Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
The C based gRPC (C++, Python, Ruby, Objective-C, PHP, C#) https://grpc.io/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51056 Commits
276 Branches
377 Tags
1.2 GiB
Tag: Branch: Tree: b8e3e59b15
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b8e3e59b15'
${ noResults }
grpc/test/cpp/end2end/xds/xds_end2end_test.cc

4005 lines
182 KiB
Raw Normal View History Unescape

Revert "Revert "start splitting up xds_end2end_test (#27702)" (#27725)" (#27726) This reverts commit 9177c5324ad17364943574546158abbc0d150266.
3 years ago
// Copyright 2017 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// TODO(roth): Split this file up into a common test framework and a set
// of test files that use that framework. Need to figure out the best
// way to split up the tests. One option would be to split it up by xDS
// resource type; another approach would be to have all of the "core"
// xDS functionality in one file and then move specific features to
// their own files (e.g., mTLS security, fault injection, circuit
// breaking, etc).
Use real resolver in xds lb channel
6 years ago
Converting AdsServiceImpl to a Fake - Allow Resources to be set - Allow clients to subscribe/unsubscribe to resources - Managing, storing, and versioning resources correctly based on updates - Correct ACK/NACK according to XDS protocol - Started a separate blocking thread to be used for stream read - Handling both requests from clients and updates from tests and respond with the correct version of resource - Consolidated all 4 resources (LDS, CDS, EDS, RDS) to share common code - Updated all tests to use the fake properly - Fixed potential crash cases in the subchannel thread for clean TSAN, UBSAN runs
5 years ago
#include <deque>
Use real resolver in xds lb channel
6 years ago
#include <memory>
#include <mutex>
Handle EDS response update in locality map
5 years ago
#include <numeric>
Use real resolver in xds lb channel
6 years ago
#include <set>
#include <sstream>
Gracefully switch xds policy instances when cluster name changes, and other LRS-related fixes.
5 years ago
#include <string>
Use real resolver in xds lb channel
6 years ago
#include <thread>
Gracefully switch xds policy instances when cluster name changes, and other LRS-related fixes.
5 years ago
#include <vector>
Use real resolver in xds lb channel
6 years ago
Fix channel to apply new ConfigSelector even if ServiceConfig hasn't changed.
4 years ago
#include <gmock/gmock.h>
#include <gtest/gtest.h>
xDS server config fetcher
4 years ago
#include "absl/functional/bind_front.h"
Fix by modernize-make-unique
4 years ago
#include "absl/memory/memory.h"
xds: notify watchers when NACKing resource updates (#26757) * xds: notify watchers when NACKing resource updates * check status of failed RPC when waiting for NACK
3 years ago
#include "absl/strings/match.h"
Replace most uses of gpr_asprintf() with absl calls.
4 years ago
#include "absl/strings/str_cat.h"
Ring hash implementation (#26356) * Ring hash implementation * Fixing an error caught during import: ipv6 addresses need small modifications when creating the ring entry. * fixing an error * removing debugs * Remove unnecssary hashing * small cleanup
4 years ago
#include "absl/strings/str_format.h"
xDS server config fetcher
4 years ago
#include "absl/strings/str_join.h"
xDS Federation: bootstrap and xds_resolver changes (#27938) * xDS Federation: bootstrap and xds_resolver changes * code review fixes * fixing code review comments * fixing code review comments * fixing code review comments * code review comments * fixing code review comments * First very basic test to make sure parsing and reconstruction work as expected. * clean up * fixing logic error about authority * fixing resource type parsing * fixing code review comments * simplify parsing! * Parsing method signature update * fixing code review comments * clean up * working progress for the test with generated bootstrap * reorg the bootstrap file * fixing tests * Adding more to test authorities * Added a test and it passes * addressing code review comments * code review comments to make parser cleaner and more efficient * Merge in authority prefixes * fixing sanity error and xds boostrap test error * small fix * Release all tests that pass; reduce scope for DeadUpdate * Updated test strcuture and how to pass in the index for balancers to be used as xds server uri and authority xds server uri * code review comments * code review fixes * code review comment * Making test structure changes * fixing code review comments * fixing code review comments * Fixing test regression * fixing bootstrap tests * cleanup files * enabling localhost:xxx for xds server; updated server tests and will fix one more NameExpected test with testsetup. * Finally removing fake reolsver for xds server * Fixing bootstrap tests * Rewrite builder * Fixing code review comments * fixing code review comments * Fixing all tests to use Setup again * fixing small sanity error * Found the source of xds server nack test faiure and fix added * small code review fixes * Remove fake resolver! YAY! * Fixing according to code review comments * Setup plugin in bootfile * Added more tests. * Adding server test * fixing a regression * regression * sanity fix * fixing code review * fixing code review comments * Re-combine SecurityNaming tests. * Add Rds new resource type and new tests * Added PercentEncode test * fixing code review comments * refactor test a bit more * fixing code review comments * fixing according to code review comments * fixing code review comments * fixing code review comments
3 years ago
#include "absl/strings/str_replace.h"
Fix channel to apply new ConfigSelector even if ServiceConfig hasn't changed.
4 years ago
#include "absl/types/optional.h"
Replace most uses of gpr_asprintf() with absl calls.
4 years ago
Use real resolver in xds lb channel
6 years ago
#include <grpc/grpc.h>
xDS client security integration
4 years ago
#include <grpc/grpc_security.h>
Use real resolver in xds lb channel
6 years ago
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/time.h>
#include <grpcpp/channel.h>
#include <grpcpp/client_context.h>
#include <grpcpp/create_channel.h>
xDS client security integration
4 years ago
#include <grpcpp/security/tls_certificate_provider.h>
Use real resolver in xds lb channel
6 years ago
#include <grpcpp/server.h>
#include <grpcpp/server_builder.h>
xDS server config fetcher
4 years ago
#include <grpcpp/xds_server_builder.h>
Use real resolver in xds lb channel
6 years ago
Added new configuration system to core/grp. More generic configuration system is introduced in order to i) unify the way how modules access the configurations instead of using low-level get/setenv functions and ii) enable the customization for where configuration is stored. This could be extended to support flag, file, etc. Default configuration system uses environment variables as before so basically this is expected to work just as it did. This behavior can change by redefining GPR_GLOBAL_CONFIG_DEFINE_*type* macros. * Migrated configuration GRPC_CLIENT_CHANNEL_BACKUP_POLL_INTERVAL_MS GRPC_EXPERIMENTAL_DISABLE_FLOW_CONTROL GRPC_ABORT_ON_LEAKS GRPC_NOT_USE_SYSTEM_SSL_ROOTS
6 years ago
#include "src/core/ext/filters/client_channel/backup_poller.h"
Cds Watchers changes to support aggregate Cds and Logical DNS Cds.
4 years ago
#include "src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h"
Use real resolver in xds lb channel
6 years ago
#include "src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h"
HTTP: Conditionally allow PUT requests (#29397) * Maybe fix for PUT deprecation * Guard PUT request accepting with a flag and add tests * Reviewer comments * Add fallthrough notation * Reviewer comments Co-authored-by: Craig Tiller <ctiller@google.com>
3 years ago
#include "src/core/ext/filters/http/client/http_client_filter.h"
xDS client security integration
4 years ago
#include "src/core/ext/xds/certificate_provider_registry.h"
Move XdsClient code out of client_channel tree.
4 years ago
#include "src/core/ext/xds/xds_api.h"
Stop propagating parent channel args into xDS channel.
4 years ago
#include "src/core/ext/xds/xds_channel_args.h"
#include "src/core/ext/xds/xds_client.h"
Second attempt: XdsClient: remove resource-type-specific methods from XdsClient API (#28305) * Revert "Revert "XdsClient: remove resource-type-specific methods from XdsClient API (#28231)" (#28301)" This reverts commit 3e779b68feb1d1434aeb5b0c9ac4c79f721d0181. * remove global resource type registry
3 years ago
#include "src/core/ext/xds/xds_listener.h"
move parse_address and sockaddr_utils out of iomgr directory (#26077) * move parse_address and sockaddr_utils out of iomgr directory * clang-format * fix python * fix for import * fix build file for import
4 years ago
#include "src/core/lib/address_utils/parse_address.h"
priority and ring_hash LBs: fix interactions when using ring_hash under priority (#29332) * refactor connection delay injection from client_lb_end2end_test * fix build * fix build on older compilers * clang-format * buildifier * a bit of code cleanup * start failover time whenever the child reports CONNECTING, and don't cancel when deactivating * clang-format * rewrite test * simplify logic in priority policy * clang-format * switch to using a bit to indicate child healthiness * fix reversed comment * more changes in priority and ring_hash. priority: - go back to starting failover timer upon CONNECTING, but only if seen READY or IDLE more recently than TRANSIENT_FAILURE ring_hash: - don't flap back and forth between IDLE and CONNECTING; once we go CONNECTING, we stay there until either TF or READY - after the first subchannel goes TF, we proactively start another subchannel connecting, just like we do after a second subchannel reports TF, to ensure that we don't stay in CONNECTING indefinitely if we aren't getting any new picks - always return ring hash's picker, regardless of connectivity state - update the subchannel connectivity state seen by the picker upon subchannel list creation - start proactive subchannel connection attempt upon subchannel list creation if needed * ring_hash: fix connectivity state seen by aggregation and picker * fix obiwan error * swap the order of ring_hash aggregation rules 3 and 4 * restore original test * refactor connection injector QueuedAttempt code * add test showing that ring_hash will continue connecting without picks * clang-format * don't actually need seen_failure_since_ready_ anymore * fix TSAN problem * address code review comments
3 years ago
#include "src/core/lib/address_utils/sockaddr_utils.h"
Stop propagating parent channel args into xDS channel.
4 years ago
#include "src/core/lib/channel/channel_args.h"
Use real resolver in xds lb channel
6 years ago
#include "src/core/lib/gpr/env.h"
Implement xDS client-side fault injection filter (#24354) * Refactored with dynamic filters * Error-tolerance tuned * Fix leak of grpc_error and data race of canceller * Adopt the latest xDS HTTP filter framework * Fix fault injection tests' conflict with router filter * Test alternative setup (override, no-override) without copy * Refactor file strcutures of fault injection filter * Rewrite the Json parsing/assembling logic again * Added logic for aborting streaming RPC && resolve comments
4 years ago
#include "src/core/lib/gpr/string.h"
A previous fix which changed grpc_cycle_counter_to_millis_round_down/up was not the correct fix and caused window test issues. The correct fix is to ensure the test uses the same time apis as the product code: grp_get_cycle_counter (which is platform dependent) to get current time. Tested both in open source and patched into google3 to ensure successful import: https://critique-ng.corp.google.com/cl/349981071/analysis
4 years ago
#include "src/core/lib/gpr/time_precise.h"
Change xds_end2end_test to write out its own bootstrap files.
5 years ago
#include "src/core/lib/gpr/tmpfile.h"
Use real resolver in xds lb channel
6 years ago
#include "src/core/lib/gprpp/ref_counted_ptr.h"
Use LRS in xds policy
5 years ago
#include "src/core/lib/gprpp/sync.h"
grpc_millis -> Timestamp/Duration (#28119) * wip * Automated change: Fix sanity tests * fixes * progress * progress * grpc compiles * Automated change: Fix sanity tests * fixing tests * x * progress * better code * Automated change: Fix sanity tests * progress * progress * windows fix * Make Duration metadata trivial * better message * fix * Automated change: Fix sanity tests * fix * fix * fix * fix * Automated change: Fix sanity tests * Automated change: Fix sanity tests * fix * progress * fixes * fix * fix * spam * un-disable errantly disabled tests * gain insight * Automated change: Fix sanity tests * fixes * fixes * fix * debug * tweak * fix * fix timeout * fix comment * fixes * x * better test * tests * Automated change: Fix sanity tests * missed file * fix * x * fix * fix * fix * fix * Automated change: Fix sanity tests * fix * merge * Automated change: Fix sanity tests * fix Co-authored-by: ctiller <ctiller@users.noreply.github.com>
3 years ago
#include "src/core/lib/gprpp/time.h"
Revert "Revert "Made grpc_core::Mutex compatible to absl::Mutex" (#25537)" (#25549) This reverts commit 8e268dcec86ab342bfb0256c79cf07e7d520b51c.
4 years ago
#include "src/core/lib/gprpp/time_util.h"
xDS client security integration
4 years ago
#include "src/core/lib/iomgr/load_file.h"
Use real resolver in xds lb channel
6 years ago
#include "src/core/lib/iomgr/sockaddr.h"
Move resolver code around a little (#27846) * move service config * service config should not depend on grpc_base * move resolver, deal with fallout * Automated change: Fix sanity tests * fix * fix * Automated change: Fix sanity tests * review feedback * review feedback * fix * Automated change: Fix sanity tests * fix * Automated change: Fix sanity tests * fix vis * fix * fixes * Automated change: Fix sanity tests * visibility * fix Co-authored-by: ctiller <ctiller@users.noreply.github.com>
3 years ago
#include "src/core/lib/resolver/server_address.h"
Use real resolver in xds lb channel
6 years ago
#include "src/core/lib/security/credentials/fake/fake_credentials.h"
#include "src/cpp/client/secure_credentials.h"
#include "src/cpp/server/secure_server_credentials.h"
#include "src/proto/grpc/testing/echo.grpc.pb.h"
Use ADS
5 years ago
#include "src/proto/grpc/testing/xds/ads_for_test.grpc.pb.h"
Add CDS to xds client
5 years ago
#include "src/proto/grpc/testing/xds/cds_for_test.grpc.pb.h"
Move xds protos to testing/
5 years ago
#include "src/proto/grpc/testing/xds/eds_for_test.grpc.pb.h"
Add LDS/RDS into XdsClient
5 years ago
#include "src/proto/grpc/testing/xds/lds_rds_for_test.grpc.pb.h"
Move xds protos to testing/
5 years ago
#include "src/proto/grpc/testing/xds/lrs_for_test.grpc.pb.h"
xDS v3 support
4 years ago
#include "src/proto/grpc/testing/xds/v3/ads.grpc.pb.h"
Cds Watchers changes to support aggregate Cds and Logical DNS Cds.
4 years ago
#include "src/proto/grpc/testing/xds/v3/aggregate_cluster.grpc.pb.h"
xDS v3 support
4 years ago
#include "src/proto/grpc/testing/xds/v3/cluster.grpc.pb.h"
#include "src/proto/grpc/testing/xds/v3/discovery.grpc.pb.h"
#include "src/proto/grpc/testing/xds/v3/endpoint.grpc.pb.h"
Implement xDS client-side fault injection filter (#24354) * Refactored with dynamic filters * Error-tolerance tuned * Fix leak of grpc_error and data race of canceller * Adopt the latest xDS HTTP filter framework * Fix fault injection tests' conflict with router filter * Test alternative setup (override, no-override) without copy * Refactor file strcutures of fault injection filter * Rewrite the Json parsing/assembling logic again * Added logic for aborting streaming RPC && resolve comments
4 years ago
#include "src/proto/grpc/testing/xds/v3/fault.grpc.pb.h"
xDS v3 support
4 years ago
#include "src/proto/grpc/testing/xds/v3/http_connection_manager.grpc.pb.h"
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
#include "src/proto/grpc/testing/xds/v3/http_filter_rbac.grpc.pb.h"
xDS v3 support
4 years ago
#include "src/proto/grpc/testing/xds/v3/listener.grpc.pb.h"
#include "src/proto/grpc/testing/xds/v3/lrs.grpc.pb.h"
#include "src/proto/grpc/testing/xds/v3/route.grpc.pb.h"
Second attempt: xDS HTTP filter support for gRPC client (#25558) * Revert "Revert "xDS HTTP filter support for gRPC client" (#25555)" This reverts commit 785a128a837cbb183eff16150ef82539e9cd7e5c. * xds_end2end_test: avoid flakes from lingering shutdown from previous test
4 years ago
#include "src/proto/grpc/testing/xds/v3/router.grpc.pb.h"
xDS client security integration
4 years ago
#include "src/proto/grpc/testing/xds/v3/tls.grpc.pb.h"
Re-introduce "CSDS Implementation" (#25762) * Revert "Revert "CSDS Implementation (#25038)" (#25745)" This reverts commit 98fd4e1e36666bfc567dc67b8f58d20e91915218. * Add xDS special Bazel build rules * Add 2 todos to remove the added rules
4 years ago
#include "test/core/util/port.h"
#include "test/core/util/test_config.h"
xds_end2end_test: move routing tests to their own file (#29409) * xds_end2end_test: move routing tests to their own file * clang-format and clang-tidy * re-add flaky label
3 years ago
#include "test/cpp/end2end/xds/no_op_http_filter.h"
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
#include "test/cpp/end2end/xds/xds_end2end_test_lib.h"
Add macro to define gtest death_test_style using an older syntax (#27042) This temporarily unblocks a related gtest upgrade. The ultimate goal is to upgraade our gtest dependencies, but I don't have the cycles to manage a potentially messy migration until at least next week. This PR is coordinated with an internal change.
3 years ago
#include "test/cpp/util/test_config.h"
Support Custom Post-handshake Verification in TlsCredentials (#25631) * custom verification refactoring - post-handshake verification
3 years ago
#include "test/cpp/util/tls_test_utils.h"
Re-introduce "CSDS Implementation" (#25762) * Revert "Revert "CSDS Implementation (#25038)" (#25745)" This reverts commit 98fd4e1e36666bfc567dc67b8f58d20e91915218. * Add xDS special Bazel build rules * Add 2 todos to remove the added rules
4 years ago
Use real resolver in xds lb channel
6 years ago
namespace grpc {
namespace testing {
namespace {
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
using ::envoy::config::listener::v3::FilterChainMatch;
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
using ::envoy::config::rbac::v3::Policy;
using ::envoy::config::rbac::v3::RBAC_Action;
using ::envoy::config::rbac::v3::RBAC_Action_ALLOW;
using ::envoy::config::rbac::v3::RBAC_Action_DENY;
using ::envoy::config::rbac::v3::RBAC_Action_LOG;
using ::envoy::extensions::filters::http::rbac::v3::RBAC;
using ::envoy::extensions::filters::http::rbac::v3::RBACPerRoute;
xDS server config fetcher
4 years ago
using ::envoy::extensions::transport_sockets::tls::v3::DownstreamTlsContext;
xDS client security integration
4 years ago
using ::envoy::extensions::transport_sockets::tls::v3::UpstreamTlsContext;
Add SANs matching for xDS credentials
4 years ago
using ::envoy::type::matcher::v3::StringMatcher;
xDS v3 support
4 years ago
Support Custom Post-handshake Verification in TlsCredentials (#25631) * custom verification refactoring - post-handshake verification
3 years ago
using ::grpc::experimental::ExternalCertificateVerifier;
using ::grpc::experimental::IdentityKeyCertPair;
using ::grpc::experimental::StaticDataCertificateProvider;
xDS v3 support
4 years ago
xDS client security integration
4 years ago
constexpr char kClientCertPath[] = "src/core/tsi/test_creds/client.pem";
constexpr char kClientKeyPath[] = "src/core/tsi/test_creds/client.key";
constexpr char kBadClientCertPath[] = "src/core/tsi/test_creds/badclient.pem";
constexpr char kBadClientKeyPath[] = "src/core/tsi/test_creds/badclient.key";
Change xds_end2end_test to write out its own bootstrap files.
