New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xds: client-side security: Process security config from Cluster resource #3931
Conversation
xds/internal/version/version.go
Outdated
V3RouteConfigURL = "type.googleapis.com/envoy.config.route.v3.RouteConfiguration" | ||
V3ClusterURL = "type.googleapis.com/envoy.config.cluster.v3.Cluster" | ||
V3EndpointsURL = "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment" | ||
V3HTTPConnManagerURL = "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this line a v2
, not v3
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo from earlier I would guess. Fixed.
xds/internal/client/client_xds.go
Outdated
if sc != nil { | ||
// A valid Cluster resource could contain no security configuration | ||
// (transport_socket field is nil). Hence we need a nil check here. | ||
cu.SecurityCfg = *sc |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How would the CDS balancer know if this field exists in the CDS response? Does it check for empty strings? Or make this field a pointer?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. Changed it to a pointer. I initially had it as a pointer, then saw that none of the Update
types had a pointer, so switched it to value. But pointer definitely is better here. Thanks.
Done. PTAL. |
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b | ||
github.com/golang/protobuf v1.3.3 | ||
github.com/golang/protobuf v1.4.2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The go.mod change and vet.sh will conflict with #3932
The other PR is mostly generated code, and has a cleaner change in vet.sh, maybe wait for that to merge first?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, will wait for it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And even after that, merging go.mod/go.sum won't be pleasant I guess. I would try first revert those changes, then merge and go mod tidy
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
608af3c
to
eb8dd91
Compare
eb8dd91
to
80c427e
Compare
No description provided.