From 2fa0949245609c6ee9a27922cf3f65d74c0d189b Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Tue, 6 Nov 2018 15:01:09 +0200 Subject: [PATCH 01/37] add ForwardRequestedServerName FilterState Object Signed-off-by: Vadim Eisenberg --- source/common/stream_info/BUILD | 9 +++++++ .../forward_requested_server_name.cc | 10 ++++++++ .../forward_requested_server_name.h | 24 +++++++++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 source/common/stream_info/forward_requested_server_name.cc create mode 100644 source/common/stream_info/forward_requested_server_name.h diff --git a/source/common/stream_info/BUILD b/source/common/stream_info/BUILD index 639805f711f68..a932c2c8741e6 100644 --- a/source/common/stream_info/BUILD +++ b/source/common/stream_info/BUILD @@ -27,6 +27,15 @@ envoy_cc_library( ], ) +envoy_cc_library( + name = "forward_requested_server_name_lib", + srcs = ["forward_requested_server_name.cc"], + hdrs = ["forward_requested_server_name.h"], + deps = [ + "//include/envoy/stream_info:filter_state_interface", + ], +) + envoy_cc_library( name = "utility_lib", srcs = ["utility.cc"], diff --git a/source/common/stream_info/forward_requested_server_name.cc b/source/common/stream_info/forward_requested_server_name.cc new file mode 100644 index 0000000000000..c00d89f4da775 --- /dev/null +++ b/source/common/stream_info/forward_requested_server_name.cc @@ -0,0 +1,10 @@ +#include "common/stream_info/forward_requested_server_name.h" + +namespace Envoy { +namespace StreamInfo { + +const std::string ForwardRequestedServerName::Key = + "envoy.stream_info.forward_requested_server_name"; + +} // namespace StreamInfo +} // namespace Envoy diff --git a/source/common/stream_info/forward_requested_server_name.h b/source/common/stream_info/forward_requested_server_name.h new file mode 100644 index 0000000000000..ce3c925004b6d --- /dev/null +++ b/source/common/stream_info/forward_requested_server_name.h @@ -0,0 +1,24 @@ +#pragma once + +#include "envoy/stream_info/filter_state.h" + +#include "absl/strings/string_view.h" + +namespace Envoy { +namespace StreamInfo { + +/** + * Original Requested Server Name + */ +class ForwardRequestedServerName : public FilterState::Object { +public: + ForwardRequestedServerName(absl::string_view server_name) : server_name_(server_name) {} + const std::string& value() const { return server_name_; } + static const std::string Key; + +private: + const std::string server_name_; +}; + +} // namespace StreamInfo +} // namespace Envoy From 9701ce6bb191e278dd4974322450744a1a2f054b Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Tue, 6 Nov 2018 16:28:55 +0200 Subject: [PATCH 02/37] add functionality to override requested server name in the upstream cluster Signed-off-by: Vadim Eisenberg --- include/envoy/network/transport_socket.h | 7 +- include/envoy/upstream/cluster_manager.h | 15 +- include/envoy/upstream/upstream.h | 3 +- source/common/http/http1/conn_pool.cc | 2 +- source/common/http/http2/conn_pool.cc | 2 +- source/common/network/raw_buffer_socket.cc | 3 +- source/common/network/raw_buffer_socket.h | 3 +- source/common/ssl/context_impl.cc | 14 +- source/common/ssl/context_impl.h | 5 +- source/common/ssl/ssl_socket.cc | 17 +- source/common/ssl/ssl_socket.h | 9 +- source/common/tcp/conn_pool.cc | 8 +- source/common/tcp/conn_pool.h | 4 +- source/common/tcp_proxy/BUILD | 1 + source/common/tcp_proxy/tcp_proxy.cc | 17 +- .../common/upstream/cluster_manager_impl.cc | 32 +- source/common/upstream/cluster_manager_impl.h | 18 +- source/common/upstream/logical_dns_cluster.cc | 6 +- source/common/upstream/logical_dns_cluster.h | 3 +- source/common/upstream/upstream_impl.cc | 14 +- source/common/upstream/upstream_impl.h | 6 +- .../network/redis_proxy/conn_pool_impl.cc | 2 +- .../thrift_proxy/router/router_impl.cc | 2 +- .../filters/network/well_known_names.h | 2 + .../stat_sinks/common/statsd/statsd.cc | 4 +- .../transport_sockets/alts/tsi_socket.cc | 3 +- .../transport_sockets/alts/tsi_socket.h | 3 +- .../transport_sockets/capture/capture.cc | 6 +- .../transport_sockets/capture/capture.h | 3 +- .../config_validation/cluster_manager.cc | 5 +- .../config_validation/cluster_manager.h | 3 +- source/server/connection_handler_impl.cc | 3 +- .../grpc_client_integration_test_harness.h | 2 +- .../network/filter_manager_impl_test.cc | 2 +- test/common/ssl/ssl_socket_test.cc | 272 +++++++++------ test/common/tcp/conn_pool_test.cc | 4 +- test/common/tcp_proxy/BUILD | 1 + test/common/tcp_proxy/tcp_proxy_test.cc | 46 ++- .../upstream/cluster_manager_impl_test.cc | 321 +++++++++++++++--- .../upstream/logical_dns_cluster_test.cc | 9 +- .../upstream/original_dst_cluster_test.cc | 2 +- .../network/thrift_proxy/router_test.cc | 2 +- .../alts/alts_integration_test.cc | 3 +- .../transport_sockets/alts/tsi_socket_test.cc | 2 +- .../sds_dynamic_integration_test.cc | 5 +- .../sds_static_integration_test.cc | 5 +- test/integration/ssl_integration_test.cc | 13 +- .../tcp_conn_pool_integration_test.cc | 2 +- .../integration/tcp_proxy_integration_test.cc | 2 +- test/integration/xfcc_integration_test.cc | 6 +- test/mocks/network/mocks.h | 2 +- test/mocks/stream_info/mocks.cc | 2 + test/mocks/upstream/host.h | 6 +- test/mocks/upstream/mocks.cc | 2 +- test/mocks/upstream/mocks.h | 18 +- .../config_validation/cluster_manager_test.cc | 3 +- test/server/listener_manager_impl_test.cc | 51 +-- 57 files changed, 729 insertions(+), 279 deletions(-) diff --git a/include/envoy/network/transport_socket.h b/include/envoy/network/transport_socket.h index a4eb7d64938d9..b6bbdedbb65df 100644 --- a/include/envoy/network/transport_socket.h +++ b/include/envoy/network/transport_socket.h @@ -4,6 +4,8 @@ #include "envoy/common/pure.h" #include "envoy/ssl/connection.h" +#include "absl/types/optional.h" + namespace Envoy { namespace Network { @@ -149,9 +151,12 @@ class TransportSocketFactory { virtual bool implementsSecureTransport() const PURE; /** + * @param override_server_name set server name, disregard the value the factory was + * configured with * @return Network::TransportSocketPtr a transport socket to be passed to connection. */ - virtual TransportSocketPtr createTransportSocket() const PURE; + virtual TransportSocketPtr + createTransportSocket(absl::optional override_server_name) const PURE; }; typedef std::unique_ptr TransportSocketFactoryPtr; diff --git a/include/envoy/upstream/cluster_manager.h b/include/envoy/upstream/cluster_manager.h index c7e7aba180af7..58d2cf2c5b3e8 100644 --- a/include/envoy/upstream/cluster_manager.h +++ b/include/envoy/upstream/cluster_manager.h @@ -131,9 +131,10 @@ class ClusterManager { * Can return nullptr if there is no host available in the cluster or if the cluster does not * exist. */ - virtual Tcp::ConnectionPool::Instance* tcpConnPoolForCluster(const std::string& cluster, - ResourcePriority priority, - LoadBalancerContext* context) PURE; + virtual Tcp::ConnectionPool::Instance* + tcpConnPoolForCluster(const std::string& cluster, ResourcePriority priority, + LoadBalancerContext* context, + absl::optional override_server_name) PURE; /** * Allocate a load balanced TCP connection for a cluster. The created connection is already @@ -143,8 +144,9 @@ class ClusterManager { * Returns both a connection and the host that backs the connection. Both can be nullptr if there * is no host available in the cluster. */ - virtual Host::CreateConnectionData tcpConnForCluster(const std::string& cluster, - LoadBalancerContext* context) PURE; + virtual Host::CreateConnectionData + tcpConnForCluster(const std::string& cluster, LoadBalancerContext* context, + absl::optional override_server_name) PURE; /** * Returns a client that can be used to make async HTTP calls against the given cluster. The @@ -271,7 +273,8 @@ class ClusterManagerFactory { virtual Tcp::ConnectionPool::InstancePtr allocateTcpConnPool(Event::Dispatcher& dispatcher, HostConstSharedPtr host, ResourcePriority priority, - const Network::ConnectionSocket::OptionsSharedPtr& options) PURE; + const Network::ConnectionSocket::OptionsSharedPtr& options, + absl::optional override_server_name) PURE; /** * Allocate a cluster from configuration proto. diff --git a/include/envoy/upstream/upstream.h b/include/envoy/upstream/upstream.h index 9ec53847dae5d..3294918faf890 100644 --- a/include/envoy/upstream/upstream.h +++ b/include/envoy/upstream/upstream.h @@ -73,7 +73,8 @@ class Host : virtual public HostDescription { */ virtual CreateConnectionData createConnection(Event::Dispatcher& dispatcher, - const Network::ConnectionSocket::OptionsSharedPtr& options) const PURE; + const Network::ConnectionSocket::OptionsSharedPtr& options, + absl::optional override_server_name) const PURE; /** * Create a health check connection for this host. diff --git a/source/common/http/http1/conn_pool.cc b/source/common/http/http1/conn_pool.cc index 273e926518ae0..25438920d8d8e 100644 --- a/source/common/http/http1/conn_pool.cc +++ b/source/common/http/http1/conn_pool.cc @@ -316,7 +316,7 @@ ConnPoolImpl::ActiveClient::ActiveClient(ConnPoolImpl& parent) parent_.conn_connect_ms_ = std::make_unique( parent_.host_->cluster().stats().upstream_cx_connect_ms_, parent_.dispatcher_.timeSystem()); Upstream::Host::CreateConnectionData data = - parent_.host_->createConnection(parent_.dispatcher_, parent_.socket_options_); + parent_.host_->createConnection(parent_.dispatcher_, parent_.socket_options_, absl::nullopt); real_host_description_ = data.host_description_; codec_client_ = parent_.createCodecClient(data); codec_client_->addConnectionCallbacks(*this); diff --git a/source/common/http/http2/conn_pool.cc b/source/common/http/http2/conn_pool.cc index 91ff427d3a55a..abaa8b7821e7e 100644 --- a/source/common/http/http2/conn_pool.cc +++ b/source/common/http/http2/conn_pool.cc @@ -223,7 +223,7 @@ ConnPoolImpl::ActiveClient::ActiveClient(ConnPoolImpl& parent) parent_.conn_connect_ms_ = std::make_unique( parent_.host_->cluster().stats().upstream_cx_connect_ms_, parent_.dispatcher_.timeSystem()); Upstream::Host::CreateConnectionData data = - parent_.host_->createConnection(parent_.dispatcher_, parent_.socket_options_); + parent_.host_->createConnection(parent_.dispatcher_, parent_.socket_options_, absl::nullopt); real_host_description_ = data.host_description_; client_ = parent_.createCodecClient(data); client_->addConnectionCallbacks(*this); diff --git a/source/common/network/raw_buffer_socket.cc b/source/common/network/raw_buffer_socket.cc index 6987797052ecc..fcb1273676170 100644 --- a/source/common/network/raw_buffer_socket.cc +++ b/source/common/network/raw_buffer_socket.cc @@ -82,7 +82,8 @@ std::string RawBufferSocket::protocol() const { return EMPTY_STRING; } void RawBufferSocket::onConnected() { callbacks_->raiseEvent(ConnectionEvent::Connected); } -TransportSocketPtr RawBufferSocketFactory::createTransportSocket() const { +TransportSocketPtr +RawBufferSocketFactory::createTransportSocket(absl::optional) const { return std::make_unique(); } diff --git a/source/common/network/raw_buffer_socket.h b/source/common/network/raw_buffer_socket.h index 8b8b205ce38f2..c943d3e1da661 100644 --- a/source/common/network/raw_buffer_socket.h +++ b/source/common/network/raw_buffer_socket.h @@ -29,7 +29,8 @@ class RawBufferSocket : public TransportSocket, protected Logger::Loggable override_server_name) const override; bool implementsSecureTransport() const override; }; diff --git a/source/common/ssl/context_impl.cc b/source/common/ssl/context_impl.cc index 7929cadf2a102..2fd2eee4ea1a0 100644 --- a/source/common/ssl/context_impl.cc +++ b/source/common/ssl/context_impl.cc @@ -275,7 +275,7 @@ std::vector ContextImpl::parseAlpnProtocols(const std::string& alpn_pro return out; } -bssl::UniquePtr ContextImpl::newSsl() const { +bssl::UniquePtr ContextImpl::newSsl(absl::optional) const { return bssl::UniquePtr(SSL_new(ctx_.get())); } @@ -498,11 +498,15 @@ ClientContextImpl::ClientContextImpl(Stats::Scope& scope, const ClientContextCon } } -bssl::UniquePtr ClientContextImpl::newSsl() const { - bssl::UniquePtr ssl_con(ContextImpl::newSsl()); +bssl::UniquePtr +ClientContextImpl::newSsl(absl::optional override_server_name) const { + bssl::UniquePtr ssl_con(ContextImpl::newSsl(absl::nullopt)); - if (!server_name_indication_.empty()) { - int rc = SSL_set_tlsext_host_name(ssl_con.get(), server_name_indication_.c_str()); + std::string server_name_indication = + override_server_name.has_value() ? override_server_name.value() : server_name_indication_; + + if (!server_name_indication.empty()) { + int rc = SSL_set_tlsext_host_name(ssl_con.get(), server_name_indication.c_str()); RELEASE_ASSERT(rc, ""); } diff --git a/source/common/ssl/context_impl.h b/source/common/ssl/context_impl.h index f1cf16d118c3b..4fb733df025be 100644 --- a/source/common/ssl/context_impl.h +++ b/source/common/ssl/context_impl.h @@ -11,6 +11,7 @@ #include "common/ssl/context_manager_impl.h" +#include "absl/types/optional.h" #include "openssl/ssl.h" namespace Envoy { @@ -41,7 +42,7 @@ struct SslStats { class ContextImpl : public virtual Context { public: - virtual bssl::UniquePtr newSsl() const; + virtual bssl::UniquePtr newSsl(absl::optional override_server_name) const; /** * Logs successful TLS handshake and updates stats. @@ -142,7 +143,7 @@ class ClientContextImpl : public ContextImpl, public ClientContext { ClientContextImpl(Stats::Scope& scope, const ClientContextConfig& config, TimeSource& time_source); - bssl::UniquePtr newSsl() const override; + bssl::UniquePtr newSsl(absl::optional override_server_name) const override; private: const std::string server_name_indication_; diff --git a/source/common/ssl/ssl_socket.cc b/source/common/ssl/ssl_socket.cc index 08e4b257efcb1..235b618bc55bc 100644 --- a/source/common/ssl/ssl_socket.cc +++ b/source/common/ssl/ssl_socket.cc @@ -35,8 +35,9 @@ class NotReadySslSocket : public Network::TransportSocket { }; } // namespace -SslSocket::SslSocket(ContextSharedPtr ctx, InitialState state) - : ctx_(std::dynamic_pointer_cast(ctx)), ssl_(ctx_->newSsl()) { +SslSocket::SslSocket(ContextSharedPtr ctx, InitialState state, + absl::optional override_server_name) + : ctx_(std::dynamic_pointer_cast(ctx)), ssl_(ctx_->newSsl(override_server_name)) { if (state == InitialState::Client) { SSL_set_connect_state(ssl_.get()); } else { @@ -370,7 +371,8 @@ ClientSslSocketFactory::ClientSslSocketFactory(ClientContextConfigPtr config, config_->setSecretUpdateCallback([this]() { onAddOrUpdateSecret(); }); } -Network::TransportSocketPtr