersonate your client for requests to Google
+/// services.
+std::shared_ptr<CallCredentials> GoogleIAMCredentials(
     const grpc::string& authorization_token,
-    const grpc::string& authority_selector) {
-  return ::grpc_impl::GoogleIAMCredentials(authorization_token,
-                                           authority_selector);
-}
+    const grpc::string& authority_selector);
 
-static inline std::shared_ptr<ChannelCredentials> CompositeChannelCredentials(
+/// Combines a channel credentials and a call credentials into a composite
+/// channel credentials.
+std::shared_ptr<ChannelCredentials> CompositeChannelCredentials(
     const std::shared_ptr<ChannelCredentials>& channel_creds,
-    const std::shared_ptr<CallCredentials>& call_creds) {
-  return ::grpc_impl::CompositeChannelCredentials(channel_creds, call_creds);
-}
+    const std::shared_ptr<CallCredentials>& call_creds);
 
-static inline std::shared_ptr<grpc_impl::CallCredentials>
-CompositeCallCredentials(const std::shared_ptr<CallCredentials>& creds1,
-                         const std::shared_ptr<CallCredentials>& creds2) {
-  return ::grpc_impl::CompositeCallCredentials(creds1, creds2);
-}
+/// Combines two call credentials objects into a composite call credentials.
+std::shared_ptr<CallCredentials> CompositeCallCredentials(
+    const std::shared_ptr<CallCredentials>& creds1,
+    const std::shared_ptr<CallCredentials>& creds2);
 
-static inline std::shared_ptr<grpc_impl::ChannelCredentials>
-InsecureChannelCredentials() {
-  return ::grpc_impl::InsecureChannelCredentials();
-}
+/// Credentials for an unencrypted, unauthenticated channel
+std::shared_ptr<ChannelCredentials> InsecureChannelCredentials();
 
-typedef ::grpc_impl::MetadataCredentialsPlugin MetadataCredentialsPlugin;
+/// User defined metadata credentials.
+class MetadataCredentialsPlugin {
+ public:
+  virtual ~MetadataCredentialsPlugin() {}
 
-static inline std::shared_ptr<grpc_impl::CallCredentials>
-MetadataCredentialsFromPlugin(
-    std::unique_ptr<MetadataCredentialsPlugin> plugin) {
-  return ::grpc_impl::MetadataCredentialsFromPlugin(std::move(plugin));
-}
+  /// If this method returns true, the Process function will be scheduled in
+  /// a different thread from the one processing the call.
+  virtual bool IsBlocking() const { return true; }
+
+  /// Type of credentials this plugin is implementing.
+  virtual const char* GetType() const { return ""; }
+
+  /// Gets the auth metatada produced by this plugin.
+  /// The fully qualified method name is:
+  /// service_url + "/" + method_name.
+  /// The channel_auth_context contains (among other things), the identity of
+  /// the server.
+  virtual grpc::Status GetMetadata(
+      grpc::string_ref service_url, grpc::string_ref method_name,
+      const grpc::AuthContext& channel_auth_context,
+      std::multimap<grpc::string, grpc::string>* metadata) = 0;
+
+  virtual grpc::string DebugString() {
+    return "MetadataCredentialsPlugin did not provide a debug string";
+  }
+};
+
+std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin(
+    std::unique_ptr<MetadataCredentialsPlugin> plugin);
 
 namespace experimental {
 
-typedef ::grpc_impl::experimental::StsCredentialsOptions StsCredentialsOptions;
+/// Options for creating STS Oauth Token Exchange credentials following the IETF
+/// draft https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16.
+/// Optional fields may be set to empty string. It is the responsibility of the
+/// caller to ensure that the subject and actor tokens are refreshed on disk at
+/// the specified paths.
+struct StsCredentialsOptions {
+  grpc::string token_exchange_service_uri;  // Required.
+  grpc::string resource;                    // Optional.
+  grpc::string audience;                    // Optional.
+  grpc::string scope;                       // Optional.
+  grpc::string requested_token_type;        // Optional.
+  grpc::string subject_token_path;          // Required.
+  grpc::string subject_token_type;          // Required.
+  grpc::string actor_token_path;            // Optional.
+  grpc::string actor_token_type;            // Optional.
+};
 
