mirror of https://github.com/grpc/grpc-java.git
xds: replace UpstreamTlsContext with internal definition (#7145)
This commit is contained in:
sanjaypujare
GitHub
parent
3facda0130
commit
ae7a482d9a
|
|
@ -23,7 +23,6 @@ import static io.grpc.xds.XdsLbPolicies.EDS_POLICY_NAME;
|
|||
|
||||
import com.google.common.annotations.VisibleForTesting;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.grpc.EquivalentAddressGroup;
|
||||
import io.grpc.InternalLogId;
|
||||
import io.grpc.LoadBalancer;
|
||||
|
|
@ -36,6 +35,7 @@ import io.grpc.util.ForwardingLoadBalancerHelper;
|
|||
import io.grpc.util.GracefulSwitchLoadBalancer;
|
||||
import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig;
|
||||
import io.grpc.xds.EdsLoadBalancerProvider.EdsConfig;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
import io.grpc.xds.XdsClient.ClusterUpdate;
|
||||
import io.grpc.xds.XdsClient.ClusterWatcher;
|
||||
import io.grpc.xds.XdsLogger.XdsLogLevel;
|
||||
|
|
|
|||
|
|
@ -38,14 +38,60 @@ public final class EnvoyServerProtoData {
|
|||
private EnvoyServerProtoData() {
|
||||
}
|
||||
|
||||
public static final class DownstreamTlsContext {
|
||||
public abstract static class BaseTlsContext {
|
||||
@Nullable protected final CommonTlsContext commonTlsContext;
|
||||
|
||||
public BaseTlsContext(@Nullable CommonTlsContext commonTlsContext) {
|
||||
this.commonTlsContext = commonTlsContext;
|
||||
}
|
||||
|
||||
@Nullable public CommonTlsContext getCommonTlsContext() {
|
||||
return commonTlsContext;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o) {
|
||||
if (this == o) {
|
||||
return true;
|
||||
}
|
||||
if (o == null || !(o instanceof BaseTlsContext)) {
|
||||
return false;
|
||||
}
|
||||
BaseTlsContext that = (BaseTlsContext) o;
|
||||
return Objects.equals(commonTlsContext, that.commonTlsContext);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(commonTlsContext);
|
||||
}
|
||||
}
|
||||
|
||||
public static final class UpstreamTlsContext extends BaseTlsContext {
|
||||
|
||||
@VisibleForTesting
|
||||
UpstreamTlsContext(CommonTlsContext commonTlsContext) {
|
||||
super(commonTlsContext);
|
||||
}
|
||||
|
||||
public static UpstreamTlsContext fromEnvoyProtoUpstreamTlsContext(
|
||||
io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext upstreamTlsContext) {
|
||||
return new UpstreamTlsContext(upstreamTlsContext.getCommonTlsContext());
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "UpstreamTlsContext{" + "commonTlsContext=" + commonTlsContext + '}';
|
||||
}
|
||||
}
|
||||
|
||||
public static final class DownstreamTlsContext extends BaseTlsContext {
|
||||
|
||||
private final CommonTlsContext commonTlsContext;
|
||||
private final boolean requireClientCertificate;
|
||||
|
||||
@VisibleForTesting
|
||||
DownstreamTlsContext(CommonTlsContext commonTlsContext, boolean requireClientCertificate) {
|
||||
this.commonTlsContext = commonTlsContext;
|
||||
super(commonTlsContext);
|
||||
this.requireClientCertificate = requireClientCertificate;
|
||||
}
|
||||
|
||||
|
|
@ -55,10 +101,6 @@ public final class EnvoyServerProtoData {
|
|||
downstreamTlsContext.hasRequireClientCertificate());
|
||||
}
|
||||
|
||||
public CommonTlsContext getCommonTlsContext() {
|
||||
return commonTlsContext;
|
||||
}
|
||||
|
||||
public boolean isRequireClientCertificate() {
|
||||
return requireClientCertificate;
|
||||
}
|
||||
|
|
@ -81,14 +123,16 @@ public final class EnvoyServerProtoData {
|
|||
if (o == null || getClass() != o.getClass()) {
|
||||
return false;
|
||||
}
|
||||
if (!super.equals(o)) {
|
||||
return false;
|
||||
}
|
||||
DownstreamTlsContext that = (DownstreamTlsContext) o;
|
||||
return requireClientCertificate == that.requireClientCertificate
|
||||
&& Objects.equals(commonTlsContext, that.commonTlsContext);
|
||||
return requireClientCertificate == that.requireClientCertificate;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(commonTlsContext, requireClientCertificate);
|
||||
return Objects.hash(super.hashCode(), requireClientCertificate);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -16,51 +16,18 @@
|
|||
|
||||
package io.grpc.xds;
|
||||
|
||||
import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.SdsSecretConfig;
|
||||
import io.envoyproxy.envoy.api.v2.auth.TlsCertificate;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.grpc.Attributes;
|
||||
import io.grpc.Grpc;
|
||||
import io.grpc.Internal;
|
||||
import io.grpc.NameResolver;
|
||||
import io.grpc.internal.ObjectPool;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
|
||||
/**
|
||||
* Special attributes that are only useful to gRPC in the XDS context.
