Feature Request
Crates
Motivation
There is no way to attach per-stream call credentials (e.g. a bearer token) to the ADS stream. This blocks connecting to credential-gated control planes; GCP Traffic Director, whose bootstrap uses channel_creds: [{ "type": "google_default" }] and requires an Application Default Credentials (ADC) bearer token on the stream, over system-root TLS.
Related specification: gRFC A27 # XdsClient and Bootstrap File
Proposal
Briefly, mirror grpc-go's implementation
More specifically,
- Define
CallCredentials trait type, and let TonicTransportBuilder can take it (eg, with_call_credentials(Arc<dyn CallCredentials>)
- Extend ChannelCredentialType to have
google_default entry to follow gRFC A27.
Alternatives
- To be fully contained for gRFC A27, bring
google_cloud_auth dependency just like grpc-google crate.
Feature Request
Crates
xds-clienttonic-xdsMotivation
There is no way to attach per-stream call credentials (e.g. a bearer token) to the ADS stream. This blocks connecting to credential-gated control planes; GCP Traffic Director, whose bootstrap uses
channel_creds: [{ "type": "google_default" }]and requires an Application Default Credentials (ADC) bearer token on the stream, over system-root TLS.Related specification: gRFC A27 # XdsClient and Bootstrap File
Proposal
Briefly, mirror grpc-go's implementation
More specifically,
CallCredentialstrait type, and letTonicTransportBuildercan take it (eg,with_call_credentials(Arc<dyn CallCredentials>)google_defaultentry to follow gRFC A27.Alternatives
google_cloud_authdependency just like grpc-google crate.