5 years ago
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
// Based on StaticDataCertificateProvider, but provides alternate certificates
// if the certificate name is not empty.
class FakeCertificateProvider final : public grpc_tls_certificate_provider {
public:
struct CertData {
std::string root_certificate;
grpc_core::PemKeyCertPairList identity_key_cert_pairs;
xds: notify watchers when NACKing resource updates (#26757) * xds: notify watchers when NACKing resource updates * check status of failed RPC when waiting for NACK
3 years ago
};
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
using CertDataMap = std::map<std::string /*cert_name */, CertData>;
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
class CertDataMapWrapper {
public:
CertDataMap Get() {
Prevent direct usage of absl::Mutex (#29424) * Add script to prevent absl::Mutex occurrences * sanity and fixes * shellcheck
3 years ago
grpc_core::MutexLock lock(&mu_);
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
return cert_data_map_;
}
void Set(CertDataMap data) {
Prevent direct usage of absl::Mutex (#29424) * Add script to prevent absl::Mutex occurrences * sanity and fixes * shellcheck
3 years ago
grpc_core::MutexLock lock(&mu_);
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
cert_data_map_ = std::move(data);
}
private:
Prevent direct usage of absl::Mutex (#29424) * Add script to prevent absl::Mutex occurrences * sanity and fixes * shellcheck
3 years ago
grpc_core::Mutex mu_;
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
CertDataMap cert_data_map_ ABSL_GUARDED_BY(mu_);
};
Use real resolver in xds lb channel
6 years ago
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
explicit FakeCertificateProvider(CertDataMap cert_data_map)
: distributor_(
grpc_core::MakeRefCounted<grpc_tls_certificate_distributor>()),
cert_data_map_(std::move(cert_data_map)) {
distributor_->SetWatchStatusCallback([this](std::string cert_name,
bool root_being_watched,
bool identity_being_watched) {
if (!root_being_watched && !identity_being_watched) return;
auto it = cert_data_map_.find(cert_name);
if (it == cert_data_map_.end()) {
grpc_error_handle error =
GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrCat(
"No certificates available for cert_name \"", cert_name, "\""));
distributor_->SetErrorForCert(cert_name, GRPC_ERROR_REF(error),
GRPC_ERROR_REF(error));
GRPC_ERROR_UNREF(error);
} else {
absl::optional<std::string> root_certificate;
absl::optional<grpc_core::PemKeyCertPairList> pem_key_cert_pairs;
if (root_being_watched) {
root_certificate = it->second.root_certificate;
}
if (identity_being_watched) {
pem_key_cert_pairs = it->second.identity_key_cert_pairs;
}
distributor_->SetKeyMaterials(cert_name, std::move(root_certificate),
std::move(pem_key_cert_pairs));
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
}
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
});
xds: notify watchers when NACKing resource updates (#26757) * xds: notify watchers when NACKing resource updates * check status of failed RPC when waiting for NACK
3 years ago
}
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
~FakeCertificateProvider() override {
distributor_->SetWatchStatusCallback(nullptr);
Support RDS updates on the server (#27851) * Port changes from #27388 * Reviewer comments * Fix resource timeout issue * Cleanup * Fix clang-tidy * Revert benchmark * Restructure * clang-tidy * Automated change: Fix sanity tests * Partial commit * Reviewer comments * Fixes * Reviewer comments * Reviewer comments * Reviewer comments * Reviewer comments * clang-format * Fix FaultInjection tests * clang-tidy Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
}
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
grpc_core::RefCountedPtr<grpc_tls_certificate_distributor> distributor()
const override {
return distributor_;
xds_end2end_test: allow setting Listener to use in SetRouteConfiguration() (#27756) * xds_end2end_test: allow setting Listener to use in SetRouteConfiguration() * clang-format
3 years ago
}
security and subchannel: implement UniqueTypeName and use it in these interfaces (#29709) * implement UniqueTypeName API * convert security code to use UniqueTypeName * change subchannel data producer API to use UniqueTypeName * sanitize * add missing build dep * fix credentials_test * fix certificate_provider_store_test * fix tls_security_connector_test * attempt to fix windows build * avoid unnecessary allocation * work around MSVC 2017 bug * sanity * change factory to not be templated * fix sanity * fix bug in chttp2 connector that used server creds instead of channel creds * add missing build dep * simplify API
3 years ago
grpc_core::UniqueTypeName type() const override {
static grpc_core::UniqueTypeName::Factory kFactory("fake");
return kFactory.Create();
}
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
private:
int CompareImpl(const grpc_tls_certificate_provider* other) const override {
// TODO(yashykt): Maybe do something better here.
return grpc_core::QsortCompare(
static_cast<const grpc_tls_certificate_provider*>(this), other);
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
}
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
grpc_core::RefCountedPtr<grpc_tls_certificate_distributor> distributor_;
CertDataMap cert_data_map_;
};
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
class FakeCertificateProviderFactory
: public grpc_core::CertificateProviderFactory {
public:
class Config : public grpc_core::CertificateProviderFactory::Config {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
public:
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
explicit Config(const char* name) : name_(name) {}
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
const char* name() const override { return name_; }
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
std::string ToString() const override { return "{}"; }
xds_end2end_test: allow setting Listener to use in SetRouteConfiguration() (#27756) * xds_end2end_test: allow setting Listener to use in SetRouteConfiguration() * clang-format
3 years ago
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
private:
const char* name_;
};
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
FakeCertificateProviderFactory(
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
const char* name,
FakeCertificateProvider::CertDataMapWrapper* cert_data_map)
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
: name_(name), cert_data_map_(cert_data_map) {
GPR_ASSERT(cert_data_map != nullptr);
xds_end2end_test: make each individual test start the number of backends it needs (#29271) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * fix test flake * clang-tidy * clang-format
3 years ago
}
xDS client security integration
4 years ago
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
const char* name() const override { return name_; }
Use LRS in xds policy
5 years ago
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
grpc_core::RefCountedPtr<grpc_core::CertificateProviderFactory::Config>
CreateCertificateProviderConfig(const grpc_core::Json& /*config_json*/,
grpc_error_handle* /*error*/) override {
return grpc_core::MakeRefCounted<Config>(name_);
xds_end2end_test: make each individual test start the number of backends it needs (#29271) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * fix test flake * clang-tidy * clang-format
3 years ago
}
Use LRS in xds policy
5 years ago
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
grpc_core::RefCountedPtr<grpc_tls_certificate_provider>
CreateCertificateProvider(
grpc_core::RefCountedPtr<grpc_core::CertificateProviderFactory::Config>
/*config*/) override {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
GPR_ASSERT(cert_data_map_ != nullptr);
return grpc_core::MakeRefCounted<FakeCertificateProvider>(
cert_data_map_->Get());
xds_end2end_test: make each individual test start the number of backends it needs (#29271) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * fix test flake * clang-tidy * clang-format
3 years ago
}
Use LRS in xds policy
5 years ago
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
private:
const char* name_;
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
FakeCertificateProvider::CertDataMapWrapper* cert_data_map_;
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
};
Use LRS in xds policy
5 years ago
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
// Global variables for each provider.
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
FakeCertificateProvider::CertDataMapWrapper* g_fake1_cert_data_map = nullptr;
FakeCertificateProvider::CertDataMapWrapper* g_fake2_cert_data_map = nullptr;
Re-introduce "CSDS Implementation" (#25762) * Revert "Revert "CSDS Implementation (#25038)" (#25745)" This reverts commit 98fd4e1e36666bfc567dc67b8f58d20e91915218. * Add xDS special Bazel build rules * Add 2 todos to remove the added rules
4 years ago
xds_end2end_test: make each individual test start the number of backends it needs (#29271) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * fix test flake * clang-tidy * clang-format
3 years ago
class XdsSecurityTest : public XdsEnd2endTest {
xDS client security integration
4 years ago
protected:
xDS Federation: bootstrap and xds_resolver changes (#27938) * xDS Federation: bootstrap and xds_resolver changes * code review fixes * fixing code review comments * fixing code review comments * fixing code review comments * code review comments * fixing code review comments * First very basic test to make sure parsing and reconstruction work as expected. * clean up * fixing logic error about authority * fixing resource type parsing * fixing code review comments * simplify parsing! * Parsing method signature update * fixing code review comments * clean up * working progress for the test with generated bootstrap * reorg the bootstrap file * fixing tests * Adding more to test authorities * Added a test and it passes * addressing code review comments * code review comments to make parser cleaner and more efficient * Merge in authority prefixes * fixing sanity error and xds boostrap test error * small fix * Release all tests that pass; reduce scope for DeadUpdate * Updated test strcuture and how to pass in the index for balancers to be used as xds server uri and authority xds server uri * code review comments * code review fixes * code review comment * Making test structure changes * fixing code review comments * fixing code review comments * Fixing test regression * fixing bootstrap tests * cleanup files * enabling localhost:xxx for xds server; updated server tests and will fix one more NameExpected test with testsetup. * Finally removing fake reolsver for xds server * Fixing bootstrap tests * Rewrite builder * Fixing code review comments * fixing code review comments * Fixing all tests to use Setup again * fixing small sanity error * Found the source of xds server nack test faiure and fix added * small code review fixes * Remove fake resolver! YAY! * Fixing according to code review comments * Setup plugin in bootfile * Added more tests. * Adding server test * fixing a regression * regression * sanity fix * fixing code review * fixing code review comments * Re-combine SecurityNaming tests. * Add Rds new resource type and new tests * Added PercentEncode test * fixing code review comments * refactor test a bit more * fixing code review comments * fixing according to code review comments * fixing code review comments * fixing code review comments
3 years ago
void SetUp() override {
BootstrapBuilder builder = BootstrapBuilder();
builder.AddCertificateProviderPlugin("fake_plugin1", "fake1");
builder.AddCertificateProviderPlugin("fake_plugin2", "fake2");
std::vector<std::string> fields;
fields.push_back(absl::StrFormat(" \"certificate_file\": \"%s\"",
kClientCertPath));
fields.push_back(absl::StrFormat(" \"private_key_file\": \"%s\"",
kClientKeyPath));
fields.push_back(absl::StrFormat(" \"ca_certificate_file\": \"%s\"",
kCaCertPath));
builder.AddCertificateProviderPlugin("file_plugin", "file_watcher",
absl::StrJoin(fields, ",\n"));
xds_end2end_test: make each individual test start the number of backends it needs (#29271) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * fix test flake * clang-tidy * clang-format
3 years ago
InitClient(builder);
CreateAndStartBackends(1);
xDS client security integration
4 years ago
root_cert_ = ReadFile(kCaCertPath);
bad_root_cert_ = ReadFile(kBadClientCertPath);
xds_end2end_test cleanup from #24643
4 years ago
identity_pair_ = ReadTlsIdentityPair(kClientKeyPath, kClientCertPath);
Ring hash implementation (#26356) * Ring hash implementation * Fixing an error caught during import: ipv6 addresses need small modifications when creating the ring entry. * fixing an error * removing debugs * Remove unnecssary hashing * small cleanup
4 years ago
// TODO(yashykt): Use different client certs here instead of reusing
// server certs after https://github.com/grpc/grpc/pull/24876 is merged
xds_end2end_test cleanup from #24643
4 years ago
fallback_identity_pair_ =
ReadTlsIdentityPair(kServerKeyPath, kServerCertPath);
xDS client security integration
4 years ago
bad_identity_pair_ =
ReadTlsIdentityPair(kBadClientKeyPath, kBadClientCertPath);
Add SANs matching for xDS credentials
4 years ago
server_san_exact_.set_exact("*.test.google.fr");
server_san_prefix_.set_prefix("waterzooi.test.google");
server_san_suffix_.set_suffix("google.fr");
server_san_contains_.set_contains("google");
server_san_regex_.mutable_safe_regex()->mutable_google_re2();
server_san_regex_.mutable_safe_regex()->set_regex(
"(foo|waterzooi).test.google.(fr|be)");
bad_san_1_.set_exact("192.168.1.4");
bad_san_2_.set_exact("foo.test.google.in");
xds_end2end_test cleanup from #24643
4 years ago
authenticated_identity_ = {"testclient"};
fallback_authenticated_identity_ = {"*.test.google.fr",
"waterzooi.test.google.be",
"*.test.youtube.com", "192.168.1.3"};
Revert "Revert "start splitting up xds_end2end_test (#27702)" (#27725)" (#27726) This reverts commit 9177c5324ad17364943574546158abbc0d150266.
3 years ago
EdsResourceArgs args({
xds_end2end_test test infra: Eds Args refactoring and enhancing WaitForBackend (#26093) * Refactoring EdsResourceArgs::Locality to have a vector of Endpoints: port, health_status, and lb_weight. As well, Adding RpcOption to WaitForBackend() * Update WaitForBackend * Modified WaitForBackend default param * reuse SeenBackend * Code review comments * refactor WaitForAllBackend parameter list * Fixing tests to ensure they are more strict; Fixing test code according to code review comments. * Fixing code review suggestions * Increasing timeout for StressTest
4 years ago
{"locality0", CreateEndpointsForBackends(0, 1)},
xDS client security integration
4 years ago
});
xds: remove legacy EDS-only workflow (#28274) * xds: remove legacy EDS-only workflow * remove unused constants * remove unused data member
3 years ago
balancer_->ads_service()->SetEdsResource(BuildEdsResource(args));
xDS client security integration
4 years ago
}
// Sends CDS updates with the new security configuration and verifies that
// after propagation, this new configuration is used for connections. If \a
// identity_instance_name and \a root_instance_name are both empty,
// connections are expected to use fallback credentials.
void UpdateAndVerifyXdsSecurityConfiguration(
absl::string_view root_instance_name,
absl::string_view root_certificate_name,
absl::string_view identity_instance_name,
absl::string_view identity_certificate_name,
Add SANs matching for xDS credentials
4 years ago
const std::vector<StringMatcher>& san_matchers,
xDS client security integration
4 years ago
const std::vector<std::string>& expected_authenticated_identity,
bool test_expects_failure = false) {
auto cluster = default_cluster_;
if (!identity_instance_name.empty() || !root_instance_name.empty()) {
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
if (!identity_instance_name.empty()) {
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_tls_certificate_provider_instance()
xDS client security integration
4 years ago
->set_instance_name(std::string(identity_instance_name));
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_tls_certificate_provider_instance()
xDS client security integration
4 years ago
->set_certificate_name(std::string(identity_certificate_name));
}
if (!root_instance_name.empty()) {
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
xDS client security integration
4 years ago
->set_instance_name(std::string(root_instance_name));
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
xDS client security integration
4 years ago
->set_certificate_name(std::string(root_certificate_name));
}
Add SANs matching for xDS credentials
4 years ago
if (!san_matchers.empty()) {
auto* validation_context =
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context();
Add SANs matching for xDS credentials
4 years ago
for (const auto& san_matcher : san_matchers) {
*validation_context->add_match_subject_alt_names() = san_matcher;
}
}
xDS client security integration
4 years ago
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
}
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xDS client security integration
4 years ago
// The updates might take time to have an effect, so use a retry loop.
Fix xds_end2end_test msan flake
4 years ago
constexpr int kRetryCount = 100;
xDS client security integration
4 years ago
int num_tries = 0;
for (; num_tries < kRetryCount; num_tries++) {
TlsCredentials: Comparator implementation (#28940) * TlsCredentials: Comparator implementation * Update tests * Redundant namespace qualifiers * clang-tidy * Reviewer comments * Reviewer comments * Reviewer comments * Reviewer comments * Reviewer comments * Add generator for grpc_tls_credentials_options.h * Generator script modifications for tests * Sanity * Reviewer comments * Reviewer comments * Add a common place to look-up known types * Formatting * Script fix * Reviewer comments * Add test mode to script * Add to sanitize.sh * clang-tidy * Fix * Fix * Reviewer comments * Clang-format
3 years ago
// Restart the servers to force a reconnection so that previously
// connected subchannels are not used for the RPC.
ShutdownBackend(0);
StartBackend(0);
xDS client security integration
4 years ago
if (test_expects_failure) {
Fix xds_end2end_test msan flake
4 years ago
if (SendRpc().ok()) {
xDS server config fetcher
4 years ago
gpr_log(GPR_ERROR, "RPC succeeded. Failure expected. Trying again.");
continue;
}
xDS client security integration
4 years ago
} else {
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
WaitForBackend(DEBUG_LOCATION, 0,
WaitForBackendOptions().set_allow_failures(true));
xDS server config fetcher
4 years ago
Status status = SendRpc();
if (!status.ok()) {
gpr_log(GPR_ERROR, "RPC failed. code=%d message=%s Trying again.",
status.error_code(), status.error_message().c_str());
continue;
}
if (backends_[0]->backend_service()->last_peer_identity() !=
expected_authenticated_identity) {
gpr_log(
GPR_ERROR,
"Expected client identity does not match. (actual) %s vs "
"(expected) %s Trying again.",
absl::StrJoin(
backends_[0]->backend_service()->last_peer_identity(), ",")
.c_str(),
absl::StrJoin(expected_authenticated_identity, ",").c_str());
continue;
xDS client security integration
4 years ago
}
}
xDS server config fetcher
4 years ago
break;
xDS client security integration
4 years ago
}
change xDS certificate provider to contain a map by cluster
4 years ago
EXPECT_LT(num_tries, kRetryCount);
xDS client security integration
4 years ago
}
std::string root_cert_;
std::string bad_root_cert_;
xds_end2end_test cleanup from #24643
4 years ago
grpc_core::PemKeyCertPairList identity_pair_;
grpc_core::PemKeyCertPairList fallback_identity_pair_;
xDS client security integration
4 years ago
grpc_core::PemKeyCertPairList bad_identity_pair_;
Add SANs matching for xDS credentials
4 years ago
StringMatcher server_san_exact_;
StringMatcher server_san_prefix_;
StringMatcher server_san_suffix_;
StringMatcher server_san_contains_;
StringMatcher server_san_regex_;
StringMatcher bad_san_1_;
StringMatcher bad_san_2_;
xds_end2end_test cleanup from #24643
4 years ago
std::vector<std::string> authenticated_identity_;
std::vector<std::string> fallback_authenticated_identity_;
xDS client security integration
4 years ago
};
NACK xDS updates where transport_name is not recognized (#26612) * NACK xDS updates where transport_name is not recognized * Reviewer comments
3 years ago
TEST_P(XdsSecurityTest, UnknownTransportSocket) {
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("unknown_transport_socket");
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
NACK xDS updates where transport_name is not recognized (#26612) * NACK xDS updates where transport_name is not recognized * Reviewer comments
3 years ago
::testing::HasSubstr(
"Unrecognized transport socket: unknown_transport_socket"));
}
Add SANs matching for xDS credentials
4 years ago
TEST_P(XdsSecurityTest,
TLSConfigurationWithoutValidationContextCertificateProviderInstance) {
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
::testing::HasSubstr("TLS configuration provided but no "
"ca_certificate_provider_instance found."));
Add SANs matching for xDS credentials
4 years ago
}
TEST_P(
XdsSecurityTest,
MatchSubjectAltNamesProvidedWithoutValidationContextCertificateProviderInstance) {
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
auto* validation_context = upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context();
Add SANs matching for xDS credentials
4 years ago
*validation_context->add_match_subject_alt_names() = server_san_exact_;
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
::testing::HasSubstr("TLS configuration provided but no "
"ca_certificate_provider_instance found."));
Add SANs matching for xDS credentials
4 years ago
}
TEST_P(
XdsSecurityTest,
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
TlsCertificateProviderInstanceWithoutValidationContextCertificateProviderInstance) {
Add SANs matching for xDS credentials
4 years ago
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_tls_certificate_provider_instance()
NACK xDS updates when certificate provider instace names are unrecognized (#26614) * NACK xDS updates when certificate provider instace names are unrecognized * Reviewer comments * Reviewer comments * Clang format * Fix compilation error
3 years ago
->set_instance_name(std::string("fake_plugin1"));
Add SANs matching for xDS credentials
4 years ago
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
::testing::HasSubstr("TLS configuration provided but no "
"ca_certificate_provider_instance found."));
Add SANs matching for xDS credentials
4 years ago
}
TEST_P(XdsSecurityTest, RegexSanMatcherDoesNotAllowIgnoreCase) {
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
Add SANs matching for xDS credentials
4 years ago
->set_instance_name(std::string("fake_plugin1"));
auto* validation_context = upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context();
Add SANs matching for xDS credentials
4 years ago
StringMatcher matcher;
matcher.mutable_safe_regex()->mutable_google_re2();
matcher.mutable_safe_regex()->set_regex(
"(foo|waterzooi).test.google.(fr|be)");
matcher.set_ignore_case(true);
*validation_context->add_match_subject_alt_names() = matcher;
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
xds: Change ADS parsing to not stop at the first error
4 years ago
::testing::HasSubstr(
"StringMatcher: ignore_case has no effect for SAFE_REGEX."));
Add SANs matching for xDS credentials
4 years ago
}
xDS client security integration
4 years ago
TEST_P(XdsSecurityTest, UnknownRootCertificateProvider) {
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
xDS client security integration
4 years ago
->set_instance_name("unknown");
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
NACK xDS updates when certificate provider instace names are unrecognized (#26614) * NACK xDS updates when certificate provider instace names are unrecognized * Reviewer comments * Reviewer comments * Clang format * Fix compilation error
3 years ago
::testing::HasSubstr(
"Unrecognized certificate provider instance name: unknown"));
xDS client security integration
4 years ago
}
TEST_P(XdsSecurityTest, UnknownIdentityCertificateProvider) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS client security integration
4 years ago
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_tls_certificate_provider_instance()
xDS client security integration
4 years ago
->set_instance_name("unknown");
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
xDS client security integration
4 years ago
->set_instance_name("fake_plugin1");
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
NACK xDS updates when certificate provider instace names are unrecognized (#26614) * NACK xDS updates when certificate provider instace names are unrecognized * Reviewer comments * Reviewer comments * Clang format * Fix compilation error
3 years ago
::testing::HasSubstr(
"Unrecognized certificate provider instance name: unknown"));
xDS client security integration
4 years ago
}
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
TEST_P(XdsSecurityTest,
NacksCertificateValidationContextWithVerifyCertificateSpki) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
->set_instance_name("fake_plugin1");
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
->add_verify_certificate_spki("spki");
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
::testing::HasSubstr(
"CertificateValidationContext: verify_certificate_spki unsupported"));
}
TEST_P(XdsSecurityTest,
NacksCertificateValidationContextWithVerifyCertificateHash) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
->set_instance_name("fake_plugin1");
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
->add_verify_certificate_hash("hash");
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
::testing::HasSubstr(
"CertificateValidationContext: verify_certificate_hash unsupported"));
}
TEST_P(XdsSecurityTest,
NacksCertificateValidationContextWithRequireSignedCertificateTimes) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
->set_instance_name("fake_plugin1");
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
->mutable_require_signed_certificate_timestamp()
->set_value(true);
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
::testing::HasSubstr("CertificateValidationContext: "
"require_signed_certificate_timestamp unsupported"));
}
TEST_P(XdsSecurityTest, NacksCertificateValidationContextWithCrl) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
->set_instance_name("fake_plugin1");
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
->mutable_crl();
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
::testing::HasSubstr("CertificateValidationContext: crl unsupported"));
}
TEST_P(XdsSecurityTest,