|
||||
*/
|
||||
@Internal
|
||||
public final class XdsAttributes {
|
||||
/**
|
||||
* Attribute key for SdsSecretConfig of a subchannel.
|
||||
*/
|
||||
@Grpc.TransportAttr
|
||||
public static final Attributes.Key<SdsSecretConfig> ATTR_SDS_CONFIG =
|
||||
Attributes.Key.create("io.grpc.xds.XdsAttributes.sdsSecretConfig");
|
||||
|
||||
/**
|
||||
* Attribute key for TlsCertificate of a subchannel.
|
||||
*/
|
||||
@Grpc.TransportAttr
|
||||
public static final Attributes.Key<TlsCertificate> ATTR_TLS_CERTIFICATE =
|
||||
Attributes.Key.create("io.grpc.xds.XdsAttributes.tlsCertificate");
|
||||
|
||||
/**
|
||||
* Attribute key for CertificateValidationContext of a subchannel.
|
||||
*/
|
||||
@Grpc.TransportAttr
|
||||
public static final Attributes.Key<CertificateValidationContext> ATTR_CERT_VALIDATION_CONTEXT =
|
||||
Attributes.Key.create("io.grpc.xds.XdsAttributes.certificateValidationContext");
|
||||
|
||||
/**
|
||||
* Attribute key for CommonTlsContext.
|
||||
*/
|
||||
@Grpc.TransportAttr
|
||||
public static final Attributes.Key<CommonTlsContext> ATTR_COMMON_TLS_CONTEXT =
|
||||
Attributes.Key.create("io.grpc.xds.XdsAttributes.commonTlsContext");
|
||||
|
||||
/**
|
||||
* Attribute key for UpstreamTlsContext (used by client) for subchannel.
|
||||
*/
|
||||
|
|
@ -68,13 +35,6 @@ public final class XdsAttributes {
|
|||
public static final Attributes.Key<UpstreamTlsContext> ATTR_UPSTREAM_TLS_CONTEXT =
|
||||
Attributes.Key.create("io.grpc.xds.XdsAttributes.upstreamTlsContext");
|
||||
|
||||
/**
|
||||
* Attribute key for DownstreamTlsContext (used by server).
|
||||
*/
|
||||
@Grpc.TransportAttr
|
||||
public static final Attributes.Key<DownstreamTlsContext> ATTR_DOWNSTREAM_TLS_CONTEXT =
|
||||
Attributes.Key.create("io.grpc.xds.XdsAttributes.downstreamTlsContext");
|
||||
|
||||
@NameResolver.ResolutionResultAttr
|
||||
static final Attributes.Key<ObjectPool<XdsClient>> XDS_CLIENT_POOL =
|
||||
Attributes.Key.create("io.grpc.xds.XdsAttributes.xdsClientPool");
|
||||
|
|
|
|||
|
|
@ -24,8 +24,6 @@ import com.google.common.base.MoreObjects;
|
|||
import com.google.common.base.Preconditions;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
// TODO(sanjaypujare): remove dependency on envoy data types.
