dialOpts constructs the dial options for the control plane channel.
(bOpts balancer.BuildOptions, serviceConfig string)
| 138 | |
| 139 | // dialOpts constructs the dial options for the control plane channel. |
| 140 | func (cc *controlChannel) dialOpts(bOpts balancer.BuildOptions, serviceConfig string) ([]grpc.DialOption, error) { |
| 141 | // The control plane channel will use the same authority as the parent |
| 142 | // channel for server authorization. This ensures that the identity of the |
| 143 | // RLS server and the identity of the backends is the same, so if the RLS |
| 144 | // config is injected by an attacker, it cannot cause leakage of private |
| 145 | // information contained in headers set by the application. |
| 146 | dopts := []grpc.DialOption{grpc.WithAuthority(bOpts.Authority)} |
| 147 | if bOpts.Dialer != nil { |
| 148 | dopts = append(dopts, grpc.WithContextDialer(bOpts.Dialer)) |
| 149 | } |
| 150 | // The control channel will use the channel credentials from the parent |
| 151 | // channel, including any call creds associated with the channel creds. |
| 152 | var credsOpt grpc.DialOption |
| 153 | switch { |
| 154 | case bOpts.DialCreds != nil: |
| 155 | credsOpt = grpc.WithTransportCredentials(bOpts.DialCreds.Clone()) |
| 156 | case bOpts.CredsBundle != nil: |
| 157 | // The "fallback" mode in google default credentials (which is the only |
| 158 | // type of credentials we expect to be used with RLS) uses TLS/ALTS |
| 159 | // creds for transport and uses the same call creds as that on the |
| 160 | // parent bundle. |
| 161 | bundle, err := bOpts.CredsBundle.NewWithMode(internal.CredsBundleModeFallback) |
| 162 | if err != nil { |
| 163 | return nil, err |
| 164 | } |
| 165 | credsOpt = grpc.WithCredentialsBundle(bundle) |
| 166 | default: |
| 167 | cc.logger.Warningf("no credentials available, using Insecure") |
| 168 | credsOpt = grpc.WithTransportCredentials(insecure.NewCredentials()) |
| 169 | } |
| 170 | dopts = append(dopts, credsOpt) |
| 171 | |
| 172 | // If the RLS LB policy's configuration specified a service config for the |
| 173 | // control channel, use that and disable service config fetching via the name |
| 174 | // resolver for the control channel. |
| 175 | if serviceConfig != "" { |
| 176 | cc.logger.Infof("Disabling service config from the name resolver and instead using: %s", serviceConfig) |
| 177 | dopts = append(dopts, grpc.WithDisableServiceConfig(), grpc.WithDefaultServiceConfig(serviceConfig)) |
| 178 | } |
| 179 | |
| 180 | return dopts, nil |
| 181 | } |
| 182 | |
| 183 | func (cc *controlChannel) close() { |
| 184 | cc.dropConnStateSubscriber() |
no test coverage detected