Bump google storage module

Also bump the golangci version Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
2025-09-02 23:45:53 +00:00 · 2024-10-26 18:06:01 +01:00
parent 1c26d98fbe
commit 3996413f46
1501 changed files with 448261 additions and 47001 deletions
--- a/vendor/github.com/google/s2a-go/internal/v2/s2av2.go
+++ b/vendor/github.com/google/s2a-go/internal/v2/s2av2.go
@@ -28,38 +28,40 @@ import (
 	"os"
 	"time"

-	"github.com/golang/protobuf/proto"
 	"github.com/google/s2a-go/fallback"
 	"github.com/google/s2a-go/internal/handshaker/service"
 	"github.com/google/s2a-go/internal/tokenmanager"
 	"github.com/google/s2a-go/internal/v2/tlsconfigstore"
+	"github.com/google/s2a-go/retry"
 	"github.com/google/s2a-go/stream"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/grpclog"
+	"google.golang.org/protobuf/proto"

-	commonpbv1 "github.com/google/s2a-go/internal/proto/common_go_proto"
+	commonpb "github.com/google/s2a-go/internal/proto/v2/common_go_proto"
 	s2av2pb "github.com/google/s2a-go/internal/proto/v2/s2a_go_proto"
 )

 const (
 	s2aSecurityProtocol = "tls"
-	defaultS2ATimeout   = 3 * time.Second
+	defaultS2ATimeout   = 6 * time.Second
 )

 // An environment variable, which sets the timeout enforced on the connection to the S2A service for handshake.
 const s2aTimeoutEnv = "S2A_TIMEOUT"

 type s2av2TransportCreds struct {
-	info         *credentials.ProtocolInfo
-	isClient     bool
-	serverName   string
-	s2av2Address string
-	tokenManager *tokenmanager.AccessTokenManager
+	info           *credentials.ProtocolInfo
+	isClient       bool
+	serverName     string
+	s2av2Address   string
+	transportCreds credentials.TransportCredentials
+	tokenManager   *tokenmanager.AccessTokenManager
 	// localIdentity should only be used by the client.
-	localIdentity *commonpbv1.Identity
+	localIdentity *commonpb.Identity
 	// localIdentities should only be used by the server.
-	localIdentities           []*commonpbv1.Identity
+	localIdentities           []*commonpb.Identity
 	verificationMode          s2av2pb.ValidatePeerCertificateChainReq_VerificationMode
 	fallbackClientHandshake   fallback.ClientHandshake
 	getS2AStream              func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)
@@ -68,7 +70,7 @@ type s2av2TransportCreds struct {

 // NewClientCreds returns a client-side transport credentials object that uses
 // the S2Av2 to establish a secure connection with a server.
-func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, fallbackClientHandshakeFunc fallback.ClientHandshake, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error), serverAuthorizationPolicy []byte) (credentials.TransportCredentials, error) {
+func NewClientCreds(s2av2Address string, transportCreds credentials.TransportCredentials, localIdentity *commonpb.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, fallbackClientHandshakeFunc fallback.ClientHandshake, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error), serverAuthorizationPolicy []byte) (credentials.TransportCredentials, error) {
 	// Create an AccessTokenManager instance to use to authenticate to S2Av2.
 	accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()

@@ -79,6 +81,7 @@ func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, ver
 		isClient:                  true,
 		serverName:                "",
 		s2av2Address:              s2av2Address,
+		transportCreds:            transportCreds,
 		localIdentity:             localIdentity,
 		verificationMode:          verificationMode,
 		fallbackClientHandshake:   fallbackClientHandshakeFunc,
@@ -98,7 +101,7 @@ func NewClientCreds(s2av2Address string, localIdentity *commonpbv1.Identity, ver

