xds: listener type validation #11933
Conversation
shivaspeaks
added
the
kokoro:run
grpc-kokoro
removed
the
kokoro:run
| @Override | ||
| public void onResourceDoesNotExist(final String resourceName) { | ||
| if (stopped) { | ||
| return; | ||
| } | ||
| StatusException statusException = Status.UNAVAILABLE.withDescription( | ||
| String.format("Listener %s unavailable, xDS node ID: %s", resourceName, | ||
| String.format("%s listener unavailable, xDS node ID: %s", resourceName, |
There was a problem hiding this comment.
nit: what would be the reason to switch the order of the error format here? I think Listener %s is slightly more common in the code base. Consistent formatting helps with searching when debugging issues.
|
While it is in the gRFC, why is it really important to enforce a returned address being non-null? This doesn't seem to really provide value as the address was already known for communicating to the xds server in the first place. |
The returned Listener address tells the server what to listen on. We didn't remove it. We just made it so that the control plane can have a trivial job of filling in the correct value. |
| address = socketAddress.getAddress(); | ||
| if (address.isEmpty()) { |
There was a problem hiding this comment.
Add unit test in GrpcXdsClientImplDataTest.
| switch (socketAddress.getPortSpecifierCase()) { | ||
| case NAMED_PORT: | ||
| address = address + ":" + socketAddress.getNamedPort(); | ||
| break; | ||
| throw new ResourceInvalidException("NAMED_PORT is not supported in gRPC."); |
There was a problem hiding this comment.
Add unit test in GrpcXdsClientImplDataTest.
| @@ -676,6 +676,14 @@ public void onUpdate(StatusOr<XdsConfig> updateOrStatus) { | |||
| // Process Route | |||
| XdsConfig update = updateOrStatus.getValue(); | |||
| HttpConnectionManager httpConnectionManager = update.getListener().httpConnectionManager(); | |||
| if (httpConnectionManager == null) { | |||
There was a problem hiding this comment.
Add unit test for when the listener update is missing httpConnectionManager.
| @@ -383,7 +387,21 @@ public void onChanged(final LdsUpdate update) { | |||
| return; | |||
| } | |||
| logger.log(Level.FINEST, "Received Lds update {0}", update); | |||
| checkNotNull(update.listener(), "update"); | |||
| if (update.listener() == null) { | |||
There was a problem hiding this comment.
Add unit test for this case as well.
| @@ -676,6 +676,14 @@ public void onUpdate(StatusOr<XdsConfig> updateOrStatus) { | |||
| // Process Route | |||
| XdsConfig update = updateOrStatus.getValue(); | |||
| HttpConnectionManager httpConnectionManager = update.getListener().httpConnectionManager(); | |||
| if (httpConnectionManager == null) { | |||
| String error = "API Listener: httpConnectionManager does not exist."; | |||
There was a problem hiding this comment.
nit: this error string is never reused, thus no need to store it in a local variable.
We can simply rewrite as
logger.log(XdsLogLevel.INFO, "API Listener: httpConnectionManager does not exist.");
| if (!ldsAddressHnP.hasPort() || !listenerAddressHnP.hasPort() | ||
| || ldsAddressHnP.getPort() != listenerAddressHnP.getPort()) { | ||
| return false; | ||
| } |
There was a problem hiding this comment.
Should we have a unit test for this if block?
There was a problem hiding this comment.
The tests test hostname mismatch and port mismatch but not missing host or missing port. Like "127.0.0.0" or ":8080"
| @@ -130,9 +130,8 @@ static EnvoyServerProtoData.Listener buildTestListener( | |||
| EnvoyServerProtoData.FilterChain defaultFilterChain = EnvoyServerProtoData.FilterChain.create( | |||
| "filter-chain-bar", defaultFilterChainMatch, httpConnectionManager, | |||
| tlsContextForDefaultFilterChain, tlsContextManager); | |||
| EnvoyServerProtoData.Listener listener = EnvoyServerProtoData.Listener.create( | |||
| return Listener.create( | |||
There was a problem hiding this comment.
Previously was better?
| Listener.create("listener", "20.3.4.5:1", | ||
| ImmutableList.copyOf(Collections.singletonList(filterChain)), null, Protocol.TCP)); | ||
| xdsClient.deliverLdsUpdate(listenerUpdate); | ||
| verify(listener, timeout(10000)).onNotServing(any()); |
There was a problem hiding this comment.
| @@ -570,7 +599,7 @@ public void run() { | |||
| "filter-chain-foo", createMatch(), httpConnectionManager, createTls(), | |||
| mock(TlsContextManager.class)); | |||
| LdsUpdate listenerUpdate = LdsUpdate.forTcpListener( | |||
| Listener.create("listener", "20.3.4.5:1", | |||
| Listener.create("listener", "20.3.4.5:", | |||
There was a problem hiding this comment.
Does it work if you commit the trailing ':' ?
Does the InetAddress parsing work for an address with just the :8080 missing the hostname part?
There was a problem hiding this comment.
Does it work if you commit the trailing ':' ?
For this test case, NO because even if I give same port it will fail at hostname matching, ldsHostname(20.3.4.5) is not same as listenerAddressHostname(10.1.2.3).
Does the InetAddress parsing work for an address with just the :8080 missing the hostname part?
No it doesn't work without hostname. It fails when we convert to InetAddress using InetAddresses.forString("") using empty string as hostname.
| if (!ldsAddressHnP.hasPort() || !listenerAddressHnP.hasPort() | ||
| || ldsAddressHnP.getPort() != listenerAddressHnP.getPort()) { | ||
| return false; | ||
| } | ||
|
|
||
| InetAddress listenerIp = InetAddresses.forString(listenerAddressHnP.getHost()); | ||
| InetAddress ldsIp = InetAddresses.forString(ldsAddressHnP.getHost()); | ||
| return listenerIp.equals(ldsIp); | ||
| } |
There was a problem hiding this comment.
Did you get problems with the previous way?
There was a problem hiding this comment.
No, there were no problems here but I think if port isn't available or ports are not same then there's no point of parsing HostAndPort into InetAddress
| @@ -1811,7 +1954,7 @@ private static HttpConnectionManager createRds(String name) { | |||
| /** | |||
| * Returns the least-specific match-all Filter Chain Match. | |||
| */ | |||
| private static FilterChainMatch createMatch() { | |||
There was a problem hiding this comment.
nit: what would be the reason for increasing this visibility of this method (and createTls()), I don't seee them being referenced in other test files? Perhaps I am missing something.
Generally, it is good practice to keep the visibility of members as inaccessible (lowest visibility) as possible.
Fixes #11737