diff --git a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer.java b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer.java index 7d7c6d6bba..79e7c43350 100644 --- a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer.java +++ b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer.java @@ -23,7 +23,6 @@ import static io.grpc.xds.XdsLbPolicies.EDS_POLICY_NAME; import com.google.common.annotations.VisibleForTesting; import com.google.common.collect.ImmutableMap; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.grpc.EquivalentAddressGroup; import io.grpc.InternalLogId; import io.grpc.LoadBalancer; @@ -36,6 +35,7 @@ import io.grpc.util.ForwardingLoadBalancerHelper; import io.grpc.util.GracefulSwitchLoadBalancer; import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig; import io.grpc.xds.EdsLoadBalancerProvider.EdsConfig; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.XdsClient.ClusterUpdate; import io.grpc.xds.XdsClient.ClusterWatcher; import io.grpc.xds.XdsLogger.XdsLogLevel; diff --git a/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java b/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java index b2866e3735..ce8688e6c5 100644 --- a/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java +++ b/xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java @@ -38,14 +38,60 @@ public final class EnvoyServerProtoData { private EnvoyServerProtoData() { } - public static final class DownstreamTlsContext { + public abstract static class BaseTlsContext { + @Nullable protected final CommonTlsContext commonTlsContext; + + public BaseTlsContext(@Nullable CommonTlsContext commonTlsContext) { + this.commonTlsContext = commonTlsContext; + } + + @Nullable public CommonTlsContext getCommonTlsContext() { + return commonTlsContext; + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || !(o instanceof BaseTlsContext)) { + return false; + } + BaseTlsContext that = (BaseTlsContext) o; + return Objects.equals(commonTlsContext, that.commonTlsContext); + } + + @Override + public int hashCode() { + return Objects.hash(commonTlsContext); + } + } + + public static final class UpstreamTlsContext extends BaseTlsContext { + + @VisibleForTesting + UpstreamTlsContext(CommonTlsContext commonTlsContext) { + super(commonTlsContext); + } + + public static UpstreamTlsContext fromEnvoyProtoUpstreamTlsContext( + io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext upstreamTlsContext) { + return new UpstreamTlsContext(upstreamTlsContext.getCommonTlsContext()); + } + + @Override + public String toString() { + return "UpstreamTlsContext{" + "commonTlsContext=" + commonTlsContext + '}'; + } + } + + public static final class DownstreamTlsContext extends BaseTlsContext { - private final CommonTlsContext commonTlsContext; private final boolean requireClientCertificate; @VisibleForTesting DownstreamTlsContext(CommonTlsContext commonTlsContext, boolean requireClientCertificate) { - this.commonTlsContext = commonTlsContext; + super(commonTlsContext); this.requireClientCertificate = requireClientCertificate; } @@ -55,10 +101,6 @@ public final class EnvoyServerProtoData { downstreamTlsContext.hasRequireClientCertificate()); } - public CommonTlsContext getCommonTlsContext() { - return commonTlsContext; - } - public boolean isRequireClientCertificate() { return requireClientCertificate; } @@ -81,14 +123,16 @@ public final class EnvoyServerProtoData { if (o == null || getClass() != o.getClass()) { return false; } + if (!super.equals(o)) { + return false; + } DownstreamTlsContext that = (DownstreamTlsContext) o; - return requireClientCertificate == that.requireClientCertificate - && Objects.equals(commonTlsContext, that.commonTlsContext); + return requireClientCertificate == that.requireClientCertificate; } @Override public int hashCode() { - return Objects.hash(commonTlsContext, requireClientCertificate); + return Objects.hash(super.hashCode(), requireClientCertificate); } } diff --git a/xds/src/main/java/io/grpc/xds/XdsAttributes.java b/xds/src/main/java/io/grpc/xds/XdsAttributes.java index 8276c98ad9..662c9a69a5 100644 --- a/xds/src/main/java/io/grpc/xds/XdsAttributes.java +++ b/xds/src/main/java/io/grpc/xds/XdsAttributes.java @@ -16,51 +16,18 @@ package io.grpc.xds; -import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext; -import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext; -import io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext; -import io.envoyproxy.envoy.api.v2.auth.SdsSecretConfig; -import io.envoyproxy.envoy.api.v2.auth.TlsCertificate; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.grpc.Attributes; import io.grpc.Grpc; import io.grpc.Internal; import io.grpc.NameResolver; import io.grpc.internal.ObjectPool; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; /** * Special attributes that are only useful to gRPC in the XDS context. */ @Internal public final class XdsAttributes { - /** - * Attribute key for SdsSecretConfig of a subchannel. - */ - @Grpc.TransportAttr - public static final Attributes.Key ATTR_SDS_CONFIG = - Attributes.Key.create("io.grpc.xds.XdsAttributes.sdsSecretConfig"); - - /** - * Attribute key for TlsCertificate of a subchannel. - */ - @Grpc.TransportAttr - public static final Attributes.Key ATTR_TLS_CERTIFICATE = - Attributes.Key.create("io.grpc.xds.XdsAttributes.tlsCertificate"); - - /** - * Attribute key for CertificateValidationContext of a subchannel. - */ - @Grpc.TransportAttr - public static final Attributes.Key ATTR_CERT_VALIDATION_CONTEXT = - Attributes.Key.create("io.grpc.xds.XdsAttributes.certificateValidationContext"); - - /** - * Attribute key for CommonTlsContext. - */ - @Grpc.TransportAttr - public static final Attributes.Key ATTR_COMMON_TLS_CONTEXT = - Attributes.Key.create("io.grpc.xds.XdsAttributes.commonTlsContext"); - /** * Attribute key for UpstreamTlsContext (used by client) for subchannel. */ @@ -68,13 +35,6 @@ public final class XdsAttributes { public static final Attributes.Key ATTR_UPSTREAM_TLS_CONTEXT = Attributes.Key.create("io.grpc.xds.XdsAttributes.upstreamTlsContext"); - /** - * Attribute key for DownstreamTlsContext (used by server). - */ - @Grpc.TransportAttr - public static final Attributes.Key ATTR_DOWNSTREAM_TLS_CONTEXT = - Attributes.Key.create("io.grpc.xds.XdsAttributes.downstreamTlsContext"); - @NameResolver.ResolutionResultAttr static final Attributes.Key> XDS_CLIENT_POOL = Attributes.Key.create("io.grpc.xds.XdsAttributes.xdsClientPool"); diff --git a/xds/src/main/java/io/grpc/xds/XdsClient.java b/xds/src/main/java/io/grpc/xds/XdsClient.java index befb82600a..b74ec3360b 100644 --- a/xds/src/main/java/io/grpc/xds/XdsClient.java +++ b/xds/src/main/java/io/grpc/xds/XdsClient.java @@ -24,8 +24,6 @@ import com.google.common.base.MoreObjects; import com.google.common.base.Preconditions; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; -// TODO(sanjaypujare): remove dependency on envoy data types. -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.grpc.ManagedChannel; import io.grpc.ManagedChannelBuilder; import io.grpc.Status; @@ -38,6 +36,7 @@ import io.grpc.xds.EnvoyProtoData.Locality; import io.grpc.xds.EnvoyProtoData.LocalityLbEndpoints; import io.grpc.xds.EnvoyProtoData.Route; import io.grpc.xds.EnvoyServerProtoData.Listener; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.XdsLogger.XdsLogLevel; import java.util.ArrayList; import java.util.Collection; diff --git a/xds/src/main/java/io/grpc/xds/XdsClientImpl.java b/xds/src/main/java/io/grpc/xds/XdsClientImpl.java