xds: Check name of transport socket received in Cluster response. (#3988)

2020-10-30 09:34:18 -07:00 · 2020-10-30 09:34:18 -07:00 · c8ef9bc957
parent 89faf1c3e8
commit c8ef9bc957
2 changed files with 34 additions and 0 deletions
--- a/xds/internal/client/client_cds_test.go
+++ b/xds/internal/client/client_cds_test.go
@ -201,6 +201,30 @@ func (s) TestValidateClusterWithSecurityConfig(t *testing.T) {
 		wantUpdate ClusterUpdate
 		wantErr    bool
 	}{
 		{
 			name: "transport-socket-unsupported-name",
 			cluster: &v3clusterpb.Cluster{
 				ClusterDiscoveryType: &v3clusterpb.Cluster_Type{Type: v3clusterpb.Cluster_EDS},
 				EdsClusterConfig: &v3clusterpb.Cluster_EdsClusterConfig{
 					EdsConfig: &v3corepb.ConfigSource{
 						ConfigSourceSpecifier: &v3corepb.ConfigSource_Ads{
 							Ads: &v3corepb.AggregatedConfigSource{},
 						},
 					},
 					ServiceName: serviceName,
 				},
 				LbPolicy: v3clusterpb.Cluster_ROUND_ROBIN,
 				TransportSocket: &v3corepb.TransportSocket{
 					Name: "unsupported-foo",
 					ConfigType: &v3corepb.TransportSocket_TypedConfig{
 						TypedConfig: &anypb.Any{
 							TypeUrl: version.V3UpstreamTLSContextURL,
 						},
 					},
 				},
 			},
 			wantErr: true,
 		},
 		{
 			name: "transport-socket-unsupported-typeURL",
 			cluster: &v3clusterpb.Cluster{
@ -298,6 +322,7 @@ func (s) TestValidateClusterWithSecurityConfig(t *testing.T) {
 				},
 				LbPolicy: v3clusterpb.Cluster_ROUND_ROBIN,
 				TransportSocket: &v3corepb.TransportSocket{
 					Name: "envoy.transport_sockets.tls",
 					ConfigType: &v3corepb.TransportSocket_TypedConfig{
 						TypedConfig: &anypb.Any{
 							TypeUrl: version.V3UpstreamTLSContextURL,
@ -342,6 +367,7 @@ func (s) TestValidateClusterWithSecurityConfig(t *testing.T) {
 				},
 				LbPolicy: v3clusterpb.Cluster_ROUND_ROBIN,
 				TransportSocket: &v3corepb.TransportSocket{
 					Name: "envoy.transport_sockets.tls",
 					ConfigType: &v3corepb.TransportSocket_TypedConfig{
 						TypedConfig: &anypb.Any{
 							TypeUrl: version.V3UpstreamTLSContextURL,
@ -392,6 +418,7 @@ func (s) TestValidateClusterWithSecurityConfig(t *testing.T) {
 				},
 				LbPolicy: v3clusterpb.Cluster_ROUND_ROBIN,
 				TransportSocket: &v3corepb.TransportSocket{
 					Name: "envoy.transport_sockets.tls",
 					ConfigType: &v3corepb.TransportSocket_TypedConfig{
 						TypedConfig: &anypb.Any{
 							TypeUrl: version.V3UpstreamTLSContextURL,
--- a/xds/internal/client/client_xds.go
+++ b/xds/internal/client/client_xds.go
@ -259,6 +259,10 @@ func routesProtoToSlice(routes []*v3routepb.Route, logger *grpclog.PrefixLogger)
 	return routesRet, nil
 }
 // TransportSocket proto message has a `name` field which is expected to be set
 // to this value by the management server.
 const transportSocketName = "envoy.transport_sockets.tls"
 // UnmarshalCluster processes resources received in an CDS response, validates
 // them, and transforms them into a native struct which contains only fields we
 // are interested in.
@ -322,6 +326,9 @@ func securityConfigFromCluster(cluster *v3clusterpb.Cluster) (*SecurityConfig, e
 	if ts == nil {
 		return nil, nil
 	}
 	if name := ts.GetName(); name != transportSocketName {
 		return nil, fmt.Errorf("xds: transport_socket field has unexpected name: %s", name)
 	}
 	any := ts.GetTypedConfig()
 	if any == nil || any.TypeUrl != version.V3UpstreamTLSContextURL {
 		return nil, fmt.Errorf("xds: transport_socket field has unexpected typeURL: %s", any.TypeUrl)