xds: listener type validation #11933
Conversation
ejona86
left a comment
ejona86
left a comment
There was a problem hiding this comment.
Sorry, I didn't mean to approve
shivaspeaks
added
the
kokoro:run
grpc-kokoro
removed
the
kokoro:run
| } | ||
| StatusException statusException = Status.UNAVAILABLE.withDescription( | ||
| String.format("Listener %s unavailable, xDS node ID: %s", resourceName, | ||
| String.format("%s listener unavailable, xDS node ID: %s", resourceName, |
There was a problem hiding this comment.
nit: what would be the reason to switch the order of the error format here? I think Listener %s is slightly more common in the code base. Consistent formatting helps with searching when debugging issues.
ejona86
left a comment
ejona86
left a comment
There was a problem hiding this comment.
I found these comments laying around. I don't know why I didn't send it out earlier.
|
While it is in the gRFC, why is it really important to enforce a returned address being non-null? This doesn't seem to really provide value as the address was already known for communicating to the xds server in the first place. |
The returned Listener address tells the server what to listen on. We didn't remove it. We just made it so that the control plane can have a trivial job of filling in the correct value. |
| SocketAddress socketAddress = proto.getAddress().getSocketAddress(); | ||
| socketAddress = proto.getAddress().getSocketAddress(); | ||
| address = socketAddress.getAddress(); | ||
| if (address.isEmpty()) { |
There was a problem hiding this comment.
Add unit test in GrpcXdsClientImplDataTest.
| case NAMED_PORT: | ||
| address = address + ":" + socketAddress.getNamedPort(); | ||
| break; | ||
| throw new ResourceInvalidException("NAMED_PORT is not supported in gRPC."); |
There was a problem hiding this comment.
Add unit test in GrpcXdsClientImplDataTest.
| // Process Route | ||
| XdsConfig update = updateOrStatus.getValue(); | ||
| HttpConnectionManager httpConnectionManager = update.getListener().httpConnectionManager(); | ||
| if (httpConnectionManager == null) { |
There was a problem hiding this comment.
Add unit test for when the listener update is missing httpConnectionManager.
| } | ||
| logger.log(Level.FINEST, "Received Lds update {0}", update); | ||
| checkNotNull(update.listener(), "update"); | ||
| if (update.listener() == null) { |
There was a problem hiding this comment.
Add unit test for this case as well.
| XdsConfig update = updateOrStatus.getValue(); | ||
| HttpConnectionManager httpConnectionManager = update.getListener().httpConnectionManager(); | ||
| if (httpConnectionManager == null) { | ||
| String error = "API Listener: httpConnectionManager does not exist."; |
There was a problem hiding this comment.
nit: this error string is never reused, thus no need to store it in a local variable.
We can simply rewrite as
logger.log(XdsLogLevel.INFO, "API Listener: httpConnectionManager does not exist.");
| if (!ldsAddressHnP.hasPort() || !listenerAddressHnP.hasPort() | ||
| || ldsAddressHnP.getPort() != listenerAddressHnP.getPort()) { | ||
| return false; | ||
| } |
There was a problem hiding this comment.
Should we have a unit test for this if block?
There was a problem hiding this comment.
The tests test hostname mismatch and port mismatch but not missing host or missing port. Like "127.0.0.0" or ":8080"
| "filter-chain-bar", defaultFilterChainMatch, httpConnectionManager, | ||
| tlsContextForDefaultFilterChain, tlsContextManager); | ||
| EnvoyServerProtoData.Listener listener = EnvoyServerProtoData.Listener.create( | ||
| return Listener.create( |
There was a problem hiding this comment.
Previously was better?
| Listener.create("listener", "20.3.4.5:1", | ||
| ImmutableList.copyOf(Collections.singletonList(filterChain)), null, Protocol.TCP)); | ||
| xdsClient.deliverLdsUpdate(listenerUpdate); | ||
| verify(listener, timeout(10000)).onNotServing(any()); |
There was a problem hiding this comment.
| mock(TlsContextManager.class)); | ||
| LdsUpdate listenerUpdate = LdsUpdate.forTcpListener( | ||
| Listener.create("listener", "20.3.4.5:1", | ||
| Listener.create("listener", "20.3.4.5:", |
There was a problem hiding this comment.
Does it work if you commit the trailing ':' ?
Does the InetAddress parsing work for an address with just the :8080 missing the hostname part?
There was a problem hiding this comment.
Does it work if you commit the trailing ':' ?
For this test case, NO because even if I give same port it will fail at hostname matching, ldsHostname(20.3.4.5) is not same as listenerAddressHostname(10.1.2.3).
Does the InetAddress parsing work for an address with just the :8080 missing the hostname part?
No it doesn't work without hostname. It fails when we convert to InetAddress using InetAddresses.forString("") using empty string as hostname.
| InetAddress listenerIp = InetAddresses.forString(listenerAddressHnP.getHost()); | ||
| InetAddress ldsIp = InetAddresses.forString(ldsAddressHnP.getHost()); | ||
| return listenerIp.equals(ldsIp); | ||
| } |
There was a problem hiding this comment.
Did you get problems with the previous way?
There was a problem hiding this comment.
No, there were no problems here but I think if port isn't available or ports are not same then there's no point of parsing HostAndPort into InetAddress
kannanjgithub
left a comment
kannanjgithub
left a comment
There was a problem hiding this comment.
Clarification questions
| /** | ||
| * Returns the least-specific match-all Filter Chain Match. | ||
| */ | ||
| private static FilterChainMatch createMatch() { |
There was a problem hiding this comment.
nit: what would be the reason for increasing this visibility of this method (and createTls()), I don't seee them being referenced in other test files? Perhaps I am missing something.
Generally, it is good practice to keep the visibility of members as inaccessible (lowest visibility) as possible.
6 participants
Fixes #11737