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.grpc.ManagedChannel;
|
||||
import io.grpc.ManagedChannelBuilder;
|
||||
import io.grpc.Status;
|
||||
|
|
@ -38,6 +36,7 @@ import io.grpc.xds.EnvoyProtoData.Locality;
|
|||
import io.grpc.xds.EnvoyProtoData.LocalityLbEndpoints;
|
||||
import io.grpc.xds.EnvoyProtoData.Route;
|
||||
import io.grpc.xds.EnvoyServerProtoData.Listener;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
import io.grpc.xds.XdsLogger.XdsLogLevel;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
|
|
|
|||
|
|
@ -41,7 +41,6 @@ import io.envoyproxy.envoy.api.v2.DiscoveryRequest;
|
|||
import io.envoyproxy.envoy.api.v2.DiscoveryResponse;
|
||||
import io.envoyproxy.envoy.api.v2.Listener;
|
||||
import io.envoyproxy.envoy.api.v2.RouteConfiguration;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.envoyproxy.envoy.api.v2.core.Address;
|
||||
import io.envoyproxy.envoy.api.v2.core.Node;
|
||||
import io.envoyproxy.envoy.api.v2.core.SocketAddress;
|
||||
|
|
@ -64,6 +63,7 @@ import io.grpc.xds.EnvoyProtoData.DropOverload;
|
|||
import io.grpc.xds.EnvoyProtoData.Locality;
|
||||
import io.grpc.xds.EnvoyProtoData.LocalityLbEndpoints;
|
||||
import io.grpc.xds.EnvoyProtoData.StructOrError;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
import io.grpc.xds.LoadReportClient.LoadReportCallback;
|
||||
import io.grpc.xds.XdsLogger.XdsLogLevel;
|
||||
import java.util.ArrayList;
|
||||
|
|
@ -1003,7 +1003,7 @@ final class XdsClientImpl extends XdsClient {
|
|||
}
|
||||
try {
|
||||
UpstreamTlsContext upstreamTlsContext = getTlsContextFromCluster(cluster);
|
||||
if (upstreamTlsContext != null && upstreamTlsContext.hasCommonTlsContext()) {
|
||||
if (upstreamTlsContext != null && upstreamTlsContext.getCommonTlsContext() != null) {
|
||||
updateBuilder.setUpstreamTlsContext(upstreamTlsContext);
|
||||
}
|
||||
} catch (InvalidProtocolBufferException e) {
|
||||
|
|
@ -1077,10 +1077,11 @@ final class XdsClientImpl extends XdsClient {
|
|||
throws InvalidProtocolBufferException {
|
||||
if (cluster.hasTransportSocket() && "tls".equals(cluster.getTransportSocket().getName())) {
|
||||
Any any = cluster.getTransportSocket().getTypedConfig();
|
||||
return UpstreamTlsContext.parseFrom(any.getValue());
|
||||
return UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext(
|
||||
io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext.parseFrom(any.getValue()));
|
||||
}
|
||||
// TODO(sanjaypujare): remove when we move to envoy protos v3
|
||||
return cluster.getTlsContext();
|
||||
return UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext(cluster.getTlsContext());
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -16,12 +16,11 @@
|
|||
|
||||
package io.grpc.xds.internal.sds;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkArgument;
|
||||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
|
||||
import com.google.common.util.concurrent.ThreadFactoryBuilder;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.grpc.xds.Bootstrapper;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
import io.grpc.xds.internal.sds.ReferenceCountingSslContextProviderMap.SslContextProviderFactory;
|
||||
import java.io.IOException;
|
||||
import java.util.concurrent.Executors;
|
||||
|
|
@ -34,8 +33,8 @@ final class ClientSslContextProviderFactory
|
|||
@Override
|
||||
public SslContextProvider createSslContextProvider(UpstreamTlsContext upstreamTlsContext) {
|
||||
checkNotNull(upstreamTlsContext, "upstreamTlsContext");
|
||||
checkArgument(
|
||||
upstreamTlsContext.hasCommonTlsContext(),
|
||||
checkNotNull(
|
||||
upstreamTlsContext.getCommonTlsContext(),
|
||||
"upstreamTlsContext should have CommonTlsContext");
|
||||
if (CommonTlsContextUtil.hasAllSecretsUsingFilename(upstreamTlsContext.getCommonTlsContext())) {
|
||||
