Search in sources :

Example 66 with ChannelHandler

use of org.apache.flink.shaded.netty4.io.netty.channel.ChannelHandler in project grpc-java by grpc.

the class FilterChainMatchingProtocolNegotiatorsTest method destPortFails_returnDefaultFilterChain.

@Test
public void destPortFails_returnDefaultFilterChain() throws Exception {
    EnvoyServerProtoData.DownstreamTlsContext tlsContextWithDestPort = CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT1", "VA1");
    EnvoyServerProtoData.FilterChainMatch filterChainMatchWithDestPort = EnvoyServerProtoData.FilterChainMatch.create(PORT, ImmutableList.of(), ImmutableList.of("managed-mtls"), ImmutableList.of(), EnvoyServerProtoData.ConnectionSourceType.ANY, ImmutableList.of(), ImmutableList.of(), "");
    EnvoyServerProtoData.FilterChain filterChainWithDestPort = EnvoyServerProtoData.FilterChain.create("filter-chain-foo", filterChainMatchWithDestPort, HTTP_CONNECTION_MANAGER, tlsContextWithDestPort, tlsContextManager);
    EnvoyServerProtoData.DownstreamTlsContext tlsContextForDefaultFilterChain = CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT2", "VA2");
    EnvoyServerProtoData.FilterChain defaultFilterChain = EnvoyServerProtoData.FilterChain.create("filter-chain-bar", DEFAULT_FILTER_CHAIN_MATCH, HTTP_CONNECTION_MANAGER, tlsContextForDefaultFilterChain, tlsContextManager);
    ServerRoutingConfig routingConfig = ServerRoutingConfig.create(ImmutableList.of(createVirtualHost("virtual")), ImmutableMap.<Route, ServerInterceptor>of());
    selectorManager.updateSelector(new FilterChainSelector(ImmutableMap.of(filterChainWithDestPort, new AtomicReference<ServerRoutingConfig>(routingConfig)), defaultFilterChain.sslContextProviderSupplier(), noopConfig));
    FilterChainMatchingHandler filterChainMatchingHandler = new FilterChainMatchingHandler(grpcHandler, selectorManager, mockDelegate);
    ChannelHandler next = captureAttrHandler(sslSet, routingSettable);
    when(mockDelegate.newHandler(grpcHandler)).thenReturn(next);
    setupChannel(LOCAL_IP, REMOTE_IP, 15000, filterChainMatchingHandler);
    pipeline.fireUserEventTriggered(event);
    channel.runPendingTasks();
    assertThat(sslSet.get()).isEqualTo(defaultFilterChain.sslContextProviderSupplier());
    assertThat(routingSettable.get()).isEqualTo(noopConfig);
    assertThat(sslSet.get().getTlsContext()).isSameInstanceAs(tlsContextForDefaultFilterChain);
}
Also used : FilterChainSelector(io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler.FilterChainSelector) ServerRoutingConfig(io.grpc.xds.XdsServerWrapper.ServerRoutingConfig) FilterChainMatchingHandler(io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler) DownstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext) ChannelHandler(io.netty.channel.ChannelHandler) FilterChain(io.grpc.xds.EnvoyServerProtoData.FilterChain) Test(org.junit.Test)

Example 67 with ChannelHandler

use of org.apache.flink.shaded.netty4.io.netty.channel.ChannelHandler in project grpc-java by grpc.

the class FilterChainMatchingProtocolNegotiatorsTest method sourceTypeLocal.

