Skip to content

credentials: Allow net.Pipe with credentials/local #8603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

credentials: Allow net.Pipe with credentials/local #8603

wants to merge 3 commits into from

Conversation

Ongy
Copy link

@Ongy Ongy commented Sep 23, 2025
edited
Loading

net.Pipe is a go standard library abstraction to create in-process an in-process connected pair of net.Conn.
Using a specialized net.Listener and WithContextDialer this allows to create an in-process grpc Server/Client pair without an OS based roundtrip.

This is mainly useful in testing setups, where it avoids using a global (albeit plentyful) resoure.
Additionally, this will allow using the testing/synctest functionality once it becomes stable, since it handles net.Pipe but cannot deal with real networked connections.

It also provides an efficient self-connection that preserves utility features with grpc like the opentelemetry integration for setups that can be both micro-service oriented or in self-contained monoliths.

RELEASE NOTES:

  • credentials: Allow using net.Pipe based connections with credentials/local authorization.

@Ongy
credentials: Allow net.Pipe with credentials/local
2062bcd 
net.Pipe is a go standard library abstraction to create in-process an
in-process connected pair of net.Conn.
Using a specialized net.Listener and WithContextDialier this allows to
create an in-process grpc Server/Client pair without an OS based
roundtrip.

RELEASE NOTES:
* credentials: Allow using net.Pipe basec connections with
  credentials/local authorization.
@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Sep 23, 2025
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@codecov Codecov
Copy link

codecov bot commented Sep 23, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.12%. Comparing base (7235bb7) to head (58a2a60).
⚠️ Report is 12 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #8603      +/-   ##
==========================================
+ Coverage   81.86%   82.12%   +0.25%     
==========================================
  Files         415      415              
  Lines       40694    40699       +5     
==========================================
+ Hits        33316    33423     +107     
+ Misses       5993     5893     -100     
+ Partials     1385     1383       -2
Files with missing lines Coverage Δ
credentials/local/local.go 82.92% <100.00%> (+6.00%) ⬆️

... and 26 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@easwars easwars added Type: Feature New features or improvements in behavior Area: Auth Includes regular credentials API and implementation. Also includes advancedtls, authz, rbac etc. labels Sep 23, 2025
@easwars easwars added this to the 1.77 Release milestone Sep 23, 2025
@easwars
Copy link
Contributor

easwars commented Sep 23, 2025

@matthewstevenson88 : Could you please help review this from the security team's pov. Thanks.

easwars
easwars reviewed Sep 23, 2025
View reviewed changes
@matthewstevenson88
Copy link
Contributor

Redirecting review to @gtcooke94.

@matthewstevenson88 matthewstevenson88 requested review from gtcooke94 and removed request for matthewstevenson88 September 23, 2025 19:13
@gtcooke94
Copy link
Contributor

Can you add some description for an example use case? Also, maybe an integration test showing this usage?

@easwars easwars assigned Ongy and unassigned Ongy, gtcooke94 and easwars Sep 25, 2025
@Ongy
Copy link
Author

Ongy commented Sep 25, 2025

I added some description pointing out the 3 aspects that lead me down this route.

  • silly purity
  • reading about synctest
  • We do have self-connecting services that currently use the loopback itnerface for both tests and production workloads that can avoid exposing themselves to everyone.

@Ongy
Copy link
Author

Ongy commented Sep 25, 2025

I'll see if I can figure out how to cleanly add some integration test.

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 1, 2025

This PR is labeled as requiring an update from the reporter, and no update has been received after 6 days. If no update is provided in the next 7 days, this issue will be automatically closed.

@github-actions github-actions bot added stale and removed stale labels Oct 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@easwars easwars easwars left review comments

@gtcooke94 gtcooke94 Awaiting requested review from gtcooke94

At least 1 approving review is required to merge this pull request.

Assignees

@Ongy Ongy

Labels
Area: Auth Includes regular credentials API and implementation. Also includes advancedtls, authz, rbac etc. Status: Requires Reporter Clarification Type: Feature New features or improvements in behavior
Projects
None yet
Milestone
1.77 Release
Development

Successfully merging this pull request may close these issues.
4 participants
@Ongy @easwars @matthewstevenson88 @gtcooke94