grpc
/
grpc-go
mirror of https://github.com/grpc/grpc-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

xds/client: Export a method to return bootstrap config. (#4033)

This commit is contained in:
Easwar Swaminathan 2020-11-17 13:31:38 -08:00 committed by GitHub
parent b88744b832
commit f5c42ca714
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 32 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
xds/internal/balancer/cdsbalancer/cdsbalancer.go
View File

@ -35,6 +35,7 @@ import (
"google.golang.org/grpc/resolver" "google.golang.org/grpc/resolver"
"google.golang.org/grpc/serviceconfig" "google.golang.org/grpc/serviceconfig"
"google.golang.org/grpc/xds/internal/balancer/edsbalancer" "google.golang.org/grpc/xds/internal/balancer/edsbalancer"
"google.golang.org/grpc/xds/internal/client/bootstrap"
xdsinternal "google.golang.org/grpc/xds/internal" xdsinternal "google.golang.org/grpc/xds/internal"
xdsclient "google.golang.org/grpc/xds/internal/client" xdsclient "google.golang.org/grpc/xds/internal/client"
@ -131,7 +132,7 @@ func (cdsBB) ParseConfig(c json.RawMessage) (serviceconfig.LoadBalancingConfig,
// the cdsBalancer. This will be faked out in unittests. // the cdsBalancer. This will be faked out in unittests.
type xdsClientInterface interface { type xdsClientInterface interface {
WatchCluster(string, func(xdsclient.ClusterUpdate, error)) func() WatchCluster(string, func(xdsclient.ClusterUpdate, error)) func()
CertProviderConfigs() map[string]*certprovider.BuildableConfig BootstrapConfig() *bootstrap.Config
Close() Close()
} }
@ -241,13 +242,14 @@ func (b *cdsBalancer) handleSecurityConfig(config *xdsclient.SecurityConfig) err
return nil return nil
} }
cpc := b.xdsClient.CertProviderConfigs() bc := b.xdsClient.BootstrapConfig()
if cpc == nil { if bc == nil || bc.CertProviderConfigs == nil {
// Bootstrap did not find any certificate provider configs, but the user // Bootstrap did not find any certificate provider configs, but the user
// has specified xdsCredentials and the management server has sent down // has specified xdsCredentials and the management server has sent down
// security configuration. // security configuration.
return errors.New("xds: certificate_providers config missing in bootstrap file") return errors.New("xds: certificate_providers config missing in bootstrap file")
} }
cpc := bc.CertProviderConfigs
// A root provider is required whether we are using TLS or mTLS. // A root provider is required whether we are using TLS or mTLS.
rootProvider, err := buildProvider(cpc, config.RootInstanceName, config.RootCertName, false, true) rootProvider, err := buildProvider(cpc, config.RootInstanceName, config.RootCertName, false, true)