@Test
public void sourceTypeLocal() throws Exception {
    ChannelHandler next = captureAttrHandler(sslSet, routingSettable);
    when(mockDelegate.newHandler(grpcHandler)).thenReturn(next);
    EnvoyServerProtoData.DownstreamTlsContext tlsContextMatch = CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT1", "VA1");
    EnvoyServerProtoData.FilterChainMatch filterChainMatchWithMatch = EnvoyServerProtoData.FilterChainMatch.create(0, ImmutableList.of(), ImmutableList.of(), ImmutableList.of(), EnvoyServerProtoData.ConnectionSourceType.SAME_IP_OR_LOOPBACK, ImmutableList.of(), ImmutableList.of(), "");
    EnvoyServerProtoData.FilterChain filterChainWithMatch = EnvoyServerProtoData.FilterChain.create("filter-chain-foo", filterChainMatchWithMatch, HTTP_CONNECTION_MANAGER, tlsContextMatch, tlsContextManager);
    EnvoyServerProtoData.DownstreamTlsContext tlsContextForDefaultFilterChain = CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT2", "VA2");
    EnvoyServerProtoData.FilterChain defaultFilterChain = EnvoyServerProtoData.FilterChain.create("filter-chain-bar", DEFAULT_FILTER_CHAIN_MATCH, HTTP_CONNECTION_MANAGER, tlsContextForDefaultFilterChain, tlsContextManager);
    selectorManager.updateSelector(new FilterChainSelector(ImmutableMap.of(filterChainWithMatch, noopConfig), defaultFilterChain.sslContextProviderSupplier(), randomConfig("default")));
    FilterChainMatchingHandler filterChainMatchingHandler = new FilterChainMatchingHandler(grpcHandler, selectorManager, mockDelegate);
    setupChannel(LOCAL_IP, LOCAL_IP, 15000, filterChainMatchingHandler);
    pipeline.fireUserEventTriggered(event);
    channel.runPendingTasks();
    assertThat(sslSet.get()).isEqualTo(filterChainWithMatch.sslContextProviderSupplier());
    assertThat(routingSettable.get()).isEqualTo(noopConfig);
    assertThat(sslSet.get().getTlsContext()).isSameInstanceAs(tlsContextMatch);
}
Also used : FilterChainSelector(io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler.FilterChainSelector) FilterChainMatchingHandler(io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler) DownstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext) ChannelHandler(io.netty.channel.ChannelHandler) FilterChain(io.grpc.xds.EnvoyServerProtoData.FilterChain) Test(org.junit.Test)

Example 68 with ChannelHandler

use of org.apache.flink.shaded.netty4.io.netty.channel.ChannelHandler in project grpc-java by grpc.

the class FilterChainMatchingProtocolNegotiatorsTest method destPrefixRangeMatch.

@Test
public void destPrefixRangeMatch() throws Exception {
    EnvoyServerProtoData.DownstreamTlsContext tlsContextMatch = CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT1", "VA1");
    EnvoyServerProtoData.FilterChainMatch filterChainMatchWithMatch = EnvoyServerProtoData.FilterChainMatch.create(0, ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.1.2.0", 24)), ImmutableList.of(), ImmutableList.of(), EnvoyServerProtoData.ConnectionSourceType.ANY, ImmutableList.of(), ImmutableList.of(), "");
    EnvoyServerProtoData.FilterChain filterChainWithMatch = EnvoyServerProtoData.FilterChain.create("filter-chain-foo", filterChainMatchWithMatch, HTTP_CONNECTION_MANAGER, tlsContextMatch, tlsContextManager);
    EnvoyServerProtoData.DownstreamTlsContext tlsContextForDefaultFilterChain = CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT2", "VA2");
    EnvoyServerProtoData.FilterChain defaultFilterChain = EnvoyServerProtoData.FilterChain.create("filter-chain-bar", DEFAULT_FILTER_CHAIN_MATCH, HTTP_CONNECTION_MANAGER, tlsContextForDefaultFilterChain, tlsContextManager);
    selectorManager.updateSelector(new FilterChainSelector(ImmutableMap.of(filterChainWithMatch, noopConfig), defaultFilterChain.sslContextProviderSupplier(), randomConfig("no-match")));
    FilterChainMatchingHandler filterChainMatchingHandler = new FilterChainMatchingHandler(grpcHandler, selectorManager, mockDelegate);
    ChannelHandler next = captureAttrHandler(sslSet, routingSettable);
    when(mockDelegate.newHandler(grpcHandler)).thenReturn(next);
    setupChannel(LOCAL_IP, REMOTE_IP, 15000, filterChainMatchingHandler);
    pipeline.fireUserEventTriggered(event);
    channel.runPendingTasks();
    assertThat(sslSet.get()).isEqualTo(filterChainWithMatch.sslContextProviderSupplier());
    assertThat(routingSettable.get()).isEqualTo(noopConfig);
    assertThat(sslSet.get().getTlsContext()).isSameInstanceAs(tlsContextMatch);
}
Also used : FilterChainSelector(io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler.FilterChainSelector) FilterChainMatchingHandler(io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler) DownstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext) ChannelHandler(io.netty.channel.ChannelHandler) FilterChain(io.grpc.xds.EnvoyServerProtoData.FilterChain) Test(org.junit.Test)

Example 69 with ChannelHandler

use of org.apache.flink.shaded.netty4.io.netty.channel.ChannelHandler in project grpc-java by grpc.

the class FilterChainMatchingProtocolNegotiatorsTest method filterChain_5stepMatch.