-static inline grpc::Status StsCredentialsOptionsFromJson(
-    const grpc::string& json_string, StsCredentialsOptions* options) {
-  return ::grpc_impl::experimental::StsCredentialsOptionsFromJson(json_string,
-                                                                  options);
-}
+/// Creates STS Options from a JSON string. The JSON schema is as follows:
+/// {
+///   "title": "STS Credentials Config",
+///   "type": "object",
+///   "required": ["token_exchange_service_uri", "subject_token_path",
+///                "subject_token_type"],
+///    "properties": {
+///      "token_exchange_service_uri": {
+///        "type": "string"
+///     },
+///     "resource": {
+///       "type": "string"
+///     },
+///     "audience": {
+///       "type": "string"
+///     },
+///     "scope": {
+///       "type": "string"
+///     },
+///     "requested_token_type": {
+///       "type": "string"
+///     },
+///     "subject_token_path": {
+///       "type": "string"
+///     },
+///     "subject_token_type": {
+///     "type": "string"
+///     },
+///     "actor_token_path" : {
+///       "type": "string"
+///     },
+///     "actor_token_type": {
+///       "type": "string"
+///     }
+///   }
+/// }
+grpc::Status StsCredentialsOptionsFromJson(const grpc::string& json_string,
+                                           StsCredentialsOptions* options);
 
-static inline grpc::Status StsCredentialsOptionsFromEnv(
-    StsCredentialsOptions* options) {
-  return grpc_impl::experimental::StsCredentialsOptionsFromEnv(options);
-}
+/// Creates STS credentials options from the $STS_CREDENTIALS environment
+/// variable. This environment variable points to the path of a JSON file
+/// comforming to the schema described above.
+grpc::Status StsCredentialsOptionsFromEnv(StsCredentialsOptions* options);
 
-static inline std::shared_ptr<grpc_impl::CallCredentials> StsCredentials(
-    const StsCredentialsOptions& options) {
-  return grpc_impl::experimental::StsCredentials(options);
-}
+std::shared_ptr<CallCredentials> StsCredentials(
+    const StsCredentialsOptions& options);
 
-typedef ::grpc_impl::experimental::AltsCredentialsOptions
-    AltsCredentialsOptions;
+std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin(
+    std::unique_ptr<MetadataCredentialsPlugin> plugin,
+    grpc_security_level min_security_level);
 
-static inline std::shared_ptr<grpc_impl::ChannelCredentials> AltsCredentials(
-    const AltsCredentialsOptions& options) {
-  return ::grpc_impl::experimental::AltsCredentials(options);
-}
+/// Options used to build AltsCredentials.
+struct AltsCredentialsOptions {
+  /// service accounts of target endpoint that will be acceptable
+  /// by the client. If service accounts are provided and none of them matches
+  /// that of the server, authentication will fail.
+  std::vector<grpc::string> target_service_accounts;
+};
 
-static inline std::shared_ptr<grpc_impl::ChannelCredentials> LocalCredentials(
-    grpc_local_connect_type type) {
-  return ::grpc_impl::experimental::LocalCredentials(type);
-}
+/// Builds ALTS Credentials given ALTS specific options
+std::shared_ptr<ChannelCredentials> AltsCredentials(
+    const AltsCredentialsOptions& options);
 
-static inline std::shared_ptr<grpc_impl::ChannelCredentials> TlsCredentials(
-    const ::grpc_impl::experimental::TlsCredentialsOptions& options) {
-  return ::grpc_impl::experimental::TlsCredentials(options);
-}
+/// Builds Local Credentials.
+std::shared_ptr<ChannelCredentials> LocalCredentials(
+    grpc_local_connect_type type);
+
+/// Builds TLS Credentials given TLS options.
+std::shared_ptr<ChannelCredentials> TlsCredentials(
+    const TlsCredentialsOptions& options);
 