index c5c90c8bbb..e3ae9d9f58 100644 --- a/xds/src/main/java/io/grpc/xds/XdsClientImpl.java +++ b/xds/src/main/java/io/grpc/xds/XdsClientImpl.java @@ -41,7 +41,6 @@ import io.envoyproxy.envoy.api.v2.DiscoveryRequest; import io.envoyproxy.envoy.api.v2.DiscoveryResponse; import io.envoyproxy.envoy.api.v2.Listener; import io.envoyproxy.envoy.api.v2.RouteConfiguration; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.envoyproxy.envoy.api.v2.core.Address; import io.envoyproxy.envoy.api.v2.core.Node; import io.envoyproxy.envoy.api.v2.core.SocketAddress; @@ -64,6 +63,7 @@ import io.grpc.xds.EnvoyProtoData.DropOverload; import io.grpc.xds.EnvoyProtoData.Locality; import io.grpc.xds.EnvoyProtoData.LocalityLbEndpoints; import io.grpc.xds.EnvoyProtoData.StructOrError; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.LoadReportClient.LoadReportCallback; import io.grpc.xds.XdsLogger.XdsLogLevel; import java.util.ArrayList; @@ -1003,7 +1003,7 @@ final class XdsClientImpl extends XdsClient { } try { UpstreamTlsContext upstreamTlsContext = getTlsContextFromCluster(cluster); - if (upstreamTlsContext != null && upstreamTlsContext.hasCommonTlsContext()) { + if (upstreamTlsContext != null && upstreamTlsContext.getCommonTlsContext() != null) { updateBuilder.setUpstreamTlsContext(upstreamTlsContext); } } catch (InvalidProtocolBufferException e) { @@ -1077,10 +1077,11 @@ final class XdsClientImpl extends XdsClient { throws InvalidProtocolBufferException { if (cluster.hasTransportSocket() && "tls".equals(cluster.getTransportSocket().getName())) { Any any = cluster.getTransportSocket().getTypedConfig(); - return UpstreamTlsContext.parseFrom(any.getValue()); + return UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext( + io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext.parseFrom(any.getValue())); } // TODO(sanjaypujare): remove when we move to envoy protos v3 - return cluster.getTlsContext(); + return UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext(cluster.getTlsContext()); } /** diff --git a/xds/src/main/java/io/grpc/xds/internal/sds/ClientSslContextProviderFactory.java b/xds/src/main/java/io/grpc/xds/internal/sds/ClientSslContextProviderFactory.java index a77d3ff194..7267511898 100644 --- a/xds/src/main/java/io/grpc/xds/internal/sds/ClientSslContextProviderFactory.java +++ b/xds/src/main/java/io/grpc/xds/internal/sds/ClientSslContextProviderFactory.java @@ -16,12 +16,11 @@ package io.grpc.xds.internal.sds; -import static com.google.common.base.Preconditions.checkArgument; import static com.google.common.base.Preconditions.checkNotNull; import com.google.common.util.concurrent.ThreadFactoryBuilder; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.grpc.xds.Bootstrapper; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.internal.sds.ReferenceCountingSslContextProviderMap.SslContextProviderFactory; import java.io.IOException; import java.util.concurrent.Executors; @@ -34,8 +33,8 @@ final class ClientSslContextProviderFactory @Override public SslContextProvider createSslContextProvider(UpstreamTlsContext upstreamTlsContext) { checkNotNull(upstreamTlsContext, "upstreamTlsContext"); - checkArgument( - upstreamTlsContext.hasCommonTlsContext(), + checkNotNull( + upstreamTlsContext.getCommonTlsContext(), "upstreamTlsContext should have CommonTlsContext"); if (CommonTlsContextUtil.hasAllSecretsUsingFilename(upstreamTlsContext.getCommonTlsContext())) { return SecretVolumeClientSslContextProvider.getProvider(upstreamTlsContext); diff --git a/xds/src/main/java/io/grpc/xds/internal/sds/SdsClientSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/sds/SdsClientSslContextProvider.java index e8586c60ab..7bf940a90b 100644 --- a/xds/src/main/java/io/grpc/xds/internal/sds/SdsClientSslContextProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/sds/SdsClientSslContextProvider.java @@ -22,9 +22,9 @@ import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext; import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext; import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext.CombinedCertificateValidationContext; import io.envoyproxy.envoy.api.v2.auth.SdsSecretConfig; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.envoyproxy.envoy.api.v2.core.Node; import io.grpc.netty.GrpcSslContexts; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory; import io.netty.handler.ssl.SslContextBuilder; import java.io.IOException; diff --git a/xds/src/main/java/io/grpc/xds/internal/sds/SdsProtocolNegotiators.java b/xds/src/main/java/io/grpc/xds/internal/sds/SdsProtocolNegotiators.java index 837ad2ab5e..412d11ec6e 100644 --- a/xds/src/main/java/io/grpc/xds/internal/sds/SdsProtocolNegotiators.java +++ b/xds/src/main/java/io/grpc/xds/internal/sds/SdsProtocolNegotiators.java @@ -19,7 +19,6 @@ package io.grpc.xds.internal.sds; import static com.google.common.base.Preconditions.checkNotNull; import com.google.common.annotations.VisibleForTesting; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.grpc.netty.GrpcHttp2ConnectionHandler; import io.grpc.netty.InternalNettyChannelBuilder; import io.grpc.netty.InternalNettyChannelBuilder.ProtocolNegotiatorFactory; @@ -30,6 +29,7 @@ import io.grpc.netty.InternalProtocolNegotiators; import io.grpc.netty.NettyChannelBuilder; import io.grpc.netty.ProtocolNegotiationEvent; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.XdsAttributes; import io.grpc.xds.XdsClientWrapperForServerSds; import io.netty.channel.ChannelHandler; @@ -126,7 +126,7 @@ public final class SdsProtocolNegotiators { } private static boolean isTlsContextEmpty(UpstreamTlsContext upstreamTlsContext) { - return upstreamTlsContext == null || !upstreamTlsContext.hasCommonTlsContext(); + return upstreamTlsContext == null || upstreamTlsContext.getCommonTlsContext() == null; } @Override diff --git a/xds/src/main/java/io/grpc/xds/internal/sds/SecretVolumeClientSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/sds/SecretVolumeClientSslContextProvider.java index 590b79a48b..0af29158bb 100644 --- a/xds/src/main/java/io/grpc/xds/internal/sds/SecretVolumeClientSslContextProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/sds/SecretVolumeClientSslContextProvider.java @@ -25,8 +25,8 @@ import com.google.common.annotations.VisibleForTesting; import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext; import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext; import io.envoyproxy.envoy.api.v2.auth.TlsCertificate; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.grpc.netty.GrpcSslContexts; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; diff --git a/xds/src/main/java/io/grpc/xds/internal/sds/SslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/sds/SslContextProvider.java index 808a2b885e..ac70c2ae69 100644 --- a/xds/src/main/java/io/grpc/xds/internal/sds/SslContextProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/sds/SslContextProvider.java @@ -21,8 +21,8 @@ import static com.google.common.base.Preconditions.checkState; import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext; import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory; import io.netty.handler.ssl.ClientAuth; import io.netty.handler.ssl.SslContext; diff --git a/xds/src/main/java/io/grpc/xds/internal/sds/TlsContextHolder.java b/xds/src/main/java/io/grpc/xds/internal/sds/TlsContextHolder.java index 06f69ea5e0..34fb7b1328 100644 --- a/xds/src/main/java/io/grpc/xds/internal/sds/TlsContextHolder.java +++ b/xds/src/main/java/io/grpc/xds/internal/sds/TlsContextHolder.java @@ -21,7 +21,7 @@ import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; /** * A holder of {@link UpstreamTlsContext} or - * {@link io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext}. + * {@link io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext}. */ public interface TlsContextHolder { diff --git a/xds/src/main/java/io/grpc/xds/internal/sds/TlsContextManager.java b/xds/src/main/java/io/grpc/xds/internal/sds/TlsContextManager.java index eb8fda96db..561806ec67 100644 --- a/xds/src/main/java/io/grpc/xds/internal/sds/TlsContextManager.java +++ b/xds/src/main/java/io/grpc/xds/internal/sds/TlsContextManager.java @@ -16,8 +16,8 @@ package io.grpc.xds.internal.sds; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; public interface TlsContextManager { diff --git a/xds/src/main/java/io/grpc/xds/internal/sds/TlsContextManagerImpl.java b/xds/src/main/java/io/grpc/xds/internal/sds/TlsContextManagerImpl.java index 0bd0151c25..4a098b1aec 100644 --- a/xds/src/main/java/io/grpc/xds/internal/sds/TlsContextManagerImpl.java +++ b/xds/src/main/java/io/grpc/xds/internal/sds/TlsContextManagerImpl.java @@ -19,8 +19,8 @@ package io.grpc.xds.internal.sds; import static com.google.common.base.Preconditions.checkNotNull; import com.google.common.annotations.VisibleForTesting; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.internal.sds.ReferenceCountingSslContextProviderMap.SslContextProviderFactory; /** diff --git a/xds/src/main/java/io/grpc/xds/internal/sds/UpstreamTlsContextHolder.java b/xds/src/main/java/io/grpc/xds/internal/sds/UpstreamTlsContextHolder.java index 3b4ade3642..96a1058f8a 100644 --- a/xds/src/main/java/io/grpc/xds/internal/sds/UpstreamTlsContextHolder.java +++ b/xds/src/main/java/io/grpc/xds/internal/sds/UpstreamTlsContextHolder.java @@ -19,7 +19,7 @@ package io.grpc.xds.internal.sds; import static com.google.common.base.Preconditions.checkNotNull; import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; final class UpstreamTlsContextHolder implements TlsContextHolder { diff --git a/xds/src/test/java/io/grpc/xds/CdsLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/CdsLoadBalancerTest.java index c22cf82aeb..a391cf4e8b 100644 --- a/xds/src/test/java/io/grpc/xds/CdsLoadBalancerTest.java +++ b/xds/src/test/java/io/grpc/xds/CdsLoadBalancerTest.java @@ -38,7 +38,6 @@ import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import com.google.common.collect.ImmutableList; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.grpc.Attributes; import io.grpc.ConnectivityState; import io.grpc.EquivalentAddressGroup; @@ -59,6 +58,7 @@ import io.grpc.internal.FakeClock; import io.grpc.internal.ServiceConfigUtil.PolicySelection; import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig; import io.grpc.xds.EdsLoadBalancerProvider.EdsConfig; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.XdsClient.ClusterUpdate; import io.grpc.xds.XdsClient.ClusterWatcher; import io.grpc.xds.XdsClient.EndpointUpdate; diff --git a/xds/src/test/java/io/grpc/xds/XdsClientImplTest.java b/xds/src/test/java/io/grpc/xds/XdsClientImplTest.java index 6b5e2a3780..571ff9d895 100644 --- a/xds/src/test/java/io/grpc/xds/XdsClientImplTest.java +++ b/xds/src/test/java/io/grpc/xds/XdsClientImplTest.java @@ -1453,7 +1453,10 @@ public class XdsClientImplTest { ArgumentCaptor clusterUpdateCaptor = ArgumentCaptor.forClass(null); verify(clusterWatcher, times(1)).onClusterChanged(clusterUpdateCaptor.capture()); ClusterUpdate clusterUpdate = clusterUpdateCaptor.getValue(); - assertThat(clusterUpdate.getUpstreamTlsContext()).isEqualTo(testUpstreamTlsContext); + assertThat(clusterUpdate.getUpstreamTlsContext()) + .isEqualTo( + EnvoyServerProtoData.UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext( + testUpstreamTlsContext)); } /** @@ -1485,7 +1488,10 @@ public class XdsClientImplTest { ArgumentCaptor clusterUpdateCaptor = ArgumentCaptor.forClass(null); verify(clusterWatcher, times(1)).onClusterChanged(clusterUpdateCaptor.capture()); ClusterUpdate clusterUpdate = clusterUpdateCaptor.getValue(); - assertThat(clusterUpdate.getUpstreamTlsContext()).isEqualTo(testUpstreamTlsContext); + assertThat(clusterUpdate.getUpstreamTlsContext()) + .isEqualTo( + EnvoyServerProtoData.UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext( + testUpstreamTlsContext)); } @Test diff --git a/xds/src/test/java/io/grpc/xds/XdsSdsClientServerTest.java b/xds/src/test/java/io/grpc/xds/XdsSdsClientServerTest.java index 0d58a38a7f..9c176a65b3 100644 --- a/xds/src/test/java/io/grpc/xds/XdsSdsClientServerTest.java +++ b/xds/src/test/java/io/grpc/xds/XdsSdsClientServerTest.java @@ -30,7 +30,6 @@ import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.SERVER_1_PEM_FI import static org.junit.Assert.fail; import com.google.common.collect.ImmutableList; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.grpc.Attributes; import io.grpc.EquivalentAddressGroup; import io.grpc.NameResolver; @@ -44,6 +43,7 @@ import io.grpc.testing.protobuf.SimpleRequest; import io.grpc.testing.protobuf.SimpleResponse; import io.grpc.testing.protobuf.SimpleServiceGrpc; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.internal.sds.CommonTlsContextTestsUtil; import io.grpc.xds.internal.sds.SdsProtocolNegotiators; import io.grpc.xds.internal.sds.XdsChannelBuilder; diff --git a/xds/src/test/java/io/grpc/xds/internal/sds/ClientSslContextProviderFactoryTest.java b/xds/src/test/java/io/grpc/xds/internal/sds/ClientSslContextProviderFactoryTest.java index 0b592a6860..b0b7641e54 100644 --- a/xds/src/test/java/io/grpc/xds/internal/sds/ClientSslContextProviderFactoryTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/sds/ClientSslContextProviderFactoryTest.java @@ -22,7 +22,7 @@ import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.CLIENT_KEY_FILE import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.CLIENT_PEM_FILE; import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; @@ -52,7 +52,7 @@ public class ClientSslContextProviderFactoryTest { CommonTlsContextTestsUtil.buildCommonTlsContextFromSdsConfigForTlsCertificate( /* name= */ "name", /* targetUri= */ "unix:/tmp/sds/path", CA_PEM_FILE); UpstreamTlsContext upstreamTlsContext = - SecretVolumeSslContextProviderTest.buildUpstreamTlsContext(commonTlsContext); + CommonTlsContextTestsUtil.buildUpstreamTlsContext(commonTlsContext); try { SslContextProvider unused = @@ -74,7 +74,7 @@ public class ClientSslContextProviderFactoryTest { CLIENT_KEY_FILE, CLIENT_PEM_FILE); UpstreamTlsContext upstreamTlsContext = - SecretVolumeSslContextProviderTest.buildUpstreamTlsContext(commonTlsContext); + CommonTlsContextTestsUtil.buildUpstreamTlsContext(commonTlsContext); try { SslContextProvider unused = diff --git a/xds/src/test/java/io/grpc/xds/internal/sds/CommonTlsContextTestsUtil.java b/xds/src/test/java/io/grpc/xds/internal/sds/CommonTlsContextTestsUtil.java index f93a231c4c..1bcd984ac7 100644 --- a/xds/src/test/java/io/grpc/xds/internal/sds/CommonTlsContextTestsUtil.java +++ b/xds/src/test/java/io/grpc/xds/internal/sds/CommonTlsContextTestsUtil.java @@ -230,7 +230,7 @@ public class CommonTlsContextTestsUtil { /** * Helper method to build UpstreamTlsContext for above tests. Called from other classes as well. */ - public static UpstreamTlsContext buildUpstreamTlsContextFromFilenames( + public static EnvoyServerProtoData.UpstreamTlsContext buildUpstreamTlsContextFromFilenames( @Nullable String privateKey, @Nullable String