Merge pull request #24015 from yashykt/certificateprovider

CertificateProvider API

BUILD

@@ -1811,6 +1811,7 @@ grpc_cc_library(
     hdrs = [
         "src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h",
         "src/core/ext/xds/xds_channel_args.h",
+        "src/core/lib/security/certificate_provider.h",
         "src/core/lib/security/context/security_context.h",
         "src/core/lib/security/credentials/alts/alts_credentials.h",
         "src/core/lib/security/credentials/composite/composite_credentials.h",

BUILD.gn

@@ -799,6 +799,7 @@ config("grpc_config") {
         "src/core/lib/security/authorization/mock_cel/evaluator_core.h",
         "src/core/lib/security/authorization/mock_cel/flat_expr_builder.h",
         "src/core/lib/security/authorization/mock_cel/statusor.h",
+        "src/core/lib/security/certificate_provider.h",
         "src/core/lib/security/context/security_context.cc",
         "src/core/lib/security/context/security_context.h",
         "src/core/lib/security/credentials/alts/alts_credentials.cc",

build_autogenerated.yaml

@@ -660,6 +660,7 @@ libs:
   - src/core/lib/security/authorization/mock_cel/evaluator_core.h
   - src/core/lib/security/authorization/mock_cel/flat_expr_builder.h
   - src/core/lib/security/authorization/mock_cel/statusor.h
+  - src/core/lib/security/certificate_provider.h
   - src/core/lib/security/context/security_context.h
   - src/core/lib/security/credentials/alts/alts_credentials.h
   - src/core/lib/security/credentials/alts/check_gcp_environment.h

gRPC-C++.podspec

@@ -523,6 +523,7 @@ Pod::Spec.new do |s|
                       'src/core/lib/security/authorization/mock_cel/evaluator_core.h',
                       'src/core/lib/security/authorization/mock_cel/flat_expr_builder.h',
                       'src/core/lib/security/authorization/mock_cel/statusor.h',
+                      'src/core/lib/security/certificate_provider.h',
                       'src/core/lib/security/context/security_context.h',
                       'src/core/lib/security/credentials/alts/alts_credentials.h',
                       'src/core/lib/security/credentials/alts/check_gcp_environment.h',
@@ -1022,6 +1023,7 @@ Pod::Spec.new do |s|
                               'src/core/lib/security/authorization/mock_cel/evaluator_core.h',
                               'src/core/lib/security/authorization/mock_cel/flat_expr_builder.h',
                               'src/core/lib/security/authorization/mock_cel/statusor.h',
+                              'src/core/lib/security/certificate_provider.h',
                               'src/core/lib/security/context/security_context.h',
                               'src/core/lib/security/credentials/alts/alts_credentials.h',
                               'src/core/lib/security/credentials/alts/check_gcp_environment.h',

gRPC-Core.podspec

@@ -854,6 +854,7 @@ Pod::Spec.new do |s|
                       'src/core/lib/security/authorization/mock_cel/evaluator_core.h',
                       'src/core/lib/security/authorization/mock_cel/flat_expr_builder.h',
                       'src/core/lib/security/authorization/mock_cel/statusor.h',
+                      'src/core/lib/security/certificate_provider.h',
                       'src/core/lib/security/context/security_context.cc',
                       'src/core/lib/security/context/security_context.h',
                       'src/core/lib/security/credentials/alts/alts_credentials.cc',
@@ -1433,6 +1434,7 @@ Pod::Spec.new do |s|
                               'src/core/lib/security/authorization/mock_cel/evaluator_core.h',
                               'src/core/lib/security/authorization/mock_cel/flat_expr_builder.h',
                               'src/core/lib/security/authorization/mock_cel/statusor.h',
+                              'src/core/lib/security/certificate_provider.h',
                               'src/core/lib/security/context/security_context.h',
                               'src/core/lib/security/credentials/alts/alts_credentials.h',
                               'src/core/lib/security/credentials/alts/check_gcp_environment.h',

grpc.gemspec

@@ -772,6 +772,7 @@ Gem::Specification.new do |s|
   s.files += %w( src/core/lib/security/authorization/mock_cel/evaluator_core.h )
   s.files += %w( src/core/lib/security/authorization/mock_cel/flat_expr_builder.h )
   s.files += %w( src/core/lib/security/authorization/mock_cel/statusor.h )
+  s.files += %w( src/core/lib/security/certificate_provider.h )
   s.files += %w( src/core/lib/security/context/security_context.cc )
   s.files += %w( src/core/lib/security/context/security_context.h )
   s.files += %w( src/core/lib/security/credentials/alts/alts_credentials.cc )