 }  // namespace experimental
 }  // namespace grpc

include/grpcpp/security/credentials_impl.h

@@ -1,358 +0,0 @@
-/*
- *
- * Copyright 2015 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef GRPCPP_SECURITY_CREDENTIALS_IMPL_H
-#define GRPCPP_SECURITY_CREDENTIALS_IMPL_H
-
-#include <map>
-#include <memory>
-#include <vector>
-
-#include <grpc/grpc_security_constants.h>
-#include <grpcpp/channel_impl.h>
-#include <grpcpp/impl/codegen/client_interceptor.h>
-#include <grpcpp/impl/codegen/grpc_library.h>
-#include <grpcpp/security/auth_context.h>
-#include <grpcpp/security/tls_credentials_options.h>
-#include <grpcpp/support/channel_arguments_impl.h>
-#include <grpcpp/support/status.h>
-#include <grpcpp/support/string_ref.h>
-
-struct grpc_call;
-
-namespace grpc_impl {
-
-class ChannelCredentials;
-class CallCredentials;
-class SecureCallCredentials;
-class SecureChannelCredentials;
-
-std::shared_ptr<Channel> CreateCustomChannelImpl(
-    const grpc::string& target,
-    const std::shared_ptr<ChannelCredentials>& creds,
-    const ChannelArguments& args);
-
-namespace experimental {
-std::shared_ptr<Channel> CreateCustomChannelWithInterceptors(
-    const grpc::string& target,
-    const std::shared_ptr<ChannelCredentials>& creds,
-    const ChannelArguments& args,
-    std::vector<
-        std::unique_ptr<grpc::experimental::ClientInterceptorFactoryInterface>>
-        interceptor_creators);
-}
-
-/// A channel credentials object encapsulates all the state needed by a client
-/// to authenticate with a server for a given channel.
-/// It can make various assertions, e.g., about the client’s identity, role
-/// for all the calls on that channel.
-///
-/// \see https://grpc.io/docs/guides/auth.html
-class ChannelCredentials : private grpc::GrpcLibraryCodegen {
- public:
-  ChannelCredentials();
-  ~ChannelCredentials();
-
- protected:
-  friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials(
-      const std::shared_ptr<ChannelCredentials>& channel_creds,
-      const std::shared_ptr<CallCredentials>& call_creds);
-
-  virtual SecureChannelCredentials* AsSecureCredentials() = 0;
-
- private:
-  friend std::shared_ptr<Channel> CreateCustomChannelImpl(
-      const grpc::string& target,
-      const std::shared_ptr<ChannelCredentials>& creds,
-      const ChannelArguments& args);
-
-  friend std::shared_ptr<Channel>
-  grpc_impl::experimental::CreateCustomChannelWithInterceptors(
-      const grpc::string& target,
-      const std::shared_ptr<ChannelCredentials>& creds,
-      const ChannelArguments& args,
-      std::vector<std::unique_ptr<
-          grpc::experimental::ClientInterceptorFactoryInterface>>
-          interceptor_creators);
-
-  virtual std::shared_ptr<Channel> CreateChannelImpl(
-      const grpc::string& target, const ChannelArguments& args) = 0;
-
-  // This function should have been a pure virtual function, but it is
-  // implemented as a virtual function so that it does not break API.
-  virtual std::shared_ptr<Channel> CreateChannelWithInterceptors(
-      const grpc::string& /*target*/, const ChannelArguments& /*args*/,
-      std::vector<std::unique_ptr<
-          grpc::experimental::ClientInterceptorFactoryInterface>>
-      /*interceptor_creators*/) {
-    return nullptr;
-  }
-};
-
-/// A call credentials object encapsulates the state needed by a client to
-/// authenticate with a server for a given call on a channel.
-///
-/// \see https://grpc.io/docs/guides/auth.html
-class CallCredentials : private grpc::GrpcLibraryCodegen {
- public:
-  CallCredentials();
-  ~CallCredentials();
-
-  /// Apply this instance's credentials to \a call.
-  virtual bool ApplyToCall(grpc_call* call) = 0;
-  virtual grpc::string DebugString() {
-    return "CallCredentials did not provide a debug string";
-  }
-
- protected:
-  friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials(
-      const std::shared_ptr<ChannelCredentials>& channel_creds,
-      const std::shared_ptr<CallCredentials>& call_creds);
-
-  friend std::shared_ptr<CallCredentials> CompositeCallCredentials(
-      const std::shared_ptr<CallCredentials>& creds1,
-      const std::shared_ptr<CallCredentials>& creds2);
-
-  virtual SecureCallCredentials* AsSecureCredentials() = 0;
-};
-
-/// Options used to build SslCredentials.
-struct SslCredentialsOptions {
-  /// The buffer containing the PEM encoding of the server root certificates. If
-  /// this parameter is empty, the default roots will be used.  The default