/**
 * Create 6 filterChains: - 1st filter chain has dest port & specific prefix range but is
 * eliminated due to dest port - 5 advance to next step: 1 is eliminated due to being less
 * specific than the remaining 4. - 4 advance to 3rd step: source type external eliminates one
 * with local source_type. - 3 advance to 4th step: more specific 2 get picked based on
 * source-prefix range. - 5th step: out of 2 one with matching source port gets picked
 */
@Test
public void filterChain_5stepMatch() throws Exception {
    EnvoyServerProtoData.DownstreamTlsContext tlsContext1 = CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT1", "VA1");
    EnvoyServerProtoData.DownstreamTlsContext tlsContext2 = CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT2", "VA2");
    EnvoyServerProtoData.DownstreamTlsContext tlsContext3 = CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT3", "VA3");
    EnvoyServerProtoData.DownstreamTlsContext tlsContext4 = CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT4", "VA4");
    EnvoyServerProtoData.DownstreamTlsContext tlsContext5 = CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT5", "VA5");
    EnvoyServerProtoData.DownstreamTlsContext tlsContext6 = CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT6", "VA6");
    // has dest port and specific prefix ranges: gets eliminated in step 1
    EnvoyServerProtoData.FilterChainMatch filterChainMatch1 = EnvoyServerProtoData.FilterChainMatch.create(PORT, ImmutableList.of(), ImmutableList.of(), ImmutableList.of(EnvoyServerProtoData.CidrRange.create(REMOTE_IP, 32)), EnvoyServerProtoData.ConnectionSourceType.ANY, ImmutableList.of(), ImmutableList.of(), "");
    EnvoyServerProtoData.FilterChain filterChain1 = EnvoyServerProtoData.FilterChain.create("filter-chain-1", filterChainMatch1, HTTP_CONNECTION_MANAGER, tlsContext1, tlsContextManager);
    // next 5 use prefix range: 4 with prefixLen of 30 and last one with 29
    // has single prefix range: and less specific source prefix range: gets eliminated in step 4
    EnvoyServerProtoData.FilterChainMatch filterChainMatch2 = EnvoyServerProtoData.FilterChainMatch.create(0, ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.1.2.0", 30)), ImmutableList.of(), ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.4.0.0", 16)), EnvoyServerProtoData.ConnectionSourceType.ANY, ImmutableList.of(), ImmutableList.of(), "");
    EnvoyServerProtoData.FilterChain filterChain2 = EnvoyServerProtoData.FilterChain.create("filter-chain-2", filterChainMatch2, HTTP_CONNECTION_MANAGER, tlsContext2, tlsContextManager);
    // has prefix ranges with one not matching and source type local: gets eliminated in step 3
    EnvoyServerProtoData.FilterChainMatch filterChainMatch3 = EnvoyServerProtoData.FilterChainMatch.create(0, ImmutableList.of(EnvoyServerProtoData.CidrRange.create("192.168.2.0", 24), EnvoyServerProtoData.CidrRange.create("10.1.2.0", 30)), ImmutableList.of(), ImmutableList.of(), EnvoyServerProtoData.ConnectionSourceType.SAME_IP_OR_LOOPBACK, ImmutableList.of(), ImmutableList.of(), "");
    EnvoyServerProtoData.FilterChain filterChain3 = EnvoyServerProtoData.FilterChain.create("filter-chain-3", filterChainMatch3, HTTP_CONNECTION_MANAGER, tlsContext3, tlsContextManager);
    // has prefix ranges with both matching and source type external but non matching source port:
    // gets eliminated in step 5
    EnvoyServerProtoData.FilterChainMatch filterChainMatch4 = EnvoyServerProtoData.FilterChainMatch.create(0, ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.1.0.0", 16), EnvoyServerProtoData.CidrRange.create("10.1.2.0", 30)), ImmutableList.of(), ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.4.2.0", 24)), EnvoyServerProtoData.ConnectionSourceType.EXTERNAL, ImmutableList.of(16000, 9000), ImmutableList.of(), "");
