Example 6 with SslContextProviderSupplier
use of io.grpc.xds.internal.sds.SslContextProviderSupplier in project grpc-java by grpc.
the class XdsClientWrapperForServerSdsTestMisc method releaseOldSupplierOnNotFound_verifyClose.
@Test
public void releaseOldSupplierOnNotFound_verifyClose() throws Exception {
SslContextProvider sslContextProvider1 = mock(SslContextProvider.class);
when(tlsContextManager.findOrCreateServerSslContextProvider(eq(tlsContext1))).thenReturn(sslContextProvider1);
InetAddress ipLocalAddress = InetAddress.getByName("10.1.2.3");
localAddress = new InetSocketAddress(ipLocalAddress, PORT);
sendListenerUpdate(localAddress, tlsContext1, null, tlsContextManager);
SslContextProviderSupplier returnedSupplier = getSslContextProviderSupplier(selectorManager.getSelectorToUpdateSelector());
assertThat(returnedSupplier.getTlsContext()).isSameInstanceAs(tlsContext1);
callUpdateSslContext(returnedSupplier);
xdsClient.ldsWatcher.onResourceDoesNotExist("not-found Error");
verify(tlsContextManager, times(1)).releaseServerSslContextProvider(eq(sslContextProvider1));
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
SslContextProvider(io.grpc.xds.internal.sds.SslContextProvider)
InetAddress(java.net.InetAddress)
SslContextProviderSupplier(io.grpc.xds.internal.sds.SslContextProviderSupplier)
Test(org.junit.Test)
Example 7 with SslContextProviderSupplier
use of io.grpc.xds.internal.sds.SslContextProviderSupplier in project grpc-java by grpc.
the class XdsServerWrapperTest method error.
@Test
public void error() throws Exception {
final SettableFuture<Server> start = SettableFuture.create();
Executors.newSingleThreadExecutor().execute(new Runnable() {
@Override
public void run() {
try {
start.set(xdsServerWrapper.start());
} catch (Exception ex) {
start.setException(ex);
}
}
});
String ldsResource = xdsClient.ldsResource.get(5, TimeUnit.SECONDS);
xdsClient.ldsWatcher.onResourceDoesNotExist(ldsResource);
try {
start.get(5000, TimeUnit.MILLISECONDS);
fail("server should not start()");
} catch (TimeoutException ex) {
// expect to block here.
assertThat(start.isDone()).isFalse();
}
verify(listener, times(1)).onNotServing(any(StatusException.class));
verify(mockBuilder, times(1)).build();
FilterChain filterChain0 = createFilterChain("filter-chain-0", createRds("rds"));
SslContextProviderSupplier sslSupplier0 = filterChain0.sslContextProviderSupplier();
xdsClient.deliverLdsUpdate(Collections.singletonList(filterChain0), null);
xdsClient.ldsWatcher.onError(Status.INTERNAL);
assertThat(selectorManager.getSelectorToUpdateSelector()).isSameInstanceAs(FilterChainSelector.NO_FILTER_CHAIN);
assertThat(xdsClient.rdsWatchers).isEmpty();
verify(mockBuilder, times(1)).build();
verify(listener, times(2)).onNotServing(any(StatusException.class));
assertThat(sslSupplier0.isShutdown()).isFalse();
when(mockServer.start()).thenThrow(new IOException("error!")).thenReturn(mockServer);
FilterChain filterChain1 = createFilterChain("filter-chain-1", createRds("rds"));
SslContextProviderSupplier sslSupplier1 = filterChain1.sslContextProviderSupplier();
xdsClient.deliverLdsUpdate(Collections.singletonList(filterChain1), null);
assertThat(sslSupplier0.isShutdown()).isTrue();
xdsClient.deliverRdsUpdate("rds", Collections.singletonList(createVirtualHost("virtual-host-1")));
try {
start.get(5000, TimeUnit.MILLISECONDS);
fail("Start should throw exception");
} catch (ExecutionException ex) {
assertThat(ex.getCause()).isInstanceOf(IOException.class);
assertThat(ex.getCause().getMessage()).isEqualTo("error!");
}
RdsResourceWatcher saveRdsWatcher = xdsClient.rdsWatchers.get("rds");
assertThat(executor.forwardNanos(RETRY_DELAY_NANOS)).isEqualTo(1);
verify(mockBuilder, times(1)).build();
verify(mockServer, times(2)).start();
verify(listener, times(1)).onServing();
assertThat(selectorManager.getSelectorToUpdateSelector().getRoutingConfigs().size()).isEqualTo(1);
