Merge pull request #16358 from ahrtr/remove_creds_bundle_20230802

clientv3: remove the experimental gRPC API grpccredentials.Bundle
2024-09-27 06:25:44 +00:00 · 2023-08-04 08:46:02 +01:00 · 2023-08-04 08:46:02 +01:00 · 10c7e81cac
commit 10c7e81cac
parent 0021204c15 979102f895
6 changed files with 25 additions and 84 deletions
--- a/client/v3/client.go
+++ b/client/v3/client.go
@ -69,7 +69,7 @@ type Client struct {
 	Username string
 	// Password is a password for authentication.
 	Password        string
-	authTokenBundle credentials.Bundle
+	authTokenBundle credentials.PerRPCCredentialsBundle
 	callOpts []grpc.CallOption
@ -338,7 +338,7 @@ func (c *Client) credentialsForEndpoint(ep string) grpccredentials.TransportCred
 		if c.creds != nil {
 			return c.creds
 		}
-		return credentials.NewBundle(credentials.Config{}).TransportCredentials()
+		return credentials.NewTransportCredential(nil)
 	default:
 		panic(fmt.Errorf("unsupported CredsRequirement: %v", r))
 	}
@ -350,7 +350,7 @@ func newClient(cfg *Config) (*Client, error) {
 	}
 	var creds grpccredentials.TransportCredentials
 	if cfg.TLS != nil {
-		creds = credentials.NewBundle(credentials.Config{TLSConfig: cfg.TLS}).TransportCredentials()
+		creds = credentials.NewTransportCredential(cfg.TLS)
 	}
 	// use a temporary skeleton client to bootstrap first connection
@ -389,7 +389,7 @@ func newClient(cfg *Config) (*Client, error) {
 	if cfg.Username != "" && cfg.Password != "" {
 		client.Username = cfg.Username
 		client.Password = cfg.Password
-		client.authTokenBundle = credentials.NewBundle(credentials.Config{})
+		client.authTokenBundle = credentials.NewPerRPCCredentialBundle()
 	}
 	if cfg.MaxCallSendMsgSize > 0 || cfg.MaxCallRecvMsgSize > 0 {
 		if cfg.MaxCallRecvMsgSize > 0 && cfg.MaxCallSendMsgSize > cfg.MaxCallRecvMsgSize {
--- a/client/v3/credentials/credentials.go
+++ b/client/v3/credentials/credentials.go
@ -19,7 +19,6 @@ package credentials
 import (
 	"context"
 	"crypto/tls"
 	"net"
 	"sync"
 	grpccredentials "google.golang.org/grpc/credentials"
@ -27,85 +26,44 @@ import (
 	"go.etcd.io/etcd/api/v3/v3rpc/rpctypes"
 )
-// Config defines gRPC credential configuration.
+func NewTransportCredential(cfg *tls.Config) grpccredentials.TransportCredentials {
-type Config struct {
+	return grpccredentials.NewTLS(cfg)
 	TLSConfig *tls.Config
 }
-// Bundle defines gRPC credential interface.
+// PerRPCCredentialsBundle defines gRPC credential interface.
-type Bundle interface {
+type PerRPCCredentialsBundle interface {
 	grpccredentials.Bundle
 	UpdateAuthToken(token string)
 	PerRPCCredentials() grpccredentials.PerRPCCredentials
 }
-// NewBundle constructs a new gRPC credential bundle.
+func NewPerRPCCredentialBundle() PerRPCCredentialsBundle {
-func NewBundle(cfg Config) Bundle {
+	return &perRPCCredentialBundle{
-	return &bundle{
+		rc: &perRPCCredential{},
 		tc: newTransportCredential(cfg.TLSConfig),
 		rc: newPerRPCCredential(),
 	}
 }
-// bundle implements "grpccredentials.Bundle" interface.
+// perRPCCredentialBundle implements `PerRPCCredentialsBundle` interface.
-type bundle struct {
+type perRPCCredentialBundle struct {
 	tc *transportCredential
 	rc *perRPCCredential
 }
-func (b *bundle) TransportCredentials() grpccredentials.TransportCredentials {
+func (b *perRPCCredentialBundle) UpdateAuthToken(token string) {
-	return b.tc
+	if b.rc == nil {
 		return
 	}
 	b.rc.UpdateAuthToken(token)
 }
-func (b *bundle) PerRPCCredentials() grpccredentials.PerRPCCredentials {
+func (b *perRPCCredentialBundle) PerRPCCredentials() grpccredentials.PerRPCCredentials {
 	return b.rc
 }
-func (b *bundle) NewWithMode(mode string) (grpccredentials.Bundle, error) {
+// perRPCCredential implements `grpccredentials.PerRPCCredentials` interface.
