grpc
/
grpc-java
mirror of https://github.com/grpc/grpc-java.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

xds: replace UpstreamTlsContext with internal definition (#7145)

This commit is contained in:
sanjaypujare 2020-06-19 16:41:21 -07:00 committed by GitHub
parent 3facda0130
commit ae7a482d9a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 108 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
xds/src/main/java/io/grpc/xds/CdsLoadBalancer.java
View File

@ -23,7 +23,6 @@ import static io.grpc.xds.XdsLbPolicies.EDS_POLICY_NAME;
import com.google.common.annotations.VisibleForTesting; import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableMap;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.grpc.EquivalentAddressGroup; import io.grpc.EquivalentAddressGroup;
import io.grpc.InternalLogId; import io.grpc.InternalLogId;
import io.grpc.LoadBalancer; import io.grpc.LoadBalancer;
@ -36,6 +35,7 @@ import io.grpc.util.ForwardingLoadBalancerHelper;
import io.grpc.util.GracefulSwitchLoadBalancer; import io.grpc.util.GracefulSwitchLoadBalancer;
import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig; import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig;
import io.grpc.xds.EdsLoadBalancerProvider.EdsConfig; import io.grpc.xds.EdsLoadBalancerProvider.EdsConfig;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
import io.grpc.xds.XdsClient.ClusterUpdate; import io.grpc.xds.XdsClient.ClusterUpdate;
import io.grpc.xds.XdsClient.ClusterWatcher; import io.grpc.xds.XdsClient.ClusterWatcher;
import io.grpc.xds.XdsLogger.XdsLogLevel; import io.grpc.xds.XdsLogger.XdsLogLevel;

64
xds/src/main/java/io/grpc/xds/EnvoyServerProtoData.java
View File

@ -38,14 +38,60 @@ public final class EnvoyServerProtoData {
private EnvoyServerProtoData() { private EnvoyServerProtoData() {
} }
public static final class DownstreamTlsContext { public abstract static class BaseTlsContext {
@Nullable protected final CommonTlsContext commonTlsContext;
public BaseTlsContext(@Nullable CommonTlsContext commonTlsContext) {
this.commonTlsContext = commonTlsContext;
}
@Nullable public CommonTlsContext getCommonTlsContext() {
return commonTlsContext;
}
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (o == null || !(o instanceof BaseTlsContext)) {
return false;
}
BaseTlsContext that = (BaseTlsContext) o;
return Objects.equals(commonTlsContext, that.commonTlsContext);
}
@Override
public int hashCode() {
return Objects.hash(commonTlsContext);
}
}
public static final class UpstreamTlsContext extends BaseTlsContext {
@VisibleForTesting
UpstreamTlsContext(CommonTlsContext commonTlsContext) {
super(commonTlsContext);
}
public static UpstreamTlsContext fromEnvoyProtoUpstreamTlsContext(
io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext upstreamTlsContext) {
return new UpstreamTlsContext(upstreamTlsContext.getCommonTlsContext());
}
@Override
public String toString() {
return "UpstreamTlsContext{" + "commonTlsContext=" + commonTlsContext + '}';
}
}
public static final class DownstreamTlsContext extends BaseTlsContext {
private final CommonTlsContext commonTlsContext;
private final boolean requireClientCertificate; private final boolean requireClientCertificate;
@VisibleForTesting @VisibleForTesting
DownstreamTlsContext(CommonTlsContext commonTlsContext, boolean requireClientCertificate) { DownstreamTlsContext(CommonTlsContext commonTlsContext, boolean requireClientCertificate) {
this.commonTlsContext = commonTlsContext; super(commonTlsContext);
this.requireClientCertificate = requireClientCertificate; this.requireClientCertificate = requireClientCertificate;
} }
@ -55,10 +101,6 @@ public final class EnvoyServerProtoData {
downstreamTlsContext.hasRequireClientCertificate()); downstreamTlsContext.hasRequireClientCertificate());
} }
public CommonTlsContext getCommonTlsContext() {
return commonTlsContext;
}
public boolean isRequireClientCertificate() { public boolean isRequireClientCertificate() {
return requireClientCertificate; return requireClientCertificate;
} }
@ -81,14 +123,16 @@ public final class EnvoyServerProtoData {
if (o == null || getClass() != o.getClass()) { if (o == null || getClass() != o.getClass()) {
return false; return false;
} }
if (!super.equals(o)) {
return false;
}
DownstreamTlsContext that = (DownstreamTlsContext) o; DownstreamTlsContext that = (DownstreamTlsContext) o;
return requireClientCertificate == that.requireClientCertificate return requireClientCertificate == that.requireClientCertificate;
&& Objects.equals(commonTlsContext, that.commonTlsContext);
} }
@Override @Override
public int hashCode() { public int hashCode() {
return Objects.hash(commonTlsContext, requireClientCertificate); return Objects.hash(super.hashCode(), requireClientCertificate);
} }
} }