ServerRoutingConfig realConfig = selectorManager.getSelectorToUpdateSelector().getRoutingConfigs().get(filterChain1).get();
assertThat(realConfig.virtualHosts()).isEqualTo(Collections.singletonList(createVirtualHost("virtual-host-1")));
assertThat(realConfig.interceptors()).isEqualTo(ImmutableMap.of());
// xds update after start
xdsClient.deliverRdsUpdate("rds", Collections.singletonList(createVirtualHost("virtual-host-2")));
assertThat(sslSupplier1.isShutdown()).isFalse();
xdsClient.ldsWatcher.onError(Status.DEADLINE_EXCEEDED);
verify(mockBuilder, times(1)).build();
verify(mockServer, times(2)).start();
verify(listener, times(2)).onNotServing(any(StatusException.class));
assertThat(selectorManager.getSelectorToUpdateSelector().getRoutingConfigs().size()).isEqualTo(1);
realConfig = selectorManager.getSelectorToUpdateSelector().getRoutingConfigs().get(filterChain1).get();
assertThat(realConfig.virtualHosts()).isEqualTo(Collections.singletonList(createVirtualHost("virtual-host-2")));
assertThat(realConfig.interceptors()).isEqualTo(ImmutableMap.of());
assertThat(sslSupplier1.isShutdown()).isFalse();
// not serving after serving
xdsClient.ldsWatcher.onResourceDoesNotExist(ldsResource);
assertThat(xdsClient.rdsWatchers).isEmpty();
verify(mockServer, times(3)).shutdown();
when(mockServer.isShutdown()).thenReturn(true);
assertThat(selectorManager.getSelectorToUpdateSelector()).isSameInstanceAs(FilterChainSelector.NO_FILTER_CHAIN);
verify(listener, times(3)).onNotServing(any(StatusException.class));
assertThat(sslSupplier1.isShutdown()).isTrue();
// no op
saveRdsWatcher.onChanged(new RdsUpdate(Collections.singletonList(createVirtualHost("virtual-host-1"))));
verify(mockBuilder, times(1)).build();
verify(mockServer, times(2)).start();
verify(listener, times(1)).onServing();
// cancel retry
when(mockServer.start()).thenThrow(new IOException("error1!")).thenThrow(new IOException("error2!")).thenReturn(mockServer);
FilterChain filterChain2 = createFilterChain("filter-chain-2", createRds("rds"));
SslContextProviderSupplier sslSupplier2 = filterChain2.sslContextProviderSupplier();
xdsClient.deliverLdsUpdate(Collections.singletonList(filterChain2), null);
xdsClient.deliverRdsUpdate("rds", Collections.singletonList(createVirtualHost("virtual-host-1")));
assertThat(sslSupplier1.isShutdown()).isTrue();
verify(mockBuilder, times(2)).build();
when(mockServer.isShutdown()).thenReturn(false);
verify(mockServer, times(3)).start();
verify(listener, times(1)).onServing();
verify(listener, times(3)).onNotServing(any(StatusException.class));
assertThat(selectorManager.getSelectorToUpdateSelector().getRoutingConfigs().size()).isEqualTo(1);
realConfig = selectorManager.getSelectorToUpdateSelector().getRoutingConfigs().get(filterChain2).get();
assertThat(realConfig.virtualHosts()).isEqualTo(Collections.singletonList(createVirtualHost("virtual-host-1")));
assertThat(realConfig.interceptors()).isEqualTo(ImmutableMap.of());
assertThat(executor.numPendingTasks()).isEqualTo(1);
xdsClient.ldsWatcher.onResourceDoesNotExist(ldsResource);
verify(mockServer, times(4)).shutdown();
verify(listener, times(4)).onNotServing(any(StatusException.class));
when(mockServer.isShutdown()).thenReturn(true);
assertThat(executor.numPendingTasks()).isEqualTo(0);
assertThat(sslSupplier2.isShutdown()).isTrue();
// serving after not serving
FilterChain filterChain3 = createFilterChain("filter-chain-2", createRds("rds"));
SslContextProviderSupplier sslSupplier3 = filterChain3.sslContextProviderSupplier();
xdsClient.deliverLdsUpdate(Collections.singletonList(filterChain3), null);
xdsClient.deliverRdsUpdate("rds", Collections.singletonList(createVirtualHost("virtual-host-1")));
verify(mockBuilder, times(3)).build();
verify(mockServer, times(4)).start();
verify(listener, times(1)).onServing();
when(mockServer.isShutdown()).thenReturn(false);