NacksCertificateValidationContextWithCustomValidatorConfig) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
->set_instance_name("fake_plugin1");
upstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
->mutable_custom_validator_config();
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
Nack certain unsupported fields in CertificateValidationContext (#26880) * Nack certain unsupported fields in CertificateValidationContext * Regenerate projects * Reviewer comments
3 years ago
::testing::HasSubstr(
"CertificateValidationContext: custom_validator_config unsupported"));
}
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
TEST_P(XdsSecurityTest, NacksValidationContextSdsSecretConfig) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
->mutable_validation_context_sds_secret_config();
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
::testing::HasSubstr("validation_context_sds_secret_config unsupported"));
}
TEST_P(XdsSecurityTest, NacksTlsParams) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
->set_instance_name("fake_plugin1");
upstream_tls_context.mutable_common_tls_context()->mutable_tls_params();
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
::testing::HasSubstr("tls_params unsupported"));
}
TEST_P(XdsSecurityTest, NacksCustomHandshaker) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
->set_instance_name("fake_plugin1");
upstream_tls_context.mutable_common_tls_context()
->mutable_custom_handshaker();
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
::testing::HasSubstr("custom_handshaker unsupported"));
}
TEST_P(XdsSecurityTest, NacksTlsCertificates) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
->set_instance_name("fake_plugin1");
upstream_tls_context.mutable_common_tls_context()->add_tls_certificates();
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
::testing::HasSubstr("tls_certificates unsupported"));
}
TEST_P(XdsSecurityTest, NacksTlsCertificateSdsSecretConfigs) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
->set_instance_name("fake_plugin1");
upstream_tls_context.mutable_common_tls_context()
->add_tls_certificate_sds_secret_configs();
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForCdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
::testing::HasSubstr("tls_certificate_sds_secret_configs unsupported"));
}
TEST_P(XdsSecurityTest, TestTlsConfigurationInCombinedValidationContext) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
->mutable_combined_validation_context()
->mutable_default_validation_context()
->mutable_ca_certificate_provider_instance()
->set_instance_name("fake_plugin1");
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
WaitForBackend(DEBUG_LOCATION, 0,
WaitForBackendOptions().set_allow_failures(true));
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
Status status = SendRpc();
EXPECT_TRUE(status.ok()) << "code=" << status.error_code()
<< " message=" << status.error_message();
}
// TODO(yashykt): Remove this test once we stop supporting old fields
TEST_P(XdsSecurityTest,
TestTlsConfigurationInValidationContextCertificateProviderInstance) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
auto cluster = default_cluster_;
auto* transport_socket = cluster.mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
UpstreamTlsContext upstream_tls_context;
upstream_tls_context.mutable_common_tls_context()
->mutable_combined_validation_context()
->mutable_validation_context_certificate_provider_instance()
->set_instance_name("fake_plugin1");
transport_socket->mutable_typed_config()->PackFrom(upstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetCdsResource(cluster);
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
WaitForBackend(DEBUG_LOCATION, 0,
WaitForBackendOptions().set_allow_failures(true));
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
Status status = SendRpc();
EXPECT_TRUE(status.ok()) << "code=" << status.error_code()
<< " message=" << status.error_message();
}
Add SANs matching for xDS credentials
4 years ago
TEST_P(XdsSecurityTest, TestMtlsConfigurationWithNoSanMatchers) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"", {}, authenticated_identity_);
}
TEST_P(XdsSecurityTest, TestMtlsConfigurationWithExactSanMatcher) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
"", {server_san_exact_},
authenticated_identity_);
}
TEST_P(XdsSecurityTest, TestMtlsConfigurationWithPrefixSanMatcher) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
"", {server_san_prefix_},
authenticated_identity_);
}
TEST_P(XdsSecurityTest, TestMtlsConfigurationWithSuffixSanMatcher) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
"", {server_san_suffix_},
authenticated_identity_);
}
TEST_P(XdsSecurityTest, TestMtlsConfigurationWithContainsSanMatcher) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
"", {server_san_contains_},
authenticated_identity_);
}
TEST_P(XdsSecurityTest, TestMtlsConfigurationWithRegexSanMatcher) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
"", {server_san_regex_},
authenticated_identity_);
}
TEST_P(XdsSecurityTest, TestMtlsConfigurationWithSanMatchersUpdate) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration(
"fake_plugin1", "", "fake_plugin1", "",
{server_san_exact_, server_san_prefix_}, authenticated_identity_);
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
"", {bad_san_1_, bad_san_2_}, {},
true /* failure */);
UpdateAndVerifyXdsSecurityConfiguration(
"fake_plugin1", "", "fake_plugin1", "",
{server_san_prefix_, server_san_regex_}, authenticated_identity_);
xDS client security integration
4 years ago
}
TEST_P(XdsSecurityTest, TestMtlsConfigurationWithRootPluginUpdate) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
g_fake2_cert_data_map->Set({{"", {bad_root_cert_, bad_identity_pair_}}});
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"", {server_san_exact_},
authenticated_identity_);
xds_end2end_test cleanup from #24643
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin2" /* bad root */, "",
Add SANs matching for xDS credentials
4 years ago
"fake_plugin1", "", {}, {},
xDS client security integration
4 years ago
true /* failure */);
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"", {server_san_exact_},
authenticated_identity_);
xDS client security integration
4 years ago
}
TEST_P(XdsSecurityTest, TestMtlsConfigurationWithIdentityPluginUpdate) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
g_fake2_cert_data_map->Set({{"", {root_cert_, fallback_identity_pair_}}});
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"", {server_san_exact_},
authenticated_identity_);
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin2",
Add SANs matching for xDS credentials
4 years ago
"", {server_san_exact_},
fallback_authenticated_identity_);
xDS client security integration
4 years ago
}
TEST_P(XdsSecurityTest, TestMtlsConfigurationWithBothPluginsUpdated) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
g_fake2_cert_data_map->Set({{"", {bad_root_cert_, bad_identity_pair_}},
{"good", {root_cert_, fallback_identity_pair_}}});
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin2", "", "fake_plugin2",
Add SANs matching for xDS credentials
4 years ago
"", {}, {}, true /* failure */);
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"", {server_san_prefix_},
authenticated_identity_);
UpdateAndVerifyXdsSecurityConfiguration(
"fake_plugin2", "good", "fake_plugin2", "good", {server_san_prefix_},
fallback_authenticated_identity_);
xDS client security integration
4 years ago
}
TEST_P(XdsSecurityTest, TestMtlsConfigurationWithRootCertificateNameUpdate) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}},
{"bad", {bad_root_cert_, bad_identity_pair_}}});
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"", {server_san_regex_},
authenticated_identity_);
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "bad", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"", {server_san_regex_}, {},
true /* failure */);
xDS client security integration
4 years ago
}
TEST_P(XdsSecurityTest,
TestMtlsConfigurationWithIdentityCertificateNameUpdate) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}},
{"bad", {bad_root_cert_, bad_identity_pair_}}});
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"", {server_san_exact_},
authenticated_identity_);
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"bad", {server_san_exact_}, {},
true /* failure */);
xDS client security integration
4 years ago
}
TEST_P(XdsSecurityTest,
TestMtlsConfigurationWithIdentityCertificateNameUpdateGoodCerts) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}},
{"good", {root_cert_, fallback_identity_pair_}}});
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"", {server_san_exact_},
authenticated_identity_);
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"good", {server_san_exact_},
xds_end2end_test cleanup from #24643
4 years ago
fallback_authenticated_identity_);
xDS client security integration
4 years ago
}
TEST_P(XdsSecurityTest, TestMtlsConfigurationWithBothCertificateNamesUpdated) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}},
{"bad", {bad_root_cert_, bad_identity_pair_}}});
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "bad", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"bad", {server_san_prefix_}, {},
true /* failure */);
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"", {server_san_prefix_},
authenticated_identity_);
xDS client security integration
4 years ago
}
Add SANs matching for xDS credentials
4 years ago
TEST_P(XdsSecurityTest, TestTlsConfigurationWithNoSanMatchers) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "", "", {},
xDS client security integration
4 years ago
{} /* unauthenticated */);
}
Add SANs matching for xDS credentials
4 years ago
TEST_P(XdsSecurityTest, TestTlsConfigurationWithSanMatchers) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration(
"fake_plugin1", "", "", "",
{server_san_exact_, server_san_prefix_, server_san_regex_},
{} /* unauthenticated */);
}
TEST_P(XdsSecurityTest, TestTlsConfigurationWithSanMatchersUpdate) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration(
"fake_plugin1", "", "", "", {server_san_exact_, server_san_prefix_},
{} /* unauthenticated */);
UpdateAndVerifyXdsSecurityConfiguration(
"fake_plugin1", "", "", "", {bad_san_1_, bad_san_2_},
{} /* unauthenticated */, true /* failure */);
UpdateAndVerifyXdsSecurityConfiguration(
"fake_plugin1", "", "", "", {server_san_prefix_, server_san_regex_},
{} /* unauthenticated */);
}
xDS client security integration
4 years ago
TEST_P(XdsSecurityTest, TestTlsConfigurationWithRootCertificateNameUpdate) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}},
{"bad", {bad_root_cert_, bad_identity_pair_}}});
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "", "",
Add SANs matching for xDS credentials
4 years ago
{server_san_exact_},
xDS client security integration
4 years ago
{} /* unauthenticated */);
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "bad", "", "",
{server_san_exact_}, {},
xDS client security integration
4 years ago
true /* failure */);
}
TEST_P(XdsSecurityTest, TestTlsConfigurationWithRootPluginUpdate) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
g_fake2_cert_data_map->Set({{"", {bad_root_cert_, bad_identity_pair_}}});
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "", "",
Add SANs matching for xDS credentials
4 years ago
{server_san_exact_},
xDS client security integration
4 years ago
{} /* unauthenticated */);
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration(
"fake_plugin2", "", "", "", {server_san_exact_}, {}, true /* failure */);
xDS client security integration
4 years ago
}
TEST_P(XdsSecurityTest, TestFallbackConfiguration) {
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("", "", "", "", {},
xds_end2end_test cleanup from #24643
4 years ago
fallback_authenticated_identity_);
xDS client security integration
4 years ago
}
TEST_P(XdsSecurityTest, TestMtlsToTls) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"", {server_san_exact_},
authenticated_identity_);
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "", "",
Add SANs matching for xDS credentials
4 years ago
{server_san_exact_},
xDS client security integration
4 years ago
{} /* unauthenticated */);
}
TEST_P(XdsSecurityTest, TestMtlsToFallback) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"", {server_san_exact_},
authenticated_identity_);
UpdateAndVerifyXdsSecurityConfiguration("", "", "", "", {},
xds_end2end_test cleanup from #24643
4 years ago
fallback_authenticated_identity_);
xDS client security integration
4 years ago
}
TEST_P(XdsSecurityTest, TestTlsToMtls) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "", "",
Add SANs matching for xDS credentials
4 years ago
{server_san_exact_},
xDS client security integration
4 years ago
{} /* unauthenticated */);
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"", {server_san_exact_},
authenticated_identity_);
xDS client security integration
4 years ago
}
TEST_P(XdsSecurityTest, TestTlsToFallback) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "", "",
Add SANs matching for xDS credentials
4 years ago
{server_san_exact_},
xDS client security integration
4 years ago
{} /* unauthenticated */);
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("", "", "", "", {},
xds_end2end_test cleanup from #24643
4 years ago
fallback_authenticated_identity_);
xDS client security integration
4 years ago
}
TEST_P(XdsSecurityTest, TestFallbackToMtls) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("", "", "", "", {},
xds_end2end_test cleanup from #24643
4 years ago
fallback_authenticated_identity_);
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "fake_plugin1",
Add SANs matching for xDS credentials
4 years ago
"", {server_san_exact_},
authenticated_identity_);
xDS client security integration
4 years ago
}
TEST_P(XdsSecurityTest, TestFallbackToTls) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Add SANs matching for xDS credentials
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("", "", "", "", {},
xds_end2end_test cleanup from #24643
4 years ago
fallback_authenticated_identity_);
xDS client security integration
4 years ago
UpdateAndVerifyXdsSecurityConfiguration("fake_plugin1", "", "", "",
Add SANs matching for xDS credentials
4 years ago
{server_san_exact_},
xDS client security integration
4 years ago
{} /* unauthenticated */);
}
Update file watcher certificate provider factory with provider implementation
4 years ago
TEST_P(XdsSecurityTest, TestFileWatcherCertificateProvider) {
UpdateAndVerifyXdsSecurityConfiguration("file_plugin", "", "file_plugin", "",
Add SANs matching for xDS credentials
4 years ago
{server_san_exact_},
xds_end2end_test cleanup from #24643
4 years ago
authenticated_identity_);
Update file watcher certificate provider factory with provider implementation
4 years ago
}
xDS server config fetcher
4 years ago
class XdsEnabledServerTest : public XdsEnd2endTest {
protected:
xDS Federation: bootstrap and xds_resolver changes (#27938) * xDS Federation: bootstrap and xds_resolver changes * code review fixes * fixing code review comments * fixing code review comments * fixing code review comments * code review comments * fixing code review comments * First very basic test to make sure parsing and reconstruction work as expected. * clean up * fixing logic error about authority * fixing resource type parsing * fixing code review comments * simplify parsing! * Parsing method signature update * fixing code review comments * clean up * working progress for the test with generated bootstrap * reorg the bootstrap file * fixing tests * Adding more to test authorities * Added a test and it passes * addressing code review comments * code review comments to make parser cleaner and more efficient * Merge in authority prefixes * fixing sanity error and xds boostrap test error * small fix * Release all tests that pass; reduce scope for DeadUpdate * Updated test strcuture and how to pass in the index for balancers to be used as xds server uri and authority xds server uri * code review comments * code review fixes * code review comment * Making test structure changes * fixing code review comments * fixing code review comments * Fixing test regression * fixing bootstrap tests * cleanup files * enabling localhost:xxx for xds server; updated server tests and will fix one more NameExpected test with testsetup. * Finally removing fake reolsver for xds server * Fixing bootstrap tests * Rewrite builder * Fixing code review comments * fixing code review comments * Fixing all tests to use Setup again * fixing small sanity error * Found the source of xds server nack test faiure and fix added * small code review fixes * Remove fake resolver! YAY! * Fixing according to code review comments * Setup plugin in bootfile * Added more tests. * Adding server test * fixing a regression * regression * sanity fix * fixing code review * fixing code review comments * Re-combine SecurityNaming tests. * Add Rds new resource type and new tests * Added PercentEncode test * fixing code review comments * refactor test a bit more * fixing code review comments * fixing according to code review comments * fixing code review comments * fixing code review comments
3 years ago
void SetUp() override {
XdsEnd2endTest::SetUp();
xds_end2end_test: make each individual test start the number of backends it needs (#29271) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * fix test flake * clang-tidy * clang-format
3 years ago
CreateBackends(1, /*xds_enabled=*/true);
Revert "Revert "start splitting up xds_end2end_test (#27702)" (#27725)" (#27726) This reverts commit 9177c5324ad17364943574546158abbc0d150266.
3 years ago
EdsResourceArgs args({
xds_end2end_test test infra: Eds Args refactoring and enhancing WaitForBackend (#26093) * Refactoring EdsResourceArgs::Locality to have a vector of Endpoints: port, health_status, and lb_weight. As well, Adding RpcOption to WaitForBackend() * Update WaitForBackend * Modified WaitForBackend default param * reuse SeenBackend * Code review comments * refactor WaitForAllBackend parameter list * Fixing tests to ensure they are more strict; Fixing test code according to code review comments. * Fixing code review suggestions * Increasing timeout for StressTest
4 years ago
{"locality0", CreateEndpointsForBackends(0, 1)},
xDS server config fetcher
4 years ago
});
xds: remove legacy EDS-only workflow (#28274) * xds: remove legacy EDS-only workflow * remove unused constants * remove unused data member
3 years ago
balancer_->ads_service()->SetEdsResource(BuildEdsResource(args));
xDS server config fetcher
4 years ago
}
};
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
TEST_P(XdsEnabledServerTest, Basic) {
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
WaitForBackend(DEBUG_LOCATION, 0);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
}
xDS server config fetcher
4 years ago
TEST_P(XdsEnabledServerTest, BadLdsUpdateNoApiListenerNorAddress) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
listener.clear_address();
xDS server config fetcher
4 years ago
listener.set_name(
Fix xds_end2end_test for ipv6 only platforms
4 years ago
absl::StrCat("grpc/server?xds.resource.listening_address=",
ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()));
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetLdsResource(listener);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
xds: Change ADS parsing to not stop at the first error
4 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
xds: Change ADS parsing to not stop at the first error
4 years ago
::testing::HasSubstr("Listener has neither address nor ApiListener"));
xDS server config fetcher
4 years ago
}
TEST_P(XdsEnabledServerTest, BadLdsUpdateBothApiListenerAndAddress) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
xDS server config fetcher
4 years ago
listener.mutable_api_listener();
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
xds: Change ADS parsing to not stop at the first error
4 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
xds: Change ADS parsing to not stop at the first error
4 years ago
::testing::HasSubstr("Listener has both address and ApiListener"));
xDS server config fetcher
4 years ago
}
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
TEST_P(XdsEnabledServerTest, NacksNonZeroXffNumTrusterHops) {
Listener listener = default_server_listener_;
HttpConnectionManager http_connection_manager =
ServerHcmAccessor().Unpack(listener);
http_connection_manager.set_xff_num_trusted_hops(1);
ServerHcmAccessor().Pack(http_connection_manager, &listener);
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
default_server_route_config_);
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
::testing::HasSubstr("'xff_num_trusted_hops' must be zero"));
}
TEST_P(XdsEnabledServerTest, NacksNonEmptyOriginalIpDetectionExtensions) {
Listener listener = default_server_listener_;
HttpConnectionManager http_connection_manager =
ServerHcmAccessor().Unpack(listener);
http_connection_manager.add_original_ip_detection_extensions();
ServerHcmAccessor().Pack(http_connection_manager, &listener);
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
default_server_route_config_);
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
::testing::HasSubstr("'original_ip_detection_extensions' must be empty"));
}
Filters parsing logic for servers (#25609) * Filters parsing logic for servers
4 years ago
TEST_P(XdsEnabledServerTest, UnsupportedL4Filter) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
listener.mutable_default_filter_chain()->clear_filters();
listener.mutable_default_filter_chain()->add_filters()->mutable_typed_config()->PackFrom(default_listener_ /* any proto object other than HttpConnectionManager */);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetLdsResource(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
PopulateServerListenerNameAndPort(listener, backends_[0]->port()));
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Filters parsing logic for servers (#25609) * Filters parsing logic for servers
4 years ago
::testing::HasSubstr("Unsupported filter type"));
}
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
TEST_P(XdsEnabledServerTest, NacksEmptyHttpFilterList) {
Listener listener = default_server_listener_;
HttpConnectionManager http_connection_manager =
ServerHcmAccessor().Unpack(listener);
http_connection_manager.clear_http_filters();
ServerHcmAccessor().Pack(http_connection_manager, &listener);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
::testing::HasSubstr("Expected at least one HTTP filter"));
}
Filters parsing logic for servers (#25609) * Filters parsing logic for servers
4 years ago
TEST_P(XdsEnabledServerTest, UnsupportedHttpFilter) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
HttpConnectionManager http_connection_manager =
ServerHcmAccessor().Unpack(listener);
http_connection_manager.clear_http_filters();
Filters parsing logic for servers (#25609) * Filters parsing logic for servers
4 years ago
auto* http_filter = http_connection_manager.add_http_filters();
http_filter->set_name("grpc.testing.unsupported_http_filter");
http_filter->mutable_typed_config()->set_type_url(
"grpc.testing.unsupported_http_filter");
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
http_filter = http_connection_manager.add_http_filters();
http_filter->set_name("router");
http_filter->mutable_typed_config()->PackFrom(
envoy::extensions::filters::http::router::v3::Router());
ServerHcmAccessor().Pack(http_connection_manager, &listener);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Filters parsing logic for servers (#25609) * Filters parsing logic for servers
4 years ago
::testing::HasSubstr("no filter registered for config type "
"grpc.testing.unsupported_http_filter"));
}
TEST_P(XdsEnabledServerTest, HttpFilterNotSupportedOnServer) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
HttpConnectionManager http_connection_manager =
ServerHcmAccessor().Unpack(listener);
http_connection_manager.clear_http_filters();
Filters parsing logic for servers (#25609) * Filters parsing logic for servers
4 years ago
auto* http_filter = http_connection_manager.add_http_filters();
http_filter->set_name("grpc.testing.client_only_http_filter");
http_filter->mutable_typed_config()->set_type_url(
"grpc.testing.client_only_http_filter");
xds: validate that terminal filters come at the end of the filter chain (#26742) * xds: validate that terminal filters come at the end of the filter chain * clang-format
3 years ago
http_filter = http_connection_manager.add_http_filters();
http_filter->set_name("router");
http_filter->mutable_typed_config()->PackFrom(
envoy::extensions::filters::http::router::v3::Router());
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Pack(http_connection_manager, &listener);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
Filters parsing logic for servers (#25609) * Filters parsing logic for servers
4 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
Filters parsing logic for servers (#25609) * Filters parsing logic for servers
4 years ago
::testing::HasSubstr("Filter grpc.testing.client_only_http_filter is not "
"supported on servers"));
}
TEST_P(XdsEnabledServerTest,
HttpFilterNotSupportedOnServerIgnoredWhenOptional) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
HttpConnectionManager http_connection_manager =
ServerHcmAccessor().Unpack(listener);
http_connection_manager.clear_http_filters();
Filters parsing logic for servers (#25609) * Filters parsing logic for servers
4 years ago
auto* http_filter = http_connection_manager.add_http_filters();
http_filter->set_name("grpc.testing.client_only_http_filter");
http_filter->mutable_typed_config()->set_type_url(
"grpc.testing.client_only_http_filter");
http_filter->set_is_optional(true);
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
http_filter = http_connection_manager.add_http_filters();
http_filter->set_name("router");
http_filter->mutable_typed_config()->PackFrom(
envoy::extensions::filters::http::router::v3::Router());
ServerHcmAccessor().Pack(http_connection_manager, &listener);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
WaitForBackend(DEBUG_LOCATION, 0);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
auto response_state = balancer_->ads_service()->lds_response_state();
ASSERT_TRUE(response_state.has_value());
EXPECT_EQ(response_state->state, AdsServiceImpl::ResponseState::ACKED);
Filters parsing logic for servers (#25609) * Filters parsing logic for servers
4 years ago
}
Ring hash implementation (#26356) * Ring hash implementation * Fixing an error caught during import: ipv6 addresses need small modifications when creating the ring entry. * fixing an error * removing debugs * Remove unnecssary hashing * small cleanup
4 years ago
// Verify that a mismatch of listening address results in "not serving"
// status.