42
xds/src/main/java/io/grpc/xds/XdsAttributes.java
View File

@ -16,51 +16,18 @@
package io.grpc.xds; package io.grpc.xds;
import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext;
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
import io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext;
import io.envoyproxy.envoy.api.v2.auth.SdsSecretConfig;
import io.envoyproxy.envoy.api.v2.auth.TlsCertificate;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.grpc.Attributes; import io.grpc.Attributes;
import io.grpc.Grpc; import io.grpc.Grpc;
import io.grpc.Internal; import io.grpc.Internal;
import io.grpc.NameResolver; import io.grpc.NameResolver;
import io.grpc.internal.ObjectPool; import io.grpc.internal.ObjectPool;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
/** /**
* Special attributes that are only useful to gRPC in the XDS context. * Special attributes that are only useful to gRPC in the XDS context.
*/ */
@Internal @Internal
public final class XdsAttributes { public final class XdsAttributes {
/**
* Attribute key for SdsSecretConfig of a subchannel.
*/
@Grpc.TransportAttr
public static final Attributes.Key<SdsSecretConfig> ATTR_SDS_CONFIG =
Attributes.Key.create("io.grpc.xds.XdsAttributes.sdsSecretConfig");
/**
* Attribute key for TlsCertificate of a subchannel.
*/
@Grpc.TransportAttr
public static final Attributes.Key<TlsCertificate> ATTR_TLS_CERTIFICATE =
Attributes.Key.create("io.grpc.xds.XdsAttributes.tlsCertificate");
/**
* Attribute key for CertificateValidationContext of a subchannel.
*/
@Grpc.TransportAttr
public static final Attributes.Key<CertificateValidationContext> ATTR_CERT_VALIDATION_CONTEXT =
Attributes.Key.create("io.grpc.xds.XdsAttributes.certificateValidationContext");
/**
* Attribute key for CommonTlsContext.
*/
@Grpc.TransportAttr
public static final Attributes.Key<CommonTlsContext> ATTR_COMMON_TLS_CONTEXT =
Attributes.Key.create("io.grpc.xds.XdsAttributes.commonTlsContext");
/** /**
* Attribute key for UpstreamTlsContext (used by client) for subchannel. * Attribute key for UpstreamTlsContext (used by client) for subchannel.
*/ */
@ -68,13 +35,6 @@ public final class XdsAttributes {
public static final Attributes.Key<UpstreamTlsContext> ATTR_UPSTREAM_TLS_CONTEXT = public static final Attributes.Key<UpstreamTlsContext> ATTR_UPSTREAM_TLS_CONTEXT =
Attributes.Key.create("io.grpc.xds.XdsAttributes.upstreamTlsContext"); Attributes.Key.create("io.grpc.xds.XdsAttributes.upstreamTlsContext");
/**
* Attribute key for DownstreamTlsContext (used by server).
*/
@Grpc.TransportAttr
public static final Attributes.Key<DownstreamTlsContext> ATTR_DOWNSTREAM_TLS_CONTEXT =
Attributes.Key.create("io.grpc.xds.XdsAttributes.downstreamTlsContext");
@NameResolver.ResolutionResultAttr @NameResolver.ResolutionResultAttr
static final Attributes.Key<ObjectPool<XdsClient>> XDS_CLIENT_POOL = static final Attributes.Key<ObjectPool<XdsClient>> XDS_CLIENT_POOL =
Attributes.Key.create("io.grpc.xds.XdsAttributes.xdsClientPool"); Attributes.Key.create("io.grpc.xds.XdsAttributes.xdsClientPool");

3
xds/src/main/java/io/grpc/xds/XdsClient.java
View File

@ -24,8 +24,6 @@ import com.google.common.base.MoreObjects;
import com.google.common.base.Preconditions; import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableMap;
// TODO(sanjaypujare): remove dependency on envoy data types.
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.grpc.ManagedChannel; import io.grpc.ManagedChannel;
import io.grpc.ManagedChannelBuilder; import io.grpc.ManagedChannelBuilder;
import io.grpc.Status; import io.grpc.Status;
@ -38,6 +36,7 @@ import io.grpc.xds.EnvoyProtoData.Locality;
import io.grpc.xds.EnvoyProtoData.LocalityLbEndpoints; import io.grpc.xds.EnvoyProtoData.LocalityLbEndpoints;
import io.grpc.xds.EnvoyProtoData.Route; import io.grpc.xds.EnvoyProtoData.Route;
import io.grpc.xds.EnvoyServerProtoData.Listener; import io.grpc.xds.EnvoyServerProtoData.Listener;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
import io.grpc.xds.XdsLogger.XdsLogLevel; import io.grpc.xds.XdsLogger.XdsLogLevel;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;

