From d782f4689fb78cc668a22e88a3ab46ec9859e88f Mon Sep 17 00:00:00 2001 From: sanjaypujare Date: Fri, 26 Jun 2020 18:22:09 -0700 Subject: [PATCH] xds: use env variable and a boolean to enable xds security code (#7165) --- .../main/java/io/grpc/xds/CdsLoadBalancer.java | 16 +++++++++++++++- .../java/io/grpc/xds/CdsLoadBalancerTest.java | 4 ++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer.java b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer.java index c4a45f45a0..d0b9248ac4 100644 --- a/xds/src/main/java/io/grpc/xds/CdsLoadBalancer.java +++ b/xds/src/main/java/io/grpc/xds/CdsLoadBalancer.java @@ -57,6 +57,9 @@ public final class CdsLoadBalancer extends LoadBalancer { private final LoadBalancerRegistry lbRegistry; private final GracefulSwitchLoadBalancer switchingLoadBalancer; private final TlsContextManager tlsContextManager; + // TODO(sanjaypujare): remove once xds security is released + private boolean enableXdsSecurity; + private static final String XDS_SECURITY_ENV_VAR = "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT"; // The following fields become non-null once handleResolvedAddresses() successfully. @@ -128,6 +131,17 @@ public final class CdsLoadBalancer extends LoadBalancer { } } + // TODO(sanjaypujare): remove once xDS security is released + private boolean isXdsSecurityEnabled() { + return enableXdsSecurity || Boolean.valueOf(System.getenv(XDS_SECURITY_ENV_VAR)); + } + + // TODO(sanjaypujare): remove once xDS security is released + @VisibleForTesting + void setXdsSecurity(boolean enable) { + enableXdsSecurity = enable; + } + /** * A load balancer factory that provides a load balancer for a given cluster. */ @@ -290,7 +304,7 @@ public final class CdsLoadBalancer extends LoadBalancer { /* edsServiceName = */ newUpdate.getEdsServiceName(), /* lrsServerName = */ newUpdate.getLrsServerName(), new PolicySelection(lbProvider, ImmutableMap.of(), lbConfig)); - if (false) { + if (isXdsSecurityEnabled()) { updateSslContextProvider(newUpdate.getUpstreamTlsContext()); } if (edsBalancer == null) { diff --git a/xds/src/test/java/io/grpc/xds/CdsLoadBalancerTest.java b/xds/src/test/java/io/grpc/xds/CdsLoadBalancerTest.java index 32319b17cf..34d57be999 100644 --- a/xds/src/test/java/io/grpc/xds/CdsLoadBalancerTest.java +++ b/xds/src/test/java/io/grpc/xds/CdsLoadBalancerTest.java @@ -76,7 +76,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import org.junit.Before; -import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -339,9 +338,10 @@ public class CdsLoadBalancerTest { assertThat(xdsClientPool.xdsClient).isNull(); } - @Ignore @Test public void handleCdsConfigUpdate_withUpstreamTlsContext() { + assertThat(cdsLoadBalancer).isInstanceOf(CdsLoadBalancer.class); + ((CdsLoadBalancer)cdsLoadBalancer).setXdsSecurity(true); assertThat(xdsClient).isNull(); ResolvedAddresses resolvedAddresses1 = ResolvedAddresses.newBuilder()