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
TEST_P(XdsEnabledServerTest, ListenerAddressMismatch) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Fix XdsEnabledServerTest (#26956)
3 years ago
// Set a different listening address in the LDS update
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
listener.mutable_address()->mutable_socket_address()->set_address(
Fix XdsEnabledServerTest (#26956)
3 years ago
"192.168.1.1");
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS LDS parsing changes: NACK on use_original_dst (#25687) * xDS LDS parsing changes: NACK on use_original_dst * Reviewer comments * Unused variable
4 years ago
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::FAILED_PRECONDITION);
}
TEST_P(XdsEnabledServerTest, UseOriginalDstNotSupported) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
xDS LDS parsing changes: NACK on use_original_dst (#25687) * xDS LDS parsing changes: NACK on use_original_dst * Reviewer comments * Unused variable
4 years ago
listener.mutable_use_original_dst()->set_value(true);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
xDS LDS parsing changes: NACK on use_original_dst (#25687) * xDS LDS parsing changes: NACK on use_original_dst * Reviewer comments * Unused variable
4 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
xDS LDS parsing changes: NACK on use_original_dst (#25687) * xDS LDS parsing changes: NACK on use_original_dst * Reviewer comments * Unused variable
4 years ago
::testing::HasSubstr("Field \'use_original_dst\' is not supported."));
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
}
xDS server config fetcher
4 years ago
class XdsServerSecurityTest : public XdsEnd2endTest {
protected:
xDS Federation: bootstrap and xds_resolver changes (#27938) * xDS Federation: bootstrap and xds_resolver changes * code review fixes * fixing code review comments * fixing code review comments * fixing code review comments * code review comments * fixing code review comments * First very basic test to make sure parsing and reconstruction work as expected. * clean up * fixing logic error about authority * fixing resource type parsing * fixing code review comments * simplify parsing! * Parsing method signature update * fixing code review comments * clean up * working progress for the test with generated bootstrap * reorg the bootstrap file * fixing tests * Adding more to test authorities * Added a test and it passes * addressing code review comments * code review comments to make parser cleaner and more efficient * Merge in authority prefixes * fixing sanity error and xds boostrap test error * small fix * Release all tests that pass; reduce scope for DeadUpdate * Updated test strcuture and how to pass in the index for balancers to be used as xds server uri and authority xds server uri * code review comments * code review fixes * code review comment * Making test structure changes * fixing code review comments * fixing code review comments * Fixing test regression * fixing bootstrap tests * cleanup files * enabling localhost:xxx for xds server; updated server tests and will fix one more NameExpected test with testsetup. * Finally removing fake reolsver for xds server * Fixing bootstrap tests * Rewrite builder * Fixing code review comments * fixing code review comments * Fixing all tests to use Setup again * fixing small sanity error * Found the source of xds server nack test faiure and fix added * small code review fixes * Remove fake resolver! YAY! * Fixing according to code review comments * Setup plugin in bootfile * Added more tests. * Adding server test * fixing a regression * regression * sanity fix * fixing code review * fixing code review comments * Re-combine SecurityNaming tests. * Add Rds new resource type and new tests * Added PercentEncode test * fixing code review comments * refactor test a bit more * fixing code review comments * fixing according to code review comments * fixing code review comments * fixing code review comments
3 years ago
void SetUp() override {
BootstrapBuilder builder = BootstrapBuilder();
builder.AddCertificateProviderPlugin("fake_plugin1", "fake1");
builder.AddCertificateProviderPlugin("fake_plugin2", "fake2");
std::vector<std::string> fields;
fields.push_back(absl::StrFormat(" \"certificate_file\": \"%s\"",
kClientCertPath));
fields.push_back(absl::StrFormat(" \"private_key_file\": \"%s\"",
kClientKeyPath));
fields.push_back(absl::StrFormat(" \"ca_certificate_file\": \"%s\"",
kCaCertPath));
builder.AddCertificateProviderPlugin("file_plugin", "file_watcher",
absl::StrJoin(fields, ",\n"));
xds_end2end_test: make each individual test start the number of backends it needs (#29271) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * fix test flake * clang-tidy * clang-format
3 years ago
InitClient(builder);
CreateBackends(1, /*xds_enabled=*/true);
xDS server config fetcher
4 years ago
root_cert_ = ReadFile(kCaCertPath);
bad_root_cert_ = ReadFile(kBadClientCertPath);
identity_pair_ = ReadTlsIdentityPair(kServerKeyPath, kServerCertPath);
bad_identity_pair_ =
ReadTlsIdentityPair(kBadClientKeyPath, kBadClientCertPath);
identity_pair_2_ = ReadTlsIdentityPair(kClientKeyPath, kClientCertPath);
server_authenticated_identity_ = {"*.test.google.fr",
"waterzooi.test.google.be",
"*.test.youtube.com", "192.168.1.3"};
server_authenticated_identity_2_ = {"testclient"};
client_authenticated_identity_ = {"*.test.google.fr",
"waterzooi.test.google.be",
"*.test.youtube.com", "192.168.1.3"};
Revert "Revert "start splitting up xds_end2end_test (#27702)" (#27725)" (#27726) This reverts commit 9177c5324ad17364943574546158abbc0d150266.
3 years ago
EdsResourceArgs args({
xds_end2end_test test infra: Eds Args refactoring and enhancing WaitForBackend (#26093) * Refactoring EdsResourceArgs::Locality to have a vector of Endpoints: port, health_status, and lb_weight. As well, Adding RpcOption to WaitForBackend() * Update WaitForBackend * Modified WaitForBackend default param * reuse SeenBackend * Code review comments * refactor WaitForAllBackend parameter list * Fixing tests to ensure they are more strict; Fixing test code according to code review comments. * Fixing code review suggestions * Increasing timeout for StressTest
4 years ago
{"locality0", CreateEndpointsForBackends(0, 1)},
xDS server config fetcher
4 years ago
});
xds: remove legacy EDS-only workflow (#28274) * xds: remove legacy EDS-only workflow * remove unused constants * remove unused data member
3 years ago
balancer_->ads_service()->SetEdsResource(BuildEdsResource(args));
xDS server config fetcher
4 years ago
}
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
void TearDown() override { XdsEnd2endTest::TearDown(); }
xDS server config fetcher
4 years ago
void SetLdsUpdate(absl::string_view root_instance_name,
absl::string_view root_certificate_name,
absl::string_view identity_instance_name,
absl::string_view identity_certificate_name,
bool require_client_certificates) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
auto* filter_chain = listener.mutable_default_filter_chain();
xDS server config fetcher
4 years ago
if (!identity_instance_name.empty()) {
auto* transport_socket = filter_chain->mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
DownstreamTlsContext downstream_tls_context;
downstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_tls_certificate_provider_instance()
xDS server config fetcher
4 years ago
->set_instance_name(std::string(identity_instance_name));
downstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_tls_certificate_provider_instance()
xDS server config fetcher
4 years ago
->set_certificate_name(std::string(identity_certificate_name));
if (!root_instance_name.empty()) {
downstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
xDS server config fetcher
4 years ago
->set_instance_name(std::string(root_instance_name));
downstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
xDS server config fetcher
4 years ago
->set_certificate_name(std::string(root_certificate_name));
downstream_tls_context.mutable_require_client_certificate()->set_value(
require_client_certificates);
}
transport_socket->mutable_typed_config()->PackFrom(
downstream_tls_context);
}
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
default_server_route_config_);
xDS server config fetcher
4 years ago
}
std::shared_ptr<grpc::Channel> CreateMtlsChannel() {
ChannelArguments args;
// Override target name for host name check
args.SetString(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG,
Fix end2end test for ipv6 only platforms
4 years ago
ipv6_only_ ? "::1" : "127.0.0.1");
xDS server config fetcher
4 years ago
args.SetInt(GRPC_ARG_USE_LOCAL_SUBCHANNEL_POOL, 1);
std::string uri = absl::StrCat(
ipv6_only_ ? "ipv6:[::1]:" : "ipv4:127.0.0.1:", backends_[0]->port());
Support Custom Post-handshake Verification in TlsCredentials (#25631) * custom verification refactoring - post-handshake verification
3 years ago
IdentityKeyCertPair key_cert_pair;
key_cert_pair.private_key = ReadFile(kServerKeyPath);
key_cert_pair.certificate_chain = ReadFile(kServerCertPath);
std::vector<IdentityKeyCertPair> identity_key_cert_pairs;
identity_key_cert_pairs.emplace_back(key_cert_pair);
auto certificate_provider = std::make_shared<StaticDataCertificateProvider>(
ReadFile(kCaCertPath), identity_key_cert_pairs);
grpc::experimental::TlsChannelCredentialsOptions options;
options.set_certificate_provider(std::move(certificate_provider));
options.watch_root_certs();
options.watch_identity_key_cert_pairs();
auto verifier =
ExternalCertificateVerifier::Create<SyncCertificateVerifier>(true);
options.set_verify_server_certs(true);
options.set_certificate_verifier(std::move(verifier));
auto channel_creds = grpc::experimental::TlsCredentials(options);
GPR_ASSERT(channel_creds.get() != nullptr);
xDS server config fetcher
4 years ago
return CreateCustomChannel(uri, channel_creds, args);
}
std::shared_ptr<grpc::Channel> CreateTlsChannel() {
ChannelArguments args;
// Override target name for host name check
args.SetString(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG,
Fix end2end test for ipv6 only platforms
4 years ago
ipv6_only_ ? "::1" : "127.0.0.1");
xDS server config fetcher
4 years ago
args.SetInt(GRPC_ARG_USE_LOCAL_SUBCHANNEL_POOL, 1);
std::string uri = absl::StrCat(
ipv6_only_ ? "ipv6:[::1]:" : "ipv4:127.0.0.1:", backends_[0]->port());
Support Custom Post-handshake Verification in TlsCredentials (#25631) * custom verification refactoring - post-handshake verification
3 years ago
auto certificate_provider =
std::make_shared<StaticDataCertificateProvider>(ReadFile(kCaCertPath));
grpc::experimental::TlsChannelCredentialsOptions options;
options.set_certificate_provider(std::move(certificate_provider));
options.watch_root_certs();
auto verifier =
ExternalCertificateVerifier::Create<SyncCertificateVerifier>(true);
options.set_verify_server_certs(true);
options.set_certificate_verifier(std::move(verifier));
auto channel_creds = grpc::experimental::TlsCredentials(options);
GPR_ASSERT(channel_creds.get() != nullptr);
xDS server config fetcher
4 years ago
return CreateCustomChannel(uri, channel_creds, args);
}
HTTP: Conditionally allow PUT requests (#29397) * Maybe fix for PUT deprecation * Guard PUT request accepting with a flag and add tests * Reviewer comments * Add fallthrough notation * Reviewer comments Co-authored-by: Craig Tiller <ctiller@google.com>
3 years ago
std::shared_ptr<grpc::Channel> CreateInsecureChannel(
bool use_put_requests = false) {
xDS server config fetcher
4 years ago
ChannelArguments args;
// Override target name for host name check
args.SetString(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG,
Fix end2end test for ipv6 only platforms
4 years ago
ipv6_only_ ? "::1" : "127.0.0.1");
xDS server config fetcher
4 years ago
args.SetInt(GRPC_ARG_USE_LOCAL_SUBCHANNEL_POOL, 1);
HTTP: Conditionally allow PUT requests (#29397) * Maybe fix for PUT deprecation * Guard PUT request accepting with a flag and add tests * Reviewer comments * Add fallthrough notation * Reviewer comments Co-authored-by: Craig Tiller <ctiller@google.com>
3 years ago
if (use_put_requests) {
args.SetInt(GRPC_ARG_TEST_ONLY_USE_PUT_REQUESTS, 1);
}
xDS server config fetcher
4 years ago
std::string uri = absl::StrCat(
ipv6_only_ ? "ipv6:[::1]:" : "ipv4:127.0.0.1:", backends_[0]->port());
return CreateCustomChannel(uri, InsecureChannelCredentials(), args);
}
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
void SendRpc(
std::function<std::shared_ptr<grpc::Channel>()> channel_creator,
std::vector<std::string> expected_server_identity,
std::vector<std::string> expected_client_identity,
bool test_expects_failure = false,
absl::optional<grpc::StatusCode> expected_status = absl::nullopt) {
xDS server config fetcher
4 years ago
gpr_log(GPR_INFO, "Sending RPC");
int num_tries = 0;
Increase the retry count for XdsServerSecurityTest (#25830)
4 years ago
constexpr int kRetryCount = 100;
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
auto overall_deadline = absl::Now() + absl::Seconds(5);
for (; num_tries < kRetryCount || absl::Now() < overall_deadline;
num_tries++) {
xDS server config fetcher
4 years ago
auto channel = channel_creator();
auto stub = grpc::testing::EchoTestService::NewStub(channel);
ClientContext context;
context.set_wait_for_ready(true);
context.set_deadline(grpc_timeout_milliseconds_to_deadline(2000));
EchoRequest request;
xds_end2end_test: Set skip cancelled check (#28453) * xds_end2end_test: Set skip cancelled check * Reviewer comment
3 years ago
// TODO(yashykt): Skipping the cancelled check on the server since the
// server's graceful shutdown isn't as per spec and the check isn't
// necessary for what we want to test here anyway.
// https://github.com/grpc/grpc/issues/24237
request.mutable_param()->set_skip_cancelled_check(true);
xDS server config fetcher
4 years ago
request.set_message(kRequestMessage);
EchoResponse response;
Status status = stub->Echo(&context, request, &response);
if (test_expects_failure) {
if (status.ok()) {
gpr_log(GPR_ERROR, "RPC succeeded. Failure expected. Trying again.");
continue;
}
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
if (expected_status.has_value() &&
*expected_status != status.error_code()) {
gpr_log(GPR_ERROR,
"Expected status does not match Actual(%d) vs Expected(%d)",
status.error_code(), *expected_status);
continue;
}
xDS server config fetcher
4 years ago
} else {
if (!status.ok()) {
gpr_log(GPR_ERROR, "RPC failed. code=%d message=%s Trying again.",
status.error_code(), status.error_message().c_str());
continue;
}
EXPECT_EQ(response.message(), kRequestMessage);
std::vector<std::string> peer_identity;
for (const auto& entry : context.auth_context()->GetPeerIdentity()) {
peer_identity.emplace_back(
std::string(entry.data(), entry.size()).c_str());
}
if (peer_identity != expected_server_identity) {
gpr_log(GPR_ERROR,
"Expected server identity does not match. (actual) %s vs "
"(expected) %s Trying again.",
absl::StrJoin(peer_identity, ",").c_str(),
absl::StrJoin(expected_server_identity, ",").c_str());
continue;
}
if (backends_[0]->backend_service()->last_peer_identity() !=
expected_client_identity) {
gpr_log(
GPR_ERROR,
"Expected client identity does not match. (actual) %s vs "
"(expected) %s Trying again.",
absl::StrJoin(
backends_[0]->backend_service()->last_peer_identity(), ",")
.c_str(),
absl::StrJoin(expected_client_identity, ",").c_str());
continue;
}
}
break;
}
EXPECT_LT(num_tries, kRetryCount);
}
std::string root_cert_;
std::string bad_root_cert_;
grpc_core::PemKeyCertPairList identity_pair_;
grpc_core::PemKeyCertPairList bad_identity_pair_;
grpc_core::PemKeyCertPairList identity_pair_2_;
std::vector<std::string> server_authenticated_identity_;
std::vector<std::string> server_authenticated_identity_2_;
std::vector<std::string> client_authenticated_identity_;
};
NACK xDS updates where transport_name is not recognized (#26612) * NACK xDS updates where transport_name is not recognized * Reviewer comments
3 years ago
TEST_P(XdsServerSecurityTest, UnknownTransportSocket) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
auto* filter_chain = listener.mutable_default_filter_chain();
NACK xDS updates where transport_name is not recognized (#26612) * NACK xDS updates where transport_name is not recognized * Reviewer comments
3 years ago
auto* transport_socket = filter_chain->mutable_transport_socket();
transport_socket->set_name("unknown_transport_socket");
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
NACK xDS updates where transport_name is not recognized (#26612) * NACK xDS updates where transport_name is not recognized * Reviewer comments
3 years ago
::testing::HasSubstr(
"Unrecognized transport socket: unknown_transport_socket"));
}
xDS PSM Server Security: Nack unsupported require_sni and ocsp_staple_policy values (#26878) * Nack unsupported require_sni and ocsp_staple_policy values * Reviewer comments
3 years ago
TEST_P(XdsServerSecurityTest, NacksRequireSNI) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
auto* filter_chain = listener.mutable_default_filter_chain();
xDS PSM Server Security: Nack unsupported require_sni and ocsp_staple_policy values (#26878) * Nack unsupported require_sni and ocsp_staple_policy values * Reviewer comments
3 years ago
auto* transport_socket = filter_chain->mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
DownstreamTlsContext downstream_tls_context;
downstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_tls_certificate_provider_instance()
xDS PSM Server Security: Nack unsupported require_sni and ocsp_staple_policy values (#26878) * Nack unsupported require_sni and ocsp_staple_policy values * Reviewer comments
3 years ago
->set_instance_name("fake_plugin1");
downstream_tls_context.mutable_require_sni()->set_value(true);
transport_socket->mutable_typed_config()->PackFrom(downstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
xDS PSM Server Security: Nack unsupported require_sni and ocsp_staple_policy values (#26878) * Nack unsupported require_sni and ocsp_staple_policy values * Reviewer comments
3 years ago
::testing::HasSubstr("require_sni: unsupported"));
}
TEST_P(XdsServerSecurityTest, NacksOcspStaplePolicyOtherThanLenientStapling) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
auto* filter_chain = listener.mutable_default_filter_chain();
xDS PSM Server Security: Nack unsupported require_sni and ocsp_staple_policy values (#26878) * Nack unsupported require_sni and ocsp_staple_policy values * Reviewer comments
3 years ago
auto* transport_socket = filter_chain->mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
DownstreamTlsContext downstream_tls_context;
downstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_tls_certificate_provider_instance()
xDS PSM Server Security: Nack unsupported require_sni and ocsp_staple_policy values (#26878) * Nack unsupported require_sni and ocsp_staple_policy values * Reviewer comments
3 years ago
->set_instance_name("fake_plugin1");
downstream_tls_context.set_ocsp_staple_policy(
envoy::extensions::transport_sockets::tls::v3::
DownstreamTlsContext_OcspStaplePolicy_STRICT_STAPLING);
transport_socket->mutable_typed_config()->PackFrom(downstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
xDS PSM Server Security: Nack unsupported require_sni and ocsp_staple_policy values (#26878) * Nack unsupported require_sni and ocsp_staple_policy values * Reviewer comments
3 years ago
::testing::HasSubstr(
"ocsp_staple_policy: Only LENIENT_STAPLING supported"));
}
NACK xds updates requiring client certificates when no validation certificate provider instance is mentioned (#26613)
3 years ago
TEST_P(
XdsServerSecurityTest,
NacksRequiringClientCertificateWithoutValidationCertificateProviderInstance) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
auto* filter_chain = listener.mutable_default_filter_chain();
NACK xds updates requiring client certificates when no validation certificate provider instance is mentioned (#26613)
3 years ago
auto* transport_socket = filter_chain->mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
DownstreamTlsContext downstream_tls_context;
downstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_tls_certificate_provider_instance()
NACK xds updates requiring client certificates when no validation certificate provider instance is mentioned (#26613)
3 years ago
->set_instance_name("fake_plugin1");
downstream_tls_context.mutable_require_client_certificate()->set_value(true);
transport_socket->mutable_typed_config()->PackFrom(downstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
NACK xds updates requiring client certificates when no validation certificate provider instance is mentioned (#26613)
3 years ago
::testing::HasSubstr(
"TLS configuration requires client certificates but no "
"certificate provider instance specified for validation."));
}
TEST_P(XdsServerSecurityTest,
NacksTlsConfigurationWithoutIdentityProviderInstance) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
auto* filter_chain = listener.mutable_default_filter_chain();
xDS server config fetcher
4 years ago
auto* transport_socket = filter_chain->mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
DownstreamTlsContext downstream_tls_context;
transport_socket->mutable_typed_config()->PackFrom(downstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
::testing::HasSubstr("TLS configuration provided but no "
"tls_certificate_provider_instance found."));
}
TEST_P(XdsServerSecurityTest, NacksMatchSubjectAltNames) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
auto* filter_chain = listener.mutable_default_filter_chain();
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
auto* transport_socket = filter_chain->mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
DownstreamTlsContext downstream_tls_context;
downstream_tls_context.mutable_common_tls_context()
->mutable_tls_certificate_provider_instance()
->set_instance_name("fake_plugin1");
downstream_tls_context.mutable_common_tls_context()
->mutable_validation_context()
->add_match_subject_alt_names()
->set_exact("*.test.google.fr");
transport_socket->mutable_typed_config()->PackFrom(downstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
::testing::HasSubstr("match_subject_alt_names not supported on servers"));
xDS server config fetcher
4 years ago
}
TEST_P(XdsServerSecurityTest, UnknownIdentityCertificateProvider) {
SetLdsUpdate("", "", "unknown", "", false);
SendRpc([this]() { return CreateTlsChannel(); }, {}, {},
true /* test_expects_failure */);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
NACK xDS updates when certificate provider instace names are unrecognized (#26614) * NACK xDS updates when certificate provider instace names are unrecognized * Reviewer comments * Reviewer comments * Clang format * Fix compilation error
3 years ago
::testing::HasSubstr(
"Unrecognized certificate provider instance name: unknown"));
xDS server config fetcher
4 years ago
}
TEST_P(XdsServerSecurityTest, UnknownRootCertificateProvider) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("unknown", "", "fake_plugin1", "", false);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
NACK xDS updates when certificate provider instace names are unrecognized (#26614) * NACK xDS updates when certificate provider instace names are unrecognized * Reviewer comments * Reviewer comments * Clang format * Fix compilation error
3 years ago
::testing::HasSubstr(
"Unrecognized certificate provider instance name: unknown"));
xDS server config fetcher
4 years ago
}
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
TEST_P(XdsServerSecurityTest,
TestDeprecateTlsCertificateCertificateProviderInstanceField) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
auto* filter_chain = listener.mutable_default_filter_chain();
filter_chain->mutable_filters()->at(0).mutable_typed_config()->PackFrom(
ServerHcmAccessor().Unpack(listener));
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
auto* transport_socket = filter_chain->mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
DownstreamTlsContext downstream_tls_context;
downstream_tls_context.mutable_common_tls_context()
->mutable_tls_certificate_certificate_provider_instance()
->set_instance_name("fake_plugin1");
transport_socket->mutable_typed_config()->PackFrom(downstream_tls_context);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
SendRpc([this]() { return CreateTlsChannel(); },
server_authenticated_identity_, {});
}
TLS Security Connector: Add an always-fail-handshaker when certificates are not ready (#26561) * TLS Security Connector: Add an always-fail-handshaker when certificates are not ready * Reviewer suggestion * Add test
3 years ago
TEST_P(XdsServerSecurityTest, CertificatesNotAvailable) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({});
TLS Security Connector: Add an always-fail-handshaker when certificates are not ready (#26561) * TLS Security Connector: Add an always-fail-handshaker when certificates are not ready * Reviewer suggestion * Add test
3 years ago
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "", true);
SendRpc([this]() { return CreateMtlsChannel(); }, {}, {},
true /* test_expects_failure */);
}
xDS server config fetcher
4 years ago
TEST_P(XdsServerSecurityTest, TestMtls) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "", true);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_, client_authenticated_identity_);
}
TEST_P(XdsServerSecurityTest, TestMtlsWithRootPluginUpdate) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
g_fake2_cert_data_map->Set({{"", {bad_root_cert_, bad_identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "", true);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_, client_authenticated_identity_);
SetLdsUpdate("fake_plugin2", "", "fake_plugin1", "", true);
SendRpc([this]() { return CreateMtlsChannel(); }, {}, {},
true /* test_expects_failure */);
}
TEST_P(XdsServerSecurityTest, TestMtlsWithIdentityPluginUpdate) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
g_fake2_cert_data_map->Set({{"", {root_cert_, identity_pair_2_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "", true);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_, client_authenticated_identity_);
SetLdsUpdate("fake_plugin1", "", "fake_plugin2", "", true);
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_2_, client_authenticated_identity_);
}
TEST_P(XdsServerSecurityTest, TestMtlsWithBothPluginsUpdated) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
g_fake2_cert_data_map->Set({{"good", {root_cert_, identity_pair_2_}},
{"", {bad_root_cert_, bad_identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("fake_plugin2", "", "fake_plugin2", "", true);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateMtlsChannel(); }, {}, {},
true /* test_expects_failure */);
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "", true);
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_, client_authenticated_identity_);
SetLdsUpdate("fake_plugin2", "good", "fake_plugin2", "good", true);
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_2_, client_authenticated_identity_);
}
TEST_P(XdsServerSecurityTest, TestMtlsWithRootCertificateNameUpdate) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}},
{"bad", {bad_root_cert_, bad_identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "", true);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_, client_authenticated_identity_);
SetLdsUpdate("fake_plugin1", "bad", "fake_plugin1", "", true);
SendRpc([this]() { return CreateMtlsChannel(); }, {}, {},
true /* test_expects_failure */);
}
TEST_P(XdsServerSecurityTest, TestMtlsWithIdentityCertificateNameUpdate) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}},
{"good", {root_cert_, identity_pair_2_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "", true);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_, client_authenticated_identity_);
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "good", true);
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_2_, client_authenticated_identity_);
}
TEST_P(XdsServerSecurityTest, TestMtlsWithBothCertificateNamesUpdated) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}},
{"good", {root_cert_, identity_pair_2_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "", true);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_, client_authenticated_identity_);
SetLdsUpdate("fake_plugin1", "good", "fake_plugin1", "good", true);
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_2_, client_authenticated_identity_);
}
TEST_P(XdsServerSecurityTest, TestMtlsNotRequiringButProvidingClientCerts) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "", false);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_, client_authenticated_identity_);
}
TEST_P(XdsServerSecurityTest, TestMtlsNotRequiringAndNotProvidingClientCerts) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "", false);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateTlsChannel(); },
server_authenticated_identity_, {});
}
TEST_P(XdsServerSecurityTest, TestTls) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("", "", "fake_plugin1", "", false);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateTlsChannel(); },
server_authenticated_identity_, {});
}
TEST_P(XdsServerSecurityTest, TestTlsWithIdentityPluginUpdate) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
g_fake2_cert_data_map->Set({{"", {root_cert_, identity_pair_2_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("", "", "fake_plugin1", "", false);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateTlsChannel(); },
server_authenticated_identity_, {});
SetLdsUpdate("", "", "fake_plugin2", "", false);
SendRpc([this]() { return CreateTlsChannel(); },
server_authenticated_identity_2_, {});
}
TEST_P(XdsServerSecurityTest, TestTlsWithIdentityCertificateNameUpdate) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}},
{"good", {root_cert_, identity_pair_2_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("", "", "fake_plugin1", "", false);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateTlsChannel(); },
server_authenticated_identity_, {});
SetLdsUpdate("", "", "fake_plugin1", "good", false);
SendRpc([this]() { return CreateTlsChannel(); },
server_authenticated_identity_2_, {});
}
TEST_P(XdsServerSecurityTest, TestFallback) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("", "", "", "", false);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
TEST_P(XdsServerSecurityTest, TestMtlsToTls) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "", true);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateTlsChannel(); }, {}, {},
true /* test_expects_failure */);
SetLdsUpdate("", "", "fake_plugin1", "", false);
SendRpc([this]() { return CreateTlsChannel(); },
server_authenticated_identity_, {});
}
TEST_P(XdsServerSecurityTest, TestTlsToMtls) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("", "", "fake_plugin1", "", false);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateTlsChannel(); },
server_authenticated_identity_, {});
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "", true);
SendRpc([this]() { return CreateTlsChannel(); }, {}, {},
true /* test_expects_failure */);
}
TEST_P(XdsServerSecurityTest, TestMtlsToFallback) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "", false);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_, client_authenticated_identity_);
SetLdsUpdate("", "", "", "", false);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
TEST_P(XdsServerSecurityTest, TestFallbackToMtls) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("", "", "", "", false);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
SetLdsUpdate("fake_plugin1", "", "fake_plugin1", "", true);
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_, client_authenticated_identity_);
}
TEST_P(XdsServerSecurityTest, TestTlsToFallback) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("", "", "fake_plugin1", "", false);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateTlsChannel(); },
server_authenticated_identity_, {});
SetLdsUpdate("", "", "", "", false);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
TEST_P(XdsServerSecurityTest, TestFallbackToTls) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS server config fetcher
4 years ago
SetLdsUpdate("", "", "", "", false);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xDS server config fetcher
4 years ago
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
SetLdsUpdate("", "", "fake_plugin1", "", false);
SendRpc([this]() { return CreateTlsChannel(); },
server_authenticated_identity_, {});
}
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
class XdsEnabledServerStatusNotificationTest : public XdsServerSecurityTest {
protected:
void SetValidLdsUpdate() { SetLdsUpdate("", "", "", "", false); }
void SetInvalidLdsUpdate() {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
listener.clear_address();
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
listener.set_name(absl::StrCat(
"grpc/server?xds.resource.listening_address=",
ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()));
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetLdsResource(listener);
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
}
void UnsetLdsUpdate() {
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->UnsetResource(
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
kLdsTypeUrl, absl::StrCat("grpc/server?xds.resource.listening_address=",
ipv6_only_ ? "[::1]:" : "127.0.0.1:",
backends_[0]->port()));
}
};
TEST_P(XdsEnabledServerStatusNotificationTest, ServingStatus) {
SetValidLdsUpdate();
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
TEST_P(XdsEnabledServerStatusNotificationTest, NotServingStatus) {
SetInvalidLdsUpdate();
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::UNAVAILABLE);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
true /* test_expects_failure */);
}
TEST_P(XdsEnabledServerStatusNotificationTest, ErrorUpdateWhenAlreadyServing) {
SetValidLdsUpdate();
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
// Invalid update does not lead to a change in the serving status.