9
xds/src/main/java/io/grpc/xds/XdsClientImpl.java
View File

@ -41,7 +41,6 @@ import io.envoyproxy.envoy.api.v2.DiscoveryRequest;
import io.envoyproxy.envoy.api.v2.DiscoveryResponse; import io.envoyproxy.envoy.api.v2.DiscoveryResponse;
import io.envoyproxy.envoy.api.v2.Listener; import io.envoyproxy.envoy.api.v2.Listener;
import io.envoyproxy.envoy.api.v2.RouteConfiguration; import io.envoyproxy.envoy.api.v2.RouteConfiguration;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.envoyproxy.envoy.api.v2.core.Address; import io.envoyproxy.envoy.api.v2.core.Address;
import io.envoyproxy.envoy.api.v2.core.Node; import io.envoyproxy.envoy.api.v2.core.Node;
import io.envoyproxy.envoy.api.v2.core.SocketAddress; import io.envoyproxy.envoy.api.v2.core.SocketAddress;
@ -64,6 +63,7 @@ import io.grpc.xds.EnvoyProtoData.DropOverload;
import io.grpc.xds.EnvoyProtoData.Locality; import io.grpc.xds.EnvoyProtoData.Locality;
import io.grpc.xds.EnvoyProtoData.LocalityLbEndpoints; import io.grpc.xds.EnvoyProtoData.LocalityLbEndpoints;
import io.grpc.xds.EnvoyProtoData.StructOrError; import io.grpc.xds.EnvoyProtoData.StructOrError;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
import io.grpc.xds.LoadReportClient.LoadReportCallback; import io.grpc.xds.LoadReportClient.LoadReportCallback;
import io.grpc.xds.XdsLogger.XdsLogLevel; import io.grpc.xds.XdsLogger.XdsLogLevel;
import java.util.ArrayList; import java.util.ArrayList;
@ -1003,7 +1003,7 @@ final class XdsClientImpl extends XdsClient {
} }
try { try {
UpstreamTlsContext upstreamTlsContext = getTlsContextFromCluster(cluster); UpstreamTlsContext upstreamTlsContext = getTlsContextFromCluster(cluster);
if (upstreamTlsContext != null && upstreamTlsContext.hasCommonTlsContext()) { if (upstreamTlsContext != null && upstreamTlsContext.getCommonTlsContext() != null) {
updateBuilder.setUpstreamTlsContext(upstreamTlsContext); updateBuilder.setUpstreamTlsContext(upstreamTlsContext);
} }
} catch (InvalidProtocolBufferException e) { } catch (InvalidProtocolBufferException e) {
@ -1077,10 +1077,11 @@ final class XdsClientImpl extends XdsClient {
throws InvalidProtocolBufferException { throws InvalidProtocolBufferException {
if (cluster.hasTransportSocket() && "tls".equals(cluster.getTransportSocket().getName())) { if (cluster.hasTransportSocket() && "tls".equals(cluster.getTransportSocket().getName())) {
Any any = cluster.getTransportSocket().getTypedConfig(); Any any = cluster.getTransportSocket().getTypedConfig();
return UpstreamTlsContext.parseFrom(any.getValue()); return UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext(
io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext.parseFrom(any.getValue()));
} }
// TODO(sanjaypujare): remove when we move to envoy protos v3 // TODO(sanjaypujare): remove when we move to envoy protos v3
return cluster.getTlsContext(); return UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext(cluster.getTlsContext());
} }
/** /**

7
xds/src/main/java/io/grpc/xds/internal/sds/ClientSslContextProviderFactory.java
View File

