Skip to content

Cherry-pick #8536 to v1.77.x #8691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 6, 2025
Merged

Cherry-pick #8536 to v1.77.x #8691

merged 1 commit into from
Nov 6, 2025

Conversation

@arjan-bal
Copy link
Contributor

@arjan-bal arjan-bal commented Nov 3, 2025

Original PR: #8536

RELEASE NOTES:

  • xds: add support for loading a JWT from file and use it as Call Credentials (A97). To enable this feature, set the environment variable GRPC_EXPERIMENTAL_XDS_BOOTSTRAP_CALL_CREDS to true (case insensitive).

@dimpavloff @arjan-bal
xds bootstrap: enable using JWT Call Credentials (part 2 for A97) (gr…
092d6bb 
…pc#8536)

Part two for grpc/proposal#492 (A97), following
grpc#8431 .

What this PR does is:

- update `internal/xds/bootstrap` with support for loading multiple
PerRPCCallCredentials specifed in a new `call_creds` field in the
boostrap file as per A97
- adjust `xds/internal/xdsclient/clientimpl.go`to use the call
credentials when constructing the client
- update `xds/bootstrap` to register the `jwtcreds` call credentials and
make them available if `GRPC_EXPERIMENTAL_XDS_BOOTSTRAP_CALL_CREDS` is
enabled

Relates to istio/istio#53532


RELEASE NOTES:
- xds: add support for loading a JWT from file and use it as Call
Credentials (A97). To enable this feature, set the environment variable
`GRPC_EXPERIMENTAL_XDS_BOOTSTRAP_CALL_CREDS` to `true` (case
insensitive).
@arjan-bal arjan-bal added this to the 1.77 Release milestone Nov 3, 2025
@arjan-bal arjan-bal added Type: Feature New features or improvements in behavior Area: xDS Includes everything xDS related, including LB policies used with xDS. labels Nov 3, 2025
@arjan-bal arjan-bal requested a review from easwars November 3, 2025 12:22
@codecov
Copy link

codecov bot commented Nov 3, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 82.89474% with 13 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.30%. Comparing base (4288cfc) to head (092d6bb).
⚠️ Report is 1 commits behind head on v1.77.x.

Files with missing lines Patch % Lines
internal/xds/bootstrap/bootstrap.go 73.80% 9 Missing and 2 partials ⚠️
internal/xds/bootstrap/jwtcreds/call_creds.go 83.33% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@             Coverage Diff             @@
##           v1.77.x    #8691      +/-   ##
===========================================
- Coverage    83.34%   83.30%   -0.05%     
===========================================
  Files          417      418       +1     
  Lines        32296    32347      +51     
===========================================
+ Hits         26918    26946      +28     
- Misses        4006     4025      +19     
- Partials      1372     1376       +4
Files with missing lines Coverage Δ
internal/xds/xdsclient/clientimpl.go 86.40% <100.00%> (ø)
internal/xds/xdsclient/clientimpl_loadreport.go 76.92% <100.00%> (ø)
xds/bootstrap/bootstrap.go 100.00% <100.00%> (ø)
xds/bootstrap/credentials.go 100.00% <100.00%> (ø)
internal/xds/bootstrap/jwtcreds/call_creds.go 83.33% <83.33%> (ø)
internal/xds/bootstrap/bootstrap.go 66.15% <73.80%> (+0.83%) ⬆️

... and 20 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@easwars
Copy link
Contributor

easwars commented Nov 3, 2025

Do we really need this to be cherrypicked? Is anyone wanting this feature in the upcoming release? Thanks.

@easwars easwars assigned arjan-bal and unassigned easwars Nov 3, 2025
@arjan-bal
Copy link
Contributor Author

arjan-bal commented Nov 4, 2025
edited
Loading

Do we really need this to be cherrypicked? Is anyone wanting this feature in the upcoming release? Thanks.

This change allows Istio users to depend on a tagged gRPC release (instead of a commit hash) for resolving issue istio/istio#53532. We will get a week of internal testing to catch regressions before the 1.77 release, and I don't see any significant harm in including it.

@arjan-bal arjan-bal assigned easwars and unassigned arjan-bal Nov 4, 2025
@easwars easwars assigned arjan-bal and unassigned easwars Nov 4, 2025
@arjan-bal arjan-bal merged commit cadae08 into grpc:v1.77.x Nov 6, 2025
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@easwars easwars easwars approved these changes

Assignees

@arjan-bal arjan-bal

Labels

Area: xDS Includes everything xDS related, including LB policies used with xDS. Type: Feature New features or improvements in behavior

Projects

None yet

Milestone

1.77 Release

Development

Successfully merging this pull request may close these issues.

3 participants

@arjan-bal @easwars @dimpavloff