25
xds/internal/balancer/cdsbalancer/cdsbalancer_security_test.go
View File

@ -31,6 +31,7 @@ import (
"google.golang.org/grpc/internal/testutils" "google.golang.org/grpc/internal/testutils"
"google.golang.org/grpc/resolver" "google.golang.org/grpc/resolver"
xdsclient "google.golang.org/grpc/xds/internal/client" xdsclient "google.golang.org/grpc/xds/internal/client"
"google.golang.org/grpc/xds/internal/client/bootstrap"
xdstestutils "google.golang.org/grpc/xds/internal/testutils" xdstestutils "google.golang.org/grpc/xds/internal/testutils"
"google.golang.org/grpc/xds/internal/testutils/fakeclient" "google.golang.org/grpc/xds/internal/testutils/fakeclient"
) )
@ -43,7 +44,7 @@ const (
var ( var (
fpb1, fpb2 *fakeProviderBuilder fpb1, fpb2 *fakeProviderBuilder
bootstrapCertProviderConfigs map[string]*certprovider.BuildableConfig bootstrapConfig *bootstrap.Config
cdsUpdateWithGoodSecurityCfg = xdsclient.ClusterUpdate{ cdsUpdateWithGoodSecurityCfg = xdsclient.ClusterUpdate{
ServiceName: serviceName, ServiceName: serviceName,
SecurityCfg: &xdsclient.SecurityConfig{ SecurityCfg: &xdsclient.SecurityConfig{
@ -64,9 +65,11 @@ func init() {
fpb2 = &fakeProviderBuilder{name: fakeProvider2Name} fpb2 = &fakeProviderBuilder{name: fakeProvider2Name}
cfg1, _ := fpb1.ParseConfig(fakeConfig + "1111") cfg1, _ := fpb1.ParseConfig(fakeConfig + "1111")
cfg2, _ := fpb2.ParseConfig(fakeConfig + "2222") cfg2, _ := fpb2.ParseConfig(fakeConfig + "2222")
bootstrapCertProviderConfigs = map[string]*certprovider.BuildableConfig{ bootstrapConfig = &bootstrap.Config{
"default1": cfg1, CertProviderConfigs: map[string]*certprovider.BuildableConfig{
"default2": cfg2, "default1": cfg1,
"default2": cfg2,
},
} }
certprovider.Register(fpb1) certprovider.Register(fpb1)
certprovider.Register(fpb2) certprovider.Register(fpb2)
@ -326,7 +329,7 @@ func (s) TestSecurityConfigNotFoundInBootstrap(t *testing.T) {
if i == 0 { if i == 0 {
// Set the bootstrap config used by the fake client. // Set the bootstrap config used by the fake client.
xdsC.SetCertProviderConfigs(bootstrapCertProviderConfigs) xdsC.SetBootstrapConfig(bootstrapConfig)
} }
// Here we invoke the watch callback registered on the fake xdsClient. A bad // Here we invoke the watch callback registered on the fake xdsClient. A bad
@ -373,7 +376,7 @@ func (s) TestCertproviderStoreError(t *testing.T) {
defer func() { buildProvider = origBuildProvider }() defer func() { buildProvider = origBuildProvider }()
// Set the bootstrap config used by the fake client. // Set the bootstrap config used by the fake client.
xdsC.SetCertProviderConfigs(bootstrapCertProviderConfigs) xdsC.SetBootstrapConfig(bootstrapConfig)
// Here we invoke the watch callback registered on the fake xdsClient. Even // Here we invoke the watch callback registered on the fake xdsClient. Even
// though the received update is good, the certprovider.Store is configured // though the received update is good, the certprovider.Store is configured
@ -409,7 +412,7 @@ func (s) TestSecurityConfigUpdate_BadToGood(t *testing.T) {
}() }()
// Set the bootstrap config used by the fake client. // Set the bootstrap config used by the fake client.
xdsC.SetCertProviderConfigs(bootstrapCertProviderConfigs) xdsC.SetBootstrapConfig(bootstrapConfig)
// Here we invoke the watch callback registered on the fake xdsClient. A bad // Here we invoke the watch callback registered on the fake xdsClient. A bad
// security config is passed here. So, we expect the CDS balancer to not // security config is passed here. So, we expect the CDS balancer to not
@ -465,7 +468,7 @@ func (s) TestGoodSecurityConfig(t *testing.T) {
}() }()
// Set the bootstrap config used by the fake client. // Set the bootstrap config used by the fake client.
xdsC.SetCertProviderConfigs(bootstrapCertProviderConfigs) xdsC.SetBootstrapConfig(bootstrapConfig)
// Here we invoke the watch callback registered on the fake xdsClient. This // Here we invoke the watch callback registered on the fake xdsClient. This
// will trigger the watch handler on the CDS balancer, which will attempt to // will trigger the watch handler on the CDS balancer, which will attempt to
@ -496,7 +499,7 @@ func (s) TestSecurityConfigUpdate_GoodToFallback(t *testing.T) {
}() }()
// Set the bootstrap config used by the fake client. // Set the bootstrap config used by the fake client.
xdsC.SetCertProviderConfigs(bootstrapCertProviderConfigs) xdsC.SetBootstrapConfig(bootstrapConfig)
// Here we invoke the watch callback registered on the fake xdsClient. This // Here we invoke the watch callback registered on the fake xdsClient. This
// will trigger the watch handler on the CDS balancer, which will attempt to // will trigger the watch handler on the CDS balancer, which will attempt to
@ -546,7 +549,7 @@ func (s) TestSecurityConfigUpdate_GoodToBad(t *testing.T) {
}() }()
// Set the bootstrap config used by the fake client. // Set the bootstrap config used by the fake client.
xdsC.SetCertProviderConfigs(bootstrapCertProviderConfigs) xdsC.SetBootstrapConfig(bootstrapConfig)
// Here we invoke the watch callback registered on the fake xdsClient. This // Here we invoke the watch callback registered on the fake xdsClient. This
// will trigger the watch handler on the CDS balancer, which will attempt to // will trigger the watch handler on the CDS balancer, which will attempt to
@ -617,7 +620,7 @@ func (s) TestSecurityConfigUpdate_GoodToGood(t *testing.T) {
defer func() { buildProvider = origBuildProvider }() defer func() { buildProvider = origBuildProvider }()
// Set the bootstrap config used by the fake client. // Set the bootstrap config used by the fake client.
xdsC.SetCertProviderConfigs(bootstrapCertProviderConfigs) xdsC.SetBootstrapConfig(bootstrapConfig)
// Here we invoke the watch callback registered on the fake xdsClient. This // Here we invoke the watch callback registered on the fake xdsClient. This
// will trigger the watch handler on the CDS balancer, which will attempt to // will trigger the watch handler on the CDS balancer, which will attempt to