@ -16,12 +16,11 @@
package io.grpc.xds.internal.sds; package io.grpc.xds.internal.sds;
import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Preconditions.checkNotNull; import static com.google.common.base.Preconditions.checkNotNull;
import com.google.common.util.concurrent.ThreadFactoryBuilder; import com.google.common.util.concurrent.ThreadFactoryBuilder;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.grpc.xds.Bootstrapper; import io.grpc.xds.Bootstrapper;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
import io.grpc.xds.internal.sds.ReferenceCountingSslContextProviderMap.SslContextProviderFactory; import io.grpc.xds.internal.sds.ReferenceCountingSslContextProviderMap.SslContextProviderFactory;
import java.io.IOException; import java.io.IOException;
import java.util.concurrent.Executors; import java.util.concurrent.Executors;
@ -34,8 +33,8 @@ final class ClientSslContextProviderFactory
@Override @Override
public SslContextProvider createSslContextProvider(UpstreamTlsContext upstreamTlsContext) { public SslContextProvider createSslContextProvider(UpstreamTlsContext upstreamTlsContext) {
checkNotNull(upstreamTlsContext, "upstreamTlsContext"); checkNotNull(upstreamTlsContext, "upstreamTlsContext");
checkArgument( checkNotNull(
upstreamTlsContext.hasCommonTlsContext(), upstreamTlsContext.getCommonTlsContext(),
"upstreamTlsContext should have CommonTlsContext"); "upstreamTlsContext should have CommonTlsContext");
if (CommonTlsContextUtil.hasAllSecretsUsingFilename(upstreamTlsContext.getCommonTlsContext())) { if (CommonTlsContextUtil.hasAllSecretsUsingFilename(upstreamTlsContext.getCommonTlsContext())) {
return SecretVolumeClientSslContextProvider.getProvider(upstreamTlsContext); return SecretVolumeClientSslContextProvider.getProvider(upstreamTlsContext);

2
xds/src/main/java/io/grpc/xds/internal/sds/SdsClientSslContextProvider.java
View File

@ -22,9 +22,9 @@ import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext;
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext; import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext.CombinedCertificateValidationContext; import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext.CombinedCertificateValidationContext;
import io.envoyproxy.envoy.api.v2.auth.SdsSecretConfig; import io.envoyproxy.envoy.api.v2.auth.SdsSecretConfig;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.envoyproxy.envoy.api.v2.core.Node; import io.envoyproxy.envoy.api.v2.core.Node;
import io.grpc.netty.GrpcSslContexts; import io.grpc.netty.GrpcSslContexts;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory; import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory;
import io.netty.handler.ssl.SslContextBuilder; import io.netty.handler.ssl.SslContextBuilder;
import java.io.IOException; import java.io.IOException;

4
xds/src/main/java/io/grpc/xds/internal/sds/SdsProtocolNegotiators.java
View File

@ -19,7 +19,6 @@ package io.grpc.xds.internal.sds;
import static com.google.common.base.Preconditions.checkNotNull; import static com.google.common.base.Preconditions.checkNotNull;
import com.google.common.annotations.VisibleForTesting; import com.google.common.annotations.VisibleForTesting;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.grpc.netty.GrpcHttp2ConnectionHandler; import io.grpc.netty.GrpcHttp2ConnectionHandler;
import io.grpc.netty.InternalNettyChannelBuilder; import io.grpc.netty.InternalNettyChannelBuilder;
import io.grpc.netty.InternalNettyChannelBuilder.ProtocolNegotiatorFactory; import io.grpc.netty.InternalNettyChannelBuilder.ProtocolNegotiatorFactory;
@ -30,6 +29,7 @@ import io.grpc.netty.InternalProtocolNegotiators;
import io.grpc.netty.NettyChannelBuilder; import io.grpc.netty.NettyChannelBuilder;
import io.grpc.netty.ProtocolNegotiationEvent; import io.grpc.netty.ProtocolNegotiationEvent;
import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
import io.grpc.xds.XdsAttributes; import io.grpc.xds.XdsAttributes;
import io.grpc.xds.XdsClientWrapperForServerSds; import io.grpc.xds.XdsClientWrapperForServerSds;
import io.netty.channel.ChannelHandler; import io.netty.channel.ChannelHandler;
@ -126,7 +126,7 @@ public final class SdsProtocolNegotiators {
} }
private static boolean isTlsContextEmpty(UpstreamTlsContext upstreamTlsContext) { private static boolean isTlsContextEmpty(UpstreamTlsContext upstreamTlsContext) {
return upstreamTlsContext == null || !upstreamTlsContext.hasCommonTlsContext(); return upstreamTlsContext == null || upstreamTlsContext.getCommonTlsContext() == null;
} }
@Override @Override

2
xds/src/main/java/io/grpc/xds/internal/sds/SecretVolumeClientSslContextProvider.java
View File

@ -25,8 +25,8 @@ import com.google.common.annotations.VisibleForTesting;
import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext; import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext;
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext; import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
import io.envoyproxy.envoy.api.v2.auth.TlsCertificate; import io.envoyproxy.envoy.api.v2.auth.TlsCertificate;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.grpc.netty.GrpcSslContexts; import io.grpc.netty.GrpcSslContexts;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory; import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory;
import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder; import io.netty.handler.ssl.SslContextBuilder;

2
xds/src/main/java/io/grpc/xds/internal/sds/SslContextProvider.java
View File

@ -21,8 +21,8 @@ import static com.google.common.base.Preconditions.checkState;
import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext; import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext;
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext; import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory; import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory;
import io.netty.handler.ssl.ClientAuth; import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContext;

