Review comments #1.

easwars · easwars · commit 628251bbca8f · 2020-06-01T16:27:02.000-07:00
diff --git a/credentials/tls/certprovider/distributor.go b/credentials/tls/certprovider/distributor.go
@@ -20,8 +20,6 @@ package certprovider
 
 import (
 	"context"
-	"crypto/tls"
-	"crypto/x509"
 	"sync"
 
 	"google.golang.org/grpc/internal/grpcsync"
@@ -38,11 +36,13 @@ import (
 //   by the provider.
 // - When users of the provider call Close(), the channel returned by the
 //   Done() method will be closed. So, provider implementations can select on
-//   the channel returned by Done() to perform cleanup work.
+//   the channel returned by Done() to perform cleanup work, or override
+//   Close(), in which case they must invoke Distributor.Close() when the
+//   provider is closed.
 type Distributor struct {
-	mu     sync.Mutex
-	certs  []tls.Certificate
-	roots  *x509.CertPool
+	mu sync.Mutex
+	km *KeyMaterial
+
 	ready  *grpcsync.Event
 	closed *grpcsync.Event
 }
@@ -58,8 +58,7 @@ func NewDistributor() *Distributor {
 // Set updates the key material in the distributor with km.
 func (d *Distributor) Set(km *KeyMaterial) {
 	d.mu.Lock()
-	d.certs = km.Certs
-	d.roots = km.Roots
+	d.km = km
 	d.ready.Fire()
 	d.mu.Unlock()
 }
@@ -70,7 +69,7 @@ func (d *Distributor) Set(km *KeyMaterial) {
 // arrives.
 func (d *Distributor) KeyMaterial(ctx context.Context, opts KeyMaterialOptions) (*KeyMaterial, error) {
 	if d.closed.HasFired() {
-		return nil, ErrProviderClosed
+		return nil, errProviderClosed
 	}
 
 	if d.ready.HasFired() {
@@ -81,15 +80,15 @@ func (d *Distributor) KeyMaterial(ctx context.Context, opts KeyMaterialOptions)
 	case <-ctx.Done():
 		return nil, ctx.Err()
 	case <-d.closed.Done():
-		return nil, ErrProviderClosed
+		return nil, errProviderClosed
 	case <-d.ready.Done():
 		return d.keyMaterial(), nil
 	}
 }
 
 func (d *Distributor) keyMaterial() *KeyMaterial {
 	d.mu.Lock()
-	km := &KeyMaterial{Certs: d.certs, Roots: d.roots}
+	km := d.km
 	d.mu.Unlock()
 	return km
 }
diff --git a/credentials/tls/certprovider/distributor_test.go b/credentials/tls/certprovider/distributor_test.go
@@ -94,12 +94,12 @@ func (s) TestDistributor(t *testing.T) {
 		}
 		proceedCh <- struct{}{}
 
-		// This call to KeyMaterial() should eventually return ErrProviderClosed
+		// This call to KeyMaterial() should eventually return errProviderClosed
 		// error.
 		ctx, cancel = context.WithTimeout(context.Background(), defaultTestTimeout)
 		defer cancel()
 		for {
-			if _, err := dist.KeyMaterial(ctx, KeyMaterialOptions{}); err == ErrProviderClosed {
+			if _, err := dist.KeyMaterial(ctx, KeyMaterialOptions{}); err == errProviderClosed {
 				doneCh := dist.Done()
 				if _, ok := <-doneCh; ok {
 					errCh <- errors.New("distributor done channel not closed")
diff --git a/credentials/tls/certprovider/provider.go b/credentials/tls/certprovider/provider.go
@@ -29,13 +29,12 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
-	"strings"
 )
 
 var (
-	// ErrProviderClosed may be returned from a call to KeyMaterial() when the
+	// errProviderClosed may be returned from a call to KeyMaterial() when the
 	// underlying provider instance is closed.
-	ErrProviderClosed = errors.New("provider instance is closed")
+	errProviderClosed = errors.New("provider instance is closed")
 
