Adding a method in channel creds to remove any attached call creds.
This will be useful when talking to non-trusted load balancer (balancers
which are not able to impersonate real backends) as these balancers
should not receive bearer tokens.
diff --git a/src/core/lib/security/credentials/composite/composite_credentials.c b/src/core/lib/security/credentials/composite/composite_credentials.c
index 850e41e..d55d00b 100644
--- a/src/core/lib/security/credentials/composite/composite_credentials.c
+++ b/src/core/lib/security/credentials/composite/composite_credentials.c
@@ -242,8 +242,17 @@
return status;
}
+static grpc_channel_credentials *
+composite_channel_duplicate_without_call_credentials(
+ grpc_channel_credentials *creds) {
+ grpc_composite_channel_credentials *c =
+ (grpc_composite_channel_credentials *)creds;
+ return grpc_channel_credentials_ref(c->inner_creds);
+}
+
static grpc_channel_credentials_vtable composite_channel_credentials_vtable = {
- composite_channel_destruct, composite_channel_create_security_connector};
+ composite_channel_destruct, composite_channel_create_security_connector,
+ composite_channel_duplicate_without_call_credentials};
grpc_channel_credentials *grpc_composite_channel_credentials_create(
grpc_channel_credentials *channel_creds, grpc_call_credentials *call_creds,