SetInvalidLdsUpdate();
xDS LDS parsing changes: NACK on use_original_dst (#25687) * xDS LDS parsing changes: NACK on use_original_dst * Reviewer comments * Unused variable
4 years ago
do {
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
} while (!balancer_->ads_service()->lds_response_state().has_value());
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
TEST_P(XdsEnabledServerStatusNotificationTest,
NotServingStatusToServingStatusTransition) {
SetInvalidLdsUpdate();
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::UNAVAILABLE);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
true /* test_expects_failure */);
// Send a valid LDS update to change to serving status
SetValidLdsUpdate();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
// This test verifies that the resource getting deleted when already serving
// results in future connections being dropped.
TEST_P(XdsEnabledServerStatusNotificationTest,
ServingStatusToNonServingStatusTransition) {
SetValidLdsUpdate();
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
// Deleting the resource should result in a non-serving status.
UnsetLdsUpdate();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::NOT_FOUND);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
true /* test_expects_failure */);
}
TEST_P(XdsEnabledServerStatusNotificationTest, RepeatedServingStatusChanges) {
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
for (int i = 0; i < 5; i++) {
// Send a valid LDS update to get the server to start listening
SetValidLdsUpdate();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:",
backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
// Deleting the resource will make the server start rejecting connections
UnsetLdsUpdate();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:",
backends_[0]->port()),
grpc::StatusCode::NOT_FOUND);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
true /* test_expects_failure */);
}
}
TEST_P(XdsEnabledServerStatusNotificationTest, ExistingRpcsOnResourceDeletion) {
// Send a valid LDS update to get the server to start listening
SetValidLdsUpdate();
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
constexpr int kNumChannels = 10;
struct StreamingRpc {
std::shared_ptr<Channel> channel;
std::unique_ptr<grpc::testing::EchoTestService::Stub> stub;
ClientContext context;
Fix ExistingRpcsOnResourceDeletion flakiness (#26419)
4 years ago
std::unique_ptr<ClientReaderWriter<EchoRequest, EchoResponse>> stream;
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
} streaming_rpcs[kNumChannels];
EchoRequest request;
EchoResponse response;
request.set_message("Hello");
for (int i = 0; i < kNumChannels; i++) {
streaming_rpcs[i].channel = CreateInsecureChannel();
streaming_rpcs[i].stub =
grpc::testing::EchoTestService::NewStub(streaming_rpcs[i].channel);
streaming_rpcs[i].context.set_wait_for_ready(true);
Fix ExistingRpcsOnResourceDeletion flakiness (#26419)
4 years ago
streaming_rpcs[i].stream =
streaming_rpcs[i].stub->BidiStream(&streaming_rpcs[i].context);
EXPECT_TRUE(streaming_rpcs[i].stream->Write(request));
streaming_rpcs[i].stream->Read(&response);
EXPECT_EQ(request.message(), response.message());
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
}
// Deleting the resource will make the server start rejecting connections
UnsetLdsUpdate();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::NOT_FOUND);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
true /* test_expects_failure */);
for (int i = 0; i < kNumChannels; i++) {
Fix ExistingRpcsOnResourceDeletion flakiness (#26419)
4 years ago
EXPECT_TRUE(streaming_rpcs[i].stream->Write(request));
streaming_rpcs[i].stream->Read(&response);
EXPECT_EQ(request.message(), response.message());
EXPECT_TRUE(streaming_rpcs[i].stream->WritesDone());
auto status = streaming_rpcs[i].stream->Finish();
EXPECT_TRUE(status.ok())
<< status.error_message() << ", " << status.error_details() << ", "
<< streaming_rpcs[i].context.debug_error_string();
Revert Revert Xds Status Notifier (#25718) * Revert "Revert "xDS status notifier (#25321)" (#25702)" This reverts commit 3c9f3972e3704c83f9dd0348cb8243e8a2c943af. * Remove connection from map when OnClose is not registered * Reviewer comments
4 years ago
// New RPCs on the existing channels should fail.
ClientContext new_context;
new_context.set_deadline(grpc_timeout_milliseconds_to_deadline(1000));
EXPECT_FALSE(
streaming_rpcs[i].stub->Echo(&new_context, request, &response).ok());
}
}
xDS: Add graceful shutdown for old connections on listener resource update (#28154) * xDS: Add graceful shutdown for old connections on listener resource update * Add TODOs for review * Reviewer comments * Reviewer comments * Fix merge * Fix comment * s/GRPC_ARG_DRAIN_GRACE_TIME_MS/GRPC_ARG_SERVER_CONFIG_CHANGE_DRAIN_GRACE_TIME_MS
3 years ago
TEST_P(XdsEnabledServerStatusNotificationTest,
ExistingRpcsFailOnResourceUpdateAfterDrainGraceTimeExpires) {
constexpr int kDrainGraceTimeMs = 100;
xds_drain_grace_time_ms_ = kDrainGraceTimeMs;
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
xDS: Add graceful shutdown for old connections on listener resource update (#28154) * xDS: Add graceful shutdown for old connections on listener resource update * Add TODOs for review * Reviewer comments * Reviewer comments * Fix merge * Fix comment * s/GRPC_ARG_DRAIN_GRACE_TIME_MS/GRPC_ARG_SERVER_CONFIG_CHANGE_DRAIN_GRACE_TIME_MS
3 years ago
// Send a valid LDS update to get the server to start listening
SetValidLdsUpdate();
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
constexpr int kNumChannels = 10;
struct StreamingRpc {
std::shared_ptr<Channel> channel;
std::unique_ptr<grpc::testing::EchoTestService::Stub> stub;
ClientContext context;
std::unique_ptr<ClientReaderWriter<EchoRequest, EchoResponse>> stream;
} streaming_rpcs[kNumChannels];
EchoRequest request;
EchoResponse response;
request.set_message("Hello");
for (int i = 0; i < kNumChannels; i++) {
streaming_rpcs[i].channel = CreateInsecureChannel();
streaming_rpcs[i].stub =
grpc::testing::EchoTestService::NewStub(streaming_rpcs[i].channel);
streaming_rpcs[i].context.set_wait_for_ready(true);
streaming_rpcs[i].stream =
streaming_rpcs[i].stub->BidiStream(&streaming_rpcs[i].context);
EXPECT_TRUE(streaming_rpcs[i].stream->Write(request));
streaming_rpcs[i].stream->Read(&response);
EXPECT_EQ(request.message(), response.message());
}
grpc_millis -> Timestamp/Duration (#28119) * wip * Automated change: Fix sanity tests * fixes * progress * progress * grpc compiles * Automated change: Fix sanity tests * fixing tests * x * progress * better code * Automated change: Fix sanity tests * progress * progress * windows fix * Make Duration metadata trivial * better message * fix * Automated change: Fix sanity tests * fix * fix * fix * fix * Automated change: Fix sanity tests * Automated change: Fix sanity tests * fix * progress * fixes * fix * fix * spam * un-disable errantly disabled tests * gain insight * Automated change: Fix sanity tests * fixes * fixes * fix * debug * tweak * fix * fix timeout * fix comment * fixes * x * better test * tests * Automated change: Fix sanity tests * missed file * fix * x * fix * fix * fix * fix * Automated change: Fix sanity tests * fix * merge * Automated change: Fix sanity tests * fix Co-authored-by: ctiller <ctiller@users.noreply.github.com>
3 years ago
grpc_core::Timestamp update_time = NowFromCycleCounter();
xDS: Add graceful shutdown for old connections on listener resource update (#28154) * xDS: Add graceful shutdown for old connections on listener resource update * Add TODOs for review * Reviewer comments * Reviewer comments * Fix merge * Fix comment * s/GRPC_ARG_DRAIN_GRACE_TIME_MS/GRPC_ARG_SERVER_CONFIG_CHANGE_DRAIN_GRACE_TIME_MS
3 years ago
// Update the resource.
SetLdsUpdate("", "", "fake_plugin1", "", false);
// Wait for the updated resource to take effect.
SendRpc([this]() { return CreateTlsChannel(); },
server_authenticated_identity_, {});
// After the drain grace time expires, the existing RPCs should all fail.
for (int i = 0; i < kNumChannels; i++) {
// Wait for the drain grace time to expire
EXPECT_FALSE(streaming_rpcs[i].stream->Read(&response));
// Make sure that the drain grace interval is honored.
grpc_millis -> Timestamp/Duration (#28119) * wip * Automated change: Fix sanity tests * fixes * progress * progress * grpc compiles * Automated change: Fix sanity tests * fixing tests * x * progress * better code * Automated change: Fix sanity tests * progress * progress * windows fix * Make Duration metadata trivial * better message * fix * Automated change: Fix sanity tests * fix * fix * fix * fix * Automated change: Fix sanity tests * Automated change: Fix sanity tests * fix * progress * fixes * fix * fix * spam * un-disable errantly disabled tests * gain insight * Automated change: Fix sanity tests * fixes * fixes * fix * debug * tweak * fix * fix timeout * fix comment * fixes * x * better test * tests * Automated change: Fix sanity tests * missed file * fix * x * fix * fix * fix * fix * Automated change: Fix sanity tests * fix * merge * Automated change: Fix sanity tests * fix Co-authored-by: ctiller <ctiller@users.noreply.github.com>
3 years ago
EXPECT_GE(NowFromCycleCounter() - update_time,
grpc_core::Duration::Milliseconds(kDrainGraceTimeMs));
xDS: Add graceful shutdown for old connections on listener resource update (#28154) * xDS: Add graceful shutdown for old connections on listener resource update * Add TODOs for review * Reviewer comments * Reviewer comments * Fix merge * Fix comment * s/GRPC_ARG_DRAIN_GRACE_TIME_MS/GRPC_ARG_SERVER_CONFIG_CHANGE_DRAIN_GRACE_TIME_MS
3 years ago
auto status = streaming_rpcs[i].stream->Finish();
EXPECT_EQ(status.error_code(), grpc::StatusCode::UNAVAILABLE)
<< status.error_code() << ", " << status.error_message() << ", "
<< status.error_details() << ", "
<< streaming_rpcs[i].context.debug_error_string();
}
}
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
using XdsServerFilterChainMatchTest = XdsServerSecurityTest;
TEST_P(XdsServerFilterChainMatchTest,
DefaultFilterChainUsedWhenNoFilterChainMentioned) {
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
TEST_P(XdsServerFilterChainMatchTest,
DefaultFilterChainUsedWhenOtherFilterChainsDontMatch) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add a filter chain that will never get matched
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()
->mutable_destination_port()
->set_value(8080);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
TEST_P(XdsServerFilterChainMatchTest,
FilterChainsWithDestinationPortDontMatch) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add filter chain with destination port that should never get matched
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()
->mutable_destination_port()
->set_value(8080);
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
listener.clear_default_filter_chain();
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetLdsResource(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
PopulateServerListenerNameAndPort(listener, backends_[0]->port()));
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// RPC should fail since no matching filter chain was found and no default
// filter chain is configured.
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
true /* test_expects_failure */);
}
TEST_P(XdsServerFilterChainMatchTest, FilterChainsWithServerNamesDontMatch) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add filter chain with server name that should never get matched
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->add_server_names("server_name");
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
listener.clear_default_filter_chain();
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetLdsResource(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
PopulateServerListenerNameAndPort(listener, backends_[0]->port()));
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// RPC should fail since no matching filter chain was found and no default
// filter chain is configured.
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
true /* test_expects_failure */);
}
TEST_P(XdsServerFilterChainMatchTest,
FilterChainsWithTransportProtocolsOtherThanRawBufferDontMatch) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add filter chain with transport protocol "tls" that should never match
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->set_transport_protocol("tls");
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
listener.clear_default_filter_chain();
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetLdsResource(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
PopulateServerListenerNameAndPort(listener, backends_[0]->port()));
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// RPC should fail since no matching filter chain was found and no default
// filter chain is configured.
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
true /* test_expects_failure */);
}
TEST_P(XdsServerFilterChainMatchTest,
FilterChainsWithApplicationProtocolsDontMatch) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add filter chain with application protocol that should never get matched
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->add_application_protocols("h2");
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
listener.clear_default_filter_chain();
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetLdsResource(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
PopulateServerListenerNameAndPort(listener, backends_[0]->port()));
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// RPC should fail since no matching filter chain was found and no default
// filter chain is configured.
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
true /* test_expects_failure */);
}
TEST_P(XdsServerFilterChainMatchTest,
FilterChainsWithTransportProtocolRawBufferIsPreferred) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add filter chain with "raw_buffer" transport protocol
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->set_transport_protocol(
"raw_buffer");
// Add another filter chain with no transport protocol set but application
// protocol set (fails match)
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->add_application_protocols("h2");
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
listener.clear_default_filter_chain();
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetLdsResource(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
PopulateServerListenerNameAndPort(listener, backends_[0]->port()));
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Ring hash implementation (#26356) * Ring hash implementation * Fixing an error caught during import: ipv6 addresses need small modifications when creating the ring entry. * fixing an error * removing debugs * Remove unnecssary hashing * small cleanup
4 years ago
// A successful RPC proves that filter chains that mention "raw_buffer" as
// the transport protocol are chosen as the best match in the round.
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
TEST_P(XdsServerFilterChainMatchTest,
FilterChainsWithMoreSpecificDestinationPrefixRangesArePreferred) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add filter chain with prefix range (length 4 and 16) but with server name
// mentioned. (Prefix range is matched first.)
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
auto* prefix_range =
filter_chain->mutable_filter_chain_match()->add_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range->mutable_prefix_len()->set_value(4);
prefix_range =
filter_chain->mutable_filter_chain_match()->add_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range->mutable_prefix_len()->set_value(16);
filter_chain->mutable_filter_chain_match()->add_server_names("server_name");
Ring hash implementation (#26356) * Ring hash implementation * Fixing an error caught during import: ipv6 addresses need small modifications when creating the ring entry. * fixing an error * removing debugs * Remove unnecssary hashing * small cleanup
4 years ago
// Add filter chain with two prefix ranges (length 8 and 24). Since 24 is
// the highest match, it should be chosen.
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range =
filter_chain->mutable_filter_chain_match()->add_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range->mutable_prefix_len()->set_value(8);
prefix_range =
filter_chain->mutable_filter_chain_match()->add_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range->mutable_prefix_len()->set_value(24);
Ring hash implementation (#26356) * Ring hash implementation * Fixing an error caught during import: ipv6 addresses need small modifications when creating the ring entry. * fixing an error * removing debugs * Remove unnecssary hashing * small cleanup
4 years ago
// Add another filter chain with a non-matching prefix range (with length
// 30)
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range =
filter_chain->mutable_filter_chain_match()->add_prefix_ranges();
prefix_range->set_address_prefix("192.168.1.1");
prefix_range->mutable_prefix_len()->set_value(30);
filter_chain->mutable_filter_chain_match()->add_server_names("server_name");
// Add another filter chain with no prefix range mentioned
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->add_server_names("server_name");
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
listener.clear_default_filter_chain();
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetLdsResource(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
PopulateServerListenerNameAndPort(listener, backends_[0]->port()));
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// A successful RPC proves that the filter chain with the longest matching
// prefix range was the best match.
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
TEST_P(XdsServerFilterChainMatchTest,
FilterChainsThatMentionSourceTypeArePreferred) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add filter chain with the local source type (best match)
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->set_source_type(
FilterChainMatch::SAME_IP_OR_LOOPBACK);
// Add filter chain with the external source type but bad source port.
// Note that backends_[0]->port() will never be a match for the source port
// because it is already being used by a backend.
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->set_source_type(
FilterChainMatch::EXTERNAL);
filter_chain->mutable_filter_chain_match()->add_source_ports(
backends_[0]->port());
// Add filter chain with the default source type (ANY) but bad source port.
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->add_source_ports(
backends_[0]->port());
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
listener.clear_default_filter_chain();
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetLdsResource(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
PopulateServerListenerNameAndPort(listener, backends_[0]->port()));
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// A successful RPC proves that the filter chain with the longest matching
// prefix range was the best match.