 	// m is a map from name to provider builder.
 	m = make(map[string]Builder)
@@ -44,13 +43,13 @@ var (
 // Register registers the provider builder, whose name as returned by its
 // Name() method will be used as the name registered with this builder.
 func Register(b Builder) {
-	m[strings.ToLower(b.Name())] = b
+	m[b.Name()] = b
 }
 
-// Get returns the provider builder registered with the given name.
+// getBuilder returns the provider builder registered with the given name.
 // If no builder is registered with the provided name, nil will be returned.
-func Get(name string) Builder {
-	if b, ok := m[strings.ToLower(name)]; ok {
+func getBuilder(name string) Builder {
+	if b, ok := m[name]; ok {
 		return b
 	}
 	return nil
@@ -64,6 +63,8 @@ type Builder interface {
 	// ParseConfig converts config input in a format specific to individual
 	// implementations and returns an implementation of the StableConfig
 	// interface.
+	// Equivalent configurations should return StableConfig types whose
+	// Canonical() method returns the same output.
 	ParseConfig(interface{}) (StableConfig, error)
 
 	// Name returns the name of providers built by this builder.
diff --git a/credentials/tls/certprovider/store.go b/credentials/tls/certprovider/store.go
@@ -90,7 +90,7 @@ func (ps *Store) GetProvider(key Key) Provider {
 		return wp
 	}
 
-	b := Get(key.Name)
+	b := getBuilder(key.Name)
 	if b == nil {
 		return nil
 	}
diff --git a/credentials/tls/certprovider/store_test.go b/credentials/tls/certprovider/store_test.go
@@ -135,7 +135,7 @@ func makeProvider(t *testing.T, name, config string) (Provider, *fakeProvider) {
 	t.Helper()
 
 	// Grab the provider builder.
-	b := Get(name)
+	b := getBuilder(name)
 	if b == nil {
 		t.Fatalf("no provider builder found for name : %s", name)
 	}
@@ -195,8 +195,8 @@ func (s) TestStoreWithSingleProvider(t *testing.T) {
 	// Close the provider and retry the KeyMaterial() call, and expect it to
 	// fail with a known error.
 	prov.Close()
-	if _, err := prov.KeyMaterial(ctx, KeyMaterialOptions{}); err != ErrProviderClosed {
-		t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, ErrProviderClosed)
+	if _, err := prov.KeyMaterial(ctx, KeyMaterialOptions{}); err != errProviderClosed {
+		t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, errProviderClosed)
 	}
 }
 
@@ -234,8 +234,8 @@ func (s) TestStoreWithSingleProviderWithSharing(t *testing.T) {
 	}
 
 	prov2.Close()
-	if _, err := prov2.KeyMaterial(ctx, KeyMaterialOptions{}); err != ErrProviderClosed {
-		t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, ErrProviderClosed)
+	if _, err := prov2.KeyMaterial(ctx, KeyMaterialOptions{}); err != errProviderClosed {
+		t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, errProviderClosed)
 	}
 }
 
@@ -302,8 +302,8 @@ func (s) TestStoreWithSingleProviderWithoutSharing(t *testing.T) {
 	}
 
 	prov2.Close()
-	if _, err := prov2.KeyMaterial(ctx, KeyMaterialOptions{}); err != ErrProviderClosed {
-		t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, ErrProviderClosed)
+	if _, err := prov2.KeyMaterial(ctx, KeyMaterialOptions{}); err != errProviderClosed {
+		t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, errProviderClosed)
 	}
 }
 
