xds v3

4 years ago · bceb9aaece
parent fc28cd590c
commit bceb9aaece
4 changed files with 22 additions and 19 deletions
--- a/tools/run_tests/xds_test_driver/bin/run_channelz.py
+++ b/tools/run_tests/xds_test_driver/bin/run_channelz.py
@ -95,6 +95,7 @@ def main(argv):
        rpc_host=_CLIENT_RPC_HOST.value)

    with test_client, test_server:
+        test_client.wait_for_active_server_channel()
        client_socket: Socket = test_client.get_client_socket_with_test_server()
        server_socket: Socket = test_server.get_server_socket_matching_client(
            client_socket)
--- a/tools/run_tests/xds_test_driver/framework/infrastructure/traffic_director.py
+++ b/tools/run_tests/xds_test_driver/framework/infrastructure/traffic_director.py
@ -276,7 +276,7 @@ class TrafficDirectorSecureManager(TrafficDirectorManager):
    SERVER_TLS_POLICY_NAME = "server-tls-policy"
    CLIENT_TLS_POLICY_NAME = "client-tls-policy"
    ENDPOINT_CONFIG_SELECTOR_NAME = "endpoint-config-selector"
-    GRPC_ENDPOINT_TARGET_URI = "unix:/var/cert/node-agent.0"
+    CERTIFICATE_PROVIDER_INSTANCE = "google_cloud_private_spiffe"

    def __init__(
            self,
@ -349,17 +349,14 @@ class TrafficDirectorSecureManager(TrafficDirectorManager):
                'policy. Skipping creation', name)
            return

-        grpc_endpoint = {
-            "grpcEndpoint": {
-                "targetUri": self.GRPC_ENDPOINT_TARGET_URI
-            }
-        }
-
+        certificate_provider = self._get_certificate_provider()
        policy = {}
        if tls:
-            policy["serverCertificate"] = grpc_endpoint
+            policy["serverCertificate"] = certificate_provider
        if mtls:
-            policy["mtlsPolicy"] = {"clientValidationCa": [grpc_endpoint]}
+            policy["mtlsPolicy"] = {
+                "clientValidationCa": [certificate_provider],
+            }

        self.netsec.create_server_tls_policy(name, policy)
        self.server_tls_policy = self.netsec.get_server_tls_policy(name)
@ -431,17 +428,12 @@ class TrafficDirectorSecureManager(TrafficDirectorManager):
                'policy. Skipping creation', name)
            return

-        grpc_endpoint = {
-            "grpcEndpoint": {
-                "targetUri": self.GRPC_ENDPOINT_TARGET_URI
-            }
-        }
-
+        certificate_provider = self._get_certificate_provider()
        policy = {}
        if tls:
-            policy["serverValidationCa"] = [grpc_endpoint]
+            policy["serverValidationCa"] = [certificate_provider]
        if mtls:
-            policy["clientCertificate"] = grpc_endpoint
+            policy["clientCertificate"] = certificate_provider

        self.netsec.create_client_tls_policy(name, policy)
        self.client_tls_policy = self.netsec.get_client_tls_policy(name)
@ -484,3 +476,11 @@ class TrafficDirectorSecureManager(TrafficDirectorManager):
                    'subjectAltNames': [server_spiffe]
                }
            })
+
+    @classmethod
+    def _get_certificate_provider(cls):
+        return {
+            "certificateProviderInstance": {
+                "pluginInstance": cls.CERTIFICATE_PROVIDER_INSTANCE,
+            },
+        }
--- a/tools/run_tests/xds_test_driver/kubernetes-manifests/client-secure.deployment.yaml
+++ b/tools/run_tests/xds_test_driver/kubernetes-manifests/client-secure.deployment.yaml
@ -36,7 +36,7 @@ spec:
            value: "/tmp/grpc-xds/td-grpc-bootstrap.json"
          - name: GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT
            value: "true"
-          - name: GRPC_XDS_CERT_INSTANCE_OVERRIDE
+          - name: GRPC_XDS_EXPERIMENTAL_V3_SUPPORT
            value: "true"
        volumeMounts:
          - mountPath: /tmp/grpc-xds/
@ -59,6 +59,7 @@ spec:
          args:
            - "--output=/tmp/bootstrap/td-grpc-bootstrap.json"
            - "--vpc-network-name=${network_name}"
+            - "--include-v3-features-experimental"
            - "--include-psm-security-experimental"
          resources:
            limits:
--- a/tools/run_tests/xds_test_driver/kubernetes-manifests/server-secure.deployment.yaml
+++ b/tools/run_tests/xds_test_driver/kubernetes-manifests/server-secure.deployment.yaml
@ -34,7 +34,7 @@ spec:
            value: "/tmp/grpc-xds/td-grpc-bootstrap.json"
          - name: GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT
            value: "true"
-          - name: GRPC_XDS_CERT_INSTANCE_OVERRIDE
+          - name: GRPC_XDS_EXPERIMENTAL_V3_SUPPORT
            value: "true"
        volumeMounts:
          - mountPath: /tmp/grpc-xds/
@ -57,6 +57,7 @@ spec:
          args:
            - "--output=/tmp/bootstrap/td-grpc-bootstrap.json"
            - "--vpc-network-name=${network_name}"
+            - "--include-v3-features-experimental"
            - "--include-psm-security-experimental"
            - "--node-metadata-experimental=app=${namespace_name}-${deployment_name}"
          resources: