[FAB-4002] Upgrade to latest version of grpc-go

There have been many updates to the grpc-go package
since it was vendored in v0.6 and then v1.0.0.

There are several defects / issues related to
inactivity timeouts, connectivity, etc which can
be more easily fixed using new features such as
the client keepalive.

This CR updates grpc-go as well as all of its
dependencies and makes minor updates to the
code where required as well as recompiles all of
the protos using the protobuf compiler plugin
required by this version of grpc-go.

Note that for the updated vendoring, I chose
to delete the old packages and add the
updated ones as govendor is not perfect
when it comes to trying to update packages.

The only "new" code was adding custom server
transport credentials in the comm package as
the default provided by the grpc/credentials
package was changed and breaks the functionality
required for dynamically updating root certs for
running grpc servers and new package config
values for send/receive msg sizes as grpc-go
now enforces them.  Changes were also made
to any grpc clients and servers used in the
code to leverage the new config values.

There is one TODO which is to actually set
the max send/receive msg sizes based on
config.  This will need to be done for
both the peer and the orderer.

Also changed the license header to the new
format for any new or modified files

Change-Id: I41687a54aa21802203b04a339952881349042b70
Signed-off-by: Gari Singh <[email protected]>

Author: mastersingh24

core/comm/config.go

@@ -1,17 +1,7 @@
 /*
-Copyright IBM Corp. 2016 All Rights Reserved.
+Copyright IBM Corp. All Rights Reserved.
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-		 http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+SPDX-License-Identifier: Apache-2.0
 */
 
 package comm
@@ -20,27 +10,21 @@ import (
 	"github.com/spf13/viper"
 )
 
-// Is the configuration cached?
-var configurationCached = false
-
-// Cached values of commonly used configuration constants.
-var tlsEnabled bool
-
-// CacheConfiguration computes and caches commonly-used constants and
-// computed constants as package variables. Routines which were previously
-func CacheConfiguration() (err error) {
-
-	tlsEnabled = viper.GetBool("peer.tls.enabled")
-
-	configurationCached = true
-
-	return
-}
+var (
+	// Is the configuration cached?
+	configurationCached = false
+	// Is TLS enabled
+	tlsEnabled bool
+	// Max send and receive bytes for grpc clients and servers
+	maxRecvMsgSize = 100 * 1024 * 1024
+	maxSendMsgSize = 100 * 1024 * 1024
+)
 
-// cacheConfiguration logs an error if error checks have failed.
+// cacheConfiguration caches common package scoped variables
 func cacheConfiguration() {
-	if err := CacheConfiguration(); err != nil {
-		commLogger.Errorf("Execution continues after CacheConfiguration() failure : %s", err)
+	if !configurationCached {
+		tlsEnabled = viper.GetBool("peer.tls.enabled")
+		configurationCached = true
 	}
 }
 
@@ -51,3 +35,27 @@ func TLSEnabled() bool {
 	}
 	return tlsEnabled
 }
+
+// MaxRecvMsgSize returns the maximum message size in bytes that gRPC clients
+// and servers can receive
+func MaxRecvMsgSize() int {
+	return maxRecvMsgSize
+}
+
+// SetMaxRecvMsgSize sets the maximum message size in bytes that gRPC clients
+// and servers can receive
+func SetMaxRecvMsgSize(size int) {
+	maxRecvMsgSize = size
+}
+
+// MaxSendMsgSize returns the maximum message size in bytes that gRPC clients
+// and servers can send
+func MaxSendMsgSize() int {
+	return maxSendMsgSize
+}
+
+// SetMaxSendMsgSize sets the maximum message size in bytes that gRPC clients
+// and servers can send
+func SetMaxSendMsgSize(size int) {
+	maxSendMsgSize = size
+}