2
xds/src/main/java/io/grpc/xds/internal/sds/TlsContextHolder.java
View File

@ -21,7 +21,7 @@ import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
/** /**
* A holder of {@link UpstreamTlsContext} or * A holder of {@link UpstreamTlsContext} or
* {@link io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext}. * {@link io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext}.
*/ */
public interface TlsContextHolder { public interface TlsContextHolder {

2
xds/src/main/java/io/grpc/xds/internal/sds/TlsContextManager.java
View File

@ -16,8 +16,8 @@
package io.grpc.xds.internal.sds; package io.grpc.xds.internal.sds;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
public interface TlsContextManager { public interface TlsContextManager {

2
xds/src/main/java/io/grpc/xds/internal/sds/TlsContextManagerImpl.java
View File

@ -19,8 +19,8 @@ package io.grpc.xds.internal.sds;
import static com.google.common.base.Preconditions.checkNotNull; import static com.google.common.base.Preconditions.checkNotNull;
import com.google.common.annotations.VisibleForTesting; import com.google.common.annotations.VisibleForTesting;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
import io.grpc.xds.internal.sds.ReferenceCountingSslContextProviderMap.SslContextProviderFactory; import io.grpc.xds.internal.sds.ReferenceCountingSslContextProviderMap.SslContextProviderFactory;
/** /**

2
xds/src/main/java/io/grpc/xds/internal/sds/UpstreamTlsContextHolder.java
View File

@ -19,7 +19,7 @@ package io.grpc.xds.internal.sds;
import static com.google.common.base.Preconditions.checkNotNull; import static com.google.common.base.Preconditions.checkNotNull;
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext; import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
final class UpstreamTlsContextHolder implements TlsContextHolder { final class UpstreamTlsContextHolder implements TlsContextHolder {

2
xds/src/test/java/io/grpc/xds/CdsLoadBalancerTest.java
View File

@ -38,7 +38,6 @@ import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verify;
import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableList;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.grpc.Attributes; import io.grpc.Attributes;
import io.grpc.ConnectivityState; import io.grpc.ConnectivityState;
import io.grpc.EquivalentAddressGroup; import io.grpc.EquivalentAddressGroup;
@ -59,6 +58,7 @@ import io.grpc.internal.FakeClock;
import io.grpc.internal.ServiceConfigUtil.PolicySelection; import io.grpc.internal.ServiceConfigUtil.PolicySelection;
import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig; import io.grpc.xds.CdsLoadBalancerProvider.CdsConfig;
import io.grpc.xds.EdsLoadBalancerProvider.EdsConfig; import io.grpc.xds.EdsLoadBalancerProvider.EdsConfig;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
import io.grpc.xds.XdsClient.ClusterUpdate; import io.grpc.xds.XdsClient.ClusterUpdate;
import io.grpc.xds.XdsClient.ClusterWatcher; import io.grpc.xds.XdsClient.ClusterWatcher;
import io.grpc.xds.XdsClient.EndpointUpdate; import io.grpc.xds.XdsClient.EndpointUpdate;

10
xds/src/test/java/io/grpc/xds/XdsClientImplTest.java
View File

@ -1453,7 +1453,10 @@ public class XdsClientImplTest {
ArgumentCaptor<ClusterUpdate> clusterUpdateCaptor = ArgumentCaptor.forClass(null); ArgumentCaptor<ClusterUpdate> clusterUpdateCaptor = ArgumentCaptor.forClass(null);
verify(clusterWatcher, times(1)).onClusterChanged(clusterUpdateCaptor.capture()); verify(clusterWatcher, times(1)).onClusterChanged(clusterUpdateCaptor.capture());
ClusterUpdate clusterUpdate = clusterUpdateCaptor.getValue(); ClusterUpdate clusterUpdate = clusterUpdateCaptor.getValue();
assertThat(clusterUpdate.getUpstreamTlsContext()).isEqualTo(testUpstreamTlsContext); assertThat(clusterUpdate.getUpstreamTlsContext())
.isEqualTo(
EnvoyServerProtoData.UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext(
testUpstreamTlsContext));
} }
/** /**
@ -1485,7 +1488,10 @@ public class XdsClientImplTest {
ArgumentCaptor<ClusterUpdate> clusterUpdateCaptor = ArgumentCaptor.forClass(null); ArgumentCaptor<ClusterUpdate> clusterUpdateCaptor = ArgumentCaptor.forClass(null);
verify(clusterWatcher, times(1)).onClusterChanged(clusterUpdateCaptor.capture()); verify(clusterWatcher, times(1)).onClusterChanged(clusterUpdateCaptor.capture());
ClusterUpdate clusterUpdate = clusterUpdateCaptor.getValue(); ClusterUpdate clusterUpdate = clusterUpdateCaptor.getValue();
assertThat(clusterUpdate.getUpstreamTlsContext()).isEqualTo(testUpstreamTlsContext); assertThat(clusterUpdate.getUpstreamTlsContext())
.isEqualTo(
EnvoyServerProtoData.UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext(
testUpstreamTlsContext));
} }
@Test @Test