 	// no-op
 	return nil, nil
 }
 // transportCredential implements "grpccredentials.TransportCredentials" interface.
 type transportCredential struct {
 	gtc grpccredentials.TransportCredentials
 }
 func newTransportCredential(cfg *tls.Config) *transportCredential {
 	return &transportCredential{
 		gtc: grpccredentials.NewTLS(cfg),
 	}
 }
 func (tc *transportCredential) ClientHandshake(ctx context.Context, authority string, rawConn net.Conn) (net.Conn, grpccredentials.AuthInfo, error) {
 	return tc.gtc.ClientHandshake(ctx, authority, rawConn)
 }
 func (tc *transportCredential) ServerHandshake(rawConn net.Conn) (net.Conn, grpccredentials.AuthInfo, error) {
 	return tc.gtc.ServerHandshake(rawConn)
 }
 func (tc *transportCredential) Info() grpccredentials.ProtocolInfo {
 	return tc.gtc.Info()
 }
 func (tc *transportCredential) Clone() grpccredentials.TransportCredentials {
 	return &transportCredential{
 		gtc: tc.gtc.Clone(),
 	}
 }
 func (tc *transportCredential) OverrideServerName(serverNameOverride string) error {
 	return tc.gtc.OverrideServerName(serverNameOverride)
 }
 // perRPCCredential implements "grpccredentials.PerRPCCredentials" interface.
 type perRPCCredential struct {
 	authToken   string
 	authTokenMu sync.RWMutex
 }
 func newPerRPCCredential() *perRPCCredential { return &perRPCCredential{} }
 func (rc *perRPCCredential) RequireTransportSecurity() bool { return false }
 func (rc *perRPCCredential) GetRequestMetadata(ctx context.Context, s ...string) (map[string]string, error) {
@ -118,13 +76,6 @@ func (rc *perRPCCredential) GetRequestMetadata(ctx context.Context, s ...string)
 	return map[string]string{rpctypes.TokenFieldNameGRPC: authToken}, nil
 }
 func (b *bundle) UpdateAuthToken(token string) {
 	if b.rc == nil {
 		return
 	}
 	b.rc.UpdateAuthToken(token)
 }
 func (rc *perRPCCredential) UpdateAuthToken(token string) {
 	rc.authTokenMu.Lock()
 	rc.authToken = token
--- a/client/v3/credentials/credentials_test.go
+++ b/client/v3/credentials/credentials_test.go
@ -24,7 +24,7 @@ import (
 )
 func TestUpdateAuthToken(t *testing.T) {
-	bundle := NewBundle(Config{})
+	bundle := NewPerRPCCredentialBundle()
 	ctx := context.TODO()
 	metadataBeforeUpdate, _ := bundle.PerRPCCredentials().GetRequestMetadata(ctx)
--- a/client/v3/retry_interceptor_test.go
+++ b/client/v3/retry_interceptor_test.go
@ -25,24 +25,16 @@ import (
 type dummyAuthTokenBundle struct{}
 func (d dummyAuthTokenBundle) TransportCredentials() grpccredentials.TransportCredentials {
 	return nil
 }
 func (d dummyAuthTokenBundle) PerRPCCredentials() grpccredentials.PerRPCCredentials {
 	return nil
 }
 func (d dummyAuthTokenBundle) NewWithMode(mode string) (grpccredentials.Bundle, error) {
 	return nil, nil
 }
 func (d dummyAuthTokenBundle) UpdateAuthToken(token string) {
 }
 func TestClientShouldRefreshToken(t *testing.T) {
 	type fields struct {
-		authTokenBundle credentials.Bundle
+		authTokenBundle credentials.PerRPCCredentialsBundle
 	}
 	type args struct {
 		err      error
--- a/server/embed/etcd.go
+++ b/server/embed/etcd.go
@ -797,8 +797,7 @@ func (e *Etcd) grpcGatewayDial(splitHttp bool) (grpcDial func(ctx context.Contex
 		dtls := tlscfg.Clone()
 		// trust local server
 		dtls.InsecureSkipVerify = true
-		bundle := credentials.NewBundle(credentials.Config{TLSConfig: dtls})
+		opts = append(opts, grpc.WithTransportCredentials(credentials.NewTransportCredential(dtls)))
 		opts = append(opts, grpc.WithTransportCredentials(bundle.TransportCredentials()))
 	} else {
 		opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
 	}
--- a/server/etcdserver/api/v3rpc/grpc.go
+++ b/server/etcdserver/api/v3rpc/grpc.go
@ -39,8 +39,7 @@ func Server(s *etcdserver.EtcdServer, tls *tls.Config, interceptor grpc.UnarySer
 	var opts []grpc.ServerOption
 	opts = append(opts, grpc.CustomCodec(&codec{}))
 	if tls != nil {
-		bundle := credentials.NewBundle(credentials.Config{TLSConfig: tls})
+		opts = append(opts, grpc.Creds(credentials.NewTransportCredential(tls)))
 		opts = append(opts, grpc.Creds(bundle.TransportCredentials()))
 	}
 	chainUnaryInterceptors := []grpc.UnaryServerInterceptor{
 		newLogUnaryInterceptor(s),