core/comm/config_test.go

@@ -0,0 +1,40 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package comm
+
+import (
+	"testing"
+
+	"github.com/spf13/viper"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestConfig(t *testing.T) {
+	// check the defaults
+	assert.EqualValues(t, maxRecvMsgSize, MaxRecvMsgSize())
+	assert.EqualValues(t, maxSendMsgSize, MaxSendMsgSize())
+	assert.EqualValues(t, false, TLSEnabled())
+	assert.EqualValues(t, true, configurationCached)
+
+	// set send/recv msg sizes
+	size := 10 * 1024 * 1024
+	SetMaxRecvMsgSize(size)
+	SetMaxSendMsgSize(size)
+	assert.EqualValues(t, size, MaxRecvMsgSize())
+	assert.EqualValues(t, size, MaxSendMsgSize())
+
+	// reset cache
+	configurationCached = false
+	viper.Set("peer.tls.enabled", true)
+	assert.EqualValues(t, true, TLSEnabled())
+	// check that value is cached
+	viper.Set("peer.tls.enabled", false)
+	assert.NotEqual(t, false, TLSEnabled())
+	// reset tls
+	configurationCached = false
+	viper.Set("peer.tls.enabled", false)
+}

core/comm/connection.go

@@ -1,17 +1,7 @@
 /*
-Copyright IBM Corp. 2016 All Rights Reserved.
+Copyright IBM Corp. All Rights Reserved.
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-		 http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+SPDX-License-Identifier: Apache-2.0
 */
 
 package comm
@@ -185,6 +175,8 @@ func NewClientConnectionWithAddress(peerAddress string, block bool, tslEnabled b
 	if block {
 		opts = append(opts, grpc.WithBlock())
 	}
+	opts = append(opts, grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(MaxRecvMsgSize()),
+		grpc.MaxCallSendMsgSize(MaxSendMsgSize())))
 	conn, err := grpc.Dial(peerAddress, opts...)
 	if err != nil {
 		return nil, err

core/comm/creds.go

@@ -0,0 +1,77 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package comm
+
+import (
+	"crypto/tls"
+	"errors"
+	"net"
+
+	"golang.org/x/net/context"
+	"google.golang.org/grpc/credentials"
+)
+
+var (
+	ClientHandshakeNotImplError = errors.New("core/comm: Client handshakes" +
+		"are not implemented with serverCreds")
+	OverrrideHostnameNotSupportedError = errors.New(
+		"core/comm: OverrideServerName is " +
+			"not supported")
+	MissingServerConfigError = errors.New(
+		"core/comm: `serverConfig` cannot be nil")
+	// alpnProtoStr are the specified application level protocols for gRPC.
+	alpnProtoStr = []string{"h2"}
+)
+
+// NewServerTransportCredentials returns a new initialized
+// grpc/credentials.TransportCredentials
+func NewServerTransportCredentials(serverConfig *tls.Config) credentials.TransportCredentials {
+	// NOTE: unlike the default grpc/credentials implementation, we do not
+	// clone the tls.Config which allows us to update it dynamically
+	serverConfig.NextProtos = alpnProtoStr
+	return &serverCreds{serverConfig}
+}
+
+// serverCreds is an implementation of grpc/credentials.TransportCredentials.
+type serverCreds struct {
+	serverConfig *tls.Config
+}
+
+// ClientHandShake is not implemented for `serverCreds`.
+func (sc *serverCreds) ClientHandshake(context.Context,
+	string, net.Conn) (net.Conn, credentials.AuthInfo, error) {
+	return nil, nil, ClientHandshakeNotImplError
+}
+
+// ServerHandshake does the authentication handshake for servers.
+func (sc *serverCreds) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error) {
+	conn := tls.Server(rawConn, sc.serverConfig)
+	if err := conn.Handshake(); err != nil {
+		return nil, nil, err
+	}
+	return conn, credentials.TLSInfo{conn.ConnectionState()}, nil
+}
+
+// Info provides the ProtocolInfo of this TransportCredentials.
+func (sc *serverCreds) Info() credentials.ProtocolInfo {
+	return credentials.ProtocolInfo{
+		SecurityProtocol: "tls",
+		SecurityVersion:  "1.2",
+	}
+}
+
+// Clone makes a copy of this TransportCredentials.
+func (sc *serverCreds) Clone() credentials.TransportCredentials {
+	creds := NewServerTransportCredentials(sc.serverConfig)
+	return creds
+}
+
+// OverrideServerName overrides the server name used to verify the hostname
+// on the returned certificates from the server.
+func (sc *serverCreds) OverrideServerName(string) error {
+	return OverrrideHostnameNotSupportedError
+}