 // NewServerCreds returns a server-side transport credentials object that uses
 // the S2Av2 to establish a secure connection with a client.
-func NewServerCreds(s2av2Address string, localIdentities []*commonpbv1.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (credentials.TransportCredentials, error) {
+func NewServerCreds(s2av2Address string, transportCreds credentials.TransportCredentials, localIdentities []*commonpb.Identity, verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (credentials.TransportCredentials, error) {
 	// Create an AccessTokenManager instance to use to authenticate to S2Av2.
 	accessTokenManager, err := tokenmanager.NewSingleTokenAccessTokenManager()
 	creds := &s2av2TransportCreds{
@@ -107,6 +110,7 @@ func NewServerCreds(s2av2Address string, localIdentities []*commonpbv1.Identity,
 		},
 		isClient:         false,
 		s2av2Address:     s2av2Address,
+		transportCreds:   transportCreds,
 		localIdentities:  localIdentities,
 		verificationMode: verificationMode,
 		getS2AStream:     getS2AStream,
@@ -131,7 +135,13 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
 	serverName := removeServerNamePort(serverAuthority)
 	timeoutCtx, cancel := context.WithTimeout(ctx, GetS2ATimeout())
 	defer cancel()
-	s2AStream, err := createStream(timeoutCtx, c.s2av2Address, c.getS2AStream)
+	var s2AStream stream.S2AStream
+	var err error
+	retry.Run(timeoutCtx,
+		func() error {
+			s2AStream, err = createStream(timeoutCtx, c.s2av2Address, c.transportCreds, c.getS2AStream)
+			return err
+		})
 	if err != nil {
 		grpclog.Infof("Failed to connect to S2Av2: %v", err)
 		if c.fallbackClientHandshake != nil {
@@ -152,31 +162,28 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
 		tokenManager = *c.tokenManager
 	}

-	if c.serverName == "" {
-		config, err = tlsconfigstore.GetTLSConfigurationForClient(serverName, s2AStream, tokenManager, c.localIdentity, c.verificationMode, c.serverAuthorizationPolicy)
-		if err != nil {
-			grpclog.Info("Failed to get client TLS config from S2Av2: %v", err)
-			if c.fallbackClientHandshake != nil {
-				return c.fallbackClientHandshake(ctx, serverAuthority, rawConn, err)
-			}
-			return nil, nil, err
-		}
-	} else {
-		config, err = tlsconfigstore.GetTLSConfigurationForClient(c.serverName, s2AStream, tokenManager, c.localIdentity, c.verificationMode, c.serverAuthorizationPolicy)
-		if err != nil {
-			grpclog.Info("Failed to get client TLS config from S2Av2: %v", err)
-			if c.fallbackClientHandshake != nil {
-				return c.fallbackClientHandshake(ctx, serverAuthority, rawConn, err)
-			}
-			return nil, nil, err
+	sn := serverName
+	if c.serverName != "" {
+		sn = c.serverName
+	}
+	retry.Run(timeoutCtx,
+		func() error {
+			config, err = tlsconfigstore.GetTLSConfigurationForClient(sn, s2AStream, tokenManager, c.localIdentity, c.verificationMode, c.serverAuthorizationPolicy)
+			return err
+		})
+	if err != nil {
+		grpclog.Info("Failed to get client TLS config from S2Av2: %v", err)
+		if c.fallbackClientHandshake != nil {
+			return c.fallbackClientHandshake(ctx, serverAuthority, rawConn, err)
 		}
+		return nil, nil, err
 	}
 	if grpclog.V(1) {
 		grpclog.Infof("Got client TLS config from S2Av2.")
 	}
-	creds := credentials.NewTLS(config)

-	conn, authInfo, err := creds.ClientHandshake(ctx, serverName, rawConn)
+	creds := credentials.NewTLS(config)
+	conn, authInfo, err := creds.ClientHandshake(timeoutCtx, serverName, rawConn)
 	if err != nil {
 		grpclog.Infof("Failed to do client handshake using S2Av2: %v", err)
 		if c.fallbackClientHandshake != nil {
@@ -184,7 +191,7 @@ func (c *s2av2TransportCreds) ClientHandshake(ctx context.Context, serverAuthori
 		}
 		return nil, nil, err
 	}
-	grpclog.Infof("Successfully done client handshake using S2Av2 to: %s", serverName)
+	grpclog.Infof("client-side handshake is done using S2Av2 to: %s", serverName)

 	return conn, authInfo, err
 }
@@ -196,7 +203,13 @@ func (c *s2av2TransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, crede
 	}
 	ctx, cancel := context.WithTimeout(context.Background(), GetS2ATimeout())
 	defer cancel()
-	s2AStream, err := createStream(ctx, c.s2av2Address, c.getS2AStream)
+	var s2AStream stream.S2AStream
+	var err error
+	retry.Run(ctx,
+		func() error {
+			s2AStream, err = createStream(ctx, c.s2av2Address, c.transportCreds, c.getS2AStream)
+			return err
+		})
 	if err != nil {
 		grpclog.Infof("Failed to connect to S2Av2: %v", err)
 		return nil, nil, err
@@ -213,7 +226,12 @@ func (c *s2av2TransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, crede
 		tokenManager = *c.tokenManager
 	}

