xds: close SslContexrProviderSupplier when the CDS LoadBalancer is shut down to prevent leakage (#8240)

2021-06-07 10:53:57 -07:00 · 2021-06-07 10:53:57 -07:00 · 4209c8d8cc
parent 0c723f7ca9
commit 4209c8d8cc
3 changed files with 22 additions and 2 deletions
--- a/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
+++ b/xds/src/main/java/io/grpc/xds/ClusterImplLoadBalancer.java
@ -153,8 +153,11 @@ final class ClusterImplLoadBalancer extends LoadBalancer {
    }
    if (childLb != null) {
      childLb.shutdown();
+      if (childLbHelper != null) {
+        childLbHelper.updateSslContextProviderSupplier(null);
        childLbHelper = null;
      }
+    }
    if (xdsClient != null) {
      xdsClient = xdsClientPool.returnObject(xdsClient);
    }
--- a/xds/src/main/java/io/grpc/xds/internal/sds/SslContextProviderSupplier.java
+++ b/xds/src/main/java/io/grpc/xds/internal/sds/SslContextProviderSupplier.java
@ -19,6 +19,7 @@ package io.grpc.xds.internal.sds;
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;

+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.MoreObjects;
 import io.grpc.xds.EnvoyServerProtoData.BaseTlsContext;
 import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
@ -100,6 +101,10 @@ public final class SslContextProviderSupplier implements Closeable {
        : tlsContextManager.findOrCreateServerSslContextProvider((DownstreamTlsContext) tlsContext);
  }

+  @VisibleForTesting public boolean isShutdown() {
+    return shutdown;
+  }
+
  /** Called by consumer when tlsContext changes. */
  @Override
  public synchronized void close() {
--- a/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
+++ b/xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java
@ -138,7 +138,9 @@ public class ClusterImplLoadBalancerTest {

  @After
  public void tearDown() {
+    if (loadBalancer != null) {
      loadBalancer.shutdown();
+    }
    assertThat(xdsClientRefs).isEqualTo(0);
    assertThat(downstreamBalancers).isEmpty();
  }
@ -553,11 +555,21 @@ public class ClusterImplLoadBalancerTest {
      SslContextProviderSupplier supplier =
          eag.getAttributes().get(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
      if (enableSecurity) {
+        assertThat(supplier.isShutdown()).isFalse();
        assertThat(supplier.getTlsContext()).isEqualTo(upstreamTlsContext);
      } else {
        assertThat(supplier).isNull();
      }
    }
+    loadBalancer.shutdown();
+    for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
+      SslContextProviderSupplier supplier =
+              eag.getAttributes().get(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
+      if (enableSecurity) {
+        assertThat(supplier.isShutdown()).isTrue();
+      }
+    }
+    loadBalancer = null;
  }

  private void deliverAddressesAndConfig(List<EquivalentAddressGroup> addresses,