2
xds/src/test/java/io/grpc/xds/XdsSdsClientServerTest.java
View File

@ -30,7 +30,6 @@ import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.SERVER_1_PEM_FI
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableList;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.grpc.Attributes; import io.grpc.Attributes;
import io.grpc.EquivalentAddressGroup; import io.grpc.EquivalentAddressGroup;
import io.grpc.NameResolver; import io.grpc.NameResolver;
@ -44,6 +43,7 @@ import io.grpc.testing.protobuf.SimpleRequest;
import io.grpc.testing.protobuf.SimpleResponse; import io.grpc.testing.protobuf.SimpleResponse;
import io.grpc.testing.protobuf.SimpleServiceGrpc; import io.grpc.testing.protobuf.SimpleServiceGrpc;
import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
import io.grpc.xds.internal.sds.CommonTlsContextTestsUtil; import io.grpc.xds.internal.sds.CommonTlsContextTestsUtil;
import io.grpc.xds.internal.sds.SdsProtocolNegotiators; import io.grpc.xds.internal.sds.SdsProtocolNegotiators;
import io.grpc.xds.internal.sds.XdsChannelBuilder; import io.grpc.xds.internal.sds.XdsChannelBuilder;

6
xds/src/test/java/io/grpc/xds/internal/sds/ClientSslContextProviderFactoryTest.java
View File

@ -22,7 +22,7 @@ import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.CLIENT_KEY_FILE
import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.CLIENT_PEM_FILE; import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.CLIENT_PEM_FILE;
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext; import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
@ -52,7 +52,7 @@ public class ClientSslContextProviderFactoryTest {
CommonTlsContextTestsUtil.buildCommonTlsContextFromSdsConfigForTlsCertificate( CommonTlsContextTestsUtil.buildCommonTlsContextFromSdsConfigForTlsCertificate(
/* name= */ "name", /* targetUri= */ "unix:/tmp/sds/path", CA_PEM_FILE); /* name= */ "name", /* targetUri= */ "unix:/tmp/sds/path", CA_PEM_FILE);
UpstreamTlsContext upstreamTlsContext = UpstreamTlsContext upstreamTlsContext =
SecretVolumeSslContextProviderTest.buildUpstreamTlsContext(commonTlsContext); CommonTlsContextTestsUtil.buildUpstreamTlsContext(commonTlsContext);
try { try {
SslContextProvider unused = SslContextProvider unused =
@ -74,7 +74,7 @@ public class ClientSslContextProviderFactoryTest {
CLIENT_KEY_FILE, CLIENT_KEY_FILE,
CLIENT_PEM_FILE); CLIENT_PEM_FILE);
UpstreamTlsContext upstreamTlsContext = UpstreamTlsContext upstreamTlsContext =
SecretVolumeSslContextProviderTest.buildUpstreamTlsContext(commonTlsContext); CommonTlsContextTestsUtil.buildUpstreamTlsContext(commonTlsContext);
try { try {
SslContextProvider unused = SslContextProvider unused =

15
xds/src/test/java/io/grpc/xds/internal/sds/CommonTlsContextTestsUtil.java
View File

@ -230,7 +230,7 @@ public class CommonTlsContextTestsUtil {
/** /**
* Helper method to build UpstreamTlsContext for above tests. Called from other classes as well. * Helper method to build UpstreamTlsContext for above tests. Called from other classes as well.
*/ */
public static UpstreamTlsContext buildUpstreamTlsContextFromFilenames( public static EnvoyServerProtoData.UpstreamTlsContext buildUpstreamTlsContextFromFilenames(
@Nullable String privateKey, @Nullable String certChain, @Nullable String trustCa) { @Nullable String privateKey, @Nullable String certChain, @Nullable String trustCa) {
try { try {
if (certChain != null) { if (certChain != null) {
@ -245,7 +245,7 @@ public class CommonTlsContextTestsUtil {
} catch (IOException ioe) { } catch (IOException ioe) {
throw new RuntimeException(ioe); throw new RuntimeException(ioe);
} }
return SecretVolumeSslContextProviderTest.buildUpstreamTlsContext( return buildUpstreamTlsContext(
buildCommonTlsContextFromFilenames(privateKey, certChain, trustCa)); buildCommonTlsContextFromFilenames(privateKey, certChain, trustCa));
} }
@ -280,4 +280,15 @@ public class CommonTlsContextTestsUtil {
} }
return builder.build(); return builder.build();
} }
/**
* Helper method to build UpstreamTlsContext for above tests. Called from other classes as well.
*/
static EnvoyServerProtoData.UpstreamTlsContext buildUpstreamTlsContext(
CommonTlsContext commonTlsContext) {
UpstreamTlsContext upstreamTlsContext =
UpstreamTlsContext.newBuilder().setCommonTlsContext(commonTlsContext).build();
return EnvoyServerProtoData.UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext(
upstreamTlsContext);
}
} }

