From b8575847e3decbc7e2f0dd6fe3ef79b16d5fe0bc Mon Sep 17 00:00:00 2001
From: Yash Tibrewal <yashkt@google.com>
Date: Thu, 8 Jul 2021 15:19:47 -0700
Subject: [PATCH] Fail xDS bootstrap parsing for unrecognized certificate
 provider plugins (#26628)

---
 src/core/ext/xds/xds_bootstrap.cc   |  5 ++++-
 test/core/xds/xds_bootstrap_test.cc | 31 +++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/src/core/ext/xds/xds_bootstrap.cc b/src/core/ext/xds/xds_bootstrap.cc
index acbe6d74f91..57ae8e5138f 100644
--- a/src/core/ext/xds/xds_bootstrap.cc
+++ b/src/core/ext/xds/xds_bootstrap.cc
@@ -403,7 +403,10 @@ grpc_error_handle XdsBootstrap::ParseCertificateProvider(
     CertificateProviderFactory* factory =
         CertificateProviderRegistry::LookupCertificateProviderFactory(
             plugin_name);
-    if (factory != nullptr) {
+    if (factory == nullptr) {
+      error_list.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
+          absl::StrCat("Unrecognized plugin name: ", plugin_name).c_str()));
+    } else {
       RefCountedPtr<CertificateProviderFactory::Config> config;
       it = certificate_provider_json->mutable_object()->find("config");
       if (it != certificate_provider_json->mutable_object()->end()) {
diff --git a/test/core/xds/xds_bootstrap_test.cc b/test/core/xds/xds_bootstrap_test.cc
index 09c8dd4c307..2b90a5fd2a2 100644
--- a/test/core/xds/xds_bootstrap_test.cc
+++ b/test/core/xds/xds_bootstrap_test.cc
@@ -469,6 +469,37 @@ TEST_P(XdsBootstrapTest, CertificateProvidersPluginNameWrongType) {
   GRPC_ERROR_UNREF(error);
 }
 
+TEST_P(XdsBootstrapTest, CertificateProvidersUnrecognizedPluginName) {
+  const char* json_str =
+      "{"
+      "  \"xds_servers\": ["
+      "    {"
+      "      \"server_uri\": \"fake:///lb\","
+      "      \"channel_creds\": [{\"type\": \"fake\"}]"
+      "    }"
+      "  ],"
+      "  \"certificate_providers\": {"
+      "    \"plugin\": {"
+      "      \"plugin_name\":\"unknown\""
+      "    }"
+      "  }"
+      "}";
+  grpc_error_handle error = GRPC_ERROR_NONE;
+  Json json = Json::Parse(json_str, &error);
+  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
+  XdsBootstrap bootstrap(std::move(json), &error);
+  if (GetParam().parse_xds_certificate_providers()) {
+    EXPECT_THAT(grpc_error_std_string(error),
+                ::testing::ContainsRegex(
+                    "errors parsing \"certificate_providers\" object.*"
+                    "errors parsing element \"plugin\".*"
+                    "Unrecognized plugin name: unknown"));
+  } else {
+    EXPECT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
+  }
+  GRPC_ERROR_UNREF(error);
+}
+
 class FakeCertificateProviderFactory : public CertificateProviderFactory {
  public:
   class Config : public CertificateProviderFactory::Config {