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
TEST_P(XdsServerFilterChainMatchTest,
FilterChainsWithMoreSpecificSourcePrefixRangesArePreferred) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Ring hash implementation (#26356) * Ring hash implementation * Fixing an error caught during import: ipv6 addresses need small modifications when creating the ring entry. * fixing an error * removing debugs * Remove unnecssary hashing * small cleanup
4 years ago
// Add filter chain with source prefix range (length 16) but with a bad
// source port mentioned. (Prefix range is matched first.) Note that
// backends_[0]->port() will never be a match for the source port because it
// is already being used by a backend.
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
auto* source_prefix_range =
filter_chain->mutable_filter_chain_match()->add_source_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
source_prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
source_prefix_range->mutable_prefix_len()->set_value(4);
source_prefix_range =
filter_chain->mutable_filter_chain_match()->add_source_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
source_prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
source_prefix_range->mutable_prefix_len()->set_value(16);
filter_chain->mutable_filter_chain_match()->add_source_ports(
backends_[0]->port());
Ring hash implementation (#26356) * Ring hash implementation * Fixing an error caught during import: ipv6 addresses need small modifications when creating the ring entry. * fixing an error * removing debugs * Remove unnecssary hashing * small cleanup
4 years ago
// Add filter chain with two source prefix ranges (length 8 and 24). Since
// 24 is the highest match, it should be chosen.
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
source_prefix_range =
filter_chain->mutable_filter_chain_match()->add_source_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
source_prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
source_prefix_range->mutable_prefix_len()->set_value(8);
source_prefix_range =
filter_chain->mutable_filter_chain_match()->add_source_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
source_prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
source_prefix_range->mutable_prefix_len()->set_value(24);
// Add another filter chain with a non-matching source prefix range (with
// length 30) and bad source port
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
source_prefix_range =
filter_chain->mutable_filter_chain_match()->add_source_prefix_ranges();
source_prefix_range->set_address_prefix("192.168.1.1");
source_prefix_range->mutable_prefix_len()->set_value(30);
filter_chain->mutable_filter_chain_match()->add_source_ports(
backends_[0]->port());
// Add another filter chain with no source prefix range mentioned and bad
// source port
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->add_source_ports(
backends_[0]->port());
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
listener.clear_default_filter_chain();
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetLdsResource(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
PopulateServerListenerNameAndPort(listener, backends_[0]->port()));
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// A successful RPC proves that the filter chain with the longest matching
// source prefix range was the best match.
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
TEST_P(XdsServerFilterChainMatchTest,
FilterChainsWithMoreSpecificSourcePortArePreferred) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Since we don't know which port will be used by the channel, just add all
// ports except for 0.
for (int i = 1; i < 65536; i++) {
filter_chain->mutable_filter_chain_match()->add_source_ports(i);
}
NACK xDS updates when certificate provider instace names are unrecognized (#26614) * NACK xDS updates when certificate provider instace names are unrecognized * Reviewer comments * Reviewer comments * Clang format * Fix compilation error
3 years ago
// Add another filter chain with no source port mentioned with a bad
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// DownstreamTlsContext configuration.
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
auto* transport_socket = filter_chain->mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
DownstreamTlsContext downstream_tls_context;
downstream_tls_context.mutable_common_tls_context()
xDS Security: Use new way to fetch certificate provider plugin instance config (#27264) * xDS Security: Use new way to fetch certificate provider plugin instance config * Reviewer comments * Additional fields to NACK * Move NACKing tests for tls_certificates and tls_certificate_sds_securet_configs to client-side
3 years ago
->mutable_tls_certificate_provider_instance()
NACK xDS updates when certificate provider instace names are unrecognized (#26614) * NACK xDS updates when certificate provider instace names are unrecognized * Reviewer comments * Reviewer comments * Clang format * Fix compilation error
3 years ago
->set_instance_name("fake_plugin1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
transport_socket->mutable_typed_config()->PackFrom(downstream_tls_context);
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
listener.clear_default_filter_chain();
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetLdsResource(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
PopulateServerListenerNameAndPort(listener, backends_[0]->port()));
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// A successful RPC proves that the filter chain with matching source port
// was chosen.
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
TEST_P(XdsServerFilterChainMatchTest, DuplicateMatchNacked) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add filter chain
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add a duplicate filter chain
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
::testing::HasSubstr(
"Duplicate matching rules detected when adding filter chain: {}"));
}
TEST_P(XdsServerFilterChainMatchTest, DuplicateMatchOnPrefixRangesNacked) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add filter chain with prefix range
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
auto* prefix_range =
filter_chain->mutable_filter_chain_match()->add_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range->mutable_prefix_len()->set_value(16);
prefix_range =
filter_chain->mutable_filter_chain_match()->add_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range->mutable_prefix_len()->set_value(24);
// Add a filter chain with a duplicate prefix range entry
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range =
filter_chain->mutable_filter_chain_match()->add_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range->mutable_prefix_len()->set_value(16);
prefix_range =
filter_chain->mutable_filter_chain_match()->add_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range->mutable_prefix_len()->set_value(32);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
if (ipv6_only_) {
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
::testing::HasSubstr(
"Duplicate matching rules detected when adding filter chain: "
"{prefix_ranges={{address_prefix=[::]:0, prefix_len=16}, "
"{address_prefix=[::]:0, prefix_len=32}}}"));
} else {
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
::testing::HasSubstr(
"Duplicate matching rules detected when adding filter chain: "
"{prefix_ranges={{address_prefix=127.0.0.0:0, prefix_len=16}, "
"{address_prefix=127.0.0.1:0, prefix_len=32}}}"));
}
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
}
TEST_P(XdsServerFilterChainMatchTest, DuplicateMatchOnTransportProtocolNacked) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add filter chain with "raw_buffer" transport protocol
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->set_transport_protocol(
"raw_buffer");
Ring hash implementation (#26356) * Ring hash implementation * Fixing an error caught during import: ipv6 addresses need small modifications when creating the ring entry. * fixing an error * removing debugs * Remove unnecssary hashing * small cleanup
4 years ago
// Add a duplicate filter chain with the same "raw_buffer" transport
// protocol entry
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->set_transport_protocol(
"raw_buffer");
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
::testing::HasSubstr("Duplicate matching rules detected when adding "
"filter chain: {transport_protocol=raw_buffer}"));
}
TEST_P(XdsServerFilterChainMatchTest, DuplicateMatchOnLocalSourceTypeNacked) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add filter chain with the local source type
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->set_source_type(
FilterChainMatch::SAME_IP_OR_LOOPBACK);
// Add a duplicate filter chain with the same local source type entry
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->set_source_type(
FilterChainMatch::SAME_IP_OR_LOOPBACK);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
::testing::HasSubstr("Duplicate matching rules detected when adding "
"filter chain: {source_type=SAME_IP_OR_LOOPBACK}"));
}
TEST_P(XdsServerFilterChainMatchTest,
DuplicateMatchOnExternalSourceTypeNacked) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add filter chain with the external source type
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->set_source_type(
FilterChainMatch::EXTERNAL);
// Add a duplicate filter chain with the same external source type entry
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->set_source_type(
FilterChainMatch::EXTERNAL);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
::testing::HasSubstr("Duplicate matching rules detected when adding "
"filter chain: {source_type=EXTERNAL}"));
}
TEST_P(XdsServerFilterChainMatchTest,
DuplicateMatchOnSourcePrefixRangesNacked) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add filter chain with source prefix range
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
auto* prefix_range =
filter_chain->mutable_filter_chain_match()->add_source_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range->mutable_prefix_len()->set_value(16);
prefix_range =
filter_chain->mutable_filter_chain_match()->add_source_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range->mutable_prefix_len()->set_value(24);
// Add a filter chain with a duplicate source prefix range entry
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range =
filter_chain->mutable_filter_chain_match()->add_source_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range->mutable_prefix_len()->set_value(16);
prefix_range =
filter_chain->mutable_filter_chain_match()->add_source_prefix_ranges();
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
prefix_range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
prefix_range->mutable_prefix_len()->set_value(32);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
if (ipv6_only_) {
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
::testing::HasSubstr(
"Duplicate matching rules detected when adding filter chain: "
"{source_prefix_ranges={{address_prefix=[::]:0, prefix_len=16}, "
"{address_prefix=[::]:0, prefix_len=32}}}"));
} else {
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
xds_end2end_test ipv6 address format fix (#25837) * xds_end2end_test ipv6 address format fix * Update expected error string
4 years ago
::testing::HasSubstr(
"Duplicate matching rules detected when adding filter chain: "
"{source_prefix_ranges={{address_prefix=127.0.0.0:0, "
"prefix_len=16}, "
"{address_prefix=127.0.0.1:0, prefix_len=32}}}"));
}
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
}
TEST_P(XdsServerFilterChainMatchTest, DuplicateMatchOnSourcePortNacked) {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Listener listener = default_server_listener_;
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
// Add filter chain with the external source type
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->add_source_ports(8080);
// Add a duplicate filter chain with the same source port entry
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
ServerHcmAccessor().Unpack(listener));
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
filter_chain->mutable_filter_chain_match()->add_source_ports(8080);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
EXPECT_THAT(
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
response_state->error_message,
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
::testing::HasSubstr("Duplicate matching rules detected when adding "
"filter chain: {source_ports={8080}}"));
}
Support RDS updates on the server (#27851) * Port changes from #27388 * Reviewer comments * Fix resource timeout issue * Cleanup * Fix clang-tidy * Revert benchmark * Restructure * clang-tidy * Automated change: Fix sanity tests * Partial commit * Reviewer comments * Fixes * Reviewer comments * Reviewer comments * Reviewer comments * Reviewer comments * clang-format * Fix FaultInjection tests * clang-tidy Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
class XdsServerRdsTest : public XdsEnabledServerStatusNotificationTest {
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
protected:
xds_end2end_test: fix env var name in RLS tests (#29291) * xds_end2end_test: fix env var name in RLS tests * add ScopedExperimentalEnvVar to ensure env vars get unset after tests * clang-format
3 years ago
XdsServerRdsTest() : env_var_("GRPC_XDS_EXPERIMENTAL_RBAC") {}
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
xds_end2end_test: fix env var name in RLS tests (#29291) * xds_end2end_test: fix env var name in RLS tests * add ScopedExperimentalEnvVar to ensure env vars get unset after tests * clang-format
3 years ago
ScopedExperimentalEnvVar env_var_;
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
};
Support RDS updates on the server (#27851) * Port changes from #27388 * Reviewer comments * Fix resource timeout issue * Cleanup * Fix clang-tidy * Revert benchmark * Restructure * clang-tidy * Automated change: Fix sanity tests * Partial commit * Reviewer comments * Fixes * Reviewer comments * Reviewer comments * Reviewer comments * Reviewer comments * clang-format * Fix FaultInjection tests * clang-tidy Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
TEST_P(XdsServerRdsTest, Basic) {
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
TEST_P(XdsServerRdsTest, NacksInvalidDomainPattern) {
RouteConfiguration route_config = default_server_route_config_;
route_config.mutable_virtual_hosts()->at(0).add_domains("");
SetServerListenerNameAndRouteConfiguration(
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_.get(), default_server_listener_, backends_[0]->port(),
route_config);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForRouteConfigNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
::testing::HasSubstr("Invalid domain pattern \"\""));
}
TEST_P(XdsServerRdsTest, NacksEmptyDomainsList) {
RouteConfiguration route_config = default_server_route_config_;
route_config.mutable_virtual_hosts()->at(0).clear_domains();
SetServerListenerNameAndRouteConfiguration(
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_.get(), default_server_listener_, backends_[0]->port(),
route_config);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForRouteConfigNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
::testing::HasSubstr("VirtualHost has no domains"));
}
TEST_P(XdsServerRdsTest, NacksEmptyRoutesList) {
RouteConfiguration route_config = default_server_route_config_;
route_config.mutable_virtual_hosts()->at(0).clear_routes();
SetServerListenerNameAndRouteConfiguration(
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_.get(), default_server_listener_, backends_[0]->port(),
route_config);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForRouteConfigNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
::testing::HasSubstr("No route found in the virtual host"));
}
TEST_P(XdsServerRdsTest, NacksEmptyMatch) {
RouteConfiguration route_config = default_server_route_config_;
route_config.mutable_virtual_hosts()
->at(0)
.mutable_routes()
->at(0)
.clear_match();
SetServerListenerNameAndRouteConfiguration(
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_.get(), default_server_listener_, backends_[0]->port(),
route_config);
xds_end2end_test: Only start backends when needed (#27911) * xds_end2end_test: Fix flakiness on WaitForLdsNack * xds_end2end_test: Only start the server when we want * Revert WaitForNack changes * Fixes * Fix CsdsShortAdsTimeoutTest * Fix sanity
3 years ago
backends_[0]->Start();
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForRouteConfigNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
::testing::HasSubstr("Match can't be null"));
}
Support RDS updates on the server (#27851) * Port changes from #27388 * Reviewer comments * Fix resource timeout issue * Cleanup * Fix clang-tidy * Revert benchmark * Restructure * clang-tidy * Automated change: Fix sanity tests * Partial commit * Reviewer comments * Fixes * Reviewer comments * Reviewer comments * Reviewer comments * Reviewer comments * clang-format * Fix FaultInjection tests * clang-tidy Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
TEST_P(XdsServerRdsTest, FailsRouteMatchesOtherThanNonForwardingAction) {
SetServerListenerNameAndRouteConfiguration(
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_.get(), default_server_listener_, backends_[0]->port(),
Support RDS updates on the server (#27851) * Port changes from #27388 * Reviewer comments * Fix resource timeout issue * Cleanup * Fix clang-tidy * Revert benchmark * Restructure * clang-tidy * Automated change: Fix sanity tests * Partial commit * Reviewer comments * Fixes * Reviewer comments * Reviewer comments * Reviewer comments * Reviewer comments * clang-format * Fix FaultInjection tests * clang-tidy Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_route_config_ /* inappropriate route config for servers */);
backends_[0]->Start();
// The server should be ready to serve but RPCs should fail.
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
true /* test_expects_failure */);
}
// Test that non-inline route configuration also works for non-default filter
// chains
TEST_P(XdsServerRdsTest, NonInlineRouteConfigurationNonDefaultFilterChain) {
if (!GetParam().enable_rds_testing()) {
return;
}
Listener listener = default_server_listener_;
auto* filter_chain = listener.add_filter_chains();
HttpConnectionManager http_connection_manager =
ServerHcmAccessor().Unpack(listener);
auto* rds = http_connection_manager.mutable_rds();
rds->set_route_config_name(kDefaultServerRouteConfigurationName);
xds: accept SelfConfigSource for RDS and EDS ConfigSources (#28618)
3 years ago
rds->mutable_config_source()->mutable_self();
Support RDS updates on the server (#27851) * Port changes from #27388 * Reviewer comments * Fix resource timeout issue * Cleanup * Fix clang-tidy * Revert benchmark * Restructure * clang-tidy * Automated change: Fix sanity tests * Partial commit * Reviewer comments * Fixes * Reviewer comments * Reviewer comments * Reviewer comments * Reviewer comments * clang-format * Fix FaultInjection tests * clang-tidy Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
http_connection_manager);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Support RDS updates on the server (#27851) * Port changes from #27388 * Reviewer comments * Fix resource timeout issue * Cleanup * Fix clang-tidy * Revert benchmark * Restructure * clang-tidy * Automated change: Fix sanity tests * Partial commit * Reviewer comments * Fixes * Reviewer comments * Reviewer comments * Reviewer comments * Reviewer comments * clang-format * Fix FaultInjection tests * clang-tidy Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
TEST_P(XdsServerRdsTest, NonInlineRouteConfigurationNotAvailable) {
if (!GetParam().enable_rds_testing()) {
return;
}
Listener listener = default_server_listener_;
PopulateServerListenerNameAndPort(listener, backends_[0]->port());
HttpConnectionManager http_connection_manager =
ServerHcmAccessor().Unpack(listener);
auto* rds = http_connection_manager.mutable_rds();
rds->set_route_config_name("unknown_server_route_config");
xds: accept SelfConfigSource for RDS and EDS ConfigSources (#28618)
3 years ago
rds->mutable_config_source()->mutable_self();
Support RDS updates on the server (#27851) * Port changes from #27388 * Reviewer comments * Fix resource timeout issue * Cleanup * Fix clang-tidy * Revert benchmark * Restructure * clang-tidy * Automated change: Fix sanity tests * Partial commit * Reviewer comments * Fixes * Reviewer comments * Reviewer comments * Reviewer comments * Reviewer comments * clang-format * Fix FaultInjection tests * clang-tidy Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
listener.add_filter_chains()->add_filters()->mutable_typed_config()->PackFrom(
http_connection_manager);
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Support RDS updates on the server (#27851) * Port changes from #27388 * Reviewer comments * Fix resource timeout issue * Cleanup * Fix clang-tidy * Revert benchmark * Restructure * clang-tidy * Automated change: Fix sanity tests * Partial commit * Reviewer comments * Fixes * Reviewer comments * Reviewer comments * Reviewer comments * Reviewer comments * clang-format * Fix FaultInjection tests * clang-tidy Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
true /* test_expects_failure */);
}
// TODO(yashykt): Once https://github.com/grpc/grpc/issues/24035 is fixed, we
// should add tests that make sure that different route configs are used for
// incoming connections with a different match.
TEST_P(XdsServerRdsTest, MultipleRouteConfigurations) {
Listener listener = default_server_listener_;
// Set a filter chain with a new route config name
auto new_route_config = default_server_route_config_;
new_route_config.set_name("new_server_route_config");
HttpConnectionManager http_connection_manager =
ServerHcmAccessor().Unpack(listener);
auto* rds = http_connection_manager.mutable_rds();
rds->set_route_config_name(new_route_config.name());
xds: accept SelfConfigSource for RDS and EDS ConfigSources (#28618)
3 years ago
rds->mutable_config_source()->mutable_self();
Support RDS updates on the server (#27851) * Port changes from #27388 * Reviewer comments * Fix resource timeout issue * Cleanup * Fix clang-tidy * Revert benchmark * Restructure * clang-tidy * Automated change: Fix sanity tests * Partial commit * Reviewer comments * Fixes * Reviewer comments * Reviewer comments * Reviewer comments * Reviewer comments * clang-format * Fix FaultInjection tests * clang-tidy Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
listener.add_filter_chains()->add_filters()->mutable_typed_config()->PackFrom(
http_connection_manager);
// Set another filter chain with another route config name
auto another_route_config = default_server_route_config_;
another_route_config.set_name("another_server_route_config");
http_connection_manager.mutable_rds()->set_route_config_name(
another_route_config.name());
auto* filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
http_connection_manager);
filter_chain->mutable_filter_chain_match()->set_source_type(
FilterChainMatch::SAME_IP_OR_LOOPBACK);
// Add another filter chain with the same route config name
filter_chain = listener.add_filter_chains();
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
http_connection_manager);
filter_chain->mutable_filter_chain_match()->set_source_type(
FilterChainMatch::EXTERNAL);
// Add another filter chain with an inline route config
filter_chain = listener.add_filter_chains();
filter_chain->mutable_filter_chain_match()->add_source_ports(1234);
http_connection_manager = ServerHcmAccessor().Unpack(listener);
*http_connection_manager.mutable_route_config() =
default_server_route_config_;
filter_chain->add_filters()->mutable_typed_config()->PackFrom(
http_connection_manager);
// Set resources on the ADS service
xds_end2end_test: remove num_balancers from test suite and remove dependence on fake resolver for xDS channel (#28245) * xds_end2end_test: remove num_balancers from test suite * fix clang-tidy
3 years ago
balancer_->ads_service()->SetRdsResource(new_route_config);
balancer_->ads_service()->SetRdsResource(another_route_config);
SetServerListenerNameAndRouteConfiguration(balancer_.get(), listener,
backends_[0]->port(),
Support RDS updates on the server (#27851) * Port changes from #27388 * Reviewer comments * Fix resource timeout issue * Cleanup * Fix clang-tidy * Revert benchmark * Restructure * clang-tidy * Automated change: Fix sanity tests * Partial commit * Reviewer comments * Fixes * Reviewer comments * Reviewer comments * Reviewer comments * Reviewer comments * clang-format * Fix FaultInjection tests * clang-tidy Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
default_server_route_config_);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
// Tests RBAC configurations on the server with RDS testing and route config
// override permutations.
class XdsRbacTest : public XdsServerRdsTest {
protected:
void SetServerRbacPolicies(Listener listener,
const std::vector<RBAC>& rbac_policies) {
HttpConnectionManager http_connection_manager =
ServerHcmAccessor().Unpack(listener);
http_connection_manager.clear_http_filters();
RouteConfiguration route_config = default_server_route_config_;
int count = 0;
for (auto& rbac : rbac_policies) {
auto* filter = http_connection_manager.add_http_filters();
std::string filter_name = absl::StrFormat("rbac%d", ++count);
filter->set_name(filter_name);
switch (GetParam().filter_config_setup()) {
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
case XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInListener:
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
filter->mutable_typed_config()->PackFrom(rbac);
break;
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
case XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute:
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
filter->mutable_typed_config()->PackFrom(RBAC());
google::protobuf::Any filter_config;
RBACPerRoute rbac_per_route;
*rbac_per_route.mutable_rbac() = rbac;
filter_config.PackFrom(rbac_per_route);
auto* config_map = route_config.mutable_virtual_hosts(0)
->mutable_routes(0)
->mutable_typed_per_filter_config();
(*config_map)[filter_name] = std::move(filter_config);
}
}
auto* filter = http_connection_manager.add_http_filters();
filter->set_name("router");
filter->mutable_typed_config()->PackFrom(
envoy::extensions::filters::http::router::v3::Router());
ServerHcmAccessor().Pack(http_connection_manager, &listener);
SetServerListenerNameAndRouteConfiguration(
balancer_.get(), listener, backends_[0]->port(), route_config);
}
void SetServerRbacPolicy(Listener listener, const RBAC& rbac) {
SetServerRbacPolicies(std::move(listener), {rbac});
}
void SetServerRbacPolicy(const RBAC& rbac) {
SetServerRbacPolicy(default_server_listener_, rbac);
}
};
TEST_P(XdsRbacTest, AbsentRbacPolicy) {
SetServerRbacPolicy(RBAC());
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
// An absent RBAC policy leads to all RPCs being accepted.
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
TEST_P(XdsRbacTest, LogAction) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(envoy::config::rbac::v3::RBAC_Action_LOG);
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
// A Log action is identical to no rbac policy being configured.
