Skip to content

Commit 5a59b20

Browse files
Zgoda91Zgoda91
committed
Added support for allocated resources management
1 parent 48eb043 commit 5a59b20

File tree

2 files changed

+42
-11
lines changed

2 files changed

+42
-11
lines changed

xds/src/main/java/io/grpc/xds/internal/TlsXdsCredentialsProvider.java

Lines changed: 31 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -16,15 +16,18 @@
1616

1717
package io.grpc.xds.internal;
1818

19+
import com.google.common.collect.ImmutableList;
1920
import com.google.protobuf.Duration;
2021
import com.google.protobuf.util.Durations;
2122
import io.grpc.ChannelCredentials;
23+
import io.grpc.ResourceAllocatingChannelCredentials;
2224
import io.grpc.TlsChannelCredentials;
2325
import io.grpc.internal.GrpcUtil;
2426
import io.grpc.internal.JsonUtil;
2527
import io.grpc.util.AdvancedTlsX509KeyManager;
2628
import io.grpc.util.AdvancedTlsX509TrustManager;
2729
import io.grpc.xds.XdsCredentialsProvider;
30+
import java.io.Closeable;
2831
import java.io.File;
2932
import java.text.ParseException;
3033
import java.util.Map;
@@ -51,10 +54,10 @@ public final class TlsXdsCredentialsProvider extends XdsCredentialsProvider {
5154

5255
@Override
5356
protected ChannelCredentials newChannelCredentials(Map<String, ?> jsonConfig) {
54-
TlsChannelCredentials.Builder builder = TlsChannelCredentials.newBuilder();
57+
TlsChannelCredentials.Builder tlsChannelCredsBuilder = TlsChannelCredentials.newBuilder();
5558

5659
if (jsonConfig == null) {
57-
return builder.build();
60+
return tlsChannelCredsBuilder.build();
5861
}
5962

6063
// use refresh interval from bootstrap config if provided; else defaults to 600s
@@ -70,17 +73,22 @@ protected ChannelCredentials newChannelCredentials(Map<String, ?> jsonConfig) {
7073
}
7174
}
7275

76+
ImmutableList.Builder<Closeable> resourcesBuilder = ImmutableList.builder();
77+
ScheduledExecutorService scheduledExecutorService = null;
78+
7379
// use trust certificate file path from bootstrap config if provided; else use system default
7480
String rootCertPath = JsonUtil.getString(jsonConfig, ROOT_FILE_KEY);
7581
if (rootCertPath != null) {
7682
try {
83+
scheduledExecutorService = scheduledExecutorServiceFactory.create();
7784
AdvancedTlsX509TrustManager trustManager = AdvancedTlsX509TrustManager.newBuilder().build();
78-
trustManager.updateTrustCredentials(
85+
Closeable trustManagerFuture = trustManager.updateTrustCredentials(
7986
new File(rootCertPath),
8087
refreshIntervalSeconds,
8188
TimeUnit.SECONDS,
82-
scheduledExecutorServiceFactory.create());
83-
builder.trustManager(trustManager);
89+
scheduledExecutorService);
90+
resourcesBuilder.add(trustManagerFuture);
91+
tlsChannelCredsBuilder.trustManager(trustManager);
8492
} catch (Exception e) {
8593
logger.log(Level.WARNING, "Unable to read root certificates", e);
8694
return null;
@@ -93,14 +101,18 @@ protected ChannelCredentials newChannelCredentials(Map<String, ?> jsonConfig) {
93101
String privateKeyPath = JsonUtil.getString(jsonConfig, KEY_FILE_KEY);
94102
if (certChainPath != null && privateKeyPath != null) {
95103
try {
104+
if (scheduledExecutorService == null) {
105+
scheduledExecutorService = scheduledExecutorServiceFactory.create();
106+
}
96107
AdvancedTlsX509KeyManager keyManager = new AdvancedTlsX509KeyManager();
97-
keyManager.updateIdentityCredentials(
108+
Closeable keyManagerFuture = keyManager.updateIdentityCredentials(
98109
new File(certChainPath),
99110
new File(privateKeyPath),
100111
refreshIntervalSeconds,
101112
TimeUnit.SECONDS,
102-
scheduledExecutorServiceFactory.create());
103-
builder.keyManager(keyManager);
113+
scheduledExecutorService);
114+
resourcesBuilder.add(keyManagerFuture);
115+
tlsChannelCredsBuilder.keyManager(keyManager);
104116
} catch (Exception e) {
105117
logger.log(Level.WARNING, "Unable to read certificate chain or private key", e);
106118
return null;
@@ -110,7 +122,17 @@ protected ChannelCredentials newChannelCredentials(Map<String, ?> jsonConfig) {
110122
return null;
111123
}
112124

