This avoids the needs to flatten to EAGs for cases like PickFirst,
making the Attributes in EAGs able to be used in communication with
core. See #4302 for some discussion on the topic.
A new RPC starts with the following steps:
1. Pick a READY transport
2. the READY transport calls `transport.newStream()`
3. the new stream calls `stream.start()`
4. `stream.start()` invokes or enqueus `writeHeaders()` (or for GET request, noop)
A racy GOAWAY could happen between 3 and 4, and by the retry spec, the RPC should be transparent-retry-able in this case. For Netty and OkHttp transport implementation, before step 4, (even if step 1, 2, and 3 excluding 4 are made atomic,) the http2-stream for the RPC is not created, so the current transparent retry logic does not apply and need fix.
Of course, if step 1, 2, and 3 including 4 are made atomic, and not with GET, there will be no such problem.
Instead of failing after a a missing A/AAAA record, this change
makes the resolver keep going and try out SRV records too. This
is needed for use with ALTS, and is part of the gRPCLB spec.
This change also moved the JNDI code to a separate, reflectively
loaded file. This makes it easy to exclude the file and not worry
about the missing class references on Android. Additionally, if
javax.naming might be available on Android, this allows it to be
loaded. A key side effect of this is that DnsNameResolver is
smaller, and more cleanly tested.
The motivation here is in some cases we log the remote-addr that is set in the gRPC call attributes, and have to special case this type to support inprocess servers.
We must not include signatures for maven-metadata.xml*, as the file is
a server-maintained index. Avoiding signing the .md5 and .sha1 avoids
signing unnecessary files (which double-excludes some
maven-metadata.xml* files).
We also swap to using ASCII armored output instead of the binary output,
as that's what is appropriate for "asc" files.
Fixes#4574
... with proper CA certificate to fix SSLV3_ALERT_HANDSHAKE_FAILURE in two host with different IPs setup, switch to required client auth to fail on incorrect configuration
This PR adds an automatic gradle format checker and reformats all the *.gradle files. After this, new changes to *.gradle files will fail to build if not in good format, just like checkStyle failure.
This keeps them more secure. Other types of creds are left as-is, snce
we don't quite know if it makes sense to have a similar restriction. (It
likely does make sense, but this is a more precise change for our
needs.)
This is a rollforward of 8e9d4cbe5c
which was rolled back in de95152696
Additional changes that were not in the original commit:
1. Treat null security level as NONE
2. When GoogleCredentials can't be loaded, log it at FINE
Yang Song