verify(listener, times(4)).onNotServing(any(StatusException.class));
assertThat(selectorManager.getSelectorToUpdateSelector().getRoutingConfigs().size()).isEqualTo(1);
realConfig = selectorManager.getSelectorToUpdateSelector().getRoutingConfigs().get(filterChain3).get();
assertThat(realConfig.virtualHosts()).isEqualTo(Collections.singletonList(createVirtualHost("virtual-host-1")));
assertThat(realConfig.interceptors()).isEqualTo(ImmutableMap.of());
xdsServerWrapper.shutdown();
verify(mockServer, times(5)).shutdown();
assertThat(sslSupplier3.isShutdown()).isTrue();
when(mockServer.awaitTermination(anyLong(), any(TimeUnit.class))).thenReturn(true);
assertThat(xdsServerWrapper.awaitTermination(5, TimeUnit.SECONDS)).isTrue();
}
Also used :
ServerRoutingConfig(io.grpc.xds.XdsServerWrapper.ServerRoutingConfig)
Server(io.grpc.Server)
FilterChain(io.grpc.xds.EnvoyServerProtoData.FilterChain)
RdsResourceWatcher(io.grpc.xds.XdsClient.RdsResourceWatcher)
IOException(java.io.IOException)
TimeoutException(java.util.concurrent.TimeoutException)
StatusException(io.grpc.StatusException)
IOException(java.io.IOException)
ExecutionException(java.util.concurrent.ExecutionException)
StatusException(io.grpc.StatusException)
RdsUpdate(io.grpc.xds.XdsClient.RdsUpdate)
TimeUnit(java.util.concurrent.TimeUnit)
ExecutionException(java.util.concurrent.ExecutionException)
TimeoutException(java.util.concurrent.TimeoutException)
SslContextProviderSupplier(io.grpc.xds.internal.sds.SslContextProviderSupplier)
Test(org.junit.Test)
Example 8 with SslContextProviderSupplier
use of io.grpc.xds.internal.sds.SslContextProviderSupplier in project grpc-java by grpc.
the class XdsServerWrapperTest method shutdown_pendingRetry.
@Test
public void shutdown_pendingRetry() throws Exception {
final SettableFuture<Server> start = SettableFuture.create();
Executors.newSingleThreadExecutor().execute(new Runnable() {
@Override
public void run() {
try {
start.set(xdsServerWrapper.start());
} catch (Exception ex) {
start.setException(ex);
}
}
});
xdsClient.ldsResource.get(5, TimeUnit.SECONDS);
when(mockServer.start()).thenThrow(new IOException("error!"));
FilterChain filterChain = createFilterChain("filter-chain-1", createRds("rds"));
SslContextProviderSupplier sslSupplier = filterChain.sslContextProviderSupplier();
xdsClient.deliverLdsUpdate(Collections.singletonList(filterChain), null);
xdsClient.rdsCount.await(5, TimeUnit.SECONDS);
xdsClient.deliverRdsUpdate("rds", Collections.singletonList(createVirtualHost("virtual-host-1")));
try {
start.get(5000, TimeUnit.MILLISECONDS);
fail("Start should throw exception");
} catch (ExecutionException ex) {
assertThat(ex.getCause()).isInstanceOf(IOException.class);
}
assertThat(executor.getPendingTasks().size()).isEqualTo(1);
verify(mockServer).start();
verify(mockServer, never()).shutdown();
xdsServerWrapper.shutdown();
verify(mockServer).shutdown();
when(mockServer.isTerminated()).thenReturn(true);
assertThat(sslSupplier.isShutdown()).isTrue();
assertThat(executor.getPendingTasks().size()).isEqualTo(0);
verify(listener, never()).onNotServing(any(Throwable.class));
verify(listener, never()).onServing();
xdsServerWrapper.awaitTermination();
assertThat(xdsServerWrapper.isTerminated()).isTrue();
}
Also used :
Server(io.grpc.Server)
FilterChain(io.grpc.xds.EnvoyServerProtoData.FilterChain)
IOException(java.io.IOException)
ExecutionException(java.util.concurrent.ExecutionException)
TimeoutException(java.util.concurrent.TimeoutException)
StatusException(io.grpc.StatusException)
IOException(java.io.IOException)
ExecutionException(java.util.concurrent.ExecutionException)
SslContextProviderSupplier(io.grpc.xds.internal.sds.SslContextProviderSupplier)
Test(org.junit.Test)
Example 9 with SslContextProviderSupplier
use of io.grpc.xds.internal.sds.SslContextProviderSupplier in project grpc-java by grpc.