package.xml

@@ -752,6 +752,7 @@
     <file baseinstalldir="/" name="src/core/lib/security/authorization/mock_cel/evaluator_core.h" role="src" />
     <file baseinstalldir="/" name="src/core/lib/security/authorization/mock_cel/flat_expr_builder.h" role="src" />
     <file baseinstalldir="/" name="src/core/lib/security/authorization/mock_cel/statusor.h" role="src" />
+    <file baseinstalldir="/" name="src/core/lib/security/certificate_provider.h" role="src" />
     <file baseinstalldir="/" name="src/core/lib/security/context/security_context.cc" role="src" />
     <file baseinstalldir="/" name="src/core/lib/security/context/security_context.h" role="src" />
     <file baseinstalldir="/" name="src/core/lib/security/credentials/alts/alts_credentials.cc" role="src" />

src/core/lib/security/certificate_provider.h

@@ -0,0 +1,59 @@
+//
+//
+// Copyright 2020 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+//
+
+#ifndef GRPC_CORE_LIB_SECURITY_CERTIFICATE_PROVIDER_H
+#define GRPC_CORE_LIB_SECURITY_CERTIFICATE_PROVIDER_H
+
+#include <grpc/support/port_platform.h>
+
+#include "src/core/lib/gprpp/ref_counted_ptr.h"
+#include "src/core/lib/iomgr/pollset_set.h"
+
+// TODO(yashkt): After https://github.com/grpc/grpc/pull/23572, remove this
+// forward declaration and include the header for the distributor instead.
+struct grpc_tls_certificate_distributor;
+
+// Interface for a grpc_tls_certificate_provider that handles the process to
+// fetch credentials and validation contexts. Implementations are free to rely
+// on local or remote sources to fetch the latest secrets, and free to share any
+// state among different instances as they deem fit.
+//
+// On creation, grpc_tls_certificate_provider creates a
+// grpc_tls_certificate_distributor object. When the credentials and validation
+// contexts become valid or changed, a grpc_tls_certificate_provider should
+// notify its distributor so as to propagate the update to the watchers.
+struct grpc_tls_certificate_provider
+    : public RefCounted<grpc_tls_certificate_provider> {
+ public:
+  grpc_tls_certificate_provider()
+      : interested_parties_(grpc_pollset_set_create()) {}
+
+  virtual ~grpc_tls_certificate_provider() {
+    grpc_pollset_set_destroy(interested_parties_);
+  }
+
+  grpc_pollset_set* interested_parties() const { return interested_parties_; }
+
+  virtual RefCountedPtr<grpc_tls_certificate_distributor> distributor()
+      const = 0;
+
+ private:
+  grpc_pollset_set* interested_parties_;
+};
+
+#endif  // GRPC_CORE_LIB_SECURITY_CERTIFICATE_PROVIDER_H

tools/doxygen/Doxyfile.c++.internal

@@ -1721,6 +1721,7 @@ src/core/lib/security/authorization/mock_cel/cel_value.h \
 src/core/lib/security/authorization/mock_cel/evaluator_core.h \
 src/core/lib/security/authorization/mock_cel/flat_expr_builder.h \
 src/core/lib/security/authorization/mock_cel/statusor.h \
+src/core/lib/security/certificate_provider.h \
 src/core/lib/security/context/security_context.cc \
 src/core/lib/security/context/security_context.h \
 src/core/lib/security/credentials/alts/alts_credentials.cc \

tools/doxygen/Doxyfile.core.internal

@@ -1548,6 +1548,7 @@ src/core/lib/security/authorization/mock_cel/cel_value.h \
 src/core/lib/security/authorization/mock_cel/evaluator_core.h \
 src/core/lib/security/authorization/mock_cel/flat_expr_builder.h \
 src/core/lib/security/authorization/mock_cel/statusor.h \
+src/core/lib/security/certificate_provider.h \
 src/core/lib/security/context/security_context.cc \
 src/core/lib/security/context/security_context.h \
 src/core/lib/security/credentials/alts/alts_credentials.cc \