-  /// roots can be overridden using the \a GRPC_DEFAULT_SSL_ROOTS_FILE_PATH
-  /// environment variable pointing to a file on the file system containing the
-  /// roots.
-  grpc::string pem_root_certs;
-
-  /// The buffer containing the PEM encoding of the client's private key. This
-  /// parameter can be empty if the client does not have a private key.
-  grpc::string pem_private_key;
-
-  /// The buffer containing the PEM encoding of the client's certificate chain.
-  /// This parameter can be empty if the client does not have a certificate
-  /// chain.
-  grpc::string pem_cert_chain;
-};
-
-// Factories for building different types of Credentials The functions may
-// return empty shared_ptr when credentials cannot be created. If a
-// Credentials pointer is returned, it can still be invalid when used to create
-// a channel. A lame channel will be created then and all rpcs will fail on it.
-
-/// Builds credentials with reasonable defaults.
-///
-/// \warning Only use these credentials when connecting to a Google endpoint.
-/// Using these credentials to connect to any other service may result in this
-/// service being able to impersonate your client for requests to Google
-/// services.
-std::shared_ptr<ChannelCredentials> GoogleDefaultCredentials();
-
-/// Builds SSL Credentials given SSL specific options
-std::shared_ptr<ChannelCredentials> SslCredentials(
-    const SslCredentialsOptions& options);
-
-/// Builds credentials for use when running in GCE
-///
-/// \warning Only use these credentials when connecting to a Google endpoint.
-/// Using these credentials to connect to any other service may result in this
-/// service being able to impersonate your client for requests to Google
-/// services.
-std::shared_ptr<CallCredentials> GoogleComputeEngineCredentials();
-
-constexpr long kMaxAuthTokenLifetimeSecs = 3600;
-
-/// Builds Service Account JWT Access credentials.
-/// json_key is the JSON key string containing the client's private key.
-/// token_lifetime_seconds is the lifetime in seconds of each Json Web Token
-/// (JWT) created with this credentials. It should not exceed
-/// \a kMaxAuthTokenLifetimeSecs or will be cropped to this value.
-std::shared_ptr<CallCredentials> ServiceAccountJWTAccessCredentials(
-    const grpc::string& json_key,
-    long token_lifetime_seconds = grpc_impl::kMaxAuthTokenLifetimeSecs);
-
-/// Builds refresh token credentials.
-/// json_refresh_token is the JSON string containing the refresh token along
-/// with a client_id and client_secret.
-///
-/// \warning Only use these credentials when connecting to a Google endpoint.
-/// Using these credentials to connect to any other service may result in this
-/// service being able to impersonate your client for requests to Google
-/// services.
-std::shared_ptr<CallCredentials> GoogleRefreshTokenCredentials(
-    const grpc::string& json_refresh_token);
-
-/// Builds access token credentials.
-/// access_token is an oauth2 access token that was fetched using an out of band
-/// mechanism.
-///
-/// \warning Only use these credentials when connecting to a Google endpoint.
-/// Using these credentials to connect to any other service may result in this
-/// service being able to impersonate your client for requests to Google
-/// services.
-std::shared_ptr<CallCredentials> AccessTokenCredentials(
-    const grpc::string& access_token);
-
-/// Builds IAM credentials.
-///
-/// \warning Only use these credentials when connecting to a Google endpoint.
-/// Using these credentials to connect to any other service may result in this
-/// service being able to impersonate your client for requests to Google
-/// services.
-std::shared_ptr<CallCredentials> GoogleIAMCredentials(
-    const grpc::string& authorization_token,
-    const grpc::string& authority_selector);
-
-/// Combines a channel credentials and a call credentials into a composite
-/// channel credentials.
-std::shared_ptr<ChannelCredentials> CompositeChannelCredentials(
-    const std::shared_ptr<ChannelCredentials>& channel_creds,
-    const std::shared_ptr<CallCredentials>& call_creds);
-
-/// Combines two call credentials objects into a composite call credentials.
-std::shared_ptr<CallCredentials> CompositeCallCredentials(
-    const std::shared_ptr<CallCredentials>& creds1,
-    const std::shared_ptr<CallCredentials>& creds2);
-
-/// Credentials for an unencrypted, unauthenticated channel
-std::shared_ptr<ChannelCredentials> InsecureChannelCredentials();
-
-/// User defined metadata credentials.