ClientSslSocketFactory::createTransportSocket() const { +Network::TransportSocketPtr ClientSslSocketFactory::createTransportSocket( + absl::optional override_server_name) const { // onAddOrUpdateSecret() could be invoked in the middle of checking the existence of ssl_ctx and // creating SslSocket using ssl_ctx. Capture ssl_ctx_ into a local variable so that we check and // use the same ssl_ctx to create SslSocket. @@ -380,7 +382,8 @@ Network::TransportSocketPtr ClientSslSocketFactory::createTransportSocket() cons ssl_ctx = ssl_ctx_; } if (ssl_ctx) { - return std::make_unique(std::move(ssl_ctx), Ssl::InitialState::Client); + return std::make_unique(std::move(ssl_ctx), Ssl::InitialState::Client, + override_server_name); } else { ENVOY_LOG(debug, "Create NotReadySslSocket"); stats_.upstream_context_secrets_not_ready_.inc(); @@ -409,7 +412,8 @@ ServerSslSocketFactory::ServerSslSocketFactory(ServerContextConfigPtr config, config_->setSecretUpdateCallback([this]() { onAddOrUpdateSecret(); }); } -Network::TransportSocketPtr ServerSslSocketFactory::createTransportSocket() const { +Network::TransportSocketPtr +ServerSslSocketFactory::createTransportSocket(absl::optional) const { // onAddOrUpdateSecret() could be invoked in the middle of checking the existence of ssl_ctx and // creating SslSocket using ssl_ctx. Capture ssl_ctx_ into a local variable so that we check and // use the same ssl_ctx to create SslSocket. @@ -419,7 +423,8 @@ Network::TransportSocketPtr ServerSslSocketFactory::createTransportSocket() cons ssl_ctx = ssl_ctx_; } if (ssl_ctx) { - return std::make_unique(std::move(ssl_ctx), Ssl::InitialState::Server); + return std::make_unique(std::move(ssl_ctx), Ssl::InitialState::Server, + absl::nullopt); } else { ENVOY_LOG(debug, "Create NotReadySslSocket"); stats_.downstream_context_secrets_not_ready_.inc(); diff --git a/source/common/ssl/ssl_socket.h b/source/common/ssl/ssl_socket.h index babcd7ac1ca69..bf43cd493545b 100644 --- a/source/common/ssl/ssl_socket.h +++ b/source/common/ssl/ssl_socket.h @@ -39,7 +39,8 @@ class SslSocket : public Network::TransportSocket, public Connection, protected Logger::Loggable { public: - SslSocket(ContextSharedPtr ctx, InitialState state); + SslSocket(ContextSharedPtr ctx, InitialState state, + absl::optional override_server_name); // Ssl::Connection bool peerCertificatePresented() const override; @@ -87,7 +88,8 @@ class ClientSslSocketFactory : public Network::TransportSocketFactory, ClientSslSocketFactory(ClientContextConfigPtr config, Ssl::ContextManager& manager, Stats::Scope& stats_scope); - Network::TransportSocketPtr createTransportSocket() const override; + Network::TransportSocketPtr + createTransportSocket(absl::optional override_server_name) const override; bool implementsSecureTransport() const override; // Secret::SecretCallbacks @@ -109,7 +111,8 @@ class ServerSslSocketFactory : public Network::TransportSocketFactory, ServerSslSocketFactory(ServerContextConfigPtr config, Ssl::ContextManager& manager, Stats::Scope& stats_scope, const std::vector& server_names); - Network::TransportSocketPtr createTransportSocket() const override; + Network::TransportSocketPtr + createTransportSocket(absl::optional override_server_name) const override; bool implementsSecureTransport() const override; // Secret::SecretCallbacks diff --git a/source/common/tcp/conn_pool.cc b/source/common/tcp/conn_pool.cc index 4ab2c6e5151f6..02c09725cf063 100644 --- a/source/common/tcp/conn_pool.cc +++ b/source/common/tcp/conn_pool.cc @@ -11,8 +11,10 @@ namespace Tcp { ConnPoolImpl::ConnPoolImpl(Event::Dispatcher& dispatcher, Upstream::HostConstSharedPtr host, Upstream::ResourcePriority priority, - const Network::ConnectionSocket::OptionsSharedPtr& options) + const Network::ConnectionSocket::OptionsSharedPtr& options, + absl::optional override_server_name) : dispatcher_(dispatcher), host_(host), priority_(priority), socket_options_(options), + override_server_name_(override_server_name), upstream_ready_timer_(dispatcher_.createTimer([this]() { onUpstreamReady(); })) {} ConnPoolImpl::~ConnPoolImpl() { @@ -356,8 +358,8 @@ ConnPoolImpl::ActiveConn::ActiveConn(ConnPoolImpl& parent) parent_.conn_connect_ms_ = std::make_unique( parent_.host_->cluster().stats().upstream_cx_connect_ms_, parent_.dispatcher_.timeSystem()); - Upstream::Host::CreateConnectionData data = - parent_.host_->createConnection(parent_.dispatcher_, parent_.socket_options_); + Upstream::Host::CreateConnectionData data = parent_.host_->createConnection( + parent_.dispatcher_, parent_.socket_options_, parent_.override_server_name_); real_host_description_ = data.host_description_; conn_ = std::move(data.connection_); diff --git a/source/common/tcp/conn_pool.h b/source/common/tcp/conn_pool.h index e484eef80e1f4..c2602ec9109c2 100644 --- a/source/common/tcp/conn_pool.h +++ b/source/common/tcp/conn_pool.h @@ -22,7 +22,8 @@ class ConnPoolImpl : Logger::Loggable, public ConnectionPool:: public: ConnPoolImpl(Event::Dispatcher& dispatcher, Upstream::HostConstSharedPtr host, Upstream::ResourcePriority priority, - const Network::ConnectionSocket::OptionsSharedPtr& options); + const Network::ConnectionSocket::OptionsSharedPtr& options, + absl::optional override_server_name); ~ConnPoolImpl(); @@ -148,6 +149,7 @@ class ConnPoolImpl : Logger::Loggable, public ConnectionPool:: Upstream::HostConstSharedPtr host_; Upstream::ResourcePriority priority_; const Network::ConnectionSocket::OptionsSharedPtr socket_options_; + absl::optional override_server_name_; std::list pending_conns_; // conns awaiting connected event std::list ready_conns_; // conns ready for assignment diff --git a/source/common/tcp_proxy/BUILD b/source/common/tcp_proxy/BUILD index 0d51ab033a0d2..00e458984c851 100644 --- a/source/common/tcp_proxy/BUILD +++ b/source/common/tcp_proxy/BUILD @@ -36,6 +36,7 @@ envoy_cc_library( "//source/common/network:filter_lib", "//source/common/network:utility_lib", "//source/common/router:metadatamatchcriteria_lib", + "//source/common/stream_info:forward_requested_server_name_lib", "//source/common/stream_info:stream_info_lib", "//source/common/upstream:load_balancer_lib", "@envoy_api//envoy/config/filter/network/tcp_proxy/v2:tcp_proxy_cc", diff --git a/source/common/tcp_proxy/tcp_proxy.cc b/source/common/tcp_proxy/tcp_proxy.cc index 6bb77c64e7f42..45c4aec818e8d 100644 --- a/source/common/tcp_proxy/tcp_proxy.cc +++ b/source/common/tcp_proxy/tcp_proxy.cc @@ -18,11 +18,13 @@ #include "common/common/utility.h" #include "common/config/well_known_names.h" #include "common/router/metadatamatchcriteria_impl.h" +#include "common/stream_info/forward_requested_server_name.h" namespace Envoy { namespace TcpProxy { const std::string PerConnectionCluster::Key = "envoy.tcp_proxy.cluster"; +using ::Envoy::StreamInfo::ForwardRequestedServerName; Config::Route::Route( const envoy::config::filter::network::tcp_proxy::v2::TcpProxy::DeprecatedV1::TCPRoute& config) { @@ -358,8 +360,21 @@ Network::FilterStatus Filter::initializeUpstreamConnection() { return Network::FilterStatus::StopIteration; } + absl::optional override_server_name; + + if (downstreamConnection() && + downstreamConnection()->streamInfo().filterState().hasData( + ForwardRequestedServerName::Key)) { + const auto& original_requested_server_name = + downstreamConnection() + ->streamInfo() + .filterState() + .getDataReadOnly(ForwardRequestedServerName::Key); + override_server_name = original_requested_server_name.value(); + } + Tcp::ConnectionPool::Instance* conn_pool = cluster_manager_.tcpConnPoolForCluster( - cluster_name, Upstream::ResourcePriority::Default, this); + cluster_name, Upstream::ResourcePriority::Default, this, override_server_name); if (!conn_pool) { // Either cluster is unknown or there are no healthy hosts. tcpConnPoolForCluster() increments // cluster->stats().upstream_cx_none_healthy in the latter case. diff --git a/source/common/upstream/cluster_manager_impl.cc b/source/common/upstream/cluster_manager_impl.cc index 06ee71363572e..7335cd983135e 100644 --- a/source/common/upstream/cluster_manager_impl.cc +++ b/source/common/upstream/cluster_manager_impl.cc @@ -667,7 +667,8 @@ ClusterManagerImpl::httpConnPoolForCluster(const std::string& cluster, ResourceP Tcp::ConnectionPool::Instance* ClusterManagerImpl::tcpConnPoolForCluster(const std::string& cluster, ResourcePriority priority, - LoadBalancerContext* context) { + LoadBalancerContext* context, + absl::optional override_server_name) { ThreadLocalClusterManagerImpl& cluster_manager = tls_->getTyped(); auto entry = cluster_manager.thread_local_clusters_.find(cluster); @@ -676,7 +677,7 @@ ClusterManagerImpl::tcpConnPoolForCluster(const std::string& cluster, ResourcePr } // Select a host and create a connection pool for it if it does not already exist. - return entry->second->tcpConnPool(priority, context); + return entry->second->tcpConnPool(priority, context, override_server_name); } void ClusterManagerImpl::postThreadLocalClusterUpdate(const Cluster& cluster, uint32_t priority, @@ -706,8 +707,9 @@ void ClusterManagerImpl::postThreadLocalHealthFailure(const HostSharedPtr& host) [this, host] { ThreadLocalClusterManagerImpl::onHostHealthFailure(host, *tls_); }); } -Host::CreateConnectionData ClusterManagerImpl::tcpConnForCluster(const std::string& cluster, - LoadBalancerContext* context) { +Host::CreateConnectionData +ClusterManagerImpl::tcpConnForCluster(const std::string& cluster, LoadBalancerContext* context, + absl::optional override_server_name) { ThreadLocalClusterManagerImpl& cluster_manager = tls_->getTyped(); auto entry = cluster_manager.thread_local_clusters_.find(cluster); @@ -717,8 +719,8 @@ Host::CreateConnectionData ClusterManagerImpl::tcpConnForCluster(const std::stri HostConstSharedPtr logical_host = entry->second->lb_->chooseHost(context); if (logical_host) { - auto conn_info = - logical_host->createConnection(cluster_manager.thread_local_dispatcher_, nullptr); + auto conn_info = logical_host->createConnection(cluster_manager.thread_local_dispatcher_, + nullptr, override_server_name); if ((entry->second->cluster_info_->features() & ClusterInfo::Features::CLOSE_CONNECTIONS_ON_HOST_HEALTH_FAILURE) && conn_info.connection_ != nullptr) { @@ -1130,7 +1132,8 @@ ClusterManagerImpl::ThreadLocalClusterManagerImpl::ClusterEntry::connPool( Tcp::ConnectionPool::Instance* ClusterManagerImpl::ThreadLocalClusterManagerImpl::ClusterEntry::tcpConnPool( - ResourcePriority priority, LoadBalancerContext* context) { + ResourcePriority priority, LoadBalancerContext* context, + absl::optional override_server_name) { HostConstSharedPtr host = lb_->chooseHost(context); if (!host) { ENVOY_LOG(debug, "no healthy host for TCP connection pool"); @@ -1156,11 +1159,19 @@ ClusterManagerImpl::ThreadLocalClusterManagerImpl::ClusterEntry::tcpConnPool( } } + // add the server-name-to-override to the hash key, so the pool will contain + // connections with the identical requested server name + if (override_server_name.has_value()) { + std::hash hash_function; + hash_key.push_back(hash_function(override_server_name.value())); + } + TcpConnPoolsContainer& container = parent_.host_tcp_conn_pool_map_[host]; if (!container.pools_[hash_key]) { container.pools_[hash_key] = parent_.parent_.factory_.allocateTcpConnPool( parent_.thread_local_dispatcher_, host, priority, - have_options ? context->downstreamConnection()->socketOptions() : nullptr); + have_options ? context->downstreamConnection()->socketOptions() : nullptr, + override_server_name); } return container.pools_[hash_key].get(); @@ -1191,9 +1202,10 @@ Http::ConnectionPool::InstancePtr ProdClusterManagerFactory::allocateConnPool( Tcp::ConnectionPool::InstancePtr ProdClusterManagerFactory::allocateTcpConnPool( Event::Dispatcher& dispatcher, HostConstSharedPtr host, ResourcePriority priority, - const Network::ConnectionSocket::OptionsSharedPtr& options) { + const Network::ConnectionSocket::OptionsSharedPtr& options, + absl::optional override_server_name) { return Tcp::ConnectionPool::InstancePtr{ - new Tcp::ConnPoolImpl(dispatcher, host, priority, options)}; + new Tcp::ConnPoolImpl(dispatcher, host, priority, options, override_server_name)}; } ClusterSharedPtr ProdClusterManagerFactory::clusterFromProto( diff --git a/source/common/upstream/cluster_manager_impl.h b/source/common/upstream/cluster_manager_impl.h index 6e1087c7b410e..544753fe18e1f 100644 --- a/source/common/upstream/cluster_manager_impl.h +++ b/source/common/upstream/cluster_manager_impl.h @@ -57,7 +57,8 @@ class ProdClusterManagerFactory : public ClusterManagerFactory { Tcp::ConnectionPool::InstancePtr allocateTcpConnPool(Event::Dispatcher& dispatcher, HostConstSharedPtr host, ResourcePriority priority, - const Network::ConnectionSocket::OptionsSharedPtr& options) override; + const Network::ConnectionSocket::OptionsSharedPtr& options, + absl::optional override_server_name) override; ClusterSharedPtr clusterFromProto(const envoy::api::v2::Cluster& cluster, ClusterManager& cm, Outlier::EventLoggerSharedPtr outlier_event_logger, AccessLog::AccessLogManager& log_manager, @@ -187,11 +188,13 @@ class ClusterManagerImpl : public ClusterManager, Logger::Loggable override_server_name) override; + Host::CreateConnectionData + tcpConnForCluster(const std::string& cluster, LoadBalancerContext* context, + absl::optional override_server_name) override; Http::AsyncClient& httpAsyncClientForCluster(const std::string& cluster) override; bool removeCluster(const std::string& cluster) override; void shutdown() override { @@ -274,7 +277,8 @@ class ClusterManagerImpl : public ClusterManager, Logger::Loggable override_server_name); // Upstream::ThreadLocalCluster const PrioritySet& prioritySet() override { return priority_set_; } diff --git a/source/common/upstream/logical_dns_cluster.cc b/source/common/upstream/logical_dns_cluster.cc index 7a26b09546533..466babbd93d0c 100644 --- a/source/common/upstream/logical_dns_cluster.cc +++ b/source/common/upstream/logical_dns_cluster.cc @@ -141,12 +141,12 @@ void LogicalDnsCluster::startResolve() { } Upstream::Host::CreateConnectionData LogicalDnsCluster::LogicalHost::createConnection( - Event::Dispatcher& dispatcher, - const Network::ConnectionSocket::OptionsSharedPtr& options) const { + Event::Dispatcher& dispatcher, const Network::ConnectionSocket::OptionsSharedPtr& options, + absl::optional override_server_name) const { PerThreadCurrentHostData& data = parent_.tls_->getTyped(); ASSERT(data.current_resolved_address_); return {HostImpl::createConnection(dispatcher, *parent_.info_, data.current_resolved_address_, - options), + options, override_server_name), HostDescriptionConstSharedPtr{ new RealHostDescription(data.current_resolved_address_, parent_.localityLbEndpoint(), parent_.lbEndpoint(), shared_from_this())}}; diff --git a/source/common/upstream/logical_dns_cluster.h b/source/common/upstream/logical_dns_cluster.h index be27f3f8443f0..bbf8f09ed8f5c 100644 --- a/source/common/upstream/logical_dns_cluster.h +++ b/source/common/upstream/logical_dns_cluster.h @@ -53,7 +53,8 @@ class LogicalDnsCluster : public ClusterImplBase { // Upstream::Host CreateConnectionData createConnection(Event::Dispatcher& dispatcher, - const Network::ConnectionSocket::OptionsSharedPtr& options) const override; + const Network::ConnectionSocket::OptionsSharedPtr& options, + absl::optional override_server_name) const override; // Upstream::HostDescription // Override setting health check address, since for logical DNS the registered host has 0.0.0.0 diff --git a/source/common/upstream/upstream_impl.cc b/source/common/upstream/upstream_impl.cc index c532e462bfbfe..22cf8db3eb8b0 100644 --- a/source/common/upstream/upstream_impl.cc +++ b/source/common/upstream/upstream_impl.cc @@ -148,20 +148,23 @@ parseExtensionProtocolOptions(const envoy::api::v2::Cluster& config) { Host::CreateConnectionData HostImpl::createConnection(Event::Dispatcher& dispatcher, - const Network::ConnectionSocket::OptionsSharedPtr& options) const { - return {createConnection(dispatcher, *cluster_, address_, options), shared_from_this()}; + const Network::ConnectionSocket::OptionsSharedPtr& options, + absl::optional override_server_name) const { + return {createConnection(dispatcher, *cluster_, address_, options, override_server_name), + shared_from_this()}; } Host::CreateConnectionData HostImpl::createHealthCheckConnection(Event::Dispatcher& dispatcher) const { - return {createConnection(dispatcher, *cluster_, healthCheckAddress(), nullptr), + return {createConnection(dispatcher, *cluster_, healthCheckAddress(), nullptr, absl::nullopt), shared_from_this()}; } Network::ClientConnectionPtr HostImpl::createConnection(Event::Dispatcher& dispatcher, const ClusterInfo& cluster, Network::Address::InstanceConstSharedPtr address, - const Network::ConnectionSocket::OptionsSharedPtr& options) { + const Network::ConnectionSocket::OptionsSharedPtr& options, + absl::optional override_server_name) { Network::ConnectionSocket::OptionsSharedPtr connection_options; if (cluster.clusterSocketOptions() != nullptr) { if (options) { @@ -177,7 +180,8 @@ HostImpl::createConnection(Event::Dispatcher& dispatcher, const ClusterInfo& clu } Network::ClientConnectionPtr connection = dispatcher.createClientConnection( - address, cluster.sourceAddress(), cluster.transportSocketFactory().createTransportSocket(), + address, cluster.sourceAddress(), + cluster.transportSocketFactory().createTransportSocket(override_server_name), connection_options); connection->setBufferLimits(cluster.perConnectionBufferLimitBytes()); return connection; diff --git a/source/common/upstream/upstream_impl.h b/source/common/upstream/upstream_impl.h index 3d17e97ccafda..6e68fb7b17c87 100644 --- a/source/common/upstream/upstream_impl.h +++ b/source/common/upstream/upstream_impl.h @@ -173,7 +173,8 @@ class HostImpl : public HostDescriptionImpl, std::vector counters() const override { return stats_store_.counters(); } CreateConnectionData createConnection(Event::Dispatcher& dispatcher, - const Network::ConnectionSocket::OptionsSharedPtr& options) const override; + const Network::ConnectionSocket::OptionsSharedPtr& options, + absl::optional override_server_name) const override; CreateConnectionData createHealthCheckConnection(Event::Dispatcher& dispatcher) const override; std::vector gauges() const override { return stats_store_.gauges(); } void healthFlagClear(HealthFlag flag) override { health_flags_ &= ~enumToInt(flag); } @@ -203,7 +204,8 @@ class HostImpl : public HostDescriptionImpl, static Network::ClientConnectionPtr createConnection(Event::Dispatcher& dispatcher, const ClusterInfo& cluster, Network::Address::InstanceConstSharedPtr address, - const Network::ConnectionSocket::OptionsSharedPtr& options); + const Network::ConnectionSocket::OptionsSharedPtr& options, + absl::optional override_server_name); private: std::atomic health_flags_{}; diff --git a/source/extensions/filters/network/redis_proxy/conn_pool_impl.cc b/source/extensions/filters/network/redis_proxy/conn_pool_impl.cc index a44b08fc8f9c3..ccfbc936c4358 100644 --- a/source/extensions/filters/network/redis_proxy/conn_pool_impl.cc +++ b/source/extensions/filters/network/redis_proxy/conn_pool_impl.cc @@ -23,7 +23,7 @@ ClientPtr ClientImpl::create(Upstream::HostConstSharedPtr host, Event::Dispatche std::unique_ptr client( new ClientImpl(host, dispatcher, std::move(encoder), decoder_factory, config)); - client->connection_ = host->createConnection(dispatcher, nullptr).connection_; + client->connection_ = host->createConnection(dispatcher, nullptr, absl::nullopt).connection_; client->connection_->addConnectionCallbacks(*client); client->connection_->addReadFilter(Network::ReadFilterSharedPtr{new UpstreamReadFilter(*client)}); client->connection_->connect(); diff --git a/source/extensions/filters/network/thrift_proxy/router/router_impl.cc b/source/extensions/filters/network/thrift_proxy/router/router_impl.cc index 1cdd87c8bcb1a..ef36eabfe6242 100644 --- a/source/extensions/filters/network/thrift_proxy/router/router_impl.cc +++ b/source/extensions/filters/network/thrift_proxy/router/router_impl.cc @@ -246,7 +246,7 @@ FilterStatus Router::messageBegin(MessageMetadataSharedPtr metadata) { ASSERT(protocol != ProtocolType::Auto); Tcp::ConnectionPool::Instance* conn_pool = cluster_manager_.tcpConnPoolForCluster( - route_entry_->clusterName(), Upstream::ResourcePriority::Default, this); + route_entry_->clusterName(), Upstream::ResourcePriority::Default, this, absl::nullopt); if (!conn_pool) { callbacks_->sendLocalReply( AppException(AppExceptionType::InternalError, diff --git a/source/extensions/filters/network/well_known_names.h b/source/extensions/filters/network/well_known_names.h index 6a68c32223c41..f007ba06674a6 100644 --- a/source/extensions/filters/network/well_known_names.h +++ b/source/extensions/filters/network/well_known_names.h @@ -36,6 +36,8 @@ class NetworkFilterNameValues { const std::string Rbac = "envoy.filters.network.rbac"; // SNI Cluster filter const std::string SniCluster = "envoy.filters.network.sni_cluster"; + // Forward Original SNI filter + const std::string ForwardOriginalSni = "envoy.filters.network.forward_original_sni"; // Converts names from v1 to v2 const Config::V1Converter v1_converter_; diff --git a/source/extensions/stat_sinks/common/statsd/statsd.cc b/source/extensions/stat_sinks/common/statsd/statsd.cc index ba848e4aac26d..af686c449a97d 100644 --- a/source/extensions/stat_sinks/common/statsd/statsd.cc +++ b/source/extensions/stat_sinks/common/statsd/statsd.cc @@ -232,8 +232,8 @@ void TcpStatsdSink::TlsSink::write(Buffer::Instance& buffer) { } if (!connection_) { - Upstream::Host::CreateConnectionData info = - parent_.cluster_manager_.tcpConnForCluster(parent_.cluster_info_->name(), nullptr); + Upstream::Host::CreateConnectionData info = parent_.cluster_manager_.tcpConnForCluster( + parent_.cluster_info_->name(), nullptr, absl::nullopt); if (!info.connection_) { return; } diff --git a/source/extensions/transport_sockets/alts/tsi_socket.cc b/source/extensions/transport_sockets/alts/tsi_socket.cc index 562d3c9b674cd..586bf91e89473 100644 --- a/source/extensions/transport_sockets/alts/tsi_socket.cc +++ b/source/extensions/transport_sockets/alts/tsi_socket.cc @@ -249,7 +249,8 @@ TsiSocketFactory::TsiSocketFactory(HandshakerFactory handshaker_factory, bool TsiSocketFactory::implementsSecureTransport() const { return true; } -Network::TransportSocketPtr TsiSocketFactory::createTransportSocket() const { +Network::TransportSocketPtr +TsiSocketFactory::createTransportSocket(absl::optional) const { return std::make_unique(handshaker_factory_, handshake_validator_); } diff --git a/source/extensions/transport_sockets/alts/tsi_socket.h b/source/extensions/transport_sockets/alts/tsi_socket.h index 70f8a1d7aeff0..16466af2acb3e 100644 --- a/source/extensions/transport_sockets/alts/tsi_socket.h +++ b/source/extensions/transport_sockets/alts/tsi_socket.h @@ -98,7 +98,8 @@ class TsiSocketFactory : public Network::TransportSocketFactory { TsiSocketFactory(HandshakerFactory handshaker_factory, HandshakeValidator handshake_validator); bool implementsSecureTransport() const override; - Network::TransportSocketPtr createTransportSocket() const override; + Network::TransportSocketPtr + createTransportSocket(absl::optional override_server_name) const override; private: HandshakerFactory handshaker_factory_; diff --git a/source/extensions/transport_sockets/capture/capture.cc b/source/extensions/transport_sockets/capture/capture.cc index a1a5df79b39bc..008a3b1a2f959 100644 --- a/source/extensions/transport_sockets/capture/capture.cc +++ b/source/extensions/transport_sockets/capture/capture.cc @@ -99,9 +99,11 @@ CaptureSocketFactory::CaptureSocketFactory( : path_prefix_(path_prefix), format_(format), transport_socket_factory_(std::move(transport_socket_factory)), time_system_(time_system) {} -Network::TransportSocketPtr CaptureSocketFactory::createTransportSocket() const { +Network::TransportSocketPtr +CaptureSocketFactory::createTransportSocket(absl::optional) const { return std::make_unique( - path_prefix_, format_, transport_socket_factory_->createTransportSocket(), time_system_); + path_prefix_, format_, transport_socket_factory_->createTransportSocket(absl::nullopt), + time_system_); } bool CaptureSocketFactory::implementsSecureTransport() const { diff --git a/source/extensions/transport_sockets/capture/capture.h b/source/extensions/transport_sockets/capture/capture.h index f7031146718ca..9203623632103 100644 --- a/source/extensions/transport_sockets/capture/capture.h +++ b/source/extensions/transport_sockets/capture/capture.h @@ -49,7 +49,8 @@ class CaptureSocketFactory : public Network::TransportSocketFactory { Event::TimeSystem& time_system); // Network::TransportSocketFactory - Network::TransportSocketPtr createTransportSocket() const override; + Network::TransportSocketPtr + createTransportSocket(absl::optional override_server_name) const override; bool implementsSecureTransport() const override; private: diff --git a/source/server/config_validation/cluster_manager.cc b/source/server/config_validation/cluster_manager.cc index 27507b203fce2..2ce755a2f2b68 100644 --- a/source/server/config_validation/cluster_manager.cc +++ b/source/server/config_validation/cluster_manager.cc @@ -48,8 +48,9 @@ ValidationClusterManager::httpConnPoolForCluster(const std::string&, ResourcePri return nullptr; } -Host::CreateConnectionData ValidationClusterManager::tcpConnForCluster(const std::string&, - LoadBalancerContext*) { +Host::CreateConnectionData +ValidationClusterManager::tcpConnForCluster(const std::string&, LoadBalancerContext*, + absl::optional) { return Host::CreateConnectionData{nullptr, nullptr}; } diff --git a/source/server/config_validation/cluster_manager.h b/source/server/config_validation/cluster_manager.h index 85bc6429dc7ea..8cba693e22303 100644 --- a/source/server/config_validation/cluster_manager.h +++ b/source/server/config_validation/cluster_manager.h @@ -52,7 +52,8 @@ class ValidationClusterManager : public ClusterManagerImpl { Http::ConnectionPool::Instance* httpConnPoolForCluster(const std::string&, ResourcePriority, Http::Protocol, LoadBalancerContext*) override; - Host::CreateConnectionData tcpConnForCluster(const std::string&, LoadBalancerContext*) override; + Host::CreateConnectionData tcpConnForCluster(const std::string&, LoadBalancerContext*, + absl::optional) override; Http::AsyncClient& httpAsyncClientForCluster(const std::string&) override; private: diff --git a/source/server/connection_handler_impl.cc b/source/server/connection_handler_impl.cc index f2c830476f39c..4d9673938862c 100644 --- a/source/server/connection_handler_impl.cc +++ b/source/server/connection_handler_impl.cc @@ -213,7 +213,8 @@ void ConnectionHandlerImpl::ActiveListener::newConnection(Network::ConnectionSoc return; } - auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + auto transport_socket = + filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); Network::ConnectionPtr new_connection = parent_.dispatcher_.createServerConnection(std::move(socket), std::move(transport_socket)); new_connection->setBufferLimits(config_.perConnectionBufferLimitBytes()); diff --git a/test/common/grpc/grpc_client_integration_test_harness.h b/test/common/grpc/grpc_client_integration_test_harness.h index ffe14eb12289c..d39dc2a70cbde 100644 --- a/test/common/grpc/grpc_client_integration_test_harness.h +++ b/test/common/grpc/grpc_client_integration_test_harness.h @@ -474,7 +474,7 @@ class GrpcSslClientIntegrationTest : public GrpcClientIntegrationTest { ON_CALL(*mock_cluster_info_, transportSocketFactory()) .WillByDefault(ReturnRef(*mock_cluster_info_->transport_socket_factory_)); async_client_transport_socket_ = - mock_cluster_info_->transport_socket_factory_->createTransportSocket(); + mock_cluster_info_->transport_socket_factory_->createTransportSocket(absl::nullopt); fake_upstream_ = std::make_unique(createUpstreamSslContext(), 0, FakeHttpConnection::Type::HTTP2, ipVersion(), test_time_.timeSystem()); diff --git a/test/common/network/filter_manager_impl_test.cc b/test/common/network/filter_manager_impl_test.cc index b3a26858caa76..0889045caae18 100644 --- a/test/common/network/filter_manager_impl_test.cc +++ b/test/common/network/filter_manager_impl_test.cc @@ -204,7 +204,7 @@ TEST_F(NetworkFilterManagerTest, RateLimitAndTcpProxy) { EXPECT_EQ(manager.initializeReadFilters(), true); - EXPECT_CALL(factory_context.cluster_manager_, tcpConnPoolForCluster("fake_cluster", _, _)) + EXPECT_CALL(factory_context.cluster_manager_, tcpConnPoolForCluster("fake_cluster", _, _, _)) .WillOnce(Return(&conn_pool)); request_callbacks->complete(RateLimit::LimitStatus::OK, nullptr); diff --git a/test/common/ssl/ssl_socket_test.cc b/test/common/ssl/ssl_socket_test.cc index fc01618120349..30cffc82de80c 100644 --- a/test/common/ssl/ssl_socket_test.cc +++ b/test/common/ssl/ssl_socket_test.cc @@ -78,13 +78,13 @@ void testUtil(const