Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xds: client-side security: Process security config from Cluster resource #3931

Merged
merged 3 commits into from Oct 8, 2020
Merged

xds: client-side security: Process security config from Cluster resource #3931

merged 3 commits into from Oct 8, 2020

Conversation

easwars
Copy link
Contributor

@easwars easwars commented Oct 6, 2020

No description provided.

@easwars easwars requested a review from menghanl October 6, 2020 21:15
menghanl
menghanl reviewed Oct 6, 2020
View reviewed changes
xds/internal/version/version.go Outdated
V3RouteConfigURL = "type.googleapis.com/envoy.config.route.v3.RouteConfiguration"
V3ClusterURL = "type.googleapis.com/envoy.config.cluster.v3.Cluster"
V3EndpointsURL = "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment"
V3HTTPConnManagerURL = "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this line a v2, not v3?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo from earlier I would guess. Fixed.

xds/internal/client/client_xds.go Outdated
if sc != nil {
// A valid Cluster resource could contain no security configuration
// (transport_socket field is nil). Hence we need a nil check here.
cu.SecurityCfg = *sc
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How would the CDS balancer know if this field exists in the CDS response? Does it check for empty strings? Or make this field a pointer?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. Changed it to a pointer. I initially had it as a pointer, then saw that none of the Update types had a pointer, so switched it to value. But pointer definitely is better here. Thanks.

@easwars
Copy link
Contributor Author

easwars commented Oct 6, 2020

Done. PTAL.

menghanl
menghanl reviewed Oct 7, 2020
View reviewed changes
go.mod
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
github.com/golang/protobuf v1.3.3
github.com/golang/protobuf v1.4.2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The go.mod change and vet.sh will conflict with #3932
The other PR is mostly generated code, and has a cleaner change in vet.sh, maybe wait for that to merge first?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, will wait for it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And even after that, merging go.mod/go.sum won't be pleasant I guess. I would try first revert those changes, then merge and go mod tidy.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had to add a few more lines to vet.sh from the ones added in #3932 because my changes here do not have the corresponding pb.go changes. So, there were more complaints about usage of deprecated fields/types. We probably should do a scrub of the list once #3932 gets in.

@menghanl menghanl assigned easwars and unassigned menghanl Oct 8, 2020
@easwars easwars merged commit 06c094c into grpc:master Oct 8, 2020
@easwars easwars deleted the xds_client_security branch December 8, 2020 20:07
@easwars easwars changed the title xds/client: Process security configuration from Cluster resource xds: client-side security: Process security config from Cluster resource Mar 4, 2021
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 1, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@menghanl menghanl menghanl approved these changes

Assignees

@easwars easwars

Labels
Type: Feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@easwars @menghanl