-class MetadataCredentialsPlugin {
- public:
-  virtual ~MetadataCredentialsPlugin() {}
-
-  /// If this method returns true, the Process function will be scheduled in
-  /// a different thread from the one processing the call.
-  virtual bool IsBlocking() const { return true; }
-
-  /// Type of credentials this plugin is implementing.
-  virtual const char* GetType() const { return ""; }
-
-  /// Gets the auth metatada produced by this plugin.
-  /// The fully qualified method name is:
-  /// service_url + "/" + method_name.
-  /// The channel_auth_context contains (among other things), the identity of
-  /// the server.
-  virtual grpc::Status GetMetadata(
-      grpc::string_ref service_url, grpc::string_ref method_name,
-      const grpc::AuthContext& channel_auth_context,
-      std::multimap<grpc::string, grpc::string>* metadata) = 0;
-
-  virtual grpc::string DebugString() {
-    return "MetadataCredentialsPlugin did not provide a debug string";
-  }
-};
-
-std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin(
-    std::unique_ptr<MetadataCredentialsPlugin> plugin);
-
-namespace experimental {
-
-/// Options for creating STS Oauth Token Exchange credentials following the IETF
-/// draft https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16.
-/// Optional fields may be set to empty string. It is the responsibility of the
-/// caller to ensure that the subject and actor tokens are refreshed on disk at
-/// the specified paths.
-struct StsCredentialsOptions {
-  grpc::string token_exchange_service_uri;  // Required.
-  grpc::string resource;                    // Optional.
-  grpc::string audience;                    // Optional.
-  grpc::string scope;                       // Optional.
-  grpc::string requested_token_type;        // Optional.
-  grpc::string subject_token_path;          // Required.
-  grpc::string subject_token_type;          // Required.
-  grpc::string actor_token_path;            // Optional.
-  grpc::string actor_token_type;            // Optional.
-};
-
-/// Creates STS Options from a JSON string. The JSON schema is as follows:
-/// {
-///   "title": "STS Credentials Config",
-///   "type": "object",
-///   "required": ["token_exchange_service_uri", "subject_token_path",
-///                "subject_token_type"],
-///    "properties": {
-///      "token_exchange_service_uri": {
-///        "type": "string"
-///     },
-///     "resource": {
-///       "type": "string"
-///     },
-///     "audience": {
-///       "type": "string"
-///     },
-///     "scope": {
-///       "type": "string"
-///     },
-///     "requested_token_type": {
-///       "type": "string"
-///     },
-///     "subject_token_path": {
-///       "type": "string"
-///     },
-///     "subject_token_type": {
-///     "type": "string"
-///     },
-///     "actor_token_path" : {
-///       "type": "string"
-///     },
-///     "actor_token_type": {
-///       "type": "string"
-///     }
-///   }
-/// }
-grpc::Status StsCredentialsOptionsFromJson(const grpc::string& json_string,
-                                           StsCredentialsOptions* options);
-
-/// Creates STS credentials options from the $STS_CREDENTIALS environment
-/// variable. This environment variable points to the path of a JSON file
-/// comforming to the schema described above.
-grpc::Status StsCredentialsOptionsFromEnv(StsCredentialsOptions* options);
-
-std::shared_ptr<CallCredentials> StsCredentials(
-    const StsCredentialsOptions& options);
-
-std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin(
-    std::unique_ptr<MetadataCredentialsPlugin> plugin,
-    grpc_security_level min_security_level);
-
-/// Options used to build AltsCredentials.
-struct AltsCredentialsOptions {
-  /// service accounts of target endpoint that will be acceptable
-  /// by the client. If service accounts are provided and none of them matches
-  /// that of the server, authentication will fail.
-  std::vector<grpc::string> target_service_accounts;
-};
-
-/// Builds ALTS Credentials given ALTS specific options
-std::shared_ptr<ChannelCredentials> AltsCredentials(
-    const AltsCredentialsOptions& options);
-
-/// Builds Local Credentials.
-std::shared_ptr<ChannelCredentials> LocalCredentials(
-    grpc_local_connect_type type);
-
-/// Builds TLS Credentials given TLS options.
-std::shared_ptr<ChannelCredentials> TlsCredentials(
-    const TlsCredentialsOptions& options);
-
-}  // namespace experimental
-}  // namespace grpc_impl
-
-#endif  // GRPCPP_SECURITY_CREDENTIALS_IMPL_H

