MCPcopy
hub / github.com/grpc/grpc-go / dialOpts

Method dialOpts

balancer/rls/control_channel.go:140–181  ·  view source on GitHub ↗

dialOpts constructs the dial options for the control plane channel.

(bOpts balancer.BuildOptions, serviceConfig string)

Source from the content-addressed store, hash-verified

138
139// dialOpts constructs the dial options for the control plane channel.
140func (cc *controlChannel) dialOpts(bOpts balancer.BuildOptions, serviceConfig string) ([]grpc.DialOption, error) {
141 // The control plane channel will use the same authority as the parent
142 // channel for server authorization. This ensures that the identity of the
143 // RLS server and the identity of the backends is the same, so if the RLS
144 // config is injected by an attacker, it cannot cause leakage of private
145 // information contained in headers set by the application.
146 dopts := []grpc.DialOption{grpc.WithAuthority(bOpts.Authority)}
147 if bOpts.Dialer != nil {
148 dopts = append(dopts, grpc.WithContextDialer(bOpts.Dialer))
149 }
150 // The control channel will use the channel credentials from the parent
151 // channel, including any call creds associated with the channel creds.
152 var credsOpt grpc.DialOption
153 switch {
154 case bOpts.DialCreds != nil:
155 credsOpt = grpc.WithTransportCredentials(bOpts.DialCreds.Clone())
156 case bOpts.CredsBundle != nil:
157 // The "fallback" mode in google default credentials (which is the only
158 // type of credentials we expect to be used with RLS) uses TLS/ALTS
159 // creds for transport and uses the same call creds as that on the
160 // parent bundle.
161 bundle, err := bOpts.CredsBundle.NewWithMode(internal.CredsBundleModeFallback)
162 if err != nil {
163 return nil, err
164 }
165 credsOpt = grpc.WithCredentialsBundle(bundle)
166 default:
167 cc.logger.Warningf("no credentials available, using Insecure")
168 credsOpt = grpc.WithTransportCredentials(insecure.NewCredentials())
169 }
170 dopts = append(dopts, credsOpt)
171
172 // If the RLS LB policy's configuration specified a service config for the
173 // control channel, use that and disable service config fetching via the name
174 // resolver for the control channel.
175 if serviceConfig != "" {
176 cc.logger.Infof("Disabling service config from the name resolver and instead using: %s", serviceConfig)
177 dopts = append(dopts, grpc.WithDisableServiceConfig(), grpc.WithDefaultServiceConfig(serviceConfig))
178 }
179
180 return dopts, nil
181}
182
183func (cc *controlChannel) close() {
184 cc.dropConnStateSubscriber()

Callers 1

newControlChannelFunction · 0.95

Calls 11

WithAuthorityFunction · 0.92
WithContextDialerFunction · 0.92
WithTransportCredentialsFunction · 0.92
WithCredentialsBundleFunction · 0.92
NewCredentialsFunction · 0.92
WithDisableServiceConfigFunction · 0.92
WithDefaultServiceConfigFunction · 0.92
CloneMethod · 0.65
NewWithModeMethod · 0.65
WarningfMethod · 0.65
InfofMethod · 0.65

Tested by

no test coverage detected