the class XdsClientWrapperForServerSdsTestMisc method getSslContextProviderSupplier.
private SslContextProviderSupplier getSslContextProviderSupplier(FilterChainSelector selector) throws Exception {
final SettableFuture<SslContextProviderSupplier> sslSet = SettableFuture.create();
ChannelHandler next = new ChannelInboundHandlerAdapter() {
@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) {
ProtocolNegotiationEvent e = (ProtocolNegotiationEvent) evt;
sslSet.set(InternalProtocolNegotiationEvent.getAttributes(e).get(ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER));
ctx.pipeline().remove(this);
}
};
ProtocolNegotiator mockDelegate = mock(ProtocolNegotiator.class);
GrpcHttp2ConnectionHandler grpcHandler = FakeGrpcHttp2ConnectionHandler.newHandler();
when(mockDelegate.newHandler(grpcHandler)).thenReturn(next);
FilterChainSelectorManager manager = new FilterChainSelectorManager();
manager.updateSelector(selector);
FilterChainMatchingHandler filterChainMatchingHandler = new FilterChainMatchingHandler(grpcHandler, manager, mockDelegate);
pipeline.addLast(filterChainMatchingHandler);
ProtocolNegotiationEvent event = InternalProtocolNegotiationEvent.getDefault();
pipeline.fireUserEventTriggered(event);
channel.runPendingTasks();
sslSet.set(InternalProtocolNegotiationEvent.getAttributes(event).get(ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER));
return sslSet.get();
}
Also used :
ProtocolNegotiationEvent(io.grpc.netty.ProtocolNegotiationEvent)
InternalProtocolNegotiationEvent(io.grpc.netty.InternalProtocolNegotiationEvent)
ProtocolNegotiator(io.grpc.netty.InternalProtocolNegotiator.ProtocolNegotiator)
FilterChainMatchingHandler(io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler)
ChannelHandlerContext(io.netty.channel.ChannelHandlerContext)
ChannelHandler(io.netty.channel.ChannelHandler)
GrpcHttp2ConnectionHandler(io.grpc.netty.GrpcHttp2ConnectionHandler)
SslContextProviderSupplier(io.grpc.xds.internal.sds.SslContextProviderSupplier)
ChannelInboundHandlerAdapter(io.netty.channel.ChannelInboundHandlerAdapter)
Example 10 with SslContextProviderSupplier
use of io.grpc.xds.internal.sds.SslContextProviderSupplier in project grpc-java by grpc.
the class ClusterImplLoadBalancerTest method subtest_endpointAddressesAttachedWithTlsConfig.
private void subtest_endpointAddressesAttachedWithTlsConfig(boolean enableSecurity) {
UpstreamTlsContext upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true);
LoadBalancerProvider weightedTargetProvider = new WeightedTargetLoadBalancerProvider();
WeightedTargetConfig weightedTargetConfig = buildWeightedTargetConfig(ImmutableMap.of(locality, 10));
ClusterImplConfig config = new ClusterImplConfig(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO, null, Collections.<DropOverload>emptyList(), new PolicySelection(weightedTargetProvider, weightedTargetConfig), upstreamTlsContext);
// One locality with two endpoints.
EquivalentAddressGroup endpoint1 = makeAddress("endpoint-addr1", locality);
EquivalentAddressGroup endpoint2 = makeAddress("endpoint-addr2", locality);
deliverAddressesAndConfig(Arrays.asList(endpoint1, endpoint2), config);
// one leaf balancer
assertThat(downstreamBalancers).hasSize(1);
FakeLoadBalancer leafBalancer = Iterables.getOnlyElement(downstreamBalancers);
assertThat(leafBalancer.name).isEqualTo("round_robin");
// Simulates leaf load balancer creating subchannels.