include/grpcpp/security/server_credentials.h

@@ -57,11 +57,11 @@ struct SslServerCredentialsOptions {
 
 static inline std::shared_ptr<ServerCredentials> SslServerCredentials(
     const SslServerCredentialsOptions& options) {
-  return ::grpc_impl::SslServerCredentials(options);
+  return ::grpc::SslServerCredentials(options);
 }
 
 static inline std::shared_ptr<ServerCredentials> InsecureServerCredentials() {
-  return ::grpc_impl::InsecureServerCredentials();
+  return ::grpc::InsecureServerCredentials();
 }
 
 namespace experimental {
@@ -71,18 +71,18 @@ typedef ::grpc_impl::experimental::AltsServerCredentialsOptions
 
 static inline std::shared_ptr<ServerCredentials> AltsServerCredentials(
     const AltsServerCredentialsOptions& options) {
-  return ::grpc_impl::experimental::AltsServerCredentials(options);
+  return ::grpc::experimental::AltsServerCredentials(options);
 }
 
 static inline std::shared_ptr<ServerCredentials> LocalServerCredentials(
     grpc_local_connect_type type) {
-  return ::grpc_impl::experimental::LocalServerCredentials(type);
+  return ::grpc::experimental::LocalServerCredentials(type);
 }
 
 /// Builds TLS ServerCredentials given TLS options.
 static inline std::shared_ptr<ServerCredentials> TlsServerCredentials(
-    const ::grpc_impl::experimental::TlsCredentialsOptions& options) {
-  return ::grpc_impl::experimental::TlsServerCredentials(options);
+    const ::grpc::experimental::TlsCredentialsOptions& options) {
+  return ::grpc::experimental::TlsServerCredentials(options);
 }
 
 }  // namespace experimental

include/grpcpp/security/server_credentials_impl.h

@@ -82,7 +82,7 @@ std::shared_ptr<ServerCredentials> LocalServerCredentials(
 
 /// Builds TLS ServerCredentials given TLS options.
 std::shared_ptr<ServerCredentials> TlsServerCredentials(
-    const TlsCredentialsOptions& options);
+    const grpc::experimental::TlsCredentialsOptions& options);
 
 }  // namespace experimental
 }  // namespace grpc_impl

include/grpcpp/security/tls_credentials_options.h

@@ -36,7 +36,7 @@ typedef struct grpc_tls_server_authorization_check_config
     grpc_tls_server_authorization_check_config;
 typedef struct grpc_tls_credentials_options grpc_tls_credentials_options;
 
-namespace grpc_impl {
+namespace grpc {
 namespace experimental {
 
 /** TLS key materials config, wrapper for grpc_tls_key_materials_config. It is
@@ -340,6 +340,6 @@ class TlsCredentialsOptions {
 };
 
 }  // namespace experimental
-}  // namespace grpc_impl
+}  // namespace grpc
 
 #endif  // GRPCPP_SECURITY_TLS_CREDENTIALS_OPTIONS_H

include/grpcpp/support/channel_arguments_impl.h

@@ -28,6 +28,7 @@
 #include <grpcpp/support/config.h>
 
 namespace grpc {
+class SecureChannelCredentials;
 namespace testing {
 class ChannelArgumentsTest;
 }  // namespace testing
@@ -35,7 +36,6 @@ class ChannelArgumentsTest;
 
 namespace grpc_impl {
 
-class SecureChannelCredentials;
 
 /// Options for channel creation. The user can use generic setters to pass
 /// key value pairs down to C channel creation code. For gRPC related options,
@@ -126,7 +126,7 @@ class ChannelArguments {
   }
 
  private:
-  friend class grpc_impl::SecureChannelCredentials;
+  friend class grpc::SecureChannelCredentials;
   friend class grpc::testing::ChannelArgumentsTest;
 
   /// Default pointer argument operations.

src/cpp/client/client_context.cc

@@ -73,7 +73,7 @@ ClientContext::~ClientContext() {
 }
 
 void ClientContext::set_credentials(
-    const std::shared_ptr<grpc_impl::CallCredentials>& creds) {
+    const std::shared_ptr<grpc::CallCredentials>& creds) {
   creds_ = creds;
   // If call_ is set, we have already created the call, and set the call
   // credentials. This should only be done before we have started the batch

src/cpp/client/create_channel.cc

@@ -26,14 +26,14 @@
 
 #include "src/cpp/client/create_channel_internal.h"
 