@@ -351,7 +351,7 @@ func (s) TestStoreWithMultipleProviders(t *testing.T) {
 	}
 
 	prov2.Close()
-	if _, err := prov2.KeyMaterial(ctx, KeyMaterialOptions{}); err != ErrProviderClosed {
-		t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, ErrProviderClosed)
+	if _, err := prov2.KeyMaterial(ctx, KeyMaterialOptions{}); err != errProviderClosed {
+		t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, errProviderClosed)
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,7 @@ func (ps *Store) GetProvider(key Key) Provider {`
`90`	`90`	`return wp`
`91`	`91`	`}`
`92`	`92`
`93`		`- b := Get(key.Name)`
	`93`	`+ b := getBuilder(key.Name)`
`94`	`94`	`if b == nil {`
`95`	`95`	`return nil`
`96`	`96`	`}`
Original file line number	Diff line number	Diff line change
`@@ -135,7 +135,7 @@ func makeProvider(t testing.T, name, config string) (Provider, fakeProvider) {`
`135`	`135`	`t.Helper()`
`136`	`136`
`137`	`137`	`// Grab the provider builder.`
`138`		`- b := Get(name)`
	`138`	`+ b := getBuilder(name)`
`139`	`139`	`if b == nil {`
`140`	`140`	`t.Fatalf("no provider builder found for name : %s", name)`
`141`	`141`	`}`
`@@ -195,8 +195,8 @@ func (s) TestStoreWithSingleProvider(t *testing.T) {`
`195`	`195`	`// Close the provider and retry the KeyMaterial() call, and expect it to`
`196`	`196`	`// fail with a known error.`
`197`	`197`	`prov.Close()`
`198`		`- if _, err := prov.KeyMaterial(ctx, KeyMaterialOptions{}); err != ErrProviderClosed {`
`199`		`- t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, ErrProviderClosed)`
	`198`	`+ if _, err := prov.KeyMaterial(ctx, KeyMaterialOptions{}); err != errProviderClosed {`
	`199`	`+ t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, errProviderClosed)`
`200`	`200`	`}`
`201`	`201`	`}`
`202`	`202`
`@@ -234,8 +234,8 @@ func (s) TestStoreWithSingleProviderWithSharing(t *testing.T) {`
`234`	`234`	`}`
`235`	`235`
`236`	`236`	`prov2.Close()`
`237`		`- if _, err := prov2.KeyMaterial(ctx, KeyMaterialOptions{}); err != ErrProviderClosed {`
`238`		`- t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, ErrProviderClosed)`
	`237`	`+ if _, err := prov2.KeyMaterial(ctx, KeyMaterialOptions{}); err != errProviderClosed {`
	`238`	`+ t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, errProviderClosed)`
`239`	`239`	`}`
`240`	`240`	`}`
`241`	`241`
`@@ -302,8 +302,8 @@ func (s) TestStoreWithSingleProviderWithoutSharing(t *testing.T) {`
`302`	`302`	`}`
`303`	`303`
`304`	`304`	`prov2.Close()`
`305`		`- if _, err := prov2.KeyMaterial(ctx, KeyMaterialOptions{}); err != ErrProviderClosed {`
`306`		`- t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, ErrProviderClosed)`
	`305`	`+ if _, err := prov2.KeyMaterial(ctx, KeyMaterialOptions{}); err != errProviderClosed {`
	`306`	`+ t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, errProviderClosed)`
`307`	`307`	`}`
`308`	`308`	`}`
`309`	`309`
`@@ -351,7 +351,7 @@ func (s) TestStoreWithMultipleProviders(t *testing.T) {`
`351`	`351`	`}`
`352`	`352`
`353`	`353`	`prov2.Close()`
`354`		`- if _, err := prov2.KeyMaterial(ctx, KeyMaterialOptions{}); err != ErrProviderClosed {`
`355`		`- t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, ErrProviderClosed)`
	`354`	`+ if _, err := prov2.KeyMaterial(ctx, KeyMaterialOptions{}); err != errProviderClosed {`
	`355`	`+ t.Fatalf("provider.KeyMaterial() = %v, wantErr: %v", err, errProviderClosed)`
`356`	`356`	`}`
`357`	`357`	`}`