return SecretVolumeClientSslContextProvider.getProvider(upstreamTlsContext);
|
||||
|
|
|
|||
|
|
@ -22,9 +22,9 @@ import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext;
|
|||
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext.CombinedCertificateValidationContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.SdsSecretConfig;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.envoyproxy.envoy.api.v2.core.Node;
|
||||
import io.grpc.netty.GrpcSslContexts;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory;
|
||||
import io.netty.handler.ssl.SslContextBuilder;
|
||||
import java.io.IOException;
|
||||
|
|
|
|||
|
|
@ -19,7 +19,6 @@ package io.grpc.xds.internal.sds;
|
|||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
|
||||
import com.google.common.annotations.VisibleForTesting;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.grpc.netty.GrpcHttp2ConnectionHandler;
|
||||
import io.grpc.netty.InternalNettyChannelBuilder;
|
||||
import io.grpc.netty.InternalNettyChannelBuilder.ProtocolNegotiatorFactory;
|
||||
|
|
@ -30,6 +29,7 @@ import io.grpc.netty.InternalProtocolNegotiators;
|
|||
import io.grpc.netty.NettyChannelBuilder;
|
||||
import io.grpc.netty.ProtocolNegotiationEvent;
|
||||
import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
import io.grpc.xds.XdsAttributes;
|
||||
import io.grpc.xds.XdsClientWrapperForServerSds;
|
||||
import io.netty.channel.ChannelHandler;
|
||||
|
|
@ -126,7 +126,7 @@ public final class SdsProtocolNegotiators {
|
|||
}
|
||||
|
||||
private static boolean isTlsContextEmpty(UpstreamTlsContext upstreamTlsContext) {
|
||||
return upstreamTlsContext == null || !upstreamTlsContext.hasCommonTlsContext();
|
||||
return upstreamTlsContext == null || upstreamTlsContext.getCommonTlsContext() == null;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -25,8 +25,8 @@ import com.google.common.annotations.VisibleForTesting;
|
|||
import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.TlsCertificate;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.grpc.netty.GrpcSslContexts;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory;
|
||||
import io.netty.handler.ssl.SslContext;
|
||||
import io.netty.handler.ssl.SslContextBuilder;
|
||||
|
|
|
|||
|
|
@ -21,8 +21,8 @@ import static com.google.common.base.Preconditions.checkState;
|
|||
|
||||
import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory;
|
||||
import io.netty.handler.ssl.ClientAuth;
|
||||
import io.netty.handler.ssl.SslContext;
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
|||
|
||||
/**
|
||||
* A holder of {@link UpstreamTlsContext} or
|
||||
* {@link io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext}.
|
||||
* {@link io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext}.
|
||||
*/
|
||||
public interface TlsContextHolder {
|
||||
|
||||
|
|
|
|||
|
|
@ -16,8 +16,8 @@
|
|||
|
||||
package io.grpc.xds.internal.sds;
|
||||
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
|
||||
public interface TlsContextManager {
|
||||
|
||||
|
|
|
|||
|
|
@ -19,8 +19,8 @@ package io.grpc.xds.internal.sds;
|
|||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
|
||||
import com.google.common.annotations.VisibleForTesting;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
import io.grpc.xds.internal.sds.ReferenceCountingSslContextProviderMap.SslContextProviderFactory;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ package io.grpc.xds.internal.sds;
|
|||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
|
||||
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
|
||||
final class UpstreamTlsContextHolder implements TlsContextHolder {
|
||||
|
||||
|
|
|
|||
|
|
@ -38,7 +38,6 @@ import static org.mockito.Mockito.times;
|
|||
import static org.mockito.Mockito.verify;
|
||||
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.grpc.Attributes;
|
||||