-namespace grpc_impl {
-std::shared_ptr<grpc::Channel> CreateChannelImpl(
+namespace grpc {
+std::shared_ptr<grpc::Channel> CreateChannel(
     const grpc::string& target,
     const std::shared_ptr<grpc::ChannelCredentials>& creds) {
-  return CreateCustomChannelImpl(target, creds, grpc::ChannelArguments());
+  return CreateCustomChannel(target, creds, grpc::ChannelArguments());
 }
 
-std::shared_ptr<grpc::Channel> CreateCustomChannelImpl(
+std::shared_ptr<grpc::Channel> CreateCustomChannel(
     const grpc::string& target,
     const std::shared_ptr<grpc::ChannelCredentials>& creds,
     const grpc::ChannelArguments& args) {
@@ -82,4 +82,4 @@ std::shared_ptr<grpc::Channel> CreateCustomChannelWithInterceptors(
 }
 }  // namespace experimental
 
-}  // namespace grpc_impl
+}  // namespace grpc

src/cpp/client/credentials_cc.cc

@@ -19,7 +19,7 @@
 #include <grpcpp/impl/grpc_library.h>
 #include <grpcpp/security/credentials.h>
 
-namespace grpc_impl {
+namespace grpc {
 
 static grpc::internal::GrpcLibraryInitializer g_gli_initializer;
 ChannelCredentials::ChannelCredentials() { g_gli_initializer.summon(); }
@@ -30,4 +30,4 @@ CallCredentials::CallCredentials() { g_gli_initializer.summon(); }
 
 CallCredentials::~CallCredentials() {}
 
-}  // namespace grpc_impl
+}  // namespace grpc

src/cpp/client/cronet_credentials.cc

@@ -55,10 +55,9 @@ class CronetChannelCredentialsImpl final : public ChannelCredentials {
   }
   void* engine_;
 };
-}  // namespace grpc
-namespace grpc_impl {
+
 std::shared_ptr<ChannelCredentials> CronetChannelCredentials(void* engine) {
   return std::shared_ptr<ChannelCredentials>(
       new grpc::CronetChannelCredentialsImpl(engine));
 }
-}  // namespace grpc_impl
+}  // namespace grpc

src/cpp/client/insecure_credentials.cc

@@ -24,7 +24,7 @@
 #include <grpcpp/support/config.h>
 #include "src/cpp/client/create_channel_internal.h"
 
-namespace grpc_impl {
+namespace grpc {
 
 namespace {
 class InsecureChannelCredentialsImpl final : public ChannelCredentials {
@@ -59,4 +59,4 @@ std::shared_ptr<ChannelCredentials> InsecureChannelCredentials() {
       new InsecureChannelCredentialsImpl());
 }
 
-}  // namespace grpc_impl
+}  // namespace grpc

src/cpp/client/secure_credentials.cc

@@ -38,7 +38,7 @@
 #include "src/cpp/client/create_channel_internal.h"
 #include "src/cpp/common/secure_auth_context.h"
 
-namespace grpc_impl {
+namespace grpc {
 
 static grpc::internal::GrpcLibraryInitializer g_gli_initializer;
 SecureChannelCredentials::SecureChannelCredentials(
@@ -387,9 +387,6 @@ std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin(
       c_plugin, GRPC_PRIVACY_AND_INTEGRITY, nullptr));
 }
 
-}  // namespace grpc_impl
-
-namespace grpc {
 namespace {
 void DeleteWrapper(void* wrapper, grpc_error* /*ignored*/) {
   MetadataCredentialsPluginWrapper* w =

src/cpp/client/secure_credentials.h

@@ -22,7 +22,6 @@
 #include <grpc/grpc_security.h>
 
 #include <grpcpp/security/credentials.h>
-#include <grpcpp/security/credentials_impl.h>
 #include <grpcpp/security/tls_credentials_options.h>
 #include <grpcpp/support/config.h>
 
@@ -33,6 +32,9 @@
 namespace grpc_impl {
 
 class Channel;
+}  // namespace grpc_impl
+
+namespace grpc {
 
 class SecureChannelCredentials final : public ChannelCredentials {
  public:
@@ -85,10 +87,6 @@ grpc_sts_credentials_options StsCredentialsCppToCoreOptions(
 
 }  // namespace experimental
 
-}  // namespace grpc_impl
-
-namespace grpc {
-
 class MetadataCredentialsPluginWrapper final : private GrpcLibraryCodegen {
  public:
   static void Destroy(void* wrapper);

src/cpp/common/tls_credentials_options.cc

@@ -23,7 +23,7 @@
 #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
 #include "src/cpp/common/tls_credentials_options_util.h"
 