113-
return builder.build();
125+
// if executor was initialized, add it to allocated resource list
126+
if (scheduledExecutorService != null) {
127+
resourcesBuilder.add(asCloseable(scheduledExecutorService));
128+
}
129+
130+
return ResourceAllocatingChannelCredentials.create(
131+
tlsChannelCredsBuilder.build(), resourcesBuilder.build());
132+
}
133+
134+
private static Closeable asCloseable(ScheduledExecutorService scheduledExecutorService) {
135+
return () -> scheduledExecutorService.shutdownNow();
114136
}
115137

116138
@Override

xds/src/test/java/io/grpc/xds/internal/TlsXdsCredentialsProviderTest.java

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,11 +29,13 @@
2929
import com.google.common.collect.Iterables;
3030
import io.grpc.ChannelCredentials;
3131
import io.grpc.InternalServiceProviders;
32+
import io.grpc.ResourceAllocatingChannelCredentials;
3233
import io.grpc.TlsChannelCredentials;
3334
import io.grpc.internal.testing.TestUtils;
3435
import io.grpc.util.AdvancedTlsX509KeyManager;
3536
import io.grpc.util.AdvancedTlsX509TrustManager;
3637
import io.grpc.xds.XdsCredentialsProvider;
38+
import java.io.Closeable;
3739
import java.util.Map;
3840
import javax.net.ssl.KeyManager;
3941
import javax.net.ssl.TrustManager;
@@ -111,13 +113,20 @@ public void channelCredentialsWhenValidConfig() throws Exception {
111113
"refresh_interval", "440s");
112114

113115
ChannelCredentials creds = provider.newChannelCredentials(jsonConfig);
114-
assertSame(TlsChannelCredentials.class, creds.getClass());
115-
TlsChannelCredentials tlsChannelCredentials = (TlsChannelCredentials) creds;
116+
assertSame(ResourceAllocatingChannelCredentials.class, creds.getClass());
117+
ResourceAllocatingChannelCredentials resourceAllocatingChannelCredentials =
118+
(ResourceAllocatingChannelCredentials) creds;
119+
TlsChannelCredentials tlsChannelCredentials =
120+
(TlsChannelCredentials) resourceAllocatingChannelCredentials.getChannelCredentials();
116121
assertThat(tlsChannelCredentials.getKeyManagers()).hasSize(1);
117122
KeyManager keyManager = Iterables.getOnlyElement(tlsChannelCredentials.getKeyManagers());
118123
assertThat(keyManager).isInstanceOf(AdvancedTlsX509KeyManager.class);
119124
assertThat(tlsChannelCredentials.getTrustManagers()).hasSize(1);
120125
TrustManager trustManager = Iterables.getOnlyElement(tlsChannelCredentials.getTrustManagers());
121126
assertThat(trustManager).isInstanceOf(AdvancedTlsX509TrustManager.class);
127+
assertThat(resourceAllocatingChannelCredentials.getAllocatedResources()).hasSize(3);
128+
for (Closeable resource : resourceAllocatingChannelCredentials.getAllocatedResources()) {
129+
resource.close();
130+
}
122131
}
123132
}

0 commit comments

Comments
 (0)