std::string& client_ctx_yaml, const std::string& server_ctx_ client_stats_store); Network::ClientConnectionPtr client_connection = dispatcher.createClientConnection( socket.localAddress(), Network::Address::InstanceConstSharedPtr(), - client_ssl_socket_factory.createTransportSocket(), nullptr); + client_ssl_socket_factory.createTransportSocket(absl::nullopt), nullptr); Network::ConnectionPtr server_connection; Network::MockConnectionCallbacks server_connection_callbacks; EXPECT_CALL(callbacks, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher.createServerConnection( - std::move(socket), server_ssl_socket_factory.createTransportSocket()); + std::move(socket), server_ssl_socket_factory.createTransportSocket(absl::nullopt)); callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(callbacks, onNewConnection_(_)) @@ -162,7 +162,8 @@ const std::string testUtilV2( const std::string& expected_protocol_version, const std::string& expected_server_cert_digest, const std::string& expected_client_cert_uri, const std::string& expected_requested_server_name, const std::string& expected_alpn_protocol, const std::string& expected_server_stats, - const std::string& expected_client_stats, const Network::Address::IpVersion version) { + const std::string& expected_client_stats, const Network::Address::IpVersion version, + absl::optional override_server_name) { Event::SimulatedTimeSystem time_system; testing::NiceMock factory_context; ContextManagerImpl manager(time_system); @@ -193,7 +194,7 @@ const std::string testUtilV2( client_stats_store); Network::ClientConnectionPtr client_connection = dispatcher.createClientConnection( socket.localAddress(), Network::Address::InstanceConstSharedPtr(), - client_ssl_socket_factory.createTransportSocket(), nullptr); + client_ssl_socket_factory.createTransportSocket(override_server_name), nullptr); if (!client_session.empty()) { const Ssl::SslSocket* ssl_socket = @@ -212,9 +213,11 @@ const std::string testUtilV2( Network::MockConnectionCallbacks server_connection_callbacks; EXPECT_CALL(callbacks, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { - socket->setRequestedServerName(client_ctx_proto.sni()); + std::string sni = override_server_name.has_value() ? override_server_name.value() + : client_ctx_proto.sni(); + socket->setRequestedServerName(sni); Network::ConnectionPtr new_connection = dispatcher.createServerConnection( - std::move(socket), server_ssl_socket_factory.createTransportSocket()); + std::move(socket), server_ssl_socket_factory.createTransportSocket(absl::nullopt)); callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(callbacks, onNewConnection_(_)) @@ -244,6 +247,23 @@ const std::string testUtilV2( if (!expected_protocol_version.empty()) { EXPECT_EQ(expected_protocol_version, SSL_get_version(client_ssl_socket)); } + + absl::optional server_ssl_requested_server_name; + const Ssl::SslSocket* server_ssl_socket = + dynamic_cast(server_connection->ssl()); + SSL* server_ssl = server_ssl_socket->rawSslForTest(); + auto requested_server_name = SSL_get_servername(server_ssl, TLSEXT_NAMETYPE_host_name); + if (requested_server_name != nullptr) { + server_ssl_requested_server_name = std::string(requested_server_name); + } + + if (!expected_requested_server_name.empty()) { + EXPECT_TRUE(server_ssl_requested_server_name.has_value()); + EXPECT_EQ(expected_requested_server_name, server_ssl_requested_server_name.value()); + } else { + EXPECT_FALSE(server_ssl_requested_server_name.has_value()); + } + SSL_SESSION* client_ssl_session = SSL_get_session(client_ssl_socket); EXPECT_TRUE(SSL_SESSION_is_resumable(client_ssl_session)); uint8_t* session_data; @@ -353,7 +373,7 @@ TEST_P(SslSocketTest, GetCertDigest) { filename: "{{ test_rundir }}/test/common/ssl/test_data/no_san_key.pem" validation_context: trusted_ca: - filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" + filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" )EOF"; testUtil(client_ctx_yaml, server_ctx_yaml, @@ -495,7 +515,8 @@ TEST_P(SslSocketTest, GetCertDigestInline) { testUtilV2(listener, client_ctx, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", - "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam()); + "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), + absl::nullopt); } TEST_P(SslSocketTest, GetCertDigestServerCertWithIntermediateCA) { @@ -517,7 +538,7 @@ TEST_P(SslSocketTest, GetCertDigestServerCertWithIntermediateCA) { filename: "{{ test_rundir }}/test/common/ssl/test_data/san_dns_key3.pem" validation_context: trusted_ca: - filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" + filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" )EOF"; testUtil(client_ctx_yaml, server_ctx_yaml, @@ -544,7 +565,7 @@ TEST_P(SslSocketTest, GetCertDigestServerCertWithoutCommonName) { filename: "{{ test_rundir }}/test/common/ssl/test_data/san_only_dns_key.pem" validation_context: trusted_ca: - filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" + filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" )EOF"; testUtil(client_ctx_yaml, server_ctx_yaml, @@ -571,7 +592,7 @@ TEST_P(SslSocketTest, GetUriWithUriSan) { filename: "{{ test_tmpdir }}/unittestkey.pem" validation_context: trusted_ca: - filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" + filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" verify_subject_alt_name: "spiffe://lyft.com/test-team" )EOF"; @@ -598,7 +619,7 @@ TEST_P(SslSocketTest, GetNoUriWithDnsSan) { filename: "{{ test_tmpdir }}/unittestkey.pem" validation_context: trusted_ca: - filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" + filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" )EOF"; // The SAN field only has DNS, expect "" for uriSanPeerCertificate(). @@ -643,7 +664,7 @@ TEST_P(SslSocketTest, GetUriWithLocalUriSan) { filename: "{{ test_rundir }}/test/common/ssl/test_data/san_uri_key.pem" validation_context: trusted_ca: - filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" + filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" )EOF"; testUtil(client_ctx_yaml, server_ctx_yaml, "", "", "spiffe://lyft.com/test-team", @@ -669,7 +690,7 @@ TEST_P(SslSocketTest, GetSubjectsWithBothCerts) { filename: "{{ test_rundir }}/test/common/ssl/test_data/san_uri_key.pem" validation_context: trusted_ca: - filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" + filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" require_client_certificate: true )EOF"; @@ -698,7 +719,7 @@ TEST_P(SslSocketTest, GetPeerCert) { filename: "{{ test_rundir }}/test/common/ssl/test_data/san_uri_key.pem" validation_context: trusted_ca: - filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" + filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" require_client_certificate: true )EOF"; @@ -740,7 +761,7 @@ TEST_P(SslSocketTest, FailedClientAuthCaVerificationNoClientCert) { filename: "{{ test_tmpdir }}/unittestkey.pem" validation_context: trusted_ca: - filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" + filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" require_client_certificate: true )EOF"; @@ -767,7 +788,7 @@ TEST_P(SslSocketTest, FailedClientAuthCaVerification) { filename: "{{ test_tmpdir }}/unittestkey.pem" validation_context: trusted_ca: - filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" + filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" )EOF"; testUtil(client_ctx_yaml, server_ctx_yaml, "", "", "", "", "", "", "", "ssl.fail_verify_error", @@ -788,7 +809,7 @@ TEST_P(SslSocketTest, FailedClientAuthSanVerificationNoClientCert) { filename: "{{ test_tmpdir }}/unittestkey.pem" validation_context: trusted_ca: - filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" + filename: "{{ test_rundir }}/test/common/ssl/test_data/ca_cert.pem" verify_subject_alt_name: "example.com" )EOF"; @@ -831,7 +852,7 @@ TEST_P(SslSocketTest, FailedClientCertificateDefaultExpirationVerification) { configureServerAndExpiredClientCertificate(listener, client); testUtilV2(listener, client, "", false, "", "", "spiffe://lyft.com/test-team", "", "", - "ssl.fail_verify_error", "ssl.connection_error", GetParam()); + "ssl.fail_verify_error", "ssl.connection_error", GetParam(), absl::nullopt); } // Expired certificates will not be accepted when explicitly disallowed via @@ -849,7 +870,7 @@ TEST_P(SslSocketTest, FailedClientCertificateExpirationVerification) { ->set_allow_expired_certificate(false); testUtilV2(listener, client, "", false, "", "", "spiffe://lyft.com/test-team", "", "", - "ssl.fail_verify_error", "ssl.connection_error", GetParam()); + "ssl.fail_verify_error", "ssl.connection_error", GetParam(), absl::nullopt); } // Expired certificates will be accepted when explicitly allowed via allow_expired_certificate. @@ -866,7 +887,7 @@ TEST_P(SslSocketTest, ClientCertificateExpirationAllowedVerification) { ->set_allow_expired_certificate(true); testUtilV2(listener, client, "", true, "", "", "spiffe://lyft.com/test-team", "", "", - "ssl.handshake", "ssl.handshake", GetParam()); + "ssl.handshake", "ssl.handshake", GetParam(), absl::nullopt); } // Allow expired certificates, but add a certificate hash requirement so it still fails. @@ -887,7 +908,7 @@ TEST_P(SslSocketTest, FailedClientCertAllowExpiredBadHashVerification) { "0000000000000000000000000000000000000000000000000000000000000000"); testUtilV2(listener, client, "", false, "", "", "spiffe://lyft.com/test-team", "", "", - "ssl.fail_verify_cert_hash", "ssl.connection_error", GetParam()); + "ssl.fail_verify_cert_hash", "ssl.connection_error", GetParam(), absl::nullopt); } // Allow expired certificatess, but use the wrong CA so it should fail still. @@ -910,7 +931,7 @@ TEST_P(SslSocketTest, FailedClientCertAllowServerExpiredWrongCAVerification) { TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/fake_ca_cert.pem")); testUtilV2(listener, client, "", false, "", "", "spiffe://lyft.com/test-team", "", "", - "ssl.fail_verify_error", "ssl.connection_error", GetParam()); + "ssl.fail_verify_error", "ssl.connection_error", GetParam(), absl::nullopt); } TEST_P(SslSocketTest, ClientCertificateHashVerification) { @@ -995,13 +1016,15 @@ TEST_P(SslSocketTest, ClientCertificateHashListVerification) { testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", - "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam()); + "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), + absl::nullopt); // Works even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", - "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam()); + "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), + absl::nullopt); } TEST_P(SslSocketTest, ClientCertificateHashListVerificationNoCA) { @@ -1032,13 +1055,15 @@ TEST_P(SslSocketTest, ClientCertificateHashListVerificationNoCA) { testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", - "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam()); + "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), + absl::nullopt); // Works even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", - "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam()); + "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), + absl::nullopt); } TEST_P(SslSocketTest, FailedClientCertificateHashVerificationNoClientCertificate) { @@ -1192,13 +1217,15 @@ TEST_P(SslSocketTest, ClientCertificateSpkiVerification) { testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", - "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam()); + "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), + absl::nullopt); // Works even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", - "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam()); + "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), + absl::nullopt); } TEST_P(SslSocketTest, ClientCertificateSpkiVerificationNoCA) { @@ -1229,13 +1256,15 @@ TEST_P(SslSocketTest, ClientCertificateSpkiVerificationNoCA) { testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", - "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam()); + "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), + absl::nullopt); // Works even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", - "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam()); + "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), + absl::nullopt); } TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationNoClientCertificate) { @@ -1261,12 +1290,12 @@ TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationNoClientCertificate envoy::api::v2::auth::UpstreamTlsContext client; testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); } TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationNoCANoClientCertificate) { @@ -1290,12 +1319,12 @@ TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationNoCANoClientCertifi envoy::api::v2::auth::UpstreamTlsContext client; testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); } TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationWrongClientCertificate) { @@ -1327,12 +1356,12 @@ TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationWrongClientCertific TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/no_san_key.pem")); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); } TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationNoCAWrongClientCertificate) { @@ -1362,12 +1391,12 @@ TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationNoCAWrongClientCert TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/no_san_key.pem")); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); } TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationWrongCA) { @@ -1399,12 +1428,12 @@ TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationWrongCA) { TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/san_uri_key.pem")); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_error", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_error", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); } TEST_P(SslSocketTest, ClientCertificateHashAndSpkiVerification) { @@ -1439,13 +1468,15 @@ TEST_P(SslSocketTest, ClientCertificateHashAndSpkiVerification) { testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", - "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam()); + "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), + absl::nullopt); // Works even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", - "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam()); + "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), + absl::nullopt); } TEST_P(SslSocketTest, ClientCertificateHashAndSpkiVerificationNoCA) { @@ -1478,13 +1509,15 @@ TEST_P(SslSocketTest, ClientCertificateHashAndSpkiVerificationNoCA) { testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", - "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam()); + "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), + absl::nullopt); // Works even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", - "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam()); + "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), + absl::nullopt); } TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationNoClientCertificate) { @@ -1510,12 +1543,12 @@ TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationNoClientCert envoy::api::v2::auth::UpstreamTlsContext client; testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); } TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationNoCANoClientCertificate) { @@ -1539,12 +1572,12 @@ TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationNoCANoClient envoy::api::v2::auth::UpstreamTlsContext client; testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); } TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationWrongClientCertificate) { @@ -1576,12 +1609,12 @@ TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationWrongClientC TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/no_san_key.pem")); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); } TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationNoCAWrongClientCertificate) { @@ -1611,12 +1644,12 @@ TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationNoCAWrongCli TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/no_san_key.pem")); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); } TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationWrongCA) { @@ -1648,12 +1681,12 @@ TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationWrongCA) { TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/san_uri_key.pem")); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_error", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_error", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); } // Make sure that we do not flush code and do an immediate close if we have not completed the @@ -1698,7 +1731,7 @@ TEST_P(SslSocketTest, FlushCloseDuringHandshake) { EXPECT_CALL(callbacks, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(socket), server_ssl_socket_factory.createTransportSocket()); + std::move(socket), server_ssl_socket_factory.createTransportSocket(absl::nullopt)); callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(callbacks, onNewConnection_(_)) @@ -1762,7 +1795,7 @@ TEST_P(SslSocketTest, HalfClose) { client_stats_store); Network::ClientConnectionPtr client_connection = dispatcher_->createClientConnection( socket.localAddress(), Network::Address::InstanceConstSharedPtr(), - client_ssl_socket_factory.createTransportSocket(), nullptr); + client_ssl_socket_factory.createTransportSocket(absl::nullopt), nullptr); client_connection->enableHalfClose(true); client_connection->addReadFilter(client_read_filter); client_connection->connect(); @@ -1774,7 +1807,7 @@ TEST_P(SslSocketTest, HalfClose) { EXPECT_CALL(listener_callbacks, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(socket), server_ssl_socket_factory.createTransportSocket()); + std::move(socket), server_ssl_socket_factory.createTransportSocket(absl::nullopt)); listener_callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(listener_callbacks, onNewConnection_(_)) @@ -1853,7 +1886,7 @@ TEST_P(SslSocketTest, ClientAuthMultipleCAs) { ClientSslSocketFactory ssl_socket_factory(std::move(client_cfg), manager, client_stats_store); Network::ClientConnectionPtr client_connection = dispatcher_->createClientConnection( socket.localAddress(), Network::Address::InstanceConstSharedPtr(), - ssl_socket_factory.createTransportSocket(), nullptr); + ssl_socket_factory.createTransportSocket(absl::nullopt), nullptr); // Verify that server sent list with 2 acceptable client certificate CA names. const Ssl::SslSocket* ssl_socket = dynamic_cast(client_connection->ssl()); @@ -1873,7 +1906,7 @@ TEST_P(SslSocketTest, ClientAuthMultipleCAs) { EXPECT_CALL(callbacks, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(socket), server_ssl_socket_factory.createTransportSocket()); + std::move(socket), server_ssl_socket_factory.createTransportSocket(absl::nullopt)); callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(callbacks, onNewConnection_(_)) @@ -1941,7 +1974,7 @@ void testTicketSessionResumption(const std::string& server_ctx_yaml1, ClientSslSocketFactory ssl_socket_factory(std::move(client_cfg), manager, client_stats_store); Network::ClientConnectionPtr client_connection = dispatcher.createClientConnection( socket1.localAddress(), Network::Address::InstanceConstSharedPtr(), - ssl_socket_factory.createTransportSocket(), nullptr); + ssl_socket_factory.createTransportSocket(absl::nullopt), nullptr); Network::MockConnectionCallbacks client_connection_callbacks; client_connection->addConnectionCallbacks(client_connection_callbacks); @@ -1954,8 +1987,8 @@ void testTicketSessionResumption(const std::string& server_ctx_yaml1, Network::TransportSocketFactory& tsf = socket->localAddress() == socket1.localAddress() ? server_ssl_socket_factory1 : server_ssl_socket_factory2; - Network::ConnectionPtr new_connection = - dispatcher.createServerConnection(std::move(socket), tsf.createTransportSocket()); + Network::ConnectionPtr new_connection = dispatcher.createServerConnection( + std::move(socket), tsf.createTransportSocket(absl::nullopt)); callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(callbacks, onNewConnection_(_)) @@ -1981,7 +2014,7 @@ void testTicketSessionResumption(const std::string& server_ctx_yaml1, client_connection = dispatcher.createClientConnection( socket2.localAddress(), Network::Address::InstanceConstSharedPtr(), - ssl_socket_factory.createTransportSocket(), nullptr); + ssl_socket_factory.createTransportSocket(absl::nullopt), nullptr); client_connection->addConnectionCallbacks(client_connection_callbacks); const Ssl::SslSocket* ssl_socket = dynamic_cast(client_connection->ssl()); SSL_set_session(ssl_socket->rawSslForTest(), ssl_session); @@ -2352,7 +2385,7 @@ TEST_P(SslSocketTest, ClientAuthCrossListenerSessionResumption) { ClientSslSocketFactory ssl_socket_factory(std::move(client_cfg), manager, client_stats_store); Network::ClientConnectionPtr client_connection = dispatcher_->createClientConnection( socket.localAddress(), Network::Address::InstanceConstSharedPtr(), - ssl_socket_factory.createTransportSocket(), nullptr); + ssl_socket_factory.createTransportSocket(absl::nullopt), nullptr); Network::MockConnectionCallbacks client_connection_callbacks; client_connection->addConnectionCallbacks(client_connection_callbacks); @@ -2368,7 +2401,7 @@ TEST_P(SslSocketTest, ClientAuthCrossListenerSessionResumption) { : server2_ssl_socket_factory; Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(accepted_socket), tsf.createTransportSocket()); + std::move(accepted_socket), tsf.createTransportSocket(absl::nullopt)); callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(callbacks, onNewConnection_(_)) @@ -2398,7 +2431,7 @@ TEST_P(SslSocketTest, ClientAuthCrossListenerSessionResumption) { client_connection = dispatcher_->createClientConnection( socket2.localAddress(), Network::Address::InstanceConstSharedPtr(), - ssl_socket_factory.createTransportSocket(), nullptr); + ssl_socket_factory.createTransportSocket(absl::nullopt), nullptr); client_connection->addConnectionCallbacks(client_connection_callbacks); const Ssl::SslSocket* ssl_socket = dynamic_cast(client_connection->ssl()); SSL_set_session(ssl_socket->rawSslForTest(), ssl_session); @@ -2463,7 +2496,7 @@ TEST_P(SslSocketTest, SslError) { EXPECT_CALL(callbacks, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(socket), server_ssl_socket_factory.createTransportSocket()); + std::move(socket), server_ssl_socket_factory.createTransportSocket(absl::nullopt)); callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(callbacks, onNewConnection_(_)) @@ -2501,44 +2534,44 @@ TEST_P(SslSocketTest, ProtocolVersions) { // Connection using defaults (client & server) succeeds, negotiating TLSv1.2. testUtilV2(listener, client, "", true, "TLSv1.2", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam()); + "ssl.handshake", GetParam(), absl::nullopt); // Connection using defaults (client & server) succeeds, negotiating TLSv1.2, // even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "TLSv1.2", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam()); + "ssl.handshake", GetParam(), absl::nullopt); client.set_allow_renegotiation(false); // Connection using TLSv1.0 (client) and defaults (server) succeeds. client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); testUtilV2(listener, client, "", true, "TLSv1", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); // Connection using TLSv1.1 (client) and defaults (server) succeeds. client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_1); client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_1); testUtilV2(listener, client, "", true, "TLSv1.1", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam()); + "ssl.handshake", GetParam(), absl::nullopt); // Connection using TLSv1.2 (client) and defaults (server) succeeds. client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); testUtilV2(listener, client, "", true, "TLSv1.2", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam()); + "ssl.handshake", GetParam(), absl::nullopt); // Connection using TLSv1.3 (client) and defaults (server) fails. client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.connection_error", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); // Connection using TLSv1.3 (client) and TLSv1.0-1.3 (server) succeeds. server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); testUtilV2(listener, client, "", true, "TLSv1.3", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam()); + "ssl.handshake", GetParam(), absl::nullopt); // Connection using defaults (client) and TLSv1.0 (server) succeeds. client_params->clear_tls_minimum_protocol_version(); @@ -2546,31 +2579,31 @@ TEST_P(SslSocketTest, ProtocolVersions) { server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); testUtilV2(listener, client, "", true, "TLSv1", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); // Connection using defaults (client) and TLSv1.1 (server) succeeds. server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_1); server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_1); testUtilV2(listener, client, "", true, "TLSv1.1", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam()); + "ssl.handshake", GetParam(), absl::nullopt); // Connection using defaults (client) and TLSv1.2 (server) succeeds. server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); testUtilV2(listener, client, "", true, "TLSv1.2", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam()); + "ssl.handshake", GetParam(), absl::nullopt); // Connection using defaults (client) and TLSv1.3 (server) fails. server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.connection_error", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); // Connection using TLSv1.0-TLSv1.3 (client) and TLSv1.3 (server) succeeds. client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); testUtilV2(listener, client, "", true, "TLSv1.3", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam()); + "ssl.handshake", GetParam(), absl::nullopt); } TEST_P(SslSocketTest, ALPN) { @@ -2590,32 +2623,32 @@ TEST_P(SslSocketTest, ALPN) { // Connection using defaults (client & server) succeeds, no ALPN is negotiated. testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); // Connection using defaults (client & server) succeeds, no ALPN is negotiated, // even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); client.set_allow_renegotiation(false); // Client connects without ALPN to a server with "test" ALPN, no ALPN is negotiated. server_ctx->add_alpn_protocols("test"); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); server_ctx->clear_alpn_protocols(); // Client connects with "test" ALPN to a server without ALPN, no ALPN is negotiated. client_ctx->add_alpn_protocols("test"); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); client_ctx->clear_alpn_protocols(); // Client connects with "test" ALPN to a server with "test" ALPN, "test" ALPN is negotiated. client_ctx->add_alpn_protocols("test"); server_ctx->add_alpn_protocols("test"); testUtilV2(listener, client, "", true, "", "", "", "", "test", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); client_ctx->clear_alpn_protocols(); server_ctx->clear_alpn_protocols(); @@ -2625,7 +2658,7 @@ TEST_P(SslSocketTest, ALPN) { client_ctx->add_alpn_protocols("test"); server_ctx->add_alpn_protocols("test"); testUtilV2(listener, client, "", true, "", "", "", "", "test", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); client.set_allow_renegotiation(false); client_ctx->clear_alpn_protocols(); server_ctx->clear_alpn_protocols(); @@ -2634,7 +2667,7 @@ TEST_P(SslSocketTest, ALPN) { client_ctx->add_alpn_protocols("test"); server_ctx->add_alpn_protocols("test2"); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); client_ctx->clear_alpn_protocols(); server_ctx->clear_alpn_protocols(); } @@ -2657,12 +2690,12 @@ TEST_P(SslSocketTest, CipherSuites) { // Connection using defaults (client & server) succeeds. testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); // Connection using defaults (client & server) succeeds, even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); client.set_allow_renegotiation(false); // Client connects with one of the supported cipher suites, connection succeeds. @@ -2670,7 +2703,7 @@ TEST_P(SslSocketTest, CipherSuites) { server_params->add_cipher_suites("ECDHE-RSA-CHACHA20-POLY1305"); server_params->add_cipher_suites("ECDHE-RSA-AES128-GCM-SHA256"); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); client_params->clear_cipher_suites(); server_params->clear_cipher_suites(); @@ -2678,7 +2711,7 @@ TEST_P(SslSocketTest, CipherSuites) { client_params->add_cipher_suites("ECDHE-RSA-AES128-GCM-SHA256"); server_params->add_cipher_suites("ECDHE-RSA-CHACHA20-POLY1305"); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.connection_error", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); client_params->clear_cipher_suites(); server_params->clear_cipher_suites(); } @@ -2701,12 +2734,12 @@ TEST_P(SslSocketTest, EcdhCurves) { // Connection using defaults (client & server) succeeds. testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); // Connection using defaults (client & server) succeeds, even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); client.set_allow_renegotiation(false); // Client connects with one of the supported ECDH curves, connection succeeds. @@ -2715,7 +2748,7 @@ TEST_P(SslSocketTest, EcdhCurves) { server_params->add_ecdh_curves("P-256"); server_params->add_cipher_suites("ECDHE-RSA-AES128-GCM-SHA256"); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam()); + GetParam(), absl::nullopt); client_params->clear_ecdh_curves(); server_params->clear_ecdh_curves(); server_params->clear_cipher_suites(); @@ -2725,7 +2758,7 @@ TEST_P(SslSocketTest, EcdhCurves) { server_params->add_ecdh_curves("P-256"); server_params->add_cipher_suites("ECDHE-RSA-AES128-GCM-SHA256"); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.connection_error", - "ssl.connection_error", GetParam()); + "ssl.connection_error", GetParam(), absl::nullopt); client_params->clear_ecdh_curves(); server_params->clear_ecdh_curves(); server_params->clear_cipher_suites(); @@ -2829,7 +2862,42 @@ TEST_P(SslSocketTest, GetRequestedServerName) { client.set_sni("lyft.com"); testUtilV2(listener, client, "", true, "", "", "", "lyft.com", "", "ssl.handshake", - "ssl.handshake", GetParam()); + "ssl.handshake", GetParam(), absl::nullopt); +} + +TEST_P(SslSocketTest, OverrideRequestedServerName) { + envoy::api::v2::Listener listener; + envoy::api::v2::listener::FilterChain* filter_chain = listener.add_filter_chains(); + envoy::api::v2::auth::TlsCertificate* server_cert = + filter_chain->mutable_tls_context()->mutable_common_tls_context()->add_tls_certificates(); + server_cert->mutable_certificate_chain()->set_filename( + TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/san_dns_cert.pem")); + server_cert->mutable_private_key()->set_filename( + TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/san_dns_key.pem")); + + envoy::api::v2::auth::UpstreamTlsContext client; + client.set_sni("lyft.com"); + + absl::optional override_server_name = "example.com"; + testUtilV2(listener, client, "", true, "", "", "", "example.com", "", "ssl.handshake", + "ssl.handshake", GetParam(), override_server_name); +} + +TEST_P(SslSocketTest, OverrideRequestedServerNameWithoutSniInUpstreamTlsContext) { + envoy::api::v2::Listener listener; + envoy::api::v2::listener::FilterChain* filter_chain = listener.add_filter_chains(); + envoy::api::v2::auth::TlsCertificate* server_cert = + filter_chain->mutable_tls_context()->mutable_common_tls_context()->add_tls_certificates(); + server_cert->mutable_certificate_chain()->set_filename( + TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/san_dns_cert.pem")); + server_cert->mutable_private_key()->set_filename( + TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/san_dns_key.pem")); + + envoy::api::v2::auth::UpstreamTlsContext client; + + absl::optional override_server_name = "example.com"; + testUtilV2(listener, client, "", true, "", "", "", "example.com", "", "ssl.handshake", + "ssl.handshake", GetParam(), override_server_name); } // Validate that if downstream secrets are not yet downloaded from SDS server, Envoy creates @@ -2862,7 +2930,7 @@ TEST_P(SslSocketTest, DownstreamNotReadySslSocket) { ContextManagerImpl manager(time_system); Ssl::ServerSslSocketFactory server_ssl_socket_factory(std::move(server_cfg), manager, stats_store, std::vector{}); - auto transport_socket = server_ssl_socket_factory.createTransportSocket(); + auto transport_socket = server_ssl_socket_factory.createTransportSocket(absl::nullopt); EXPECT_EQ(EMPTY_STRING, transport_socket->protocol()); EXPECT_EQ(nullptr, transport_socket->ssl()); Buffer::OwnedImpl buffer; @@ -2902,7 +2970,7 @@ TEST_P(SslSocketTest, UpstreamNotReadySslSocket) { ContextManagerImpl manager(time_system); Ssl::ClientSslSocketFactory client_ssl_socket_factory(std::move(client_cfg), manager, stats_store); - auto transport_socket = client_ssl_socket_factory.createTransportSocket(); + auto transport_socket = client_ssl_socket_factory.createTransportSocket(absl::nullopt); EXPECT_EQ(EMPTY_STRING, transport_socket->protocol()); EXPECT_EQ(nullptr, transport_socket->ssl()); Buffer::OwnedImpl buffer; @@ -2934,7 +3002,7 @@ class SslReadBufferLimitTest : public SslSocketTest { std::move(client_cfg), *manager_, client_stats_store_); client_connection_ = dispatcher_->createClientConnection( socket_.localAddress(), source_address_, - client_ssl_socket_factory_->createTransportSocket(), nullptr); + client_ssl_socket_factory_->createTransportSocket(absl::nullopt), nullptr); client_connection_->addConnectionCallbacks(client_callbacks_); client_connection_->connect(); read_filter_.reset(new Network::MockReadFilter()); @@ -2947,7 +3015,7 @@ class SslReadBufferLimitTest : public SslSocketTest { EXPECT_CALL(listener_callbacks_, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(socket), server_ssl_socket_factory_->createTransportSocket()); + std::move(socket), server_ssl_socket_factory_->createTransportSocket(absl::nullopt)); new_connection->setBufferLimits(read_buffer_limit); listener_callbacks_.onNewConnection(std::move(new_connection)); })); @@ -3032,7 +3100,7 @@ class SslReadBufferLimitTest : public SslSocketTest { EXPECT_CALL(listener_callbacks_, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(socket), server_ssl_socket_factory_->createTransportSocket()); + std::move(socket), server_ssl_socket_factory_->createTransportSocket(absl::nullopt)); new_connection->setBufferLimits(read_buffer_limit); listener_callbacks_.onNewConnection(std::move(new_connection)); })); @@ -3156,7 +3224,7 @@ TEST_P(SslReadBufferLimitTest, TestBind) { EXPECT_CALL(listener_callbacks_, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(socket), server_ssl_socket_factory_->createTransportSocket()); + std::move(socket), server_ssl_socket_factory_->createTransportSocket(absl::nullopt)); new_connection->setBufferLimits(0); listener_callbacks_.onNewConnection(std::move(new_connection)); })); diff --git a/test/common/tcp/conn_pool_test.cc b/test/common/tcp/conn_pool_test.cc index d30918d7ea65c..5cdea36149de8 100644 --- a/test/common/tcp/conn_pool_test.cc +++ b/test/common/tcp/conn_pool_test.cc @@ -76,7 +76,7 @@ class ConnPoolImplForTest : public ConnPoolImpl { Upstream::ClusterInfoConstSharedPtr cluster, NiceMock* upstream_ready_timer) : ConnPoolImpl(dispatcher, Upstream::makeTestHost(cluster, "tcp://127.0.0.1:9000"), - Upstream::ResourcePriority::Default, nullptr), + Upstream::ResourcePriority::Default, nullptr, absl::nullopt), mock_dispatcher_(dispatcher), mock_upstream_ready_timer_(upstream_ready_timer) {} ~ConnPoolImplForTest() { @@ -181,7 +181,7 @@ class TcpConnPoolImplDestructorTest : public testing::Test { : upstream_ready_timer_(new NiceMock(&dispatcher_)), conn_pool_{new ConnPoolImpl(dispatcher_, Upstream::makeTestHost(cluster_, "tcp://127.0.0.1:9000"), - Upstream::ResourcePriority::Default, nullptr)} {} + Upstream::ResourcePriority::Default, nullptr, absl::nullopt)} {} ~TcpConnPoolImplDestructorTest() {} diff --git a/test/common/tcp_proxy/BUILD b/test/common/tcp_proxy/BUILD index 5252736d157b4..a5533322ec326 100644 --- a/test/common/tcp_proxy/BUILD +++ b/test/common/tcp_proxy/BUILD @@ -17,6 +17,7 @@ envoy_cc_test( "//source/common/event:dispatcher_lib", "//source/common/network:address_lib", "//source/common/stats:stats_lib", + "//source/common/stream_info:forward_requested_server_name_lib", "//source/common/tcp_proxy", "//source/common/upstream:upstream_includes", "//source/common/upstream:upstream_lib", diff --git a/test/common/tcp_proxy/tcp_proxy_test.cc b/test/common/tcp_proxy/tcp_proxy_test.cc index 157e3f09cbba2..b76b65898d7c7 100644 --- a/test/common/tcp_proxy/tcp_proxy_test.cc +++ b/test/common/tcp_proxy/tcp_proxy_test.cc @@ -8,6 +8,7 @@ #include "common/config/filter_json.h" #include "common/network/address_impl.h" #include "common/router/metadatamatchcriteria_impl.h" +#include "common/stream_info/forward_requested_server_name.h" #include "common/tcp_proxy/tcp_proxy.h" #include "common/upstream/upstream_impl.h" @@ -40,6 +41,8 @@ using testing::SaveArg; namespace Envoy { namespace TcpProxy { +using ::Envoy::StreamInfo::ForwardRequestedServerName; + namespace { Config constructConfigFromJson(const Json::Object& json, Server::Configuration::FactoryContext& context) { @@ -413,7 +416,8 @@ class TcpProxyTest : public testing::Test { { testing::InSequence sequence; for (uint32_t i = 0; i < connections; i++) { - EXPECT_CALL(factory_context_.cluster_manager_, tcpConnPoolForCluster("fake_cluster", _, _)) + EXPECT_CALL(factory_context_.cluster_manager_, + tcpConnPoolForCluster("fake_cluster", _, _, _)) .WillOnce(Return(&conn_pool_)) .RetiresOnSaturation(); EXPECT_CALL(conn_pool_, newConnection(_)) @@ -424,7 +428,7 @@ class TcpProxyTest : public testing::Test { })) .RetiresOnSaturation(); } - EXPECT_CALL(factory_context_.cluster_manager_, tcpConnPoolForCluster("fake_cluster", _, _)) + EXPECT_CALL(factory_context_.cluster_manager_, tcpConnPoolForCluster("fake_cluster", _, _, _)) .WillRepeatedly(Return(nullptr)); } @@ -1134,7 +1138,7 @@ TEST_F(TcpProxyRoutingTest, RoutableConnection) { connection_.local_address_ = std::make_shared("1.2.3.4", 9999); // Expect filter to try to open a connection to specified cluster. - EXPECT_CALL(factory_context_.cluster_manager_, tcpConnPoolForCluster("fake_cluster", _, _)) + EXPECT_CALL(factory_context_.cluster_manager_, tcpConnPoolForCluster("fake_cluster", _, _, _)) .WillOnce(Return(nullptr)); filter_->onNewConnection(); @@ -1156,11 +1160,45 @@ TEST_F(TcpProxyRoutingTest, UseClusterFromPerConnectionCluster) { // Expect filter to try to open a connection to specified cluster. EXPECT_CALL(factory_context_.cluster_manager_, - tcpConnPoolForCluster("filter_state_cluster", _, _)) + tcpConnPoolForCluster("filter_state_cluster", _, _, _)) .WillOnce(Return(nullptr)); filter_->onNewConnection(); } +// Test that the tcp proxy forwards the requested server name from FilterState if set +TEST_F(TcpProxyRoutingTest, ForwardRequestedServerName) { + setup(); + + NiceMock stream_info; + stream_info.filterState().setData("envoy.stream_info.forward_requested_server_name", + std::make_unique("www.example.com"), + StreamInfo::FilterState::StateType::ReadOnly); + + ON_CALL(connection_, streamInfo()).WillByDefault(ReturnRef(stream_info)); + EXPECT_CALL(Const(connection_), streamInfo()).WillRepeatedly(ReturnRef(stream_info)); + + // Expect filter to try to open a connection to a cluster with the override_server_name + EXPECT_CALL(factory_context_.cluster_manager_, tcpConnPoolForCluster(_, _, _, _)) + .WillOnce(Invoke( + [](const std::string& cluster, Upstream::ResourcePriority priority, + Upstream::LoadBalancerContext* context, + absl::optional override_server_name) -> Tcp::ConnectionPool::Instance* { + EXPECT_EQ(cluster, "fake_cluster"); + EXPECT_TRUE(override_server_name.has_value()); + EXPECT_EQ(override_server_name.value(), "www.example.com"); + + (void)priority; // suppress unused warning + (void)context; // suppress unused warning + + return nullptr; + })); + + // Port 9999 is within the specified destination port range. + connection_.local_address_ = std::make_shared("1.2.3.4", 9999); + + filter_->onNewConnection(); +} + } // namespace TcpProxy } // namespace Envoy diff --git a/test/common/upstream/cluster_manager_impl_test.cc b/test/common/upstream/cluster_manager_impl_test.cc index d7ad715c59e2e..519fc67c34c2a 100644 --- a/test/common/upstream/cluster_manager_impl_test.cc +++ b/test/common/upstream/cluster_manager_impl_test.cc @@ -71,7 +71,8 @@ class TestClusterManagerFactory : public ClusterManagerFactory { Tcp::ConnectionPool::InstancePtr allocateTcpConnPool(Event::Dispatcher&, HostConstSharedPtr host, ResourcePriority, - const Network::ConnectionSocket::OptionsSharedPtr&) override { + const Network::ConnectionSocket::OptionsSharedPtr&, + absl::optional) override { return Tcp::ConnectionPool::InstancePtr{allocateTcpConnPool_(host)}; } @@ -708,9 +709,18 @@ TEST_F(ClusterManagerImplTest, UnknownCluster) { EXPECT_EQ(nullptr, cluster_manager_->get("hello")); EXPECT_EQ(nullptr, cluster_manager_->httpConnPoolForCluster("hello", ResourcePriority::Default, Http::Protocol::Http2, nullptr)); - EXPECT_EQ(nullptr, - cluster_manager_->tcpConnPoolForCluster("hello", ResourcePriority::Default, nullptr)); - EXPECT_THROW(cluster_manager_->tcpConnForCluster("hello", nullptr), EnvoyException); + absl::optional override_server_name; + EXPECT_EQ(nullptr, cluster_manager_->tcpConnPoolForCluster("hello", ResourcePriority::Default, + nullptr, override_server_name)); + EXPECT_THROW(cluster_manager_->tcpConnForCluster("hello", nullptr, override_server_name), + EnvoyException); + + override_server_name = "example.com"; + EXPECT_EQ(nullptr, cluster_manager_->tcpConnPoolForCluster("hello", ResourcePriority::Default, + nullptr, override_server_name)); + EXPECT_THROW(cluster_manager_->tcpConnForCluster("hello", nullptr, override_server_name), + EnvoyException); + EXPECT_THROW(cluster_manager_->httpAsyncClientForCluster("hello"), EnvoyException); factory_.tls_.shutdownThread(); } @@ -738,7 +748,7 @@ TEST_F(ClusterManagerImplTest, VerifyBufferLimits) { EXPECT_CALL(*connection, setBufferLimits(8192)); EXPECT_CALL(factory_.tls_.dispatcher_, createClientConnection_(_, _, _, _)) .WillOnce(Return(connection)); - auto conn_data = cluster_manager_->tcpConnForCluster("cluster_1", nullptr); + auto conn_data = cluster_manager_->tcpConnForCluster("cluster_1", nullptr, absl::nullopt); EXPECT_EQ(connection, conn_data.connection_.get()); factory_.tls_.shutdownThread(); } @@ -1091,7 +1101,7 @@ TEST_F(ClusterManagerImplTest, DynamicAddRemove) { Tcp::ConnectionPool::MockInstance* cp2 = new Tcp::ConnectionPool::MockInstance(); EXPECT_CALL(factory_, allocateTcpConnPool_(_)).WillOnce(Return(cp2)); EXPECT_EQ(cp2, cluster_manager_->tcpConnPoolForCluster("fake_cluster", ResourcePriority::Default, - nullptr)); + nullptr, absl::nullopt)); Network::MockClientConnection* connection = new Network::MockClientConnection(); ON_CALL(*cluster2->info_, features()) @@ -1100,7 +1110,7 @@ TEST_F(ClusterManagerImplTest, DynamicAddRemove) { .WillOnce(Return(connection)); EXPECT_CALL(*connection, setBufferLimits(_)); EXPECT_CALL(*connection, addConnectionCallbacks(_)); - auto conn_info = cluster_manager_->tcpConnForCluster("fake_cluster", nullptr); + auto conn_info = cluster_manager_->tcpConnForCluster("fake_cluster", nullptr, absl::nullopt); EXPECT_EQ(conn_info.connection_.get(), connection); // Now remove the cluster. This should drain the connection pools, but not affect @@ -1254,7 +1264,8 @@ TEST_F(ClusterManagerImplTest, CloseTcpConnectionPoolsOnHealthFailure) { create(parseBootstrapFromJson(json)); EXPECT_CALL(factory_, allocateTcpConnPool_(_)).WillOnce(Return(cp1)); - cluster_manager_->tcpConnPoolForCluster("some_cluster", ResourcePriority::Default, nullptr); + cluster_manager_->tcpConnPoolForCluster("some_cluster", ResourcePriority::Default, nullptr, + absl::nullopt); outlier_detector.runCallbacks(test_host); health_checker.runCallbacks(test_host, HealthTransition::Unchanged); @@ -1264,7 +1275,8 @@ TEST_F(ClusterManagerImplTest, CloseTcpConnectionPoolsOnHealthFailure) { outlier_detector.runCallbacks(test_host); EXPECT_CALL(factory_, allocateTcpConnPool_(_)).WillOnce(Return(cp2)); - cluster_manager_->tcpConnPoolForCluster("some_cluster", ResourcePriority::High, nullptr); + cluster_manager_->tcpConnPoolForCluster("some_cluster", ResourcePriority::High, nullptr, + absl::nullopt); } // Order of these calls is implementation dependent, so can't sequence them! @@ -1325,7 +1337,7 @@ TEST_F(ClusterManagerImplTest, CloseTcpConnectionsOnHealthFailure) { EXPECT_CALL(factory_.tls_.dispatcher_, createClientConnection_(_, _, _, _)) .WillOnce(Return(connection1)); - conn_info1 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr); + conn_info1 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr, absl::nullopt); outlier_detector.runCallbacks(test_host); health_checker.runCallbacks(test_host, HealthTransition::Unchanged); @@ -1337,11 +1349,11 @@ TEST_F(ClusterManagerImplTest, CloseTcpConnectionsOnHealthFailure) { connection1 = new NiceMock(); EXPECT_CALL(factory_.tls_.dispatcher_, createClientConnection_(_, _, _, _)) .WillOnce(Return(connection1)); - conn_info1 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr); + conn_info1 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr, absl::nullopt); EXPECT_CALL(factory_.tls_.dispatcher_, createClientConnection_(_, _, _, _)) .WillOnce(Return(connection2)); - conn_info2 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr); + conn_info2 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr, absl::nullopt); } // Order of these calls is implementation dependent, so can't sequence them! @@ -1397,7 +1409,7 @@ TEST_F(ClusterManagerImplTest, DoNotCloseTcpConnectionsOnHealthFailure) { EXPECT_CALL(factory_.tls_.dispatcher_, createClientConnection_(_, _, _, _)) .WillOnce(Return(connection1)); - conn_info1 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr); + conn_info1 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr, absl::nullopt); outlier_detector.runCallbacks(test_host); health_checker.runCallbacks(test_host, HealthTransition::Unchanged); @@ -1439,8 +1451,9 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemove) { EXPECT_EQ(nullptr, cluster_manager_->httpConnPoolForCluster( "cluster_1", ResourcePriority::Default, Http::Protocol::Http11, nullptr)); EXPECT_EQ(nullptr, cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, - nullptr)); - EXPECT_EQ(nullptr, cluster_manager_->tcpConnForCluster("cluster_1", nullptr).connection_); + nullptr, absl::nullopt)); + EXPECT_EQ(nullptr, + cluster_manager_->tcpConnForCluster("cluster_1", nullptr, absl::nullopt).connection_); EXPECT_EQ(3UL, factory_.stats_.counter("cluster.cluster_1.upstream_cx_none_healthy").value()); // Set up for an initialize callback. @@ -1487,14 +1500,18 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemove) { .WillRepeatedly(ReturnNew()); // This should provide us a CP for each of the above hosts. - Tcp::ConnectionPool::MockInstance* tcp1 = dynamic_cast( - cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, nullptr)); - Tcp::ConnectionPool::MockInstance* tcp2 = dynamic_cast( - cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, nullptr)); - Tcp::ConnectionPool::MockInstance* tcp1_high = dynamic_cast( - cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::High, nullptr)); - Tcp::ConnectionPool::MockInstance* tcp2_high = dynamic_cast( - cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::High, nullptr)); + Tcp::ConnectionPool::MockInstance* tcp1 = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); + Tcp::ConnectionPool::MockInstance* tcp2 = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); + Tcp::ConnectionPool::MockInstance* tcp1_high = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::High, nullptr, absl::nullopt)); + Tcp::ConnectionPool::MockInstance* tcp2_high = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::High, nullptr, absl::nullopt)); EXPECT_NE(tcp1, tcp2); EXPECT_NE(tcp1_high, tcp2_high); @@ -1528,13 +1545,236 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemove) { EXPECT_EQ(cp2, cp3); EXPECT_EQ(cp2_high, cp3_high); - Tcp::ConnectionPool::MockInstance* tcp3 = dynamic_cast( - cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, nullptr)); - Tcp::ConnectionPool::MockInstance* tcp3_high = dynamic_cast( - cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::High, nullptr)); + Tcp::ConnectionPool::MockInstance* tcp3 = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); + Tcp::ConnectionPool::MockInstance* tcp3_high = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::High, nullptr, absl::nullopt)); + EXPECT_EQ(tcp2, tcp3); + EXPECT_EQ(tcp2_high, tcp3_high); + + // Now add and remove a host that we never have a conn pool to. This should not lead to any + // drain callbacks, etc. + dns_timer_->callback_(); + dns_callback(TestUtility::makeDnsResponse({"127.0.0.2", "127.0.0.3"})); + + factory_.tls_.shutdownThread(); +} + +TEST_F(ClusterManagerImplTest, DynamicHostRemoveWithTls) { + const std::string json = R"EOF( + { + "clusters": [ + { + "name": "cluster_1", + "connect_timeout_ms": 250, + "type": "strict_dns", + "dns_resolvers": [ "1.2.3.4:80" ], + "lb_type": "round_robin", + "hosts": [{"url": "tcp://localhost:11001"}] + }] + } + )EOF"; + + std::shared_ptr dns_resolver(new Network::MockDnsResolver()); + EXPECT_CALL(factory_.dispatcher_, createDnsResolver(_)).WillOnce(Return(dns_resolver)); + + Network::DnsResolver::ResolveCb dns_callback; + Event::MockTimer* dns_timer_ = new NiceMock(&factory_.dispatcher_); + Network::MockActiveDnsQuery active_dns_query; + EXPECT_CALL(*dns_resolver, resolve(_, _, _)) + .WillRepeatedly(DoAll(SaveArg<2>(&dns_callback), Return(&active_dns_query))); + create(parseBootstrapFromJson(json)); + EXPECT_FALSE(cluster_manager_->get("cluster_1")->info()->addedViaApi()); + + absl::optional override_server_name_example_com = "example.com"; + absl::optional override_server_name_ibm_com = "ibm.com"; + + // Test for no hosts returning the correct values before we have hosts. + EXPECT_EQ(nullptr, cluster_manager_->httpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, Http::Protocol::Http11, nullptr)); + EXPECT_EQ(nullptr, cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, + nullptr, absl::nullopt)); + EXPECT_EQ(nullptr, + cluster_manager_->tcpConnForCluster("cluster_1", nullptr, absl::nullopt).connection_); + + EXPECT_EQ(nullptr, + cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, nullptr, + override_server_name_example_com)); + EXPECT_EQ(nullptr, cluster_manager_ + ->tcpConnForCluster("cluster_1", nullptr, override_server_name_example_com) + .connection_); + + EXPECT_EQ(nullptr, + cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, nullptr, + override_server_name_ibm_com)); + EXPECT_EQ(nullptr, + cluster_manager_->tcpConnForCluster("cluster_1", nullptr, override_server_name_ibm_com) + .connection_); + + EXPECT_EQ(7UL, factory_.stats_.counter("cluster.cluster_1.upstream_cx_none_healthy").value()); + + // Set up for an initialize callback. + ReadyWatcher initialized; + cluster_manager_->setInitializedCb([&]() -> void { initialized.ready(); }); + EXPECT_CALL(initialized, ready()); + + dns_callback(TestUtility::makeDnsResponse({"127.0.0.1", "127.0.0.2"})); + + // After we are initialized, we should immediately get called back if someone asks for an + // initialize callback. + EXPECT_CALL(initialized, ready()); + cluster_manager_->setInitializedCb([&]() -> void { initialized.ready(); }); + + EXPECT_CALL(factory_, allocateConnPool_(_)) + .Times(4) + .WillRepeatedly(ReturnNew()); + + // This should provide us a CP for each of the above hosts. + Http::ConnectionPool::MockInstance* cp1 = + dynamic_cast(cluster_manager_->httpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, Http::Protocol::Http11, nullptr)); + Http::ConnectionPool::MockInstance* cp2 = + dynamic_cast(cluster_manager_->httpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, Http::Protocol::Http11, nullptr)); + Http::ConnectionPool::MockInstance* cp1_high = + dynamic_cast(cluster_manager_->httpConnPoolForCluster( + "cluster_1", ResourcePriority::High, Http::Protocol::Http11, nullptr)); + Http::ConnectionPool::MockInstance* cp2_high = + dynamic_cast(cluster_manager_->httpConnPoolForCluster( + "cluster_1", ResourcePriority::High, Http::Protocol::Http11, nullptr)); + + EXPECT_NE(cp1, cp2); + EXPECT_NE(cp1_high, cp2_high); + EXPECT_NE(cp1, cp1_high); + + Http::ConnectionPool::Instance::DrainedCb drained_cb; + EXPECT_CALL(*cp1, addDrainedCallback(_)).WillOnce(SaveArg<0>(&drained_cb)); + Http::ConnectionPool::Instance::DrainedCb drained_cb_high; + EXPECT_CALL(*cp1_high, addDrainedCallback(_)).WillOnce(SaveArg<0>(&drained_cb_high)); + + EXPECT_CALL(factory_, allocateTcpConnPool_(_)) + .Times(8) + .WillRepeatedly(ReturnNew()); + + // This should provide us a CP for each of the above hosts, and for different SNIs + Tcp::ConnectionPool::MockInstance* tcp1 = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); + Tcp::ConnectionPool::MockInstance* tcp2 = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); + Tcp::ConnectionPool::MockInstance* tcp1_high = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::High, nullptr, absl::nullopt)); + Tcp::ConnectionPool::MockInstance* tcp2_high = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::High, nullptr, absl::nullopt)); + + Tcp::ConnectionPool::MockInstance* tcp1_example_com = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, nullptr, override_server_name_example_com)); + Tcp::ConnectionPool::MockInstance* tcp2_example_com = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, nullptr, override_server_name_example_com)); + + Tcp::ConnectionPool::MockInstance* tcp1_ibm_com = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, nullptr, override_server_name_ibm_com)); + Tcp::ConnectionPool::MockInstance* tcp2_ibm_com = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, nullptr, override_server_name_ibm_com)); + + EXPECT_NE(tcp1, tcp2); + EXPECT_NE(tcp1_high, tcp2_high); + EXPECT_NE(tcp1, tcp1_high); + + EXPECT_NE(tcp1_ibm_com, tcp2_ibm_com); + EXPECT_NE(tcp1_ibm_com, tcp1); + EXPECT_NE(tcp1_ibm_com, tcp2); + EXPECT_NE(tcp1_ibm_com, tcp1_high); + EXPECT_NE(tcp1_ibm_com, tcp2_high); + EXPECT_NE(tcp1_ibm_com, tcp1_example_com); + EXPECT_NE(tcp1_ibm_com, tcp2_example_com); + + EXPECT_NE(tcp2_ibm_com, tcp1); + EXPECT_NE(tcp2_ibm_com, tcp2); + EXPECT_NE(tcp2_ibm_com, tcp1_high); + EXPECT_NE(tcp2_ibm_com, tcp2_high); + EXPECT_NE(tcp2_ibm_com, tcp1_example_com); + EXPECT_NE(tcp2_ibm_com, tcp2_example_com); + + EXPECT_NE(tcp1_example_com, tcp1); + EXPECT_NE(tcp1_example_com, tcp2); + EXPECT_NE(tcp1_example_com, tcp1_high); + EXPECT_NE(tcp1_example_com, tcp2_high); + EXPECT_NE(tcp1_example_com, tcp2_example_com); + + EXPECT_NE(tcp2_example_com, tcp1); + EXPECT_NE(tcp2_example_com, tcp2); + EXPECT_NE(tcp2_example_com, tcp1_high); + EXPECT_NE(tcp2_example_com, tcp2_high); + + EXPECT_CALL(factory_.tls_.dispatcher_, deferredDelete_(_)).Times(6); + + Tcp::ConnectionPool::Instance::DrainedCb tcp_drained_cb; + EXPECT_CALL(*tcp1, addDrainedCallback(_)).WillOnce(SaveArg<0>(&tcp_drained_cb)); + Tcp::ConnectionPool::Instance::DrainedCb tcp_drained_cb_high; + EXPECT_CALL(*tcp1_high, addDrainedCallback(_)).WillOnce(SaveArg<0>(&tcp_drained_cb_high)); + + Tcp::ConnectionPool::Instance::DrainedCb tcp_drained_cb_example_com; + EXPECT_CALL(*tcp1_example_com, addDrainedCallback(_)) + .WillOnce(SaveArg<0>(&tcp_drained_cb_example_com)); + Tcp::ConnectionPool::Instance::DrainedCb tcp_drained_cb_ibm_com; + EXPECT_CALL(*tcp1_ibm_com, addDrainedCallback(_)).WillOnce(SaveArg<0>(&tcp_drained_cb_ibm_com)); + + // Remove the first host, this should lead to the first cp being drained. + dns_timer_->callback_(); + dns_callback(TestUtility::makeDnsResponse({"127.0.0.2"})); + drained_cb(); + drained_cb = nullptr; + tcp_drained_cb(); + tcp_drained_cb = nullptr; + drained_cb_high(); + drained_cb_high = nullptr; + tcp_drained_cb_high(); + tcp_drained_cb_high = nullptr; + tcp_drained_cb_example_com(); + tcp_drained_cb_example_com = nullptr; + tcp_drained_cb_ibm_com(); + tcp_drained_cb_ibm_com = nullptr; + + // Make sure we get back the same connection pool for the 2nd host as we did before the change. + Http::ConnectionPool::MockInstance* cp3 = + dynamic_cast(cluster_manager_->httpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, Http::Protocol::Http11, nullptr)); + Http::ConnectionPool::MockInstance* cp3_high = + dynamic_cast(cluster_manager_->httpConnPoolForCluster( + "cluster_1", ResourcePriority::High, Http::Protocol::Http11, nullptr)); + EXPECT_EQ(cp2, cp3); + EXPECT_EQ(cp2_high, cp3_high); + + Tcp::ConnectionPool::MockInstance* tcp3 = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); + Tcp::ConnectionPool::MockInstance* tcp3_high = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::High, nullptr, absl::nullopt)); + + Tcp::ConnectionPool::MockInstance* tcp3_example_com = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, nullptr, override_server_name_example_com)); + Tcp::ConnectionPool::MockInstance* tcp3_ibm_com = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, nullptr, override_server_name_ibm_com)); + EXPECT_EQ(tcp2, tcp3); EXPECT_EQ(tcp2_high, tcp3_high); + EXPECT_EQ(tcp2_example_com, tcp3_example_com); + EXPECT_EQ(tcp2_ibm_com, tcp3_ibm_com); + // Now add and remove a host that we never have a conn pool to. This should not lead to