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
using XdsRbacNackTest = XdsRbacTest;
TEST_P(XdsRbacNackTest, NacksSchemePrincipalHeader) {
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(envoy::config::rbac::v3::RBAC_Action_ALLOW);
Policy policy;
auto* header = policy.add_principals()->mutable_header();
header->set_name(":scheme");
header->set_exact_match("http");
policy.add_permissions()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
if (GetParam().enable_rds_testing() &&
GetParam().filter_config_setup() ==
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute) {
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForRdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
::testing::HasSubstr("':scheme' not allowed in header"));
} else {
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
::testing::HasSubstr("':scheme' not allowed in header"));
}
}
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
TEST_P(XdsRbacNackTest, NacksGrpcPrefixedPrincipalHeaders) {
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(envoy::config::rbac::v3::RBAC_Action_ALLOW);
Policy policy;
auto* header = policy.add_principals()->mutable_header();
header->set_name("grpc-status");
header->set_exact_match("0");
policy.add_permissions()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
if (GetParam().enable_rds_testing() &&
GetParam().filter_config_setup() ==
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute) {
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForRdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
::testing::HasSubstr("'grpc-' prefixes not allowed in header"));
} else {
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
::testing::HasSubstr("'grpc-' prefixes not allowed in header"));
}
}
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
TEST_P(XdsRbacNackTest, NacksSchemePermissionHeader) {
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(envoy::config::rbac::v3::RBAC_Action_ALLOW);
Policy policy;
auto* header = policy.add_permissions()->mutable_header();
header->set_name(":scheme");
header->set_exact_match("http");
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
if (GetParam().enable_rds_testing() &&
GetParam().filter_config_setup() ==
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute) {
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForRdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
::testing::HasSubstr("':scheme' not allowed in header"));
} else {
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
::testing::HasSubstr("':scheme' not allowed in header"));
}
}
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
TEST_P(XdsRbacNackTest, NacksGrpcPrefixedPermissionHeaders) {
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(envoy::config::rbac::v3::RBAC_Action_ALLOW);
Policy policy;
auto* header = policy.add_permissions()->mutable_header();
header->set_name("grpc-status");
header->set_exact_match("0");
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
if (GetParam().enable_rds_testing() &&
GetParam().filter_config_setup() ==
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute) {
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForRdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
::testing::HasSubstr("'grpc-' prefixes not allowed in header"));
} else {
xds_end2end_test_lib: use DEBUG_LOCATION to log where failures originate (#29444)
3 years ago
const auto response_state = WaitForLdsNack(DEBUG_LOCATION);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
ASSERT_TRUE(response_state.has_value()) << "timed out waiting for NACK";
EXPECT_THAT(response_state->error_message,
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
::testing::HasSubstr("'grpc-' prefixes not allowed in header"));
}
}
// Tests RBAC policies where a route override is always present. Action
// permutations are not added.
using XdsRbacTestWithRouteOverrideAlwaysPresent = XdsRbacTest;
TEST_P(XdsRbacTestWithRouteOverrideAlwaysPresent, EmptyRBACPerRouteOverride) {
HttpConnectionManager http_connection_manager;
Listener listener = default_server_listener_;
RouteConfiguration route_config = default_server_route_config_;
auto* filter = http_connection_manager.add_http_filters();
filter->set_name("rbac");
// Create a top-level RBAC policy with a DENY action for all RPCs
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(RBAC_Action_DENY);
Policy policy;
policy.add_permissions()->set_any(true);
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
filter->mutable_typed_config()->PackFrom(rbac);
// Override with an Empty RBACPerRoute policy which should result in RBAC
// being disabled and RPCs being allowed.
google::protobuf::Any filter_config;
filter_config.PackFrom(RBACPerRoute());
auto* config_map = route_config.mutable_virtual_hosts(0)
->mutable_routes(0)
->mutable_typed_per_filter_config();
(*config_map)["rbac"] = std::move(filter_config);
filter = http_connection_manager.add_http_filters();
filter->set_name("router");
filter->mutable_typed_config()->PackFrom(
envoy::extensions::filters::http::router::v3::Router());
ServerHcmAccessor().Pack(http_connection_manager, &listener);
SetServerListenerNameAndRouteConfiguration(
balancer_.get(), listener, backends_[0]->port(), route_config);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
// Test a non-empty top level RBAC with a non-empty RBACPerRouteOverride
TEST_P(XdsRbacTestWithRouteOverrideAlwaysPresent,
NonEmptyTopLevelRBACNonEmptyPerRouteOverride) {
HttpConnectionManager http_connection_manager;
Listener listener = default_server_listener_;
RouteConfiguration route_config = default_server_route_config_;
auto* filter = http_connection_manager.add_http_filters();
filter->set_name("rbac");
// Create a top-level RBAC policy with a DENY action for all RPCs
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(RBAC_Action_DENY);
Policy policy;
policy.add_permissions()->set_any(true);
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
filter->mutable_typed_config()->PackFrom(rbac);
// Override with a non-empty RBACPerRoute policy which allows all RPCs.
google::protobuf::Any filter_config;
RBACPerRoute rbac_per_route;
rules = rbac_per_route.mutable_rbac()->mutable_rules();
rules->set_action(RBAC_Action_ALLOW);
(*rules->mutable_policies())["policy"] = policy;
filter_config.PackFrom(RBACPerRoute());
auto* config_map = route_config.mutable_virtual_hosts(0)
->mutable_routes(0)
->mutable_typed_per_filter_config();
(*config_map)["rbac"] = std::move(filter_config);
filter = http_connection_manager.add_http_filters();
filter->set_name("router");
filter->mutable_typed_config()->PackFrom(
envoy::extensions::filters::http::router::v3::Router());
ServerHcmAccessor().Pack(http_connection_manager, &listener);
SetServerListenerNameAndRouteConfiguration(
balancer_.get(), listener, backends_[0]->port(), route_config);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {});
}
// Adds Action Permutations to XdsRbacTest
using XdsRbacTestWithActionPermutations = XdsRbacTest;
TEST_P(XdsRbacTestWithActionPermutations, EmptyRbacPolicy) {
RBAC rbac;
rbac.mutable_rules()->set_action(GetParam().rbac_action());
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
// An empty RBAC policy leads to all RPCs being rejected.
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
}
TEST_P(XdsRbacTestWithActionPermutations, AnyPermissionAnyPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
policy.add_permissions()->set_any(true);
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
}
TEST_P(XdsRbacTestWithActionPermutations, MultipleRbacPolicies) {
RBAC always_allow;
auto* rules = always_allow.mutable_rules();
rules->set_action(RBAC_Action_ALLOW);
Policy policy;
policy.add_permissions()->set_any(true);
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
RBAC rbac;
rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicies(default_server_listener_,
{always_allow, rbac, always_allow});
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
}
TEST_P(XdsRbacTestWithActionPermutations, MethodPostPermissionAnyPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
auto* header = policy.add_permissions()->mutable_header();
header->set_name(":method");
header->set_exact_match("POST");
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
HTTP: Use channel arg instead of global to allow PUT requests (#29411) * HTTP: Use channel arg instead of global to allow PUT requests * Reviewer comments * Reviewer comments * clang-format * Repo manager - AJ * Reviewer comments * unused parameter
3 years ago
backends_[0]->set_allow_put_requests(true);
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
// All RPCs use POST method by default
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
HTTP: Conditionally allow PUT requests (#29397) * Maybe fix for PUT deprecation * Guard PUT request accepting with a flag and add tests * Reviewer comments * Add fallthrough notation * Reviewer comments Co-authored-by: Craig Tiller <ctiller@google.com>
3 years ago
// Test that an RPC with PUT method is handled properly.
SendRpc([this]() { return CreateInsecureChannel(/*use_put_requests=*/true); },
{}, {},
/*test_expects_failure=*/GetParam().rbac_action() != RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
}
TEST_P(XdsRbacTestWithActionPermutations, MethodGetPermissionAnyPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
auto* header = policy.add_permissions()->mutable_header();
header->set_name(":method");
header->set_exact_match("GET");
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
Remove idempotent/cacheable requests (#28922) * Remove idempotent/cacheable requests * more cleanup * bump core version * fix * fix * fix * review feedback * fixes * fix * remove more * objc * fix * fix * fix * scrub * Modify XdsRbacTests Co-authored-by: Yash Tibrewal <yashkt@google.com>
3 years ago
// Test that an RPC with a POST method gets rejected
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
Remove idempotent/cacheable requests (#28922) * Remove idempotent/cacheable requests * more cleanup * bump core version * fix * fix * fix * review feedback * fixes * fix * remove more * objc * fix * fix * fix * scrub * Modify XdsRbacTests Co-authored-by: Yash Tibrewal <yashkt@google.com>
3 years ago
// TODO(yashykt): When we start supporting GET requests in the future, this
// should be modified to test that they are accepted with this rule.
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
}
TEST_P(XdsRbacTestWithActionPermutations, MethodPutPermissionAnyPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
auto* header = policy.add_permissions()->mutable_header();
header->set_name(":method");
header->set_exact_match("PUT");
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
HTTP: Use channel arg instead of global to allow PUT requests (#29411) * HTTP: Use channel arg instead of global to allow PUT requests * Reviewer comments * Reviewer comments * clang-format * Repo manager - AJ * Reviewer comments * unused parameter
3 years ago
backends_[0]->set_allow_put_requests(true);
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
Remove idempotent/cacheable requests (#28922) * Remove idempotent/cacheable requests * more cleanup * bump core version * fix * fix * fix * review feedback * fixes * fix * remove more * objc * fix * fix * fix * scrub * Modify XdsRbacTests Co-authored-by: Yash Tibrewal <yashkt@google.com>
3 years ago
// Test that an RPC with a POST method gets rejected
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
HTTP: Conditionally allow PUT requests (#29397) * Maybe fix for PUT deprecation * Guard PUT request accepting with a flag and add tests * Reviewer comments * Add fallthrough notation * Reviewer comments Co-authored-by: Craig Tiller <ctiller@google.com>
3 years ago
// Test that an RPC with a PUT method gets accepted
SendRpc(
[this]() { return CreateInsecureChannel(/*use_put_requests=*/true); }, {},
{},
/*test_expects_failure=*/GetParam().rbac_action() != RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
}
TEST_P(XdsRbacTestWithActionPermutations, UrlPathPermissionAnyPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
policy.add_permissions()->mutable_url_path()->mutable_path()->set_exact(
"/grpc.testing.EchoTestService/Echo");
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
// Test an RPC with a different URL path
auto stub = grpc::testing::EchoTestService::NewStub(CreateInsecureChannel());
ClientContext context;
context.set_wait_for_ready(true);
context.set_deadline(grpc_timeout_milliseconds_to_deadline(2000));
EchoRequest request;
request.set_message(kRequestMessage);
EchoResponse response;
Status status = stub->Echo1(&context, request, &response);
EXPECT_TRUE(GetParam().rbac_action() == RBAC_Action_DENY ? status.ok()
: !status.ok())
<< status.error_code() << ", " << status.error_message() << ", "
<< status.error_details() << ", " << context.debug_error_string();
}
TEST_P(XdsRbacTestWithActionPermutations, DestinationIpPermissionAnyPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
auto* range = policy.add_permissions()->mutable_destination_ip();
range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
range->mutable_prefix_len()->set_value(ipv6_only_ ? 128 : 32);
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
// Change the policy itself for a negative test where there is no match.
policy.clear_permissions();
range = policy.add_permissions()->mutable_destination_ip();
range->set_address_prefix(ipv6_only_ ? "::2" : "127.0.0.2");
range->mutable_prefix_len()->set_value(ipv6_only_ ? 128 : 32);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
}
TEST_P(XdsRbacTestWithActionPermutations,
DestinationPortPermissionAnyPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
policy.add_permissions()->set_destination_port(backends_[0]->port());
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
// Change the policy itself for a negative test where there is no match.
policy.clear_permissions();
policy.add_permissions()->set_destination_port(1);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
}
xDS: Rbac filter updates (#28568)
3 years ago
TEST_P(XdsRbacTestWithActionPermutations, MetadataPermissionAnyPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
policy.add_permissions()->mutable_metadata();
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
// Test metadata with inverted match
policy.clear_permissions();
policy.add_permissions()->mutable_metadata()->set_invert(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
}
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
TEST_P(XdsRbacTestWithActionPermutations, ReqServerNamePermissionAnyPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
policy.add_principals()->set_any(true);
policy.add_permissions()->mutable_requested_server_name()->set_exact(
"server_name");
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
RBAC Authorization Engine updates based on A41 proposal (#27754) * RBAC Authorization Engine updates based on A41 proposal * Fix headermatcher * Support for metadata * Maps host to :authority, special-case te and :method * removes method hardcoding * add factory methods * minor formatting * fix test * formatting * remove constructors * fix api usage * ReqServerName test in xds_end2end_test * Initialize bool
3 years ago
policy.clear_permissions();
policy.add_permissions()->mutable_requested_server_name()->set_exact("");
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
}
TEST_P(XdsRbacTestWithActionPermutations, NotRulePermissionAnyPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
policy.add_permissions()
->mutable_not_rule()
->mutable_requested_server_name()
->set_exact("server_name");
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
// Change the policy itself for a negative test where there is no match.
policy.clear_permissions();
policy.add_permissions()->mutable_not_rule()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
}
TEST_P(XdsRbacTestWithActionPermutations, AndRulePermissionAnyPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
auto* and_rules = policy.add_permissions()->mutable_and_rules();
and_rules->add_rules()->set_any(true);
and_rules->add_rules()->set_destination_port(backends_[0]->port());
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
// Change the policy itself for a negative test where there is no match.
and_rules = (*policy.mutable_permissions())[0].mutable_and_rules();
(*and_rules->mutable_rules())[1].set_destination_port(1);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
}
TEST_P(XdsRbacTestWithActionPermutations, OrRulePermissionAnyPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
auto* or_rules = policy.add_permissions()->mutable_or_rules();
or_rules->add_rules()->mutable_not_rule()->set_any(true);
or_rules->add_rules()->set_destination_port(backends_[0]->port());
policy.add_principals()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
// Change the policy itself for a negative test where there is no match.
or_rules = (*policy.mutable_permissions())[0].mutable_or_rules();
(*or_rules->mutable_rules())[1].set_destination_port(1);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
}
TEST_P(XdsRbacTestWithActionPermutations, AnyPermissionMethodPostPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
auto* header = policy.add_principals()->mutable_header();
header->set_name(":method");
header->set_exact_match("POST");
policy.add_permissions()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
HTTP: Use channel arg instead of global to allow PUT requests (#29411) * HTTP: Use channel arg instead of global to allow PUT requests * Reviewer comments * Reviewer comments * clang-format * Repo manager - AJ * Reviewer comments * unused parameter
3 years ago
backends_[0]->set_allow_put_requests(true);
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
// All RPCs use POST method by default
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
HTTP: Conditionally allow PUT requests (#29397) * Maybe fix for PUT deprecation * Guard PUT request accepting with a flag and add tests * Reviewer comments * Add fallthrough notation * Reviewer comments Co-authored-by: Craig Tiller <ctiller@google.com>
3 years ago
// Test that an RPC with PUT method is handled properly.
SendRpc([this]() { return CreateInsecureChannel(/*use_put_requests=*/true); },
{}, {},
/*test_expects_failure=*/GetParam().rbac_action() != RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
}
TEST_P(XdsRbacTestWithActionPermutations, AnyPermissionMethodGetPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
auto* header = policy.add_principals()->mutable_header();
header->set_name(":method");
header->set_exact_match("GET");
policy.add_permissions()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
Remove idempotent/cacheable requests (#28922) * Remove idempotent/cacheable requests * more cleanup * bump core version * fix * fix * fix * review feedback * fixes * fix * remove more * objc * fix * fix * fix * scrub * Modify XdsRbacTests Co-authored-by: Yash Tibrewal <yashkt@google.com>
3 years ago
// Test that an RPC with a POST method gets rejected
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
Remove idempotent/cacheable requests (#28922) * Remove idempotent/cacheable requests * more cleanup * bump core version * fix * fix * fix * review feedback * fixes * fix * remove more * objc * fix * fix * fix * scrub * Modify XdsRbacTests Co-authored-by: Yash Tibrewal <yashkt@google.com>
3 years ago
// TODO(yashykt): When we start supporting GET requests in the future, this
// should be modified to test that they are accepted with this rule.
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
}
TEST_P(XdsRbacTestWithActionPermutations, AnyPermissionMethodPutPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
auto* header = policy.add_principals()->mutable_header();
header->set_name(":method");
header->set_exact_match("PUT");
policy.add_permissions()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
HTTP: Use channel arg instead of global to allow PUT requests (#29411) * HTTP: Use channel arg instead of global to allow PUT requests * Reviewer comments * Reviewer comments * clang-format * Repo manager - AJ * Reviewer comments * unused parameter
3 years ago
backends_[0]->set_allow_put_requests(true);
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
HTTP: Conditionally allow PUT requests (#29397) * Maybe fix for PUT deprecation * Guard PUT request accepting with a flag and add tests * Reviewer comments * Add fallthrough notation * Reviewer comments Co-authored-by: Craig Tiller <ctiller@google.com>
3 years ago
// Test that an RPC with a PUT method gets accepted
SendRpc(
[this]() { return CreateInsecureChannel(/*use_put_requests=*/true); }, {},
{},
/*test_expects_failure=*/GetParam().rbac_action() != RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
Remove idempotent/cacheable requests (#28922) * Remove idempotent/cacheable requests * more cleanup * bump core version * fix * fix * fix * review feedback * fixes * fix * remove more * objc * fix * fix * fix * scrub * Modify XdsRbacTests Co-authored-by: Yash Tibrewal <yashkt@google.com>
3 years ago
// Test that an RPC with a POST method gets rejected
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
}
TEST_P(XdsRbacTestWithActionPermutations, AnyPermissionUrlPathPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
policy.add_principals()->mutable_url_path()->mutable_path()->set_exact(
"/grpc.testing.EchoTestService/Echo");
policy.add_permissions()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
// Test an RPC with a different URL path
auto stub = grpc::testing::EchoTestService::NewStub(CreateInsecureChannel());
ClientContext context;
context.set_wait_for_ready(true);
context.set_deadline(grpc_timeout_milliseconds_to_deadline(2000));
EchoRequest request;
request.set_message(kRequestMessage);
EchoResponse response;
Status status = stub->Echo1(&context, request, &response);
EXPECT_TRUE(GetParam().rbac_action() == RBAC_Action_DENY ? status.ok()
: !status.ok())
<< status.error_code() << ", " << status.error_message() << ", "
<< status.error_details() << ", " << context.debug_error_string();
}
TEST_P(XdsRbacTestWithActionPermutations,
AnyPermissionDirectRemoteIpPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
auto* range = policy.add_principals()->mutable_direct_remote_ip();
range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
range->mutable_prefix_len()->set_value(ipv6_only_ ? 128 : 32);
policy.add_permissions()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
// Change the policy itself for a negative test where there is no match.
policy.clear_principals();
range = policy.add_principals()->mutable_direct_remote_ip();
range->set_address_prefix(ipv6_only_ ? "::2" : "127.0.0.2");
range->mutable_prefix_len()->set_value(ipv6_only_ ? 128 : 32);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
}
xDS: Rbac filter updates (#28568)
3 years ago
TEST_P(XdsRbacTestWithActionPermutations, AnyPermissionRemoteIpPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
auto* range = policy.add_principals()->mutable_remote_ip();
range->set_address_prefix(ipv6_only_ ? "::1" : "127.0.0.1");
range->mutable_prefix_len()->set_value(ipv6_only_ ? 128 : 32);
policy.add_permissions()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
// Change the policy itself for a negative test where there is no match.
policy.clear_principals();
range = policy.add_principals()->mutable_remote_ip();
range->set_address_prefix(ipv6_only_ ? "::2" : "127.0.0.2");
range->mutable_prefix_len()->set_value(ipv6_only_ ? 128 : 32);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
}
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
TEST_P(XdsRbacTestWithActionPermutations, AnyPermissionAuthenticatedPrincipal) {
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
g_fake1_cert_data_map->Set({{"", {root_cert_, identity_pair_}}});
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
Listener listener = default_server_listener_;
auto* filter_chain = listener.mutable_default_filter_chain();
auto* transport_socket = filter_chain->mutable_transport_socket();
transport_socket->set_name("envoy.transport_sockets.tls");
DownstreamTlsContext downstream_tls_context;
downstream_tls_context.mutable_common_tls_context()
->mutable_tls_certificate_provider_instance()
->set_instance_name("fake_plugin1");
downstream_tls_context.mutable_common_tls_context()
->mutable_validation_context()
->mutable_ca_certificate_provider_instance()
->set_instance_name("fake_plugin1");
downstream_tls_context.mutable_require_client_certificate()->set_value(true);
transport_socket->mutable_typed_config()->PackFrom(downstream_tls_context);
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
policy.add_principals()
->mutable_authenticated()
->mutable_principal_name()
->set_exact("*.test.google.fr");
policy.add_permissions()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(listener, rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateMtlsChannel(); },
server_authenticated_identity_, client_authenticated_identity_,
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
xDS: Rbac filter updates (#28568)
3 years ago
grpc::StatusCode::PERMISSION_DENIED);
}
TEST_P(XdsRbacTestWithActionPermutations, AnyPermissionMetadataPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
policy.add_principals()->mutable_metadata();
policy.add_permissions()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
// Test metadata with inverted match
policy.clear_principals();
policy.add_principals()->mutable_metadata()->set_invert(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
grpc::StatusCode::PERMISSION_DENIED);
}
TEST_P(XdsRbacTestWithActionPermutations, AnyPermissionNotIdPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
policy.add_principals()
->mutable_not_id()
->mutable_url_path()
->mutable_path()
->set_exact("/grpc.testing.EchoTestService/Echo1");
policy.add_permissions()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
// Change the policy itself for a negative test where there is no match.
policy.clear_principals();
policy.add_principals()->mutable_not_id()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
}
TEST_P(XdsRbacTestWithActionPermutations, AnyPermissionAndIdPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
auto* and_ids = policy.add_principals()->mutable_and_ids();
and_ids->add_ids()->set_any(true);
and_ids->add_ids()->mutable_url_path()->mutable_path()->set_exact(
"/grpc.testing.EchoTestService/Echo");
policy.add_permissions()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
// Change the policy itself for a negative test where there is no match.
and_ids = (*policy.mutable_principals())[0].mutable_and_ids();
(*and_ids->mutable_ids())[1].mutable_url_path()->mutable_path()->set_exact(
"/grpc.testing.EchoTestService/Echo1");
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
}
TEST_P(XdsRbacTestWithActionPermutations, AnyPermissionOrIdPrincipal) {
RBAC rbac;
auto* rules = rbac.mutable_rules();
rules->set_action(GetParam().rbac_action());
Policy policy;
auto* or_ids = policy.add_principals()->mutable_or_ids();
or_ids->add_ids()->mutable_not_id()->set_any(true);
or_ids->add_ids()->mutable_url_path()->mutable_path()->set_exact(
"/grpc.testing.EchoTestService/Echo");
policy.add_permissions()->set_any(true);
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
backends_[0]->Start();
backends_[0]->notifier()->WaitOnServingStatusChange(
absl::StrCat(ipv6_only_ ? "[::1]:" : "127.0.0.1:", backends_[0]->port()),
grpc::StatusCode::OK);
SendRpc([this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_DENY,
grpc::StatusCode::PERMISSION_DENIED);
// Change the policy itself for a negative test where there is no match.
or_ids = (*policy.mutable_principals())[0].mutable_or_ids();
(*or_ids->mutable_ids())[1].mutable_url_path()->mutable_path()->set_exact(
"/grpc.testing.EchoTestService/Echo1");
(*rules->mutable_policies())["policy"] = policy;
SetServerRbacPolicy(rbac);
SendRpc(
[this]() { return CreateInsecureChannel(); }, {}, {},
/*test_expects_failure=*/GetParam().rbac_action() == RBAC_Action_ALLOW,
grpc::StatusCode::PERMISSION_DENIED);
}
xDS client security integration
4 years ago
// CDS depends on XdsResolver.