import io.grpc.ConnectivityState;
|
||||
import io.grpc.EquivalentAddressGroup;
|
||||
|
|
@ -59,6 +58,7 @@ import io.grpc.internal.FakeClock;
|
|||
import io.grpc.internal.ServiceConfigUtil.PolicySelection;
|
||||
import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig;
|
||||
import io.grpc.xds.EdsLoadBalancerProvider.EdsConfig;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
import io.grpc.xds.XdsClient.ClusterUpdate;
|
||||
import io.grpc.xds.XdsClient.ClusterWatcher;
|
||||
import io.grpc.xds.XdsClient.EndpointUpdate;
|
||||
|
|
|
|||
|
|
@ -1453,7 +1453,10 @@ public class XdsClientImplTest {
|
|||
ArgumentCaptor<ClusterUpdate> clusterUpdateCaptor = ArgumentCaptor.forClass(null);
|
||||
verify(clusterWatcher, times(1)).onClusterChanged(clusterUpdateCaptor.capture());
|
||||
ClusterUpdate clusterUpdate = clusterUpdateCaptor.getValue();
|
||||
assertThat(clusterUpdate.getUpstreamTlsContext()).isEqualTo(testUpstreamTlsContext);
|
||||
assertThat(clusterUpdate.getUpstreamTlsContext())
|
||||
.isEqualTo(
|
||||
EnvoyServerProtoData.UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext(
|
||||
testUpstreamTlsContext));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -1485,7 +1488,10 @@ public class XdsClientImplTest {
|
|||
ArgumentCaptor<ClusterUpdate> clusterUpdateCaptor = ArgumentCaptor.forClass(null);
|
||||
verify(clusterWatcher, times(1)).onClusterChanged(clusterUpdateCaptor.capture());
|
||||
ClusterUpdate clusterUpdate = clusterUpdateCaptor.getValue();
|
||||
assertThat(clusterUpdate.getUpstreamTlsContext()).isEqualTo(testUpstreamTlsContext);
|
||||
assertThat(clusterUpdate.getUpstreamTlsContext())
|
||||
.isEqualTo(
|
||||
EnvoyServerProtoData.UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext(
|
||||
testUpstreamTlsContext));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -30,7 +30,6 @@ import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.SERVER_1_PEM_FI
|
|||
import static org.junit.Assert.fail;
|
||||
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.grpc.Attributes;
|
||||
import io.grpc.EquivalentAddressGroup;
|
||||
import io.grpc.NameResolver;
|
||||
|
|
@ -44,6 +43,7 @@ import io.grpc.testing.protobuf.SimpleRequest;
|
|||
import io.grpc.testing.protobuf.SimpleResponse;
|
||||
import io.grpc.testing.protobuf.SimpleServiceGrpc;
|
||||
import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
import io.grpc.xds.internal.sds.CommonTlsContextTestsUtil;
|
||||
import io.grpc.xds.internal.sds.SdsProtocolNegotiators;
|
||||
import io.grpc.xds.internal.sds.XdsChannelBuilder;
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.CLIENT_KEY_FILE
|
|||
import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.CLIENT_PEM_FILE;
|
||||
|
||||
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
|
@ -52,7 +52,7 @@ public class ClientSslContextProviderFactoryTest {
|
|||
CommonTlsContextTestsUtil.buildCommonTlsContextFromSdsConfigForTlsCertificate(
|
||||
/* name= */ "name", /* targetUri= */ "unix:/tmp/sds/path", CA_PEM_FILE);
|
||||
UpstreamTlsContext upstreamTlsContext =
|
||||
SecretVolumeSslContextProviderTest.buildUpstreamTlsContext(commonTlsContext);
|
||||
CommonTlsContextTestsUtil.buildUpstreamTlsContext(commonTlsContext);
|
||||
|
||||
try {
|
||||
SslContextProvider unused =
|
||||
|
|
@ -74,7 +74,7 @@ public class ClientSslContextProviderFactoryTest {
|
|||
CLIENT_KEY_FILE,
|
||||
CLIENT_PEM_FILE);
|
||||
UpstreamTlsContext upstreamTlsContext =
|
||||
SecretVolumeSslContextProviderTest.buildUpstreamTlsContext(commonTlsContext);
|
||||
CommonTlsContextTestsUtil.buildUpstreamTlsContext(commonTlsContext);
|
||||
|
||||
try {
|
||||
SslContextProvider unused =
|
||||
|
|
|
|||
|
|
@ -230,7 +230,7 @@ public class CommonTlsContextTestsUtil {
|
|||
/**
|
||||
* Helper method to build UpstreamTlsContext for above tests. Called from other classes as well.