-	config, err := tlsconfigstore.GetTLSConfigurationForServer(s2AStream, tokenManager, c.localIdentities, c.verificationMode)
+	var config *tls.Config
+	retry.Run(ctx,
+		func() error {
+			config, err = tlsconfigstore.GetTLSConfigurationForServer(s2AStream, tokenManager, c.localIdentities, c.verificationMode)
+			return err
+		})
 	if err != nil {
 		grpclog.Infof("Failed to get server TLS config from S2Av2: %v", err)
 		return nil, nil, err
@@ -221,8 +239,14 @@ func (c *s2av2TransportCreds) ServerHandshake(rawConn net.Conn) (net.Conn, crede
 	if grpclog.V(1) {
 		grpclog.Infof("Got server TLS config from S2Av2.")
 	}
+
 	creds := credentials.NewTLS(config)
-	return creds.ServerHandshake(rawConn)
+	conn, authInfo, err := creds.ServerHandshake(rawConn)
+	if err != nil {
+		grpclog.Infof("Failed to do server handshake using S2Av2: %v", err)
+		return nil, nil, err
+	}
+	return conn, authInfo, err
 }

 // Info returns protocol info of s2av2TransportCreds.
@@ -244,15 +268,15 @@ func (c *s2av2TransportCreds) Clone() credentials.TransportCredentials {
 		tokenManager = *c.tokenManager
 	}
 	verificationMode := c.verificationMode
-	var localIdentity *commonpbv1.Identity
+	var localIdentity *commonpb.Identity
 	if c.localIdentity != nil {
-		localIdentity = proto.Clone(c.localIdentity).(*commonpbv1.Identity)
+		localIdentity = proto.Clone(c.localIdentity).(*commonpb.Identity)
 	}
-	var localIdentities []*commonpbv1.Identity
+	var localIdentities []*commonpb.Identity
 	if c.localIdentities != nil {
-		localIdentities = make([]*commonpbv1.Identity, len(c.localIdentities))
+		localIdentities = make([]*commonpb.Identity, len(c.localIdentities))
 		for i, localIdentity := range c.localIdentities {
-			localIdentities[i] = proto.Clone(localIdentity).(*commonpbv1.Identity)
+			localIdentities[i] = proto.Clone(localIdentity).(*commonpb.Identity)
 		}
 	}
 	creds := &s2av2TransportCreds{
@@ -278,11 +302,12 @@ func (c *s2av2TransportCreds) Clone() credentials.TransportCredentials {
 func NewClientTLSConfig(
 	ctx context.Context,
 	s2av2Address string,
+	transportCreds credentials.TransportCredentials,
 	tokenManager tokenmanager.AccessTokenManager,
 	verificationMode s2av2pb.ValidatePeerCertificateChainReq_VerificationMode,
 	serverName string,
 	serverAuthorizationPolicy []byte) (*tls.Config, error) {
-	s2AStream, err := createStream(ctx, s2av2Address, nil)
+	s2AStream, err := createStream(ctx, s2av2Address, transportCreds, nil)
 	if err != nil {
 		grpclog.Infof("Failed to connect to S2Av2: %v", err)
 		return nil, err
@@ -325,12 +350,12 @@ func (x s2AGrpcStream) CloseSend() error {
 	return x.stream.CloseSend()
 }

-func createStream(ctx context.Context, s2av2Address string, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (stream.S2AStream, error) {
+func createStream(ctx context.Context, s2av2Address string, transportCreds credentials.TransportCredentials, getS2AStream func(ctx context.Context, s2av2Address string) (stream.S2AStream, error)) (stream.S2AStream, error) {
 	if getS2AStream != nil {
 		return getS2AStream(ctx, s2av2Address)
 	}
 	// TODO(rmehta19): Consider whether to close the connection to S2Av2.
-	conn, err := service.Dial(s2av2Address)
+	conn, err := service.Dial(ctx, s2av2Address, transportCreds)
 	if err != nil {
 		return nil, err
 	}