13
xds/src/test/java/io/grpc/xds/internal/sds/SdsProtocolNegotiatorsTest.java
View File

@ -32,7 +32,6 @@ import com.google.common.base.Strings;
import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext; import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext;
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext; import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
import io.envoyproxy.envoy.api.v2.auth.TlsCertificate; import io.envoyproxy.envoy.api.v2.auth.TlsCertificate;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.envoyproxy.envoy.api.v2.core.DataSource; import io.envoyproxy.envoy.api.v2.core.DataSource;
import io.grpc.Attributes; import io.grpc.Attributes;
import io.grpc.internal.testing.TestUtils; import io.grpc.internal.testing.TestUtils;
@ -41,6 +40,7 @@ import io.grpc.netty.InternalProtocolNegotiationEvent;
import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator; import io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator;
import io.grpc.netty.InternalProtocolNegotiators; import io.grpc.netty.InternalProtocolNegotiators;
import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
import io.grpc.xds.XdsAttributes; import io.grpc.xds.XdsAttributes;
import io.grpc.xds.XdsClientWrapperForServerSds; import io.grpc.xds.XdsClientWrapperForServerSds;
import io.grpc.xds.XdsClientWrapperForServerSdsTest; import io.grpc.xds.XdsClientWrapperForServerSdsTest;
@ -96,17 +96,10 @@ public class SdsProtocolNegotiatorsTest {
/** Builds UpstreamTlsContext from file-names. */ /** Builds UpstreamTlsContext from file-names. */
private static UpstreamTlsContext buildUpstreamTlsContextFromFilenames( private static UpstreamTlsContext buildUpstreamTlsContextFromFilenames(
String privateKey, String certChain, String trustCa) throws IOException { String privateKey, String certChain, String trustCa) throws IOException {
return buildUpstreamTlsContext( return CommonTlsContextTestsUtil.buildUpstreamTlsContext(
buildCommonTlsContextFromFilenames(privateKey, certChain, trustCa)); buildCommonTlsContextFromFilenames(privateKey, certChain, trustCa));
} }
/** Builds UpstreamTlsContext from commonTlsContext. */
private static UpstreamTlsContext buildUpstreamTlsContext(CommonTlsContext commonTlsContext) {
UpstreamTlsContext upstreamTlsContext =
UpstreamTlsContext.newBuilder().setCommonTlsContext(commonTlsContext).build();
return upstreamTlsContext;
}
/** Builds DownstreamTlsContext from commonTlsContext. */ /** Builds DownstreamTlsContext from commonTlsContext. */
private static DownstreamTlsContext buildDownstreamTlsContext(CommonTlsContext commonTlsContext) { private static DownstreamTlsContext buildDownstreamTlsContext(CommonTlsContext commonTlsContext) {
io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext downstreamTlsContext = io.envoyproxy.envoy.api.v2.auth.DownstreamTlsContext downstreamTlsContext =
@ -164,7 +157,7 @@ public class SdsProtocolNegotiatorsTest {
@Test @Test
public void clientSdsProtocolNegotiatorNewHandler_withTlsContextAttribute() { public void clientSdsProtocolNegotiatorNewHandler_withTlsContextAttribute() {
UpstreamTlsContext upstreamTlsContext = UpstreamTlsContext upstreamTlsContext =
buildUpstreamTlsContext( CommonTlsContextTestsUtil.buildUpstreamTlsContext(
getCommonTlsContext(/* tlsCertificate= */ null, /* certContext= */ null)); getCommonTlsContext(/* tlsCertificate= */ null, /* certContext= */ null));
ClientSdsProtocolNegotiator pn = new ClientSdsProtocolNegotiator(); ClientSdsProtocolNegotiator pn = new ClientSdsProtocolNegotiator();
GrpcHttp2ConnectionHandler mockHandler = mock(GrpcHttp2ConnectionHandler.class); GrpcHttp2ConnectionHandler mockHandler = mock(GrpcHttp2ConnectionHandler.class);

2
xds/src/test/java/io/grpc/xds/internal/sds/SdsSslContextProviderTest.java
View File

