lidavidm commented on a change in pull request #12465: URL: https://github.com/apache/arrow/pull/12465#discussion_r818892476
########## File path: cpp/src/arrow/flight/transport/grpc/grpc_client.cc ########## @@ -0,0 +1,872 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +#include "arrow/flight/transport/grpc/grpc_client.h" + +#include <map> +#include <memory> +#include <mutex> +#include <sstream> +#include <string> +#include <unordered_map> +#include <utility> + +#include "arrow/util/config.h" +#ifdef GRPCPP_PP_INCLUDE +#include <grpcpp/grpcpp.h> +#if defined(GRPC_NAMESPACE_FOR_TLS_CREDENTIALS_OPTIONS) +#include <grpcpp/security/tls_credentials_options.h> +#endif +#else +#include <grpc++/grpc++.h> +#endif + +#include <grpc/grpc_security_constants.h> + +#include "arrow/buffer.h" +#include "arrow/device.h" +#include "arrow/result.h" +#include "arrow/status.h" +#include "arrow/util/logging.h" +#include "arrow/util/uri.h" + +#include "arrow/flight/client.h" +#include "arrow/flight/client_auth.h" +#include "arrow/flight/client_header_internal.h" +#include "arrow/flight/client_middleware.h" +#include "arrow/flight/internal.h" +#include "arrow/flight/middleware.h" +#include "arrow/flight/serialization_internal.h" +#include "arrow/flight/transport.h" +#include "arrow/flight/types.h" + +namespace arrow { + +namespace flight { +namespace transport { +namespace grpc { + +namespace { +namespace pb = arrow::flight::protocol; + +struct ClientRpc { + ::grpc::ClientContext context; + + explicit ClientRpc(const FlightCallOptions& options) { + if (options.timeout.count() >= 0) { + std::chrono::system_clock::time_point deadline = + std::chrono::time_point_cast<std::chrono::system_clock::time_point::duration>( + std::chrono::system_clock::now() + options.timeout); + context.set_deadline(deadline); + } + for (auto header : options.headers) { + context.AddMetadata(header.first, header.second); + } + } + + /// \brief Add an auth token via an auth handler + Status SetToken(ClientAuthHandler* auth_handler) { + if (auth_handler) { + std::string token; + RETURN_NOT_OK(auth_handler->GetToken(&token)); + context.AddMetadata(internal::kGrpcAuthHeader, token); + } + return Status::OK(); + } +}; + +class GrpcAddClientHeaders : public AddCallHeaders { + public: + explicit GrpcAddClientHeaders(std::multimap<::grpc::string, ::grpc::string>* metadata) + : metadata_(metadata) {} + ~GrpcAddClientHeaders() override = default; + + void AddHeader(const std::string& key, const std::string& value) override { + metadata_->insert(std::make_pair(key, value)); + } + + private: + std::multimap<::grpc::string, ::grpc::string>* metadata_; +}; + +class GrpcClientInterceptorAdapter : public ::grpc::experimental::Interceptor { + public: + explicit GrpcClientInterceptorAdapter( + std::vector<std::unique_ptr<ClientMiddleware>> middleware) + : middleware_(std::move(middleware)), received_headers_(false) {} + + void Intercept(::grpc::experimental::InterceptorBatchMethods* methods) { + using InterceptionHookPoints = ::grpc::experimental::InterceptionHookPoints; + if (methods->QueryInterceptionHookPoint( + InterceptionHookPoints::PRE_SEND_INITIAL_METADATA)) { + GrpcAddClientHeaders add_headers(methods->GetSendInitialMetadata()); + for (const auto& middleware : middleware_) { + middleware->SendingHeaders(&add_headers); + } + } + + if (methods->QueryInterceptionHookPoint( + InterceptionHookPoints::POST_RECV_INITIAL_METADATA)) { + if (!methods->GetRecvInitialMetadata()->empty()) { + ReceivedHeaders(*methods->GetRecvInitialMetadata()); + } + } + + if (methods->QueryInterceptionHookPoint(InterceptionHookPoints::POST_RECV_STATUS)) { + DCHECK_NE(nullptr, methods->GetRecvStatus()); + DCHECK_NE(nullptr, methods->GetRecvTrailingMetadata()); + ReceivedHeaders(*methods->GetRecvTrailingMetadata()); + const Status status = internal::FromGrpcStatus(*methods->GetRecvStatus()); + for (const auto& middleware : middleware_) { + middleware->CallCompleted(status); + } + } + + methods->Proceed(); + } + + private: + void ReceivedHeaders( + const std::multimap<::grpc::string_ref, ::grpc::string_ref>& metadata) { + if (received_headers_) { + return; + } + received_headers_ = true; + CallHeaders headers; + for (const auto& entry : metadata) { + headers.insert({util::string_view(entry.first.data(), entry.first.length()), + util::string_view(entry.second.data(), entry.second.length())}); + } + for (const auto& middleware : middleware_) { + middleware->ReceivedHeaders(headers); + } + } + + std::vector<std::unique_ptr<ClientMiddleware>> middleware_; + // When communicating with a gRPC-Java server, the server may not + // send back headers if the call fails right away. Instead, the + // headers will be consolidated into the trailers. We don't want to + // call the client middleware callback twice, so instead track + // whether we saw headers - if not, then we need to check trailers. + bool received_headers_; +}; + +class GrpcClientInterceptorAdapterFactory + : public ::grpc::experimental::ClientInterceptorFactoryInterface { + public: + GrpcClientInterceptorAdapterFactory( + std::vector<std::shared_ptr<ClientMiddlewareFactory>> middleware) + : middleware_(middleware) {} + + ::grpc::experimental::Interceptor* CreateClientInterceptor( + ::grpc::experimental::ClientRpcInfo* info) override { + std::vector<std::unique_ptr<ClientMiddleware>> middleware; + + FlightMethod flight_method = FlightMethod::Invalid; + util::string_view method(info->method()); + if (method.ends_with("/Handshake")) { + flight_method = FlightMethod::Handshake; + } else if (method.ends_with("/ListFlights")) { + flight_method = FlightMethod::ListFlights; + } else if (method.ends_with("/GetFlightInfo")) { + flight_method = FlightMethod::GetFlightInfo; + } else if (method.ends_with("/GetSchema")) { + flight_method = FlightMethod::GetSchema; + } else if (method.ends_with("/DoGet")) { + flight_method = FlightMethod::DoGet; + } else if (method.ends_with("/DoPut")) { + flight_method = FlightMethod::DoPut; + } else if (method.ends_with("/DoExchange")) { + flight_method = FlightMethod::DoExchange; + } else if (method.ends_with("/DoAction")) { + flight_method = FlightMethod::DoAction; + } else if (method.ends_with("/ListActions")) { + flight_method = FlightMethod::ListActions; + } else { + DCHECK(false) << "Unknown Flight method: " << info->method(); + } + + const CallInfo flight_info{flight_method}; + for (auto& factory : middleware_) { + std::unique_ptr<ClientMiddleware> instance; + factory->StartCall(flight_info, &instance); + if (instance) { + middleware.push_back(std::move(instance)); + } + } + return new GrpcClientInterceptorAdapter(std::move(middleware)); + } + + private: + std::vector<std::shared_ptr<ClientMiddlewareFactory>> middleware_; +}; + +class GrpcClientAuthSender : public ClientAuthSender { + public: + explicit GrpcClientAuthSender( + std::shared_ptr< + ::grpc::ClientReaderWriter<pb::HandshakeRequest, pb::HandshakeResponse>> + stream) + : stream_(stream) {} + + Status Write(const std::string& token) override { + pb::HandshakeRequest response; + response.set_payload(token); + if (stream_->Write(response)) { + return Status::OK(); + } + return internal::FromGrpcStatus(stream_->Finish()); + } + + private: + std::shared_ptr<::grpc::ClientReaderWriter<pb::HandshakeRequest, pb::HandshakeResponse>> + stream_; +}; + +class GrpcClientAuthReader : public ClientAuthReader { + public: + explicit GrpcClientAuthReader( + std::shared_ptr< + ::grpc::ClientReaderWriter<pb::HandshakeRequest, pb::HandshakeResponse>> + stream) + : stream_(stream) {} + + Status Read(std::string* token) override { + pb::HandshakeResponse request; + if (stream_->Read(&request)) { + *token = std::move(*request.mutable_payload()); + return Status::OK(); + } + return internal::FromGrpcStatus(stream_->Finish()); + } + + private: + std::shared_ptr<::grpc::ClientReaderWriter<pb::HandshakeRequest, pb::HandshakeResponse>> + stream_; +}; + +/// \brief The base of the ClientDataStream implementation for gRPC. +template <typename Stream, typename ReadPayload> +class FinishableDataStream : public internal::ClientDataStream { + public: + FinishableDataStream(std::shared_ptr<ClientRpc> rpc, std::shared_ptr<Stream> stream, + std::shared_ptr<MemoryManager> memory_manager) + : rpc_(std::move(rpc)), + stream_(std::move(stream)), + memory_manager_(memory_manager ? std::move(memory_manager) + : CPUDevice::Instance()->default_memory_manager()), + finished_(false) {} + + void TryCancel() override { rpc_->context.TryCancel(); } + + protected: + Status Finish() override { + if (finished_) { + return server_status_; + } + + // Drain the read side, as otherwise gRPC Finish() will hang. We + // only call Finish() when the client closes the writer or the + // reader finishes, so it's OK to assume the client no longer + // wants to read and drain the read side. (If the client wants to + // indicate that it is done writing, but not done reading, it + // should use DoneWriting. + ReadPayload message; + while (internal::ReadPayload(stream_.get(), &message)) { + // Drain the read side to avoid gRPC hanging in Finish() + } + + server_status_ = internal::FromGrpcStatus(stream_->Finish(), &rpc_->context); + if (!server_status_.ok()) { + server_status_ = Status::FromDetailAndArgs( + server_status_.code(), server_status_.detail(), server_status_.message(), + ". gRPC client debug context: ", rpc_->context.debug_error_string()); + } + if (!transport_status_.ok()) { + if (server_status_.ok()) { + server_status_ = transport_status_; + } else { + server_status_ = Status::FromDetailAndArgs( + server_status_.code(), server_status_.detail(), server_status_.message(), + ". gRPC client debug context: ", rpc_->context.debug_error_string(), + ". Additional context: ", transport_status_.ToString()); + } + } + finished_ = true; + + return server_status_; + } + + std::shared_ptr<ClientRpc> rpc_; + std::shared_ptr<Stream> stream_; + std::shared_ptr<MemoryManager> memory_manager_; + bool finished_; + Status server_status_; + // A transport-side error that needs to get combined with the server status + Status transport_status_; +}; + +/// \brief A ClientDataStream implementation for gRPC that manages a +/// mutex to protect from concurrent reads/writes, and drains the +/// read side on finish. +template <typename Stream, typename ReadPayload> +class WritableDataStream : public FinishableDataStream<Stream, ReadPayload> { + public: + using Base = FinishableDataStream<Stream, ReadPayload>; + WritableDataStream(std::shared_ptr<ClientRpc> rpc, std::shared_ptr<Stream> stream, + std::shared_ptr<MemoryManager> memory_manager) + : Base(std::move(rpc), std::move(stream), std::move(memory_manager)), + read_mutex_(), + finish_mutex_(), + done_writing_(false) {} + + Status