|
||||
*/
|
||||
public static UpstreamTlsContext buildUpstreamTlsContextFromFilenames(
|
||||
public static EnvoyServerProtoData.UpstreamTlsContext buildUpstreamTlsContextFromFilenames(
|
||||
@Nullable String privateKey, @Nullable String certChain, @Nullable String trustCa) {
|
||||
try {
|
||||
if (certChain != null) {
|
||||
|
|
@ -245,7 +245,7 @@ public class CommonTlsContextTestsUtil {
|
|||
} catch (IOException ioe) {
|
||||
throw new RuntimeException(ioe);
|
||||
}
|
||||
return SecretVolumeSslContextProviderTest.buildUpstreamTlsContext(
|
||||
return buildUpstreamTlsContext(
|
||||
buildCommonTlsContextFromFilenames(privateKey, certChain, trustCa));
|
||||
}
|
||||
|
||||
|
|
@ -280,4 +280,15 @@ public class CommonTlsContextTestsUtil {
|
|||
}
|
||||
return builder.build();
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper method to build UpstreamTlsContext for above tests. Called from other classes as well.
|
||||
*/
|
||||
static EnvoyServerProtoData.UpstreamTlsContext buildUpstreamTlsContext(
|
||||
CommonTlsContext commonTlsContext) {
|
||||
UpstreamTlsContext upstreamTlsContext =
|
||||
UpstreamTlsContext.newBuilder().setCommonTlsContext(commonTlsContext).build();
|
||||
return EnvoyServerProtoData.UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext(
|
||||
upstreamTlsContext);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,7 +32,6 @@ import com.google.common.base.Strings;
|
|||
import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.TlsCertificate;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.envoyproxy.envoy.api.v2.core.DataSource;
|
||||
import io.grpc.Attributes;
|
||||
import io.grpc.internal.testing.TestUtils;
|
||||
|
|
@ -41,6 +40,7 @@ import io.grpc.netty.InternalProtocolNegotiationEvent;
|
|||
import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator;
|
||||
import io.grpc.netty.InternalProtocolNegotiators;
|
||||
import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
import io.grpc.xds.XdsAttributes;
|
||||
import io.grpc.xds.XdsClientWrapperForServerSds;
|
||||
import io.grpc.xds.XdsClientWrapperForServerSdsTest;
|
||||
|
|
@ -96,17 +96,10 @@ public class SdsProtocolNegotiatorsTest {
|
|||
/** Builds UpstreamTlsContext from file-names. */
|
||||
private static UpstreamTlsContext buildUpstreamTlsContextFromFilenames(
|
||||
String privateKey, String certChain, String trustCa) throws IOException {
|
||||
return buildUpstreamTlsContext(
|
||||
return CommonTlsContextTestsUtil.buildUpstreamTlsContext(
|
||||
buildCommonTlsContextFromFilenames(privateKey, certChain, trustCa));
|
||||
}
|
||||
|
||||
/** Builds UpstreamTlsContext from commonTlsContext. */
|
||||
private static UpstreamTlsContext buildUpstreamTlsContext(CommonTlsContext commonTlsContext) {
|
||||
UpstreamTlsContext upstreamTlsContext =
|
||||
UpstreamTlsContext.newBuilder().setCommonTlsContext(commonTlsContext).build();
|
||||
return upstreamTlsContext;
|
||||
}
|
||||
|
||||
/** Builds DownstreamTlsContext from commonTlsContext. */
|
||||
private static DownstreamTlsContext buildDownstreamTlsContext(CommonTlsContext commonTlsContext) {
|
||||
io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext downstreamTlsContext =
|
||||
|
|
@ -164,7 +157,7 @@ public class SdsProtocolNegotiatorsTest {
|
|||
@Test
|
||||
public void clientSdsProtocolNegotiatorNewHandler_withTlsContextAttribute() {
|
||||
UpstreamTlsContext upstreamTlsContext =
|
||||
buildUpstreamTlsContext(
|
||||
CommonTlsContextTestsUtil.buildUpstreamTlsContext(
|
||||
getCommonTlsContext(/* tlsCertificate= */ null, /* certContext= */ null));
|
