Skip to content

Commit f9e1c0f

Browse files
ejona86ejona86
authored
xds: Protect xdstp processing with federation env var
There are still some cases for xdstp processing, but they are to percent encoding replacement strings. Those seem better to leave running since it looks like it they could be triggered even with federation disabled in the bootstrap processing.
1 parent 4a5f6ad commit f9e1c0f

File tree

3 files changed

+11
-2
lines changed

3 files changed

+11
-2
lines changed

xds/src/main/java/io/grpc/xds/BootstrapperImpl.java

-1
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,6 @@ class BootstrapperImpl extends Bootstrapper {
6060
"envoy.lb.does_not_support_overprovisioning";
6161
@VisibleForTesting
6262
static final String CLIENT_FEATURE_RESOURCE_IN_SOTW = "xds.config.resource-in-sotw";
63-
@VisibleForTesting
6463
static boolean enableFederation =
6564
!Strings.isNullOrEmpty(System.getenv("GRPC_EXPERIMENTAL_XDS_FEDERATION"))
6665
&& Boolean.parseBoolean(System.getenv("GRPC_EXPERIMENTAL_XDS_FEDERATION"));

xds/src/main/java/io/grpc/xds/ClientXdsClient.java

+1-1
Original file line numberDiff line numberDiff line change
@@ -2444,7 +2444,7 @@ private final class ResourceSubscriber {
24442444
}
24452445

24462446
private ServerInfo getServerInfo(String resource) {
2447-
if (resource.startsWith(XDSTP_SCHEME)) {
2447+
if (BootstrapperImpl.enableFederation && resource.startsWith(XDSTP_SCHEME)) {
24482448
URI uri = URI.create(resource);
24492449
String authority = uri.getAuthority();
24502450
if (authority == null) {

xds/src/test/java/io/grpc/xds/ClientXdsClientTestBase.java

+10
Original file line numberDiff line numberDiff line change
@@ -263,6 +263,7 @@ public long currentTimeNanos() {
263263
private boolean originalEnableFaultInjection;
264264
private boolean originalEnableRbac;
265265
private boolean originalEnableLeastRequest;
266+
private boolean originalEnableFederation;
266267

267268
@Before
268269
public void setUp() throws IOException {
@@ -279,6 +280,7 @@ public void setUp() throws IOException {
279280
assertThat(originalEnableRbac).isTrue();
280281
originalEnableLeastRequest = ClientXdsClient.enableLeastRequest;
281282
ClientXdsClient.enableLeastRequest = true;
283+
originalEnableFederation = BootstrapperImpl.enableFederation;
282284
final String serverName = InProcessServerBuilder.generateName();
283285
cleanupRule.register(
284286
InProcessServerBuilder
@@ -353,6 +355,7 @@ public void tearDown() {
353355
ClientXdsClient.enableFaultInjection = originalEnableFaultInjection;
354356
ClientXdsClient.enableRbac = originalEnableRbac;
355357
ClientXdsClient.enableLeastRequest = originalEnableLeastRequest;
358+
BootstrapperImpl.enableFederation = originalEnableFederation;
356359
xdsClient.shutdown();
357360
channel.shutdown(); // channel not owned by XdsClient
358361
assertThat(adsEnded.get()).isTrue();
@@ -788,6 +791,7 @@ public void ldsResourceUpdated() {
788791

789792
@Test
790793
public void ldsResourceUpdated_withXdstpResourceName() {
794+
BootstrapperImpl.enableFederation = true;
791795
String ldsResourceName = useProtocolV3()
792796
? "xdstp://authority.xds.com/envoy.config.listener.v3.Listener/listener1"
793797
: "xdstp://authority.xds.com/envoy.api.v2.Listener/listener1";
@@ -808,6 +812,7 @@ public void ldsResourceUpdated_withXdstpResourceName() {
808812

809813
@Test
810814
public void ldsResourceUpdated_withXdstpResourceName_withEmptyAuthority() {
815+
BootstrapperImpl.enableFederation = true;
811816
String ldsResourceName = useProtocolV3()
812817
? "xdstp:///envoy.config.listener.v3.Listener/listener1"
813818
: "xdstp:///envoy.api.v2.Listener/listener1";
@@ -828,6 +833,7 @@ public void ldsResourceUpdated_withXdstpResourceName_withEmptyAuthority() {
828833

829834
@Test
830835
public void ldsResourceUpdated_withXdstpResourceName_witUnorderedContextParams() {
836+
BootstrapperImpl.enableFederation = true;
831837
String ldsResourceName = useProtocolV3()
832838
? "xdstp://authority.xds.com/envoy.config.listener.v3.Listener/listener1/a?bar=2&foo=1"
833839
: "xdstp://authority.xds.com/envoy.api.v2.Listener/listener1/a?bar=2&foo=1";
@@ -847,6 +853,7 @@ public void ldsResourceUpdated_withXdstpResourceName_witUnorderedContextParams()
847853

848854
@Test
849855
public void ldsResourceUpdated_withXdstpResourceName_withWrongType() {
856+
BootstrapperImpl.enableFederation = true;
850857
String ldsResourceName = useProtocolV3()
851858
? "xdstp://authority.xds.com/envoy.config.listener.v3.Listener/listener1"
852859
: "xdstp://authority.xds.com/envoy.api.v2.Listener/listener1";
@@ -867,6 +874,7 @@ public void ldsResourceUpdated_withXdstpResourceName_withWrongType() {
867874

868875
@Test
869876
public void rdsResourceUpdated_withXdstpResourceName_withWrongType() {
877+
BootstrapperImpl.enableFederation = true;
870878
String rdsResourceName = useProtocolV3()
871879
? "xdstp://authority.xds.com/envoy.config.route.v3.RouteConfiguration/route1"
872880
: "xdstp://authority.xds.com/envoy.api.v2.RouteConfiguration/route1";
@@ -886,6 +894,7 @@ public void rdsResourceUpdated_withXdstpResourceName_withWrongType() {
886894

887895
@Test
888896
public void cdsResourceUpdated_withXdstpResourceName_withWrongType() {
897+
BootstrapperImpl.enableFederation = true;
889898
String cdsResourceName = useProtocolV3()
890899
? "xdstp://authority.xds.com/envoy.config.cluster.v3.Cluster/cluster1"
891900
: "xdstp://authority.xds.com/envoy.api.v2.Cluster/cluster1";
@@ -906,6 +915,7 @@ public void cdsResourceUpdated_withXdstpResourceName_withWrongType() {
906915

907916
@Test
908917
public void edsResourceUpdated_withXdstpResourceName_withWrongType() {
918+
BootstrapperImpl.enableFederation = true;
909919
String edsResourceName = useProtocolV3()
910920
? "xdstp://authority.xds.com/envoy.config.endpoint.v3.ClusterLoadAssignment/cluster1"
911921
: "xdstp://authority.xds.com/envoy.api.v2.ClusterLoadAssignment/cluster1";

0 commit comments

Comments
 (0)