core/comm/creds_test.go

@@ -0,0 +1,30 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package comm_test
+
+import (
+	"crypto/tls"
+	"testing"
+
+	"google.golang.org/grpc/credentials"
+
+	"github.com/hyperledger/fabric/core/comm"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCreds(t *testing.T) {
+	var creds credentials.TransportCredentials
+	creds = comm.NewServerTransportCredentials(&tls.Config{})
+	_, _, err := creds.ClientHandshake(nil, "", nil)
+	assert.EqualError(t, err, comm.ClientHandshakeNotImplError.Error())
+	err = creds.OverrideServerName("")
+	assert.EqualError(t, err, comm.OverrrideHostnameNotSupportedError.Error())
+	clone := creds.Clone()
+	assert.Equal(t, creds, clone)
+	assert.Equal(t, "1.2", creds.Info().SecurityVersion)
+	assert.Equal(t, "tls", creds.Info().SecurityProtocol)
+}

core/comm/server.go

@@ -1,17 +1,7 @@
 /*
-Copyright IBM Corp. 2016 All Rights Reserved.
+Copyright IBM Corp. All Rights Reserved.
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-		 http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+SPDX-License-Identifier: Apache-2.0
 */
 
 package comm
@@ -26,7 +16,6 @@ import (
 	"sync"
 
 	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
 )
 
 //A SecureServerConfig structure is used to configure security (e.g. TLS) for a
@@ -168,17 +157,17 @@ func NewGRPCServerFromListener(listener net.Listener, secureConfig SecureServerC
 				}
 			}
 
-			//create credentials
-			creds := credentials.NewTLS(grpcServer.tlsConfig)
-
-			//add to server options
+			// create credentials and add to server options
+			creds := NewServerTransportCredentials(grpcServer.tlsConfig)
 			serverOpts = append(serverOpts, grpc.Creds(creds))
-
 		} else {
 			return nil, errors.New("secureConfig must contain both ServerKey and " +
 				"ServerCertificate when UseTLS is true")
 		}
 	}
+	// set max send and recv msg sizes
+	serverOpts = append(serverOpts, grpc.MaxSendMsgSize(MaxSendMsgSize()))
+	serverOpts = append(serverOpts, grpc.MaxRecvMsgSize(MaxRecvMsgSize()))
 	grpcServer.server = grpc.NewServer(serverOpts...)
 
 	return grpcServer, nil

core/comm/server_test.go

@@ -768,8 +768,7 @@ func TestWithSignedRootCertificates(t *testing.T) {
 	_, err = invokeEmptyCall(testAddress, dialOptions)
 
 	//client should not be able to connect
-	//for now we can only test that we get a timeout error
-	assert.EqualError(t, err, grpc.ErrClientConnTimeout.Error())
+	assert.EqualError(t, err, x509.UnknownAuthorityError{}.Error())
 	t.Logf("assert.EqualError: %s", err.Error())
 
 	//now use the CA certificate
@@ -849,8 +848,7 @@ func TestWithSignedIntermediateCertificates(t *testing.T) {
 	_, err = invokeEmptyCall(testAddress, dialOptions)
 
 	//client should not be able to connect
-	//for now we can only test that we get a timeout error
-	assert.EqualError(t, err, grpc.ErrClientConnTimeout.Error())
+	assert.EqualError(t, err, x509.UnknownAuthorityError{}.Error())
 	t.Logf("assert.EqualError: %s", err.Error())
 
 	//now use the CA certificate

core/comm/testdata/grpc/test.pb.go

@@ -50,7 +50,7 @@ func newConnection() *grpc.ClientConn {
 type balancer struct {
 }
 
-func (*balancer) Start(target string) error {
+func (*balancer) Start(target string, config grpc.BalancerConfig) error {
 	return nil
 }