CreateSubchannelArgs args = CreateSubchannelArgs.newBuilder().setAddresses(leafBalancer.addresses).build();
Subchannel subchannel = leafBalancer.helper.createSubchannel(args);
for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
SslContextProviderSupplier supplier = eag.getAttributes().get(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
if (enableSecurity) {
assertThat(supplier.getTlsContext()).isEqualTo(upstreamTlsContext);
} else {
assertThat(supplier).isNull();
}
}
// Removes UpstreamTlsContext from the config.
config = new ClusterImplConfig(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO, null, Collections.<DropOverload>emptyList(), new PolicySelection(weightedTargetProvider, weightedTargetConfig), null);
deliverAddressesAndConfig(Arrays.asList(endpoint1, endpoint2), config);
assertThat(Iterables.getOnlyElement(downstreamBalancers)).isSameInstanceAs(leafBalancer);
// creates new connections
subchannel = leafBalancer.helper.createSubchannel(args);
for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
assertThat(eag.getAttributes().get(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER)).isNull();
}
// Config with a new UpstreamTlsContext.
upstreamTlsContext = CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe1", true);
config = new ClusterImplConfig(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO, null, Collections.<DropOverload>emptyList(), new PolicySelection(weightedTargetProvider, weightedTargetConfig), upstreamTlsContext);
deliverAddressesAndConfig(Arrays.asList(endpoint1, endpoint2), config);
assertThat(Iterables.getOnlyElement(downstreamBalancers)).isSameInstanceAs(leafBalancer);
// creates new connections
subchannel = leafBalancer.helper.createSubchannel(args);
for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
SslContextProviderSupplier supplier = eag.getAttributes().get(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
if (enableSecurity) {
assertThat(supplier.isShutdown()).isFalse();
assertThat(supplier.getTlsContext()).isEqualTo(upstreamTlsContext);
} else {
assertThat(supplier).isNull();
}
}
loadBalancer.shutdown();
for (EquivalentAddressGroup eag : subchannel.getAllAddresses()) {
SslContextProviderSupplier supplier = eag.getAttributes().get(InternalXdsAttributes.ATTR_SSL_CONTEXT_PROVIDER_SUPPLIER);
if (enableSecurity) {
assertThat(supplier.isShutdown()).isTrue();
}
}
loadBalancer = null;
}
Also used :
CreateSubchannelArgs(io.grpc.LoadBalancer.CreateSubchannelArgs)
EquivalentAddressGroup(io.grpc.EquivalentAddressGroup)
Subchannel(io.grpc.LoadBalancer.Subchannel)
UpstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext)
LoadBalancerProvider(io.grpc.LoadBalancerProvider)
DropOverload(io.grpc.xds.Endpoints.DropOverload)
WeightedTargetConfig(io.grpc.xds.WeightedTargetLoadBalancerProvider.WeightedTargetConfig)
WeightedPolicySelection(io.grpc.xds.WeightedTargetLoadBalancerProvider.WeightedPolicySelection)
PolicySelection(io.grpc.internal.ServiceConfigUtil.PolicySelection)
ClusterImplConfig(io.grpc.xds.ClusterImplLoadBalancerProvider.ClusterImplConfig)
SslContextProviderSupplier(io.grpc.xds.internal.sds.SslContextProviderSupplier)
Aggregations
SslContextProviderSupplier (io.grpc.xds.internal.sds.SslContextProviderSupplier)10
Test (org.junit.Test)7
InetSocketAddress (java.net.InetSocketAddress)5
SslContextProvider (io.grpc.xds.internal.sds.SslContextProvider)4
InetAddress (java.net.InetAddress)4
EquivalentAddressGroup (io.grpc.EquivalentAddressGroup)2
Server (io.grpc.Server)2
StatusException (io.grpc.StatusException)2
FilterChain (io.grpc.xds.EnvoyServerProtoData.FilterChain)2
FilterChainMatchingHandler (io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler)2
ServerRoutingConfig (io.grpc.xds.XdsServerWrapper.ServerRoutingConfig)2
ChannelHandler (io.netty.channel.ChannelHandler)2
ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)2
IOException (java.io.IOException)2
ExecutionException (java.util.concurrent.ExecutionException)2
TimeoutException (java.util.concurrent.TimeoutException)2
Attributes (io.grpc.Attributes)1
CreateSubchannelArgs (io.grpc.LoadBalancer.CreateSubchannelArgs)1
Subchannel (io.grpc.LoadBalancer.Subchannel)1
LoadBalancerProvider (io.grpc.LoadBalancerProvider)1