-namespace grpc_impl {
+namespace grpc {
 namespace experimental {
 
 /** TLS key materials config API implementation **/
@@ -340,4 +340,4 @@ TlsCredentialsOptions::TlsCredentialsOptions(
 TlsCredentialsOptions::~TlsCredentialsOptions() {}
 
 }  // namespace experimental
-}  // namespace grpc_impl
+}  // namespace grpc

src/cpp/common/tls_credentials_options_util.cc

@@ -21,7 +21,7 @@
 #include <grpcpp/security/tls_credentials_options.h>
 #include "src/cpp/common/tls_credentials_options_util.h"
 
-namespace grpc_impl {
+namespace grpc {
 namespace experimental {
 
 /** Converts the Cpp key materials to C key materials; this allocates memory for
@@ -146,4 +146,4 @@ void TlsServerAuthorizationCheckArgDestroyContext(void* context) {
 }
 
 }  // namespace experimental
-}  // namespace grpc_impl
+}  // namespace grpc

src/cpp/common/tls_credentials_options_util.h

@@ -24,7 +24,7 @@
 
 #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
 
-namespace grpc_impl {
+namespace grpc {
 namespace experimental {
 
 /** The following function is exposed for testing purposes. **/
@@ -53,6 +53,6 @@ void TlsCredentialReloadArgDestroyContext(void* context);
 void TlsServerAuthorizationCheckArgDestroyContext(void* context);
 
 }  //  namespace experimental
-}  // namespace grpc_impl
+}  // namespace grpc
 
 #endif  // GRPC_INTERNAL_CPP_COMMON_TLS_CREDENTIALS_OPTIONS_UTIL_H

src/cpp/server/secure_server_credentials.cc

@@ -149,7 +149,7 @@ std::shared_ptr<ServerCredentials> LocalServerCredentials(
 }
 
 std::shared_ptr<ServerCredentials> TlsServerCredentials(
-    const TlsCredentialsOptions& options) {
+    const grpc::experimental::TlsCredentialsOptions& options) {
   grpc::GrpcLibraryCodegen init;
   return std::shared_ptr<ServerCredentials>(new SecureServerCredentials(
       grpc_tls_server_credentials_create(options.c_credentials_options())));

tools/doxygen/Doxyfile.c++

@@ -940,7 +940,6 @@ include/grpcpp/client_context.h \
 include/grpcpp/completion_queue.h \
 include/grpcpp/completion_queue_impl.h \
 include/grpcpp/create_channel.h \
-include/grpcpp/create_channel_impl.h \
 include/grpcpp/create_channel_posix.h \
 include/grpcpp/create_channel_posix_impl.h \
 include/grpcpp/ext/health_check_service_server_builder_option.h \
@@ -1027,7 +1026,6 @@ include/grpcpp/security/auth_context.h \
 include/grpcpp/security/auth_metadata_processor.h \
 include/grpcpp/security/auth_metadata_processor_impl.h \
 include/grpcpp/security/credentials.h \
-include/grpcpp/security/credentials_impl.h \
 include/grpcpp/security/server_credentials.h \
 include/grpcpp/security/server_credentials_impl.h \
 include/grpcpp/security/tls_credentials_options.h \

tools/doxygen/Doxyfile.c++.internal

@@ -940,7 +940,6 @@ include/grpcpp/client_context.h \
 include/grpcpp/completion_queue.h \
 include/grpcpp/completion_queue_impl.h \
 include/grpcpp/create_channel.h \
-include/grpcpp/create_channel_impl.h \
 include/grpcpp/create_channel_posix.h \
 include/grpcpp/create_channel_posix_impl.h \
 include/grpcpp/ext/health_check_service_server_builder_option.h \
@@ -1027,7 +1026,6 @@ include/grpcpp/security/auth_context.h \
 include/grpcpp/security/auth_metadata_processor.h \
 include/grpcpp/security/auth_metadata_processor_impl.h \
 include/grpcpp/security/credentials.h \
-include/grpcpp/security/credentials_impl.h \
 include/grpcpp/security/server_credentials.h \
 include/grpcpp/security/server_credentials_impl.h \
 include/grpcpp/security/tls_credentials_options.h \