    EnvoyServerProtoData.FilterChain filterChain4 = EnvoyServerProtoData.FilterChain.create("filter-chain-4", filterChainMatch4, HTTP_CONNECTION_MANAGER, tlsContext4, tlsContextManager);
    // has prefix ranges with both matching and source type external and matching source port: this
    // gets selected
    EnvoyServerProtoData.FilterChainMatch filterChainMatch5 = EnvoyServerProtoData.FilterChainMatch.create(0, ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.1.0.0", 16), EnvoyServerProtoData.CidrRange.create("10.1.2.0", 30)), ImmutableList.of(), ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.4.2.0", 24), EnvoyServerProtoData.CidrRange.create("192.168.2.0", 24)), EnvoyServerProtoData.ConnectionSourceType.ANY, ImmutableList.of(15000, 8000), ImmutableList.of(), "");
    EnvoyServerProtoData.FilterChain filterChain5 = EnvoyServerProtoData.FilterChain.create("filter-chain-5", filterChainMatch5, HTTP_CONNECTION_MANAGER, tlsContext5, tlsContextManager);
    // has prefix range with prefixLen of 29: gets eliminated in step 2
    EnvoyServerProtoData.FilterChainMatch filterChainMatch6 = EnvoyServerProtoData.FilterChainMatch.create(0, ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.1.2.0", 29)), ImmutableList.of(), ImmutableList.of(), EnvoyServerProtoData.ConnectionSourceType.ANY, ImmutableList.of(), ImmutableList.of(), "");
    EnvoyServerProtoData.FilterChain filterChain6 = EnvoyServerProtoData.FilterChain.create("filter-chain-6", filterChainMatch6, HTTP_CONNECTION_MANAGER, tlsContext6, tlsContextManager);
    EnvoyServerProtoData.FilterChain defaultFilterChain = EnvoyServerProtoData.FilterChain.create("filter-chain-7", DEFAULT_FILTER_CHAIN_MATCH, HTTP_CONNECTION_MANAGER, null, tlsContextManager);
    Map<FilterChain, AtomicReference<ServerRoutingConfig>> map = new HashMap<>();
    map.put(filterChain1, randomConfig("1"));
    map.put(filterChain2, randomConfig("2"));
    map.put(filterChain3, randomConfig("3"));
    map.put(filterChain4, randomConfig("4"));
    map.put(filterChain5, noopConfig);
    map.put(filterChain6, randomConfig("6"));
    selectorManager.updateSelector(new FilterChainSelector(map, defaultFilterChain.sslContextProviderSupplier(), randomConfig("default")));
    FilterChainMatchingHandler filterChainMatchingHandler = new FilterChainMatchingHandler(grpcHandler, selectorManager, mockDelegate);
    ChannelHandler next = captureAttrHandler(sslSet, routingSettable);
    when(mockDelegate.newHandler(grpcHandler)).thenReturn(next);
    setupChannel(LOCAL_IP, REMOTE_IP, 15000, filterChainMatchingHandler);
    pipeline.fireUserEventTriggered(event);
    channel.runPendingTasks();
    assertThat(sslSet.get()).isEqualTo(filterChain5.sslContextProviderSupplier());
    assertThat(routingSettable.get()).isEqualTo(noopConfig);
    assertThat(sslSet.get().getTlsContext()).isSameInstanceAs(tlsContext5);
}
Also used : FilterChainSelector(io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler.FilterChainSelector) FilterChainMatchingHandler(io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler) HashMap(java.util.HashMap) DownstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext) FilterChain(io.grpc.xds.EnvoyServerProtoData.FilterChain) AtomicReference(java.util.concurrent.atomic.AtomicReference) ChannelHandler(io.netty.channel.ChannelHandler) FilterChain(io.grpc.xds.EnvoyServerProtoData.FilterChain) Test(org.junit.Test)