||||
ClientSdsProtocolNegotiator pn = new ClientSdsProtocolNegotiator();
|
||||
GrpcHttp2ConnectionHandler mockHandler = mock(GrpcHttp2ConnectionHandler.class);
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ public class SdsSslContextProviderTest {
|
|||
/* channelType= */ "inproc");
|
||||
|
||||
return SdsClientSslContextProvider.getProvider(
|
||||
SecretVolumeSslContextProviderTest.buildUpstreamTlsContext(commonTlsContext),
|
||||
CommonTlsContextTestsUtil.buildUpstreamTlsContext(commonTlsContext),
|
||||
node,
|
||||
MoreExecutors.directExecutor(),
|
||||
MoreExecutors.directExecutor());
|
||||
|
|
|
|||
|
|
@ -25,9 +25,7 @@ import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.SERVER_1_PEM_FI
|
|||
|
||||
import com.google.common.util.concurrent.MoreExecutors;
|
||||
import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
|
||||
import io.envoyproxy.envoy.api.v2.auth.TlsCertificate;
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.envoyproxy.envoy.api.v2.core.DataSource;
|
||||
import io.netty.handler.ssl.SslContext;
|
||||
import java.io.IOException;
|
||||
|
|
@ -296,7 +294,7 @@ public class SecretVolumeSslContextProviderTest {
|
|||
CertificateValidationContext certContext = CertificateValidationContext.getDefaultInstance();
|
||||
try {
|
||||
SecretVolumeClientSslContextProvider.getProvider(
|
||||
buildUpstreamTlsContext(
|
||||
CommonTlsContextTestsUtil.buildUpstreamTlsContext(
|
||||
CommonTlsContextTestsUtil.getCommonTlsContext(
|
||||
/* tlsCertificate= */ null, certContext)));
|
||||
Assert.fail("no exception thrown");
|
||||
|
|
@ -318,7 +316,7 @@ public class SecretVolumeSslContextProviderTest {
|
|||
.build();
|
||||
try {
|
||||
SecretVolumeClientSslContextProvider.getProvider(
|
||||
buildUpstreamTlsContext(
|
||||
CommonTlsContextTestsUtil.buildUpstreamTlsContext(
|
||||
CommonTlsContextTestsUtil.getCommonTlsContext(tlsCert, certContext)));
|
||||
Assert.fail("no exception thrown");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
|
|
@ -339,7 +337,7 @@ public class SecretVolumeSslContextProviderTest {
|
|||
.build();
|
||||
try {
|
||||
SecretVolumeClientSslContextProvider.getProvider(
|
||||
buildUpstreamTlsContext(
|
||||
CommonTlsContextTestsUtil.buildUpstreamTlsContext(
|
||||
CommonTlsContextTestsUtil.getCommonTlsContext(tlsCert, certContext)));
|
||||
Assert.fail("no exception thrown");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
|
|
@ -389,15 +387,6 @@ public class SecretVolumeSslContextProviderTest {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper method to build UpstreamTlsContext for above tests. Called from other classes as well.
|
||||
*/
|
||||
static UpstreamTlsContext buildUpstreamTlsContext(CommonTlsContext commonTlsContext) {
|
||||
UpstreamTlsContext upstreamTlsContext =
|
||||
UpstreamTlsContext.newBuilder().setCommonTlsContext(commonTlsContext).build();
|
||||
return upstreamTlsContext;
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getProviderForServer() throws IOException, CertificateException, CertStoreException {
|
||||
sslContextForEitherWithBothCertAndTrust(
|
||||
|
|
|
|||
|
|
@ -30,8 +30,8 @@ import static org.mockito.Mockito.times;
|
|||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
|
||||
import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
|
||||
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
|
||||
import io.grpc.xds.internal.sds.ReferenceCountingSslContextProviderMap.SslContextProviderFactory;
|
||||
import java.lang.reflect.Field;
|
||||
import org.junit.Before;
|
||||
|
|
|
|||
Loading…
Reference in New Issue