11
xds/internal/client/client.go
View File

@ -30,7 +30,7 @@ import (
v2corepb "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" v2corepb "github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
v3corepb "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" v3corepb "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
"github.com/golang/protobuf/proto" "github.com/golang/protobuf/proto"
"google.golang.org/grpc/credentials/tls/certprovider"
"google.golang.org/grpc/xds/internal/client/load" "google.golang.org/grpc/xds/internal/client/load"
"google.golang.org/grpc" "google.golang.org/grpc"
@ -390,11 +390,10 @@ func newWithConfig(config *bootstrap.Config, watchExpiryTimeout time.Duration) (
return c, nil return c, nil
} }
// CertProviderConfigs returns the certificate provider configuration from the // BootstrapConfig returns the configuration read from the bootstrap file.
// "certificate_providers" field of the bootstrap file. The key in the returned // Callers must treat the return value as read-only.
// map is the plugin_instance_name. Callers must not modify the returned map. func (c *Client) BootstrapConfig() *bootstrap.Config {
func (c *Client) CertProviderConfigs() map[string]*certprovider.BuildableConfig { return c.config
return c.config.CertProviderConfigs
} }
// run is a goroutine for all the callbacks. // run is a goroutine for all the callbacks.

16
xds/internal/testutils/fakeclient/client.go
View File

@ -22,9 +22,9 @@ package fakeclient
import ( import (
"context" "context"
"google.golang.org/grpc/credentials/tls/certprovider"
"google.golang.org/grpc/internal/testutils" "google.golang.org/grpc/internal/testutils"
xdsclient "google.golang.org/grpc/xds/internal/client" xdsclient "google.golang.org/grpc/xds/internal/client"
"google.golang.org/grpc/xds/internal/client/bootstrap"
"google.golang.org/grpc/xds/internal/client/load" "google.golang.org/grpc/xds/internal/client/load"
) )
@ -43,7 +43,7 @@ type Client struct {
loadReportCh *testutils.Channel loadReportCh *testutils.Channel
closeCh *testutils.Channel closeCh *testutils.Channel
loadStore *load.Store loadStore *load.Store
certConfigs map[string]*certprovider.BuildableConfig bootstrapCfg *bootstrap.Config
ldsCb func(xdsclient.ListenerUpdate, error) ldsCb func(xdsclient.ListenerUpdate, error)
rdsCb func(xdsclient.RouteConfigUpdate, error) rdsCb func(xdsclient.RouteConfigUpdate, error)
@ -223,14 +223,14 @@ func (xdsC *Client) WaitForClose(ctx context.Context) error {
return err return err
} }
// CertProviderConfigs returns the configured certificate provider configs. // BootstrapConfig returns the bootstrap config.
func (xdsC *Client) CertProviderConfigs() map[string]*certprovider.BuildableConfig { func (xdsC *Client) BootstrapConfig() *bootstrap.Config {
return xdsC.certConfigs return xdsC.bootstrapCfg
} }
// SetCertProviderConfigs updates the certificate provider configs. // SetBootstrapConfig updates the bootstrap config.
func (xdsC *Client) SetCertProviderConfigs(configs map[string]*certprovider.BuildableConfig) { func (xdsC *Client) SetBootstrapConfig(cfg *bootstrap.Config) {
xdsC.certConfigs = configs xdsC.bootstrapCfg = cfg
} }
// Name returns the name of the xds client. // Name returns the name of the xds client.