WritesDone() override { + // This is only used by the writer side of a stream, so it need + // not be protected with a lock. + if (done_writing_) { + return Status::OK(); + } + done_writing_ = true; + if (!stream_->WritesDone()) { + // Error happened, try to close the stream to get more detailed info + return internal::ClientDataStream::Finish(MakeFlightError( + FlightStatusCode::Internal, "Could not flush pending record batches")); + } + return Status::OK(); + } + + protected: + Status Finish() override { + // This may be used concurrently by reader/writer side of a + // stream, so it needs to be protected. + std::lock_guard<std::mutex> guard(finish_mutex_); + + // Now that we're shared between a reader and writer, we need to + // protect ourselves from being called while there's an + // outstanding read. + std::unique_lock<std::mutex> read_guard(read_mutex_, std::try_to_lock); + if (!read_guard.owns_lock()) { + return MakeFlightError(FlightStatusCode::Internal, + "Cannot close stream with pending read operation."); + } + + // Try to flush pending writes. Don't use our WritesDone() to + // avoid recursion. + bool finished_writes = done_writing_ || stream_->WritesDone(); + done_writing_ = true; + + Status st = Base::Finish(); + if (!finished_writes) { + return Status::FromDetailAndArgs( + st.code(), st.detail(), st.message(), + ". Additionally, could not finish writing record batches before closing"); + } + return st; + } + + using Base::stream_; + std::mutex read_mutex_; + std::mutex finish_mutex_; + bool done_writing_; +}; + +class GrpcClientGetStream + : public FinishableDataStream<::grpc::ClientReader<pb::FlightData>, + internal::FlightData> { + public: + using FinishableDataStream::FinishableDataStream; + + bool ReadData(internal::FlightData* data) override { + bool success = internal::ReadPayload(stream_.get(), data); + if (ARROW_PREDICT_FALSE(!success)) return false; + if (data->body) { + auto status = Buffer::ViewOrCopy(data->body, memory_manager_).Value(&data->body); + if (!status.ok()) { + transport_status_ = std::move(status); + return false; + } + } + return true; + } + Status WritesDone() override { return Status::NotImplemented("NYI"); } +}; + +class GrpcClientPutStream + : public WritableDataStream<::grpc::ClientReaderWriter<pb::FlightData, pb::PutResult>, + pb::PutResult> { + public: + using Stream = ::grpc::ClientReaderWriter<pb::FlightData, pb::PutResult>; + GrpcClientPutStream(std::shared_ptr<ClientRpc> rpc, std::shared_ptr<Stream> stream, + std::shared_ptr<MemoryManager> memory_manager) + : WritableDataStream(std::move(rpc), std::move(stream), std::move(memory_manager)) { + } + + bool ReadPutMetadata(std::shared_ptr<Buffer>* out) override { + std::lock_guard<std::mutex> guard(read_mutex_); + pb::PutResult message; + if (stream_->Read(&message)) { + *out = Buffer::FromString(std::move(*message.mutable_app_metadata())); + } else { + // Stream finished + *out = nullptr; + } + return true; + } + arrow::Result<bool> WriteData(const FlightPayload& payload) override { + return internal::WritePayload(payload, this->stream_.get()); + } +}; + +class GrpcClientExchangeStream + : public WritableDataStream< + ::grpc::ClientReaderWriter<pb::FlightData, pb::FlightData>, + internal::FlightData> { + public: + using Stream = ::grpc::ClientReaderWriter<pb::FlightData, pb::FlightData>; + GrpcClientExchangeStream(std::shared_ptr<ClientRpc> rpc, std::shared_ptr<Stream> stream, + std::shared_ptr<MemoryManager> memory_manager) + : WritableDataStream(std::move(rpc), std::move(stream), std::move(memory_manager)) { + } + + bool ReadData(internal::FlightData* data) override { + std::lock_guard<std::mutex> guard(read_mutex_); + bool success = internal::ReadPayload(stream_.get(), data); + if (ARROW_PREDICT_FALSE(!success)) return false; + if (data->body) { + auto status = Buffer::ViewOrCopy(data->body, memory_manager_).Value(&data->body); + if (!status.ok()) { + transport_status_ = std::move(status); + return false; + } + } + return true; + } + arrow::Result<bool> WriteData(const FlightPayload& payload) override { + return internal::WritePayload(payload, this->stream_.get()); + } +}; + +// Dummy self-signed certificate to be used because TlsCredentials +// requires root CA certs, even if you are skipping server +// verification. +#if defined(GRPC_NAMESPACE_FOR_TLS_CREDENTIALS_OPTIONS) +constexpr char kDummyRootCert[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICwzCCAaugAwIBAgIJAM12DOkcaqrhMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV\n" + "BAMTCWxvY2FsaG9zdDAeFw0yMDEwMDcwODIyNDFaFw0zMDEwMDUwODIyNDFaMBQx\n" + "EjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\n" + "ggEBALjJ8KPEpF0P4GjMPrJhjIBHUL0AX9E4oWdgJRCSFkPKKEWzQabTQBikMOhI\n" + "W4VvBMaHEBuECE5OEyrzDRiAO354I4F4JbBfxMOY8NIW0uWD6THWm2KkCzoZRIPW\n" + "yZL6dN+mK6cEH+YvbNuy5ZQGNjGG43tyiXdOCAc4AI9POeTtjdMpbbpR2VY4Ad/E\n" + "oTEiS3gNnN7WIAdgMhCJxjzvPwKszV3f7pwuTHzFMsuHLKr6JeaVUYfbi4DxxC8Z\n" + "k6PF6dLlLf3ngTSLBJyaXP1BhKMvz0TaMK3F0y2OGwHM9J8np2zWjTlNVEzffQZx\n" + "SWMOQManlJGs60xYx9KCPJMZZsMCAwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxo\n" + "b3N0MA0GCSqGSIb3DQEBBQUAA4IBAQC0LrmbcNKgO+D50d/wOc+vhi9K04EZh8bg\n" + "WYAK1kLOT4eShbzqWGV/1EggY4muQ6ypSELCLuSsg88kVtFQIeRilA6bHFqQSj6t\n" + "sqgh2cWsMwyllCtmX6Maf3CLb2ZdoJlqUwdiBdrbIbuyeAZj3QweCtLKGSQzGDyI\n" + "KH7G8nC5d0IoRPiCMB6RnMMKsrhviuCdWbAFHop7Ff36JaOJ8iRa2sSf2OXE8j/5\n" + "obCXCUvYHf4Zw27JcM2AnnQI9VJLnYxis83TysC5s2Z7t0OYNS9kFmtXQbUNlmpS\n" + "doQ/Eu47vWX7S0TXeGziGtbAOKxbHE0BGGPDOAB/jGW/JVbeTiXY\n" + "-----END CERTIFICATE-----\n"; +#endif + +class GrpcClientImpl : public internal::ClientTransport { + public: + static arrow::Result<std::unique_ptr<internal::ClientTransport>> Make() { + return std::unique_ptr<internal::ClientTransport>(new GrpcClientImpl()); + } + + Status Init(const FlightClientOptions& options, const Location& location, + const arrow::internal::Uri& uri) override { + const std::string& scheme = location.scheme(); + + std::stringstream grpc_uri; + std::shared_ptr<::grpc::ChannelCredentials> creds; + if (scheme == kSchemeGrpc || scheme == kSchemeGrpcTcp || scheme == kSchemeGrpcTls) { + grpc_uri << arrow::internal::UriEncodeHost(uri.host()) << ':' << uri.port_text(); + + if (scheme == kSchemeGrpcTls) { + if (options.disable_server_verification) { +#if defined(GRPC_NAMESPACE_FOR_TLS_CREDENTIALS_OPTIONS) + namespace ge = ::GRPC_NAMESPACE_FOR_TLS_CREDENTIALS_OPTIONS; + +#if defined(GRPC_USE_CERTIFICATE_VERIFIER) + // gRPC >= 1.43 + class NoOpCertificateVerifier : public ge::ExternalCertificateVerifier { + public: + bool Verify(ge::TlsCustomVerificationCheckRequest*, + std::function<void(::grpc::Status)>, + ::grpc::Status* sync_status) override { + *sync_status = ::grpc::Status::OK; + return true; // Check done synchronously + } + void Cancel(ge::TlsCustomVerificationCheckRequest*) override {} + }; + auto cert_verifier = + ge::ExternalCertificateVerifier::Create<NoOpCertificateVerifier>(); + +#else // defined(GRPC_USE_CERTIFICATE_VERIFIER) + // gRPC < 1.43 + // A callback to supply to TlsCredentialsOptions that accepts any server + // arguments. + struct NoOpTlsAuthorizationCheck + : public ge::TlsServerAuthorizationCheckInterface { + int Schedule(ge::TlsServerAuthorizationCheckArg* arg) override { + arg->set_success(1); + arg->set_status(GRPC_STATUS_OK); + return 0; + } + }; + auto server_authorization_check = std::make_shared<NoOpTlsAuthorizationCheck>(); + noop_auth_check_ = std::make_shared<ge::TlsServerAuthorizationCheckConfig>( + server_authorization_check); +#endif // defined(GRPC_USE_CERTIFICATE_VERIFIER) + +#if defined(GRPC_USE_TLS_CHANNEL_CREDENTIALS_OPTIONS) + auto certificate_provider = + std::make_shared<::grpc::experimental::StaticDataCertificateProvider>( + kDummyRootCert); +#if defined(GRPC_USE_TLS_CHANNEL_CREDENTIALS_OPTIONS_ROOT_CERTS) + ::grpc::experimental::TlsChannelCredentialsOptions tls_options( + certificate_provider); +#else // defined(GRPC_USE_TLS_CHANNEL_CREDENTIALS_OPTIONS_ROOT_CERTS) + // While gRPC >= 1.36 does not require a root cert (it has a default) + // in practice the path it hardcodes is broken. See grpc/grpc#21655. + ::grpc::experimental::TlsChannelCredentialsOptions tls_options; + tls_options.set_certificate_provider(certificate_provider); +#endif // defined(GRPC_USE_TLS_CHANNEL_CREDENTIALS_OPTIONS_ROOT_CERTS) + tls_options.watch_root_certs(); + tls_options.set_root_cert_name("dummy"); +#if defined(GRPC_USE_CERTIFICATE_VERIFIER) + tls_options.set_certificate_verifier(std::move(cert_verifier)); + tls_options.set_check_call_host(false); + tls_options.set_verify_server_certs(false); +#else // defined(GRPC_USE_CERTIFICATE_VERIFIER) + tls_options.set_server_verification_option( + grpc_tls_server_verification_option::GRPC_TLS_SKIP_ALL_SERVER_VERIFICATION); + tls_options.set_server_authorization_check_config(noop_auth_check_); +#endif // defined(GRPC_USE_CERTIFICATE_VERIFIER) +#elif defined(GRPC_NAMESPACE_FOR_TLS_CREDENTIALS_OPTIONS) + // continues defined(GRPC_USE_TLS_CHANNEL_CREDENTIALS_OPTIONS) + auto materials_config = std::make_shared<ge::TlsKeyMaterialsConfig>(); + materials_config->set_pem_root_certs(kDummyRootCert); + ge::TlsCredentialsOptions tls_options( + GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, + GRPC_TLS_SKIP_ALL_SERVER_VERIFICATION, materials_config, + std::shared_ptr<ge::TlsCredentialReloadConfig>(), noop_auth_check_); +#endif // defined(GRPC_USE_TLS_CHANNEL_CREDENTIALS_OPTIONS) + creds = ge::TlsCredentials(tls_options); +#else // defined(GRPC_NAMESPACE_FOR_TLS_CREDENTIALS_OPTIONS) + return Status::NotImplemented( + "Using encryption with server verification disabled is unsupported. " + "Please use a release of Arrow Flight built with gRPC 1.27 or higher."); +#endif // defined(GRPC_NAMESPACE_FOR_TLS_CREDENTIALS_OPTIONS) + } else { + ::grpc::SslCredentialsOptions ssl_options; + if (!options.tls_root_certs.empty()) { + ssl_options.pem_root_certs = options.tls_root_certs; + } + if (!options.cert_chain.empty()) { + ssl_options.pem_cert_chain = options.cert_chain; + } + if (!options.private_key.empty()) { + ssl_options.pem_private_key = options.private_key; + } + creds = ::grpc::SslCredentials(ssl_options); + } + } else { + creds = ::grpc::InsecureChannelCredentials(); + } + } else if (scheme == kSchemeGrpcUnix) { + grpc_uri << "unix://" << uri.path(); + creds = ::grpc::InsecureChannelCredentials(); + } else { + return Status::NotImplemented("Flight scheme ", scheme, + " is not supported by the gRPC