certChain, @Nullable String trustCa) { try { if (certChain != null) { @@ -245,7 +245,7 @@ public class CommonTlsContextTestsUtil { } catch (IOException ioe) { throw new RuntimeException(ioe); } - return SecretVolumeSslContextProviderTest.buildUpstreamTlsContext( + return buildUpstreamTlsContext( buildCommonTlsContextFromFilenames(privateKey, certChain, trustCa)); } @@ -280,4 +280,15 @@ public class CommonTlsContextTestsUtil { } return builder.build(); } + + /** + * Helper method to build UpstreamTlsContext for above tests. Called from other classes as well. + */ + static EnvoyServerProtoData.UpstreamTlsContext buildUpstreamTlsContext( + CommonTlsContext commonTlsContext) { + UpstreamTlsContext upstreamTlsContext = + UpstreamTlsContext.newBuilder().setCommonTlsContext(commonTlsContext).build(); + return EnvoyServerProtoData.UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext( + upstreamTlsContext); + } } diff --git a/xds/src/test/java/io/grpc/xds/internal/sds/SdsProtocolNegotiatorsTest.java b/xds/src/test/java/io/grpc/xds/internal/sds/SdsProtocolNegotiatorsTest.java index 0744712156..b4291c636d 100644 --- a/xds/src/test/java/io/grpc/xds/internal/sds/SdsProtocolNegotiatorsTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/sds/SdsProtocolNegotiatorsTest.java @@ -32,7 +32,6 @@ import com.google.common.base.Strings; import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext; import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext; import io.envoyproxy.envoy.api.v2.auth.TlsCertificate; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.envoyproxy.envoy.api.v2.core.DataSource; import io.grpc.Attributes; import io.grpc.internal.testing.TestUtils; @@ -41,6 +40,7 @@ import io.grpc.netty.InternalProtocolNegotiationEvent; import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator; import io.grpc.netty.InternalProtocolNegotiators; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.XdsAttributes; import io.grpc.xds.XdsClientWrapperForServerSds; import io.grpc.xds.XdsClientWrapperForServerSdsTest; @@ -96,17 +96,10 @@ public class SdsProtocolNegotiatorsTest { /** Builds UpstreamTlsContext from file-names. */ private static UpstreamTlsContext buildUpstreamTlsContextFromFilenames( String privateKey, String certChain, String trustCa) throws IOException { - return buildUpstreamTlsContext( + return CommonTlsContextTestsUtil.buildUpstreamTlsContext( buildCommonTlsContextFromFilenames(privateKey, certChain, trustCa)); } - /** Builds UpstreamTlsContext from commonTlsContext. */ - private static UpstreamTlsContext buildUpstreamTlsContext(CommonTlsContext commonTlsContext) { - UpstreamTlsContext upstreamTlsContext = - UpstreamTlsContext.newBuilder().setCommonTlsContext(commonTlsContext).build(); - return upstreamTlsContext; - } - /** Builds DownstreamTlsContext from commonTlsContext. */ private static DownstreamTlsContext buildDownstreamTlsContext(CommonTlsContext commonTlsContext) { io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext downstreamTlsContext = @@ -164,7 +157,7 @@ public class SdsProtocolNegotiatorsTest { @Test public void clientSdsProtocolNegotiatorNewHandler_withTlsContextAttribute() { UpstreamTlsContext upstreamTlsContext = - buildUpstreamTlsContext( + CommonTlsContextTestsUtil.buildUpstreamTlsContext( getCommonTlsContext(/* tlsCertificate= */ null, /* certContext= */ null)); ClientSdsProtocolNegotiator pn = new ClientSdsProtocolNegotiator(); GrpcHttp2ConnectionHandler mockHandler = mock(GrpcHttp2ConnectionHandler.class); diff --git a/xds/src/test/java/io/grpc/xds/internal/sds/SdsSslContextProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/sds/SdsSslContextProviderTest.java index eed26a61c1..4b8b232bbf 100644 --- a/xds/src/test/java/io/grpc/xds/internal/sds/SdsSslContextProviderTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/sds/SdsSslContextProviderTest.java @@ -81,7 +81,7 @@ public class SdsSslContextProviderTest { /* channelType= */ "inproc"); return SdsClientSslContextProvider.getProvider( - SecretVolumeSslContextProviderTest.buildUpstreamTlsContext(commonTlsContext), + CommonTlsContextTestsUtil.buildUpstreamTlsContext(commonTlsContext), node, MoreExecutors.directExecutor(), MoreExecutors.directExecutor()); diff --git a/xds/src/test/java/io/grpc/xds/internal/sds/SecretVolumeSslContextProviderTest.java b/xds/src/test/java/io/grpc/xds/internal/sds/SecretVolumeSslContextProviderTest.java index cda12fb99e..7b7ec6b6c5 100644 --- a/xds/src/test/java/io/grpc/xds/internal/sds/SecretVolumeSslContextProviderTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/sds/SecretVolumeSslContextProviderTest.java @@ -25,9 +25,7 @@ import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.SERVER_1_PEM_FI import com.google.common.util.concurrent.MoreExecutors; import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext; -import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext; import io.envoyproxy.envoy.api.v2.auth.TlsCertificate; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.envoyproxy.envoy.api.v2.core.DataSource; import io.netty.handler.ssl.SslContext; import java.io.IOException; @@ -296,7 +294,7 @@ public class SecretVolumeSslContextProviderTest { CertificateValidationContext certContext = CertificateValidationContext.getDefaultInstance(); try { SecretVolumeClientSslContextProvider.getProvider( - buildUpstreamTlsContext( + CommonTlsContextTestsUtil.buildUpstreamTlsContext( CommonTlsContextTestsUtil.getCommonTlsContext( /* tlsCertificate= */ null, certContext))); Assert.fail("no exception thrown"); @@ -318,7 +316,7 @@ public class SecretVolumeSslContextProviderTest { .build(); try { SecretVolumeClientSslContextProvider.getProvider( - buildUpstreamTlsContext( + CommonTlsContextTestsUtil.buildUpstreamTlsContext( CommonTlsContextTestsUtil.getCommonTlsContext(tlsCert, certContext))); Assert.fail("no exception thrown"); } catch (IllegalArgumentException expected) { @@ -339,7 +337,7 @@ public class SecretVolumeSslContextProviderTest { .build(); try { SecretVolumeClientSslContextProvider.getProvider( - buildUpstreamTlsContext( + CommonTlsContextTestsUtil.buildUpstreamTlsContext( CommonTlsContextTestsUtil.getCommonTlsContext(tlsCert, certContext))); Assert.fail("no exception thrown"); } catch (IllegalArgumentException expected) { @@ -389,15 +387,6 @@ public class SecretVolumeSslContextProviderTest { } } - /** - * Helper method to build UpstreamTlsContext for above tests. Called from other classes as well. - */ - static UpstreamTlsContext buildUpstreamTlsContext(CommonTlsContext commonTlsContext) { - UpstreamTlsContext upstreamTlsContext = - UpstreamTlsContext.newBuilder().setCommonTlsContext(commonTlsContext).build(); - return upstreamTlsContext; - } - @Test public void getProviderForServer() throws IOException, CertificateException, CertStoreException { sslContextForEitherWithBothCertAndTrust( diff --git a/xds/src/test/java/io/grpc/xds/internal/sds/TlsContextManagerTest.java b/xds/src/test/java/io/grpc/xds/internal/sds/TlsContextManagerTest.java index eafbb86ea8..d9ba5afb12 100644 --- a/xds/src/test/java/io/grpc/xds/internal/sds/TlsContextManagerTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/sds/TlsContextManagerTest.java @@ -30,8 +30,8 @@ import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; +import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; import io.grpc.xds.internal.sds.ReferenceCountingSslContextProviderMap.SslContextProviderFactory; import java.lang.reflect.Field; import org.junit.Before;