any // drain callbacks, etc. dns_timer_->callback_(); @@ -1588,8 +1828,9 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemoveDefaultPriority) { dynamic_cast(cluster_manager_->httpConnPoolForCluster( "cluster_1", ResourcePriority::Default, Http::Protocol::Http11, nullptr)); - Tcp::ConnectionPool::MockInstance* tcp = dynamic_cast( - cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, nullptr)); + Tcp::ConnectionPool::MockInstance* tcp = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); // Immediate drain, since this can happen with the HTTP codecs. EXPECT_CALL(*cp, addDrainedCallback(_)) @@ -1663,8 +1904,9 @@ TEST_F(ClusterManagerImplTest, ConnPoolDestroyWithDraining) { dynamic_cast(cluster_manager_->httpConnPoolForCluster( "cluster_1", ResourcePriority::Default, Http::Protocol::Http11, nullptr)); - Tcp::ConnectionPool::MockInstance* tcp = dynamic_cast( - cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, nullptr)); + Tcp::ConnectionPool::MockInstance* tcp = + dynamic_cast(cluster_manager_->tcpConnPoolForCluster( + "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); // Remove the first host, this should lead to the cp being drained. Http::ConnectionPool::Instance::DrainedCb drained_cb; @@ -1707,8 +1949,9 @@ TEST_F(ClusterManagerImplTest, OriginalDstInitialization) { EXPECT_EQ(nullptr, cluster_manager_->httpConnPoolForCluster( "cluster_1", ResourcePriority::Default, Http::Protocol::Http11, nullptr)); EXPECT_EQ(nullptr, cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, - nullptr)); - EXPECT_EQ(nullptr, cluster_manager_->tcpConnForCluster("cluster_1", nullptr).connection_); + nullptr, absl::nullopt)); + EXPECT_EQ(nullptr, + cluster_manager_->tcpConnForCluster("cluster_1", nullptr, absl::nullopt).connection_); EXPECT_EQ(3UL, factory_.stats_.counter("cluster.cluster_1.upstream_cx_none_healthy").value()); factory_.tls_.shutdownThread(); @@ -2208,7 +2451,7 @@ class SockoptsTest : public ClusterManagerImplTest { } return connection_; })); - cluster_manager_->tcpConnForCluster("SockoptsCluster", nullptr); + cluster_manager_->tcpConnForCluster("SockoptsCluster", nullptr, absl::nullopt); } void expectSetsockoptFreebind() { @@ -2227,7 +2470,7 @@ class SockoptsTest : public ClusterManagerImplTest { EXPECT_EQ(nullptr, options.get()); return connection_; })); - auto conn_data = cluster_manager_->tcpConnForCluster("SockoptsCluster", nullptr); + auto conn_data = cluster_manager_->tcpConnForCluster("SockoptsCluster", nullptr, absl::nullopt); EXPECT_EQ(connection_, conn_data.connection_.get()); } @@ -2414,7 +2657,7 @@ class TcpKeepaliveTest : public ClusterManagerImplTest { options, socket, envoy::api::v2::core::SocketOption::STATE_PREBIND))); return connection_; })); - cluster_manager_->tcpConnForCluster("TcpKeepaliveCluster", nullptr); + cluster_manager_->tcpConnForCluster("TcpKeepaliveCluster", nullptr, absl::nullopt); return; } NiceMock os_sys_calls; @@ -2466,7 +2709,8 @@ class TcpKeepaliveTest : public ClusterManagerImplTest { return 0; })); } - auto conn_data = cluster_manager_->tcpConnForCluster("TcpKeepaliveCluster", nullptr); + auto conn_data = + cluster_manager_->tcpConnForCluster("TcpKeepaliveCluster", nullptr, absl::nullopt); EXPECT_EQ(connection_, conn_data.connection_.get()); } @@ -2480,7 +2724,8 @@ class TcpKeepaliveTest : public ClusterManagerImplTest { EXPECT_EQ(nullptr, options.get()); return connection_; })); - auto conn_data = cluster_manager_->tcpConnForCluster("TcpKeepaliveCluster", nullptr); + auto conn_data = + cluster_manager_->tcpConnForCluster("TcpKeepaliveCluster", nullptr, absl::nullopt); EXPECT_EQ(connection_, conn_data.connection_.get()); } diff --git a/test/common/upstream/logical_dns_cluster_test.cc b/test/common/upstream/logical_dns_cluster_test.cc index 44bf2ebe260f1..8d3c1e408f501 100644 --- a/test/common/upstream/logical_dns_cluster_test.cc +++ b/test/common/upstream/logical_dns_cluster_test.cc @@ -116,7 +116,7 @@ class LogicalDnsClusterTest : public testing::Test { createClientConnection_( PointeesEq(Network::Utility::resolveUrl("tcp://127.0.0.1:443")), _, _, _)) .WillOnce(Return(new NiceMock())); - logical_host->createConnection(dispatcher_, nullptr); + logical_host->createConnection(dispatcher_, nullptr, absl::nullopt); logical_host->outlierDetector().putHttpResponseCode(200); expectResolve(Network::DnsLookupFamily::V4Only, expected_address); @@ -135,7 +135,8 @@ class LogicalDnsClusterTest : public testing::Test { createClientConnection_( PointeesEq(Network::Utility::resolveUrl("tcp://127.0.0.1:443")), _, _, _)) .WillOnce(Return(new NiceMock())); - Host::CreateConnectionData data = logical_host->createConnection(dispatcher_, nullptr); + Host::CreateConnectionData data = + logical_host->createConnection(dispatcher_, nullptr, absl::nullopt); EXPECT_FALSE(data.host_description_->canary()); EXPECT_EQ(&cluster_->prioritySet().hostSetsPerPriority()[0]->hosts()[0]->cluster(), &data.host_description_->cluster()); @@ -167,7 +168,7 @@ class LogicalDnsClusterTest : public testing::Test { createClientConnection_( PointeesEq(Network::Utility::resolveUrl("tcp://127.0.0.3:443")), _, _, _)) .WillOnce(Return(new NiceMock())); - logical_host->createConnection(dispatcher_, nullptr); + logical_host->createConnection(dispatcher_, nullptr, absl::nullopt); expectResolve(Network::DnsLookupFamily::V4Only, expected_address); resolve_timer_->callback_(); @@ -181,7 +182,7 @@ class LogicalDnsClusterTest : public testing::Test { createClientConnection_( PointeesEq(Network::Utility::resolveUrl("tcp://127.0.0.3:443")), _, _, _)) .WillOnce(Return(new NiceMock())); - logical_host->createConnection(dispatcher_, nullptr); + logical_host->createConnection(dispatcher_, nullptr, absl::nullopt); // Make sure we cancel. EXPECT_CALL(active_dns_query_, cancel()); diff --git a/test/common/upstream/original_dst_cluster_test.cc b/test/common/upstream/original_dst_cluster_test.cc index 8659d3d10494e..ea613f08655f0 100644 --- a/test/common/upstream/original_dst_cluster_test.cc +++ b/test/common/upstream/original_dst_cluster_test.cc @@ -428,7 +428,7 @@ TEST_F(OriginalDstClusterTest, Connection) { EXPECT_CALL(dispatcher_, createClientConnection_(PointeesEq(connection.local_address_), _, _, _)) .WillOnce(Return(new NiceMock())); - host->createConnection(dispatcher_, nullptr); + host->createConnection(dispatcher_, nullptr, absl::nullopt); } TEST_F(OriginalDstClusterTest, MultipleClusters) { diff --git a/test/extensions/filters/network/thrift_proxy/router_test.cc b/test/extensions/filters/network/thrift_proxy/router_test.cc index d35809d97f678..3566e96809e8e 100644 --- a/test/extensions/filters/network/thrift_proxy/router_test.cc +++ b/test/extensions/filters/network/thrift_proxy/router_test.cc @@ -483,7 +483,7 @@ TEST_F(ThriftRouterTest, NoHealthyHosts) { EXPECT_CALL(callbacks_, route()).WillOnce(Return(route_ptr_)); EXPECT_CALL(*route_, routeEntry()).WillOnce(Return(&route_entry_)); EXPECT_CALL(route_entry_, clusterName()).WillRepeatedly(ReturnRef(cluster_name_)); - EXPECT_CALL(context_.cluster_manager_, tcpConnPoolForCluster(cluster_name_, _, _)) + EXPECT_CALL(context_.cluster_manager_, tcpConnPoolForCluster(cluster_name_, _, _, _)) .WillOnce(Return(nullptr)); EXPECT_CALL(callbacks_, sendLocalReply(_, _)) diff --git a/test/extensions/transport_sockets/alts/alts_integration_test.cc b/test/extensions/transport_sockets/alts/alts_integration_test.cc index ca7603f278a4b..b12d845c6cbf4 100644 --- a/test/extensions/transport_sockets/alts/alts_integration_test.cc +++ b/test/extensions/transport_sockets/alts/alts_integration_test.cc @@ -98,7 +98,8 @@ class AltsIntegrationTestBase : public HttpIntegrationTest, Network::ClientConnectionPtr makeAltsConnection() { Network::Address::InstanceConstSharedPtr address = getAddress(version_, lookupPort("http")); return dispatcher_->createClientConnection(address, Network::Address::InstanceConstSharedPtr(), - client_alts_->createTransportSocket(), nullptr); + client_alts_->createTransportSocket(absl::nullopt), + nullptr); } std::string fakeHandshakerServerAddress(bool connect_to_handshaker) { diff --git a/test/extensions/transport_sockets/alts/tsi_socket_test.cc b/test/extensions/transport_sockets/alts/tsi_socket_test.cc index 3a443115d7160..1c94d6182a819 100644 --- a/test/extensions/transport_sockets/alts/tsi_socket_test.cc +++ b/test/extensions/transport_sockets/alts/tsi_socket_test.cc @@ -399,7 +399,7 @@ class TsiSocketFactoryTest : public testing::Test { }; TEST_F(TsiSocketFactoryTest, CreateTransportSocket) { - EXPECT_NE(nullptr, socket_factory_->createTransportSocket()); + EXPECT_NE(nullptr, socket_factory_->createTransportSocket(absl::nullopt)); } TEST_F(TsiSocketFactoryTest, ImplementsSecureTransport) { diff --git a/test/integration/sds_dynamic_integration_test.cc b/test/integration/sds_dynamic_integration_test.cc index 40b51f26e5ab1..70e822c46ddb0 100644 --- a/test/integration/sds_dynamic_integration_test.cc +++ b/test/integration/sds_dynamic_integration_test.cc @@ -193,8 +193,9 @@ class SdsDynamicDownstreamIntegrationTest : public SdsDynamicIntegrationBaseTest Network::ClientConnectionPtr makeSslClientConnection() { Network::Address::InstanceConstSharedPtr address = getSslAddress(version_, lookupPort("http")); - return dispatcher_->createClientConnection(address, Network::Address::InstanceConstSharedPtr(), - client_ssl_ctx_->createTransportSocket(), nullptr); + return dispatcher_->createClientConnection( + address, Network::Address::InstanceConstSharedPtr(), + client_ssl_ctx_->createTransportSocket(absl::nullopt), nullptr); } protected: diff --git a/test/integration/sds_static_integration_test.cc b/test/integration/sds_static_integration_test.cc index e2b39c3cb8e1d..b5e3dedf22ccb 100644 --- a/test/integration/sds_static_integration_test.cc +++ b/test/integration/sds_static_integration_test.cc @@ -85,8 +85,9 @@ class SdsStaticDownstreamIntegrationTest Network::ClientConnectionPtr makeSslClientConnection() { Network::Address::InstanceConstSharedPtr address = getSslAddress(version_, lookupPort("http")); - return dispatcher_->createClientConnection(address, Network::Address::InstanceConstSharedPtr(), - client_ssl_ctx_->createTransportSocket(), nullptr); + return dispatcher_->createClientConnection( + address, Network::Address::InstanceConstSharedPtr(), + client_ssl_ctx_->createTransportSocket(absl::nullopt), nullptr); } private: diff --git a/test/integration/ssl_integration_test.cc b/test/integration/ssl_integration_test.cc index 4fac5833b27d9..6f831c825936d 100644 --- a/test/integration/ssl_integration_test.cc +++ b/test/integration/ssl_integration_test.cc @@ -55,14 +55,15 @@ Network::ClientConnectionPtr SslIntegrationTest::makeSslClientConnection(bool al if (alpn) { return dispatcher_->createClientConnection( address, Network::Address::InstanceConstSharedPtr(), - san ? client_ssl_ctx_alpn_san_->createTransportSocket() - : client_ssl_ctx_alpn_->createTransportSocket(), + san ? client_ssl_ctx_alpn_san_->createTransportSocket(absl::nullopt) + : client_ssl_ctx_alpn_->createTransportSocket(absl::nullopt), nullptr); } else { - return dispatcher_->createClientConnection(address, Network::Address::InstanceConstSharedPtr(), - san ? client_ssl_ctx_san_->createTransportSocket() - : client_ssl_ctx_plain_->createTransportSocket(), - nullptr); + return dispatcher_->createClientConnection( + address, Network::Address::InstanceConstSharedPtr(), + san ? client_ssl_ctx_san_->createTransportSocket(absl::nullopt) + : client_ssl_ctx_plain_->createTransportSocket(absl::nullopt), + nullptr); } } diff --git a/test/integration/tcp_conn_pool_integration_test.cc b/test/integration/tcp_conn_pool_integration_test.cc index e4905962c959f..4932b8c21d30b 100644 --- a/test/integration/tcp_conn_pool_integration_test.cc +++ b/test/integration/tcp_conn_pool_integration_test.cc @@ -26,7 +26,7 @@ class TestFilter : public Network::ReadFilter { UNREFERENCED_PARAMETER(end_stream); Tcp::ConnectionPool::Instance* pool = cluster_manager_.tcpConnPoolForCluster( - "cluster_0", Upstream::ResourcePriority::Default, nullptr); + "cluster_0", Upstream::ResourcePriority::Default, nullptr, absl::nullopt); ASSERT(pool != nullptr); requests_.emplace_back(*this, data); diff --git a/test/integration/tcp_proxy_integration_test.cc b/test/integration/tcp_proxy_integration_test.cc index 23fc78173d849..ae8a634c6a2fd 100644 --- a/test/integration/tcp_proxy_integration_test.cc +++ b/test/integration/tcp_proxy_integration_test.cc @@ -392,7 +392,7 @@ void TcpProxySslIntegrationTest::setupConnections() { context_ = Ssl::createClientSslTransportSocketFactory(false, false, *context_manager_); ssl_client_ = dispatcher_->createClientConnection(address, Network::Address::InstanceConstSharedPtr(), - context_->createTransportSocket(), nullptr); + context_->createTransportSocket(absl::nullopt), nullptr); // Perform the SSL handshake. Loopback is whitelisted in tcp_proxy.json for the ssl_auth // filter so there will be no pause waiting on auth data. diff --git a/test/integration/xfcc_integration_test.cc b/test/integration/xfcc_integration_test.cc index ce919d7bae0f4..17fce9347ac08 100644 --- a/test/integration/xfcc_integration_test.cc +++ b/test/integration/xfcc_integration_test.cc @@ -94,9 +94,9 @@ Network::ClientConnectionPtr XfccIntegrationTest::makeMtlsClientConnection() { Network::Address::InstanceConstSharedPtr address = Network::Utility::resolveUrl("tcp://" + Network::Test::getLoopbackAddressUrlString(version_) + ":" + std::to_string(lookupPort("http"))); - return dispatcher_->createClientConnection(address, Network::Address::InstanceConstSharedPtr(), - client_mtls_ssl_ctx_->createTransportSocket(), - nullptr); + return dispatcher_->createClientConnection( + address, Network::Address::InstanceConstSharedPtr(), + client_mtls_ssl_ctx_->createTransportSocket(absl::nullopt), nullptr); } void XfccIntegrationTest::createUpstreams() { diff --git a/test/mocks/network/mocks.h b/test/mocks/network/mocks.h index cb9266211d6cc..ef0d523c0c48c 100644 --- a/test/mocks/network/mocks.h +++ b/test/mocks/network/mocks.h @@ -462,7 +462,7 @@ class MockTransportSocketFactory : public TransportSocketFactory { ~MockTransportSocketFactory(); MOCK_CONST_METHOD0(implementsSecureTransport, bool()); - MOCK_CONST_METHOD0(createTransportSocket, TransportSocketPtr()); + MOCK_CONST_METHOD1(createTransportSocket, TransportSocketPtr(absl::optional)); }; class MockTransportSocketCallbacks : public TransportSocketCallbacks { diff --git a/test/mocks/stream_info/mocks.