Example 70 with ChannelHandler

use of org.apache.flink.shaded.netty4.io.netty.channel.ChannelHandler in project grpc-java by grpc.

the class FilterChainMatchingProtocolNegotiatorsTest method sourcePortMatch_exactMatchWinsOverEmptyList.

@Test
public void sourcePortMatch_exactMatchWinsOverEmptyList() throws Exception {
    EnvoyServerProtoData.DownstreamTlsContext tlsContextEmptySourcePorts = CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT1", "VA1");
    EnvoyServerProtoData.FilterChainMatch filterChainMatchEmptySourcePorts = EnvoyServerProtoData.FilterChainMatch.create(0, ImmutableList.of(), ImmutableList.of(), ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.4.2.0", 24), EnvoyServerProtoData.CidrRange.create("10.4.2.2", 31)), EnvoyServerProtoData.ConnectionSourceType.ANY, ImmutableList.of(), ImmutableList.of(), "");
    EnvoyServerProtoData.FilterChain filterChainEmptySourcePorts = EnvoyServerProtoData.FilterChain.create("filter-chain-foo", filterChainMatchEmptySourcePorts, HTTP_CONNECTION_MANAGER, tlsContextEmptySourcePorts, tlsContextManager);
    EnvoyServerProtoData.DownstreamTlsContext tlsContextSourcePortMatch = CommonTlsContextTestsUtil.buildTestInternalDownstreamTlsContext("CERT2", "VA2");
    EnvoyServerProtoData.FilterChainMatch filterChainMatchSourcePortMatch = EnvoyServerProtoData.FilterChainMatch.create(0, ImmutableList.of(), ImmutableList.of(), ImmutableList.of(EnvoyServerProtoData.CidrRange.create("10.4.2.2", 31)), EnvoyServerProtoData.ConnectionSourceType.ANY, ImmutableList.of(7000, 15000), ImmutableList.of(), "");
    EnvoyServerProtoData.FilterChain filterChainSourcePortMatch = EnvoyServerProtoData.FilterChain.create("filter-chain-bar", filterChainMatchSourcePortMatch, HTTP_CONNECTION_MANAGER, tlsContextSourcePortMatch, tlsContextManager);
    EnvoyServerProtoData.FilterChain defaultFilterChain = EnvoyServerProtoData.FilterChain.create("filter-chain-baz", DEFAULT_FILTER_CHAIN_MATCH, HTTP_CONNECTION_MANAGER, null, tlsContextManager);
    selectorManager.updateSelector(new FilterChainSelector(ImmutableMap.of(filterChainEmptySourcePorts, randomConfig("no-match"), filterChainSourcePortMatch, noopConfig), defaultFilterChain.sslContextProviderSupplier(), randomConfig("default")));
    FilterChainMatchingHandler filterChainMatchingHandler = new FilterChainMatchingHandler(grpcHandler, selectorManager, mockDelegate);
    ChannelHandler next = captureAttrHandler(sslSet, routingSettable);
    when(mockDelegate.newHandler(grpcHandler)).thenReturn(next);
    setupChannel(LOCAL_IP, REMOTE_IP, 15000, filterChainMatchingHandler);
    pipeline.fireUserEventTriggered(event);
    channel.runPendingTasks();
    assertThat(sslSet.get()).isEqualTo(filterChainSourcePortMatch.sslContextProviderSupplier());
    assertThat(routingSettable.get()).isEqualTo(noopConfig);
    assertThat(sslSet.get().getTlsContext()).isSameInstanceAs(tlsContextSourcePortMatch);
}
Also used : FilterChainSelector(io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler.FilterChainSelector) FilterChainMatchingHandler(io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler) DownstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext) ChannelHandler(io.netty.channel.ChannelHandler) FilterChain(io.grpc.xds.EnvoyServerProtoData.FilterChain) Test(org.junit.Test)

Aggregations

ChannelHandler (io.netty.channel.ChannelHandler)216 Test (org.junit.Test)88 ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)44 Channel (io.netty.channel.Channel)27 ChannelPipeline (io.netty.channel.ChannelPipeline)26 SslHandler (io.netty.handler.ssl.SslHandler)25 Test (org.junit.jupiter.api.Test)24 EmbeddedChannel (io.netty.channel.embedded.EmbeddedChannel)23 ChannelInboundHandlerAdapter (io.netty.channel.ChannelInboundHandlerAdapter)21 FilterChainMatchingHandler (io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler)20 ChannelFuture (io.netty.channel.ChannelFuture)20 FilterChainSelector (io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler.FilterChainSelector)19 ChannelHandlerAdapter (io.netty.channel.ChannelHandlerAdapter)18 InetSocketAddress (java.net.InetSocketAddress)18 DownstreamTlsContext (io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext)17 FilterChain (io.grpc.xds.EnvoyServerProtoData.FilterChain)17 LineBasedFrameDecoder (io.netty.handler.codec.LineBasedFrameDecoder)16 AtomicReference (java.util.concurrent.atomic.AtomicReference)16 TcpIngester (com.wavefront.ingester.TcpIngester)15 ByteBuf (io.netty.buffer.ByteBuf)13