[TokenFetcherCredentials] add backoff and pre-fetching (grpc#37531)

This adds functionality that is intended to be used for the new GcpServiceAccountIdentityCallCredentials implementation, as per gRFC A83 (grpc/proposal#438). However, it is also a useful improvement for all token-fetching call credentials types, so I am adding it to the base class. Closes grpc#37531 COPYBARA_INTEGRATE_REVIEW=grpc#37531 from markdroth:token_fetcher_call_creds_prefetch_and_backoff 0fcdb48 PiperOrigin-RevId: 666809903
sourabhsinghs · Sep 26, 2024 · d7da0c5 · d7da0c5
1 parent d15f6ee
commit d7da0c5
Show file tree

Hide file tree

Showing 12 changed files with 638 additions and 89 deletions.
diff --git a/doc/trace_flags.md b/doc/trace_flags.md
diff --git a/src/core/BUILD b/src/core/BUILD
@@ -4335,14 +4335,17 @@ grpc_cc_library(
     deps = [
         "arena_promise",
         "context",
+        "default_event_engine",
         "metadata",
         "poll",
         "pollset_set",
         "ref_counted",
         "time",
         "useful",
+        "//:backoff",
         "//:gpr",
         "//:grpc_security_base",
+        "//:grpc_trace",
         "//:httpcli",
         "//:iomgr",
         "//:orphanable",
@@ -4436,7 +4439,6 @@ grpc_cc_library(
     language = "c++",
     deps = [
         "closure",
-        "default_event_engine",
         "env",
         "error",
         "error_utils",

diff --git a/src/core/lib/debug/trace_flags.cc b/src/core/lib/debug/trace_flags.cc
diff --git a/src/core/lib/debug/trace_flags.h b/src/core/lib/debug/trace_flags.h
diff --git a/src/core/lib/debug/trace_flags.yaml b/src/core/lib/debug/trace_flags.yaml
@@ -308,6 +308,9 @@ timer:
 timer_check:
   default: false
   description: more detailed trace of timer logic in grpc internals.
+token_fetcher_credentials:
+  default: false
+  description: Token fetcher call credentials framework, used for (e.g.) oauth2 token fetcher credentials.
 tsi:
   default: false
   description: TSI transport security.

diff --git a/src/core/lib/promise/map.h b/src/core/lib/promise/map.h
@@ -86,7 +86,7 @@ GPR_ATTRIBUTE_ALWAYS_INLINE_FUNCTION auto CheckDelayed(Promise promise) {
       delayed = true;
       return Pending{};
     }
-    return std::make_tuple(r.value(), delayed);
+    return std::make_tuple(std::move(r.value()), delayed);
   };
 }
 

diff --git a/src/core/lib/security/credentials/external/external_account_credentials.cc b/src/core/lib/security/credentials/external/external_account_credentials.cc
@@ -45,7 +45,6 @@
 #include <grpc/support/port_platform.h>
 #include <grpc/support/string_util.h>
 
-#include "src/core/lib/event_engine/default_event_engine.h"
 #include "src/core/lib/gprpp/status_helper.h"
 #include "src/core/lib/security/credentials/credentials.h"
 #include "src/core/lib/security/credentials/external/aws_external_account_credentials.h"
@@ -591,10 +590,7 @@ ExternalAccountCredentials::Create(
 ExternalAccountCredentials::ExternalAccountCredentials(
     Options options, std::vector<std::string> scopes,
     std::shared_ptr<grpc_event_engine::experimental::EventEngine> event_engine)
-    : event_engine_(
-          event_engine == nullptr
-              ? grpc_event_engine::experimental::GetDefaultEventEngine()
-              : std::move(event_engine)),
+    : TokenFetcherCredentials(std::move(event_engine)),
       options_(std::move(options)) {
   if (scopes.empty()) {
     scopes.push_back(GOOGLE_CLOUD_PLATFORM_DEFAULT_SCOPE);

diff --git a/src/core/lib/security/credentials/external/external_account_credentials.h b/src/core/lib/security/credentials/external/external_account_credentials.h
@@ -185,10 +185,6 @@ class ExternalAccountCredentials : public TokenFetcherCredentials {
 
   absl::string_view audience() const { return options_.audience; }
 
-  grpc_event_engine::experimental::EventEngine& event_engine() const {
-    return *event_engine_;
-  }
-
  private:
   OrphanablePtr<FetchRequest> FetchToken(
       Timestamp deadline,
@@ -204,7 +200,6 @@ class ExternalAccountCredentials : public TokenFetcherCredentials {
       Timestamp deadline,
       absl::AnyInvocable<void(absl::StatusOr<std::string>)> on_done) = 0;
 
-  std::shared_ptr<grpc_event_engine::experimental::EventEngine> event_engine_;
   Options options_;
   std::vector<std::string> scopes_;
 };

diff --git a/src/core/lib/security/credentials/external/file_external_account_credentials.cc b/src/core/lib/security/credentials/external/file_external_account_credentials.cc
@@ -26,7 +26,6 @@
 #include <grpc/support/json.h>
 #include <grpc/support/port_platform.h>
 
-#include "src/core/lib/event_engine/default_event_engine.h"
 #include "src/core/lib/gprpp/load_file.h"
 #include "src/core/lib/slice/slice.h"
 #include "src/core/lib/slice/slice_internal.h"