// Security depends on v3.
// Not enabling load reporting or RDS, since those are irrelevant to these
// tests.
xds_end2end_test: improve TestType API (#25557)
4 years ago
INSTANTIATE_TEST_SUITE_P(
XdsTest, XdsSecurityTest,
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
::testing::Values(XdsTestType().set_use_xds_credentials()),
&XdsTestType::Name);
xDS client security integration
4 years ago
xDS server config fetcher
4 years ago
// We are only testing the server here.
add test-only channel arg to set per-channel xDS bootstrap config (#25936) * pass XdsClient to LB policies via channel args * add channel arg for overriding bootstrap config on a per-channel basis * change tests to use new channel arg approach -- currently failing for server-side tests * use the same channel args approach on the server side * clang-format * fix CircuitBreakingMultipleChannelsShareCallCounter test * fix XdsEnabledServerTest test * add TODO * clang-format * generate_projects * fix clang-tidy * fix build * attempt to fix python
4 years ago
// Run with bootstrap from env var, so that we use a global XdsClient
// instance. Otherwise, we would need to use a separate fake resolver
// result generator on the client and server sides.
xDS server config fetcher
4 years ago
INSTANTIATE_TEST_SUITE_P(XdsTest, XdsEnabledServerTest,
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
::testing::Values(XdsTestType().set_bootstrap_source(
XdsTestType::kBootstrapFromEnvVar)),
&XdsTestType::Name);
xDS server config fetcher
4 years ago
// We are only testing the server here.
xDS Federation: bootstrap and xds_resolver changes (#27938) * xDS Federation: bootstrap and xds_resolver changes * code review fixes * fixing code review comments * fixing code review comments * fixing code review comments * code review comments * fixing code review comments * First very basic test to make sure parsing and reconstruction work as expected. * clean up * fixing logic error about authority * fixing resource type parsing * fixing code review comments * simplify parsing! * Parsing method signature update * fixing code review comments * clean up * working progress for the test with generated bootstrap * reorg the bootstrap file * fixing tests * Adding more to test authorities * Added a test and it passes * addressing code review comments * code review comments to make parser cleaner and more efficient * Merge in authority prefixes * fixing sanity error and xds boostrap test error * small fix * Release all tests that pass; reduce scope for DeadUpdate * Updated test strcuture and how to pass in the index for balancers to be used as xds server uri and authority xds server uri * code review comments * code review fixes * code review comment * Making test structure changes * fixing code review comments * fixing code review comments * Fixing test regression * fixing bootstrap tests * cleanup files * enabling localhost:xxx for xds server; updated server tests and will fix one more NameExpected test with testsetup. * Finally removing fake reolsver for xds server * Fixing bootstrap tests * Rewrite builder * Fixing code review comments * fixing code review comments * Fixing all tests to use Setup again * fixing small sanity error * Found the source of xds server nack test faiure and fix added * small code review fixes * Remove fake resolver! YAY! * Fixing according to code review comments * Setup plugin in bootfile * Added more tests. * Adding server test * fixing a regression * regression * sanity fix * fixing code review * fixing code review comments * Re-combine SecurityNaming tests. * Add Rds new resource type and new tests * Added PercentEncode test * fixing code review comments * refactor test a bit more * fixing code review comments * fixing according to code review comments * fixing code review comments * fixing code review comments
3 years ago
// Run with bootstrap from env var so that we use one XdsClient.
xds: remove legacy EDS-only workflow (#28274) * xds: remove legacy EDS-only workflow * remove unused constants * remove unused data member
3 years ago
INSTANTIATE_TEST_SUITE_P(
XdsTest, XdsServerSecurityTest,
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
::testing::Values(
XdsTestType()
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar)
.set_use_xds_credentials()),
&XdsTestType::Name);
xDS Federation: bootstrap and xds_resolver changes (#27938) * xDS Federation: bootstrap and xds_resolver changes * code review fixes * fixing code review comments * fixing code review comments * fixing code review comments * code review comments * fixing code review comments * First very basic test to make sure parsing and reconstruction work as expected. * clean up * fixing logic error about authority * fixing resource type parsing * fixing code review comments * simplify parsing! * Parsing method signature update * fixing code review comments * clean up * working progress for the test with generated bootstrap * reorg the bootstrap file * fixing tests * Adding more to test authorities * Added a test and it passes * addressing code review comments * code review comments to make parser cleaner and more efficient * Merge in authority prefixes * fixing sanity error and xds boostrap test error * small fix * Release all tests that pass; reduce scope for DeadUpdate * Updated test strcuture and how to pass in the index for balancers to be used as xds server uri and authority xds server uri * code review comments * code review fixes * code review comment * Making test structure changes * fixing code review comments * fixing code review comments * Fixing test regression * fixing bootstrap tests * cleanup files * enabling localhost:xxx for xds server; updated server tests and will fix one more NameExpected test with testsetup. * Finally removing fake reolsver for xds server * Fixing bootstrap tests * Rewrite builder * Fixing code review comments * fixing code review comments * Fixing all tests to use Setup again * fixing small sanity error * Found the source of xds server nack test faiure and fix added * small code review fixes * Remove fake resolver! YAY! * Fixing according to code review comments * Setup plugin in bootfile * Added more tests. * Adding server test * fixing a regression * regression * sanity fix * fixing code review * fixing code review comments * Re-combine SecurityNaming tests. * Add Rds new resource type and new tests * Added PercentEncode test * fixing code review comments * refactor test a bit more * fixing code review comments * fixing according to code review comments * fixing code review comments * fixing code review comments
3 years ago
xds: remove legacy EDS-only workflow (#28274) * xds: remove legacy EDS-only workflow * remove unused constants * remove unused data member
3 years ago
INSTANTIATE_TEST_SUITE_P(
XdsTest, XdsEnabledServerStatusNotificationTest,
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
::testing::Values(XdsTestType().set_use_xds_credentials()),
&XdsTestType::Name);
xDS Federation: bootstrap and xds_resolver changes (#27938) * xDS Federation: bootstrap and xds_resolver changes * code review fixes * fixing code review comments * fixing code review comments * fixing code review comments * code review comments * fixing code review comments * First very basic test to make sure parsing and reconstruction work as expected. * clean up * fixing logic error about authority * fixing resource type parsing * fixing code review comments * simplify parsing! * Parsing method signature update * fixing code review comments * clean up * working progress for the test with generated bootstrap * reorg the bootstrap file * fixing tests * Adding more to test authorities * Added a test and it passes * addressing code review comments * code review comments to make parser cleaner and more efficient * Merge in authority prefixes * fixing sanity error and xds boostrap test error * small fix * Release all tests that pass; reduce scope for DeadUpdate * Updated test strcuture and how to pass in the index for balancers to be used as xds server uri and authority xds server uri * code review comments * code review fixes * code review comment * Making test structure changes * fixing code review comments * fixing code review comments * Fixing test regression * fixing bootstrap tests * cleanup files * enabling localhost:xxx for xds server; updated server tests and will fix one more NameExpected test with testsetup. * Finally removing fake reolsver for xds server * Fixing bootstrap tests * Rewrite builder * Fixing code review comments * fixing code review comments * Fixing all tests to use Setup again * fixing small sanity error * Found the source of xds server nack test faiure and fix added * small code review fixes * Remove fake resolver! YAY! * Fixing according to code review comments * Setup plugin in bootfile * Added more tests. * Adding server test * fixing a regression * regression * sanity fix * fixing code review * fixing code review comments * Re-combine SecurityNaming tests. * Add Rds new resource type and new tests * Added PercentEncode test * fixing code review comments * refactor test a bit more * fixing code review comments * fixing according to code review comments * fixing code review comments * fixing code review comments
3 years ago
// Run with bootstrap from env var so that we use one XdsClient.
xds: remove legacy EDS-only workflow (#28274) * xds: remove legacy EDS-only workflow * remove unused constants * remove unused data member
3 years ago
INSTANTIATE_TEST_SUITE_P(
XdsTest, XdsServerFilterChainMatchTest,
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
::testing::Values(
XdsTestType()
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar)
.set_use_xds_credentials()),
&XdsTestType::Name);
Implement FilterChainMatch algorithm (#25757) * Implement FilterChainMatch logic * Add tests for transport protocol too * Tests for duplicate NACKing * Introduce ConnectionManager as an interface for config fetchers * Do not parameterize IncrementIfNonZero * Some formatting * Reviewer comments * Add filter chain match information for duplicate match error * Reviewer comments * Some cleanup * Reviewer comments * Reviewer comments * Reviewer comments * Clang-tidy
4 years ago
xds: remove legacy EDS-only workflow (#28274) * xds: remove legacy EDS-only workflow * remove unused constants * remove unused data member
3 years ago
// Test xDS-enabled server with and without RDS.
xDS Federation: bootstrap and xds_resolver changes (#27938) * xDS Federation: bootstrap and xds_resolver changes * code review fixes * fixing code review comments * fixing code review comments * fixing code review comments * code review comments * fixing code review comments * First very basic test to make sure parsing and reconstruction work as expected. * clean up * fixing logic error about authority * fixing resource type parsing * fixing code review comments * simplify parsing! * Parsing method signature update * fixing code review comments * clean up * working progress for the test with generated bootstrap * reorg the bootstrap file * fixing tests * Adding more to test authorities * Added a test and it passes * addressing code review comments * code review comments to make parser cleaner and more efficient * Merge in authority prefixes * fixing sanity error and xds boostrap test error * small fix * Release all tests that pass; reduce scope for DeadUpdate * Updated test strcuture and how to pass in the index for balancers to be used as xds server uri and authority xds server uri * code review comments * code review fixes * code review comment * Making test structure changes * fixing code review comments * fixing code review comments * Fixing test regression * fixing bootstrap tests * cleanup files * enabling localhost:xxx for xds server; updated server tests and will fix one more NameExpected test with testsetup. * Finally removing fake reolsver for xds server * Fixing bootstrap tests * Rewrite builder * Fixing code review comments * fixing code review comments * Fixing all tests to use Setup again * fixing small sanity error * Found the source of xds server nack test faiure and fix added * small code review fixes * Remove fake resolver! YAY! * Fixing according to code review comments * Setup plugin in bootfile * Added more tests. * Adding server test * fixing a regression * regression * sanity fix * fixing code review * fixing code review comments * Re-combine SecurityNaming tests. * Add Rds new resource type and new tests * Added PercentEncode test * fixing code review comments * refactor test a bit more * fixing code review comments * fixing according to code review comments * fixing code review comments * fixing code review comments
3 years ago
// Run with bootstrap from env var so that we use one XdsClient.
INSTANTIATE_TEST_SUITE_P(
XdsTest, XdsServerRdsTest,
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
::testing::Values(
XdsTestType()
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar)
.set_use_xds_credentials(),
XdsTestType()
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar)
.set_use_xds_credentials()
.set_enable_rds_testing()),
&XdsTestType::Name);
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
// We are only testing the server here.
// Run with bootstrap from env var, so that we use a global XdsClient
// instance. Otherwise, we would need to use a separate fake resolver
// result generator on the client and server sides.
INSTANTIATE_TEST_SUITE_P(
XdsTest, XdsRbacTest,
::testing::Values(
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType().set_use_xds_credentials().set_bootstrap_source(
XdsTestType::kBootstrapFromEnvVar),
XdsTestType()
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_use_xds_credentials()
.set_enable_rds_testing()
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar),
XdsTestType()
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_use_xds_credentials()
.set_filter_config_setup(
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute)
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar),
XdsTestType()
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_use_xds_credentials()
.set_enable_rds_testing()
.set_filter_config_setup(
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute)
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar)),
&XdsTestType::Name);
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
// We are only testing the server here.
// Run with bootstrap from env var, so that we use a global XdsClient
// instance. Otherwise, we would need to use a separate fake resolver
// result generator on the client and server sides.
// Note that we are simply using the default fake credentials instead of xds
// credentials for NACK tests to avoid a mismatch between the client and the
// server's security settings when using the WaitForNack() infrastructure.
INSTANTIATE_TEST_SUITE_P(
XdsTest, XdsRbacNackTest,
::testing::Values(
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType().set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar),
XdsTestType().set_enable_rds_testing().set_bootstrap_source(
XdsTestType::kBootstrapFromEnvVar),
XdsTestType()
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
.set_filter_config_setup(
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute)
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar),
XdsTestType()
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
.set_enable_rds_testing()
.set_filter_config_setup(
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute)
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar)),
&XdsTestType::Name);
XdsEnd2EndTest : Use a queue to save resource updates (#28467) * Fix XdsClient for multiple watchers on the same resource * xds_end2end_test: Don't use XdsCredentials for XdsRbacNackTests * Use separate response states for EDS and RDS resources * Reviewer comments * Reviewer comments * Reviewer comments * Remove blank link * Reviewer comments
3 years ago
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
// We are only testing the server here.
// Run with bootstrap from env var, so that we use a global XdsClient
// instance. Otherwise, we would need to use a separate fake resolver
// result generator on the client and server sides.
INSTANTIATE_TEST_SUITE_P(
XdsTest, XdsRbacTestWithRouteOverrideAlwaysPresent,
::testing::Values(
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType()
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_use_xds_credentials()
.set_filter_config_setup(
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute)
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar),
XdsTestType()
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_use_xds_credentials()
.set_enable_rds_testing()
.set_filter_config_setup(
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute)
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar)),
&XdsTestType::Name);
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
// We are only testing the server here.
// Run with bootstrap from env var, so that we use a global XdsClient
// instance. Otherwise, we would need to use a separate fake resolver
// result generator on the client and server sides.
INSTANTIATE_TEST_SUITE_P(
XdsTest, XdsRbacTestWithActionPermutations,
::testing::Values(
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType()
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_use_xds_credentials()
.set_rbac_action(RBAC_Action_ALLOW)
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar),
XdsTestType()
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_use_xds_credentials()
.set_rbac_action(RBAC_Action_DENY)
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar),
XdsTestType()
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_use_xds_credentials()
.set_enable_rds_testing()
.set_rbac_action(RBAC_Action_ALLOW)
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar),
XdsTestType()
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_use_xds_credentials()
.set_enable_rds_testing()
.set_rbac_action(RBAC_Action_DENY)
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar),
XdsTestType()
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_use_xds_credentials()
.set_filter_config_setup(
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute)
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_rbac_action(RBAC_Action_ALLOW)
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar),
XdsTestType()
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_use_xds_credentials()
.set_filter_config_setup(
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute)
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_rbac_action(RBAC_Action_DENY)
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar),
XdsTestType()
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_use_xds_credentials()
.set_enable_rds_testing()
.set_filter_config_setup(
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute)
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_rbac_action(RBAC_Action_ALLOW)
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar),
XdsTestType()
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_use_xds_credentials()
.set_enable_rds_testing()
.set_filter_config_setup(
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
XdsTestType::HttpFilterConfigLocation::kHttpFilterConfigInRoute)
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
.set_rbac_action(RBAC_Action_DENY)
xds_end2end_test: move test framework to its own library (#29279) * move some code around * remove num_backends parameter from XdsEnd2endTest * remove use_xds_enabled_server param from XdsEnd2endTest * remove xds_resource_does_not_exist_timeout_ms param from XdsEnd2endTest * remove client_load_reporting_interval_seconds param from XdsEnd2endTest * start moving CreateAndStartBackends() into individual tests * finish moving CreateAndStartBackends() into individual tests * remove unused variable * remove SetEdsResourceWithDelay * fix test flake * clang-tidy * clang-format * move test framework to its own library * fix build * clang-format * fix windows build * rename TestType to XdsTestType * move BackendServiceImpl inside of BackendServerThread * clang-format * move AdminServerThread to CSDS test suite * remove unnecessary deps
3 years ago
.set_bootstrap_source(XdsTestType::kBootstrapFromEnvVar)),
&XdsTestType::Name);
Reland rbac filter (#28442) * Revert "Revert "xDS: Add support for RBAC HTTP filter (#28309)" (#28441)" This reverts commit 7aae5c66df99d7140848c00b88e4d6e022c3ce92. * Fix internal clang errors * Ipv6 addresses are 128 bit
3 years ago
Use real resolver in xds lb channel
6 years ago
} // namespace
} // namespace testing
} // namespace grpc
int main(int argc, char** argv) {
Refactor end2end tests to exercise each EventEngine (#29202) * Refactor end2end tests to exercise each EventEngine * fix incorrect bazel_only exclusions * Automated change: Fix sanity tests * microbenchmark fix * sanitize, fix iOS flub * Automated change: Fix sanity tests * iOS fix * reviewer feedback * first pass at excluding EventEngine test expansion Also caught a few cases where we should not test pollers, but should test all engines. And two cases where we likely shouldn't be testing either product. * end2end fuzzers to be fuzzed differently via EventEngine. * sanitize * reviewer feedback * remove misleading comment * reviewer feedback: comments * EE test_init needs to play with our build system * fix golden file test runner Co-authored-by: drfloob <drfloob@users.noreply.github.com>
3 years ago
grpc::testing::TestEnvironment env(&argc, argv);
Use real resolver in xds lb channel
6 years ago
::testing::InitGoogleTest(&argc, argv);
xDS server config fetcher
4 years ago
// Make the backup poller poll very frequently in order to pick up
// updates from all the subchannels's FDs.
GPR_GLOBAL_CONFIG_SET(grpc_client_channel_backup_poll_interval_ms, 1);
#if TARGET_OS_IPHONE
// Workaround Apple CFStream bug
gpr_setenv("grpc_cfstream", "0");
#endif
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
grpc::testing::FakeCertificateProvider::CertDataMapWrapper cert_data_map_1;
grpc::testing::g_fake1_cert_data_map = &cert_data_map_1;
xDS server config fetcher
4 years ago
grpc_core::CertificateProviderRegistry::RegisterCertificateProviderFactory(
absl::make_unique<grpc::testing::FakeCertificateProviderFactory>(
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
"fake1", grpc::testing::g_fake1_cert_data_map));
grpc::testing::FakeCertificateProvider::CertDataMapWrapper cert_data_map_2;
grpc::testing::g_fake2_cert_data_map = &cert_data_map_2;
xDS server config fetcher
4 years ago
grpc_core::CertificateProviderRegistry::RegisterCertificateProviderFactory(
absl::make_unique<grpc::testing::FakeCertificateProviderFactory>(
xds_end2end_test: Fix race in security tests (#29408) * xds_end2end_test: Fix race in security tests * Reviewer comments
3 years ago
"fake2", grpc::testing::g_fake2_cert_data_map));
xDS server config fetcher
4 years ago
grpc_init();
Filters parsing logic for servers (#25609) * Filters parsing logic for servers
4 years ago
grpc_core::XdsHttpFilterRegistry::RegisterFilter(
absl::make_unique<grpc::testing::NoOpHttpFilter>(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
"grpc.testing.client_only_http_filter",
/* supported_on_clients = */ true, /* supported_on_servers = */ false,
/* is_terminal_filter */ false),
Filters parsing logic for servers (#25609) * Filters parsing logic for servers
4 years ago
{"grpc.testing.client_only_http_filter"});
grpc_core::XdsHttpFilterRegistry::RegisterFilter(
absl::make_unique<grpc::testing::NoOpHttpFilter>(
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
"grpc.testing.server_only_http_filter",
/* supported_on_clients = */ false, /* supported_on_servers = */ true,
/* is_terminal_filter */ false),
Filters parsing logic for servers (#25609) * Filters parsing logic for servers
4 years ago
{"grpc.testing.server_only_http_filter"});
Update RDS parsing for use on servers (#27715) * Update RDS parsing for use on servers * Unused variable * Reviewer comments * Automated change: Fix sanity tests * Fix tests * Reviewer comments * Reviewer comments * clang-tidy * Reviewer comments * Fix test * Reviewer comments * Reviewer comments Co-authored-by: yashykt <yashykt@users.noreply.github.com>
3 years ago
grpc_core::XdsHttpFilterRegistry::RegisterFilter(
absl::make_unique<grpc::testing::NoOpHttpFilter>(
"grpc.testing.terminal_http_filter",
/* supported_on_clients = */ true, /* supported_on_servers = */ true,
/* is_terminal_filter */ true),
{"grpc.testing.terminal_http_filter"});
Use real resolver in xds lb channel
6 years ago
const auto result = RUN_ALL_TESTS();
xDS server config fetcher
4 years ago
grpc_shutdown();
Use real resolver in xds lb channel
6 years ago
return result;
}