@ -81,7 +81,7 @@ public class SdsSslContextProviderTest {
/* channelType= */ "inproc"); /* channelType= */ "inproc");
return SdsClientSslContextProvider.getProvider( return SdsClientSslContextProvider.getProvider(
SecretVolumeSslContextProviderTest.buildUpstreamTlsContext(commonTlsContext), CommonTlsContextTestsUtil.buildUpstreamTlsContext(commonTlsContext),
node, node,
MoreExecutors.directExecutor(), MoreExecutors.directExecutor(),
MoreExecutors.directExecutor()); MoreExecutors.directExecutor());

17
xds/src/test/java/io/grpc/xds/internal/sds/SecretVolumeSslContextProviderTest.java
View File

@ -25,9 +25,7 @@ import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.SERVER_1_PEM_FI
import com.google.common.util.concurrent.MoreExecutors; import com.google.common.util.concurrent.MoreExecutors;
import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext; import io.envoyproxy.envoy.api.v2.auth.CertificateValidationContext;
import io.envoyproxy.envoy.api.v2.auth.CommonTlsContext;
import io.envoyproxy.envoy.api.v2.auth.TlsCertificate; import io.envoyproxy.envoy.api.v2.auth.TlsCertificate;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.envoyproxy.envoy.api.v2.core.DataSource; import io.envoyproxy.envoy.api.v2.core.DataSource;
import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContext;
import java.io.IOException; import java.io.IOException;
@ -296,7 +294,7 @@ public class SecretVolumeSslContextProviderTest {
CertificateValidationContext certContext = CertificateValidationContext.getDefaultInstance(); CertificateValidationContext certContext = CertificateValidationContext.getDefaultInstance();
try { try {
SecretVolumeClientSslContextProvider.getProvider( SecretVolumeClientSslContextProvider.getProvider(
buildUpstreamTlsContext( CommonTlsContextTestsUtil.buildUpstreamTlsContext(
CommonTlsContextTestsUtil.getCommonTlsContext( CommonTlsContextTestsUtil.getCommonTlsContext(
/* tlsCertificate= */ null, certContext))); /* tlsCertificate= */ null, certContext)));
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
@ -318,7 +316,7 @@ public class SecretVolumeSslContextProviderTest {
.build(); .build();
try { try {
SecretVolumeClientSslContextProvider.getProvider( SecretVolumeClientSslContextProvider.getProvider(
buildUpstreamTlsContext( CommonTlsContextTestsUtil.buildUpstreamTlsContext(
CommonTlsContextTestsUtil.getCommonTlsContext(tlsCert, certContext))); CommonTlsContextTestsUtil.getCommonTlsContext(tlsCert, certContext)));
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
@ -339,7 +337,7 @@ public class SecretVolumeSslContextProviderTest {
.build(); .build();
try { try {
SecretVolumeClientSslContextProvider.getProvider( SecretVolumeClientSslContextProvider.getProvider(
buildUpstreamTlsContext( CommonTlsContextTestsUtil.buildUpstreamTlsContext(
CommonTlsContextTestsUtil.getCommonTlsContext(tlsCert, certContext))); CommonTlsContextTestsUtil.getCommonTlsContext(tlsCert, certContext)));
Assert.fail("no exception thrown"); Assert.fail("no exception thrown");
} catch (IllegalArgumentException expected) { } catch (IllegalArgumentException expected) {
@ -389,15 +387,6 @@ public class SecretVolumeSslContextProviderTest {
} }
} }
/**
* Helper method to build UpstreamTlsContext for above tests. Called from other classes as well.
*/
static UpstreamTlsContext buildUpstreamTlsContext(CommonTlsContext commonTlsContext) {
UpstreamTlsContext upstreamTlsContext =
UpstreamTlsContext.newBuilder().setCommonTlsContext(commonTlsContext).build();
return upstreamTlsContext;
}
@Test @Test
public void getProviderForServer() throws IOException, CertificateException, CertStoreException { public void getProviderForServer() throws IOException, CertificateException, CertStoreException {
sslContextForEitherWithBothCertAndTrust( sslContextForEitherWithBothCertAndTrust(

2
xds/src/test/java/io/grpc/xds/internal/sds/TlsContextManagerTest.java
View File

@ -30,8 +30,8 @@ import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
import io.envoyproxy.envoy.api.v2.auth.UpstreamTlsContext;
import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext;
import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
import io.grpc.xds.internal.sds.ReferenceCountingSslContextProviderMap.SslContextProviderFactory; import io.grpc.xds.internal.sds.ReferenceCountingSslContextProviderMap.SslContextProviderFactory;
import java.lang.reflect.Field; import java.lang.reflect.Field;
import org.junit.Before; import org.junit.Before;