transport"); + } + + ::grpc::ChannelArguments args; + // We can't set the same config value twice, so for values where + // we want to set defaults, keep them in a map and update them; + // then update them all at once + std::unordered_map<std::string, int> default_args; + // Try to reconnect quickly at first, in case the server is still starting up + default_args[GRPC_ARG_INITIAL_RECONNECT_BACKOFF_MS] = 100; + // Receive messages of any size + default_args[GRPC_ARG_MAX_RECEIVE_MESSAGE_LENGTH] = -1; + // Setting this arg enables each client to open it's own TCP connection to server, + // not sharing one single connection, which becomes bottleneck under high load. + default_args[GRPC_ARG_USE_LOCAL_SUBCHANNEL_POOL] = 1; + + if (options.override_hostname != "") { + args.SetSslTargetNameOverride(options.override_hostname); + } + + // Allow setting generic gRPC options. + for (const auto& arg : options.generic_options) { + if (util::holds_alternative<int>(arg.second)) { + default_args[arg.first] = util::get<int>(arg.second); + } else if (util::holds_alternative<std::string>(arg.second)) { + args.SetString(arg.first, util::get<std::string>(arg.second)); + } + // Otherwise unimplemented + } + for (const auto& pair : default_args) { + args.SetInt(pair.first, pair.second); + } + + std::vector<std::unique_ptr<::grpc::experimental::ClientInterceptorFactoryInterface>> + interceptors; + interceptors.emplace_back( + new GrpcClientInterceptorAdapterFactory(std::move(options.middleware))); + + stub_ = pb::FlightService::NewStub( + ::grpc::experimental::CreateCustomChannelWithInterceptors( + grpc_uri.str(), creds, args, std::move(interceptors))); + return Status::OK(); + } + + Status Close() override { + // TODO(ARROW-15473): if we track ongoing RPCs, we can cancel them first + // gRPC does not offer a real Close(). We could reset() the gRPC + // client but that can cause gRPC to hang in shutdown + // (ARROW-15793). + return Status::OK(); + } + + Status Authenticate(const FlightCallOptions& options, + std::unique_ptr<ClientAuthHandler> auth_handler) override { + auth_handler_ = std::move(auth_handler); + ClientRpc rpc(options); + std::shared_ptr< + ::grpc::ClientReaderWriter<pb::HandshakeRequest, pb::HandshakeResponse>> + stream = stub_->Handshake(&rpc.context); + GrpcClientAuthSender outgoing{stream}; + GrpcClientAuthReader incoming{stream}; + RETURN_NOT_OK(auth_handler_->Authenticate(&outgoing, &incoming)); + // Explicitly close our side of the connection + bool finished_writes = stream->WritesDone(); + RETURN_NOT_OK(internal::FromGrpcStatus(stream->Finish(), &rpc.context)); + if (!finished_writes) { + return MakeFlightError(FlightStatusCode::Internal, + "Could not finish writing before closing"); + } + return Status::OK(); + } + + arrow::Result<std::pair<std::string, std::string>> AuthenticateBasicToken( + const FlightCallOptions& options, const std::string& username, + const std::string& password) override { + // Add basic auth headers to outgoing headers. + ClientRpc rpc(options); + internal::AddBasicAuthHeaders(&rpc.context, username, password); + + std::shared_ptr< + ::grpc::ClientReaderWriter<pb::HandshakeRequest, pb::HandshakeResponse>> + stream = stub_->Handshake(&rpc.context); + GrpcClientAuthSender outgoing{stream}; + GrpcClientAuthReader incoming{stream}; Review comment: I think the way it was intended to be used, this is basically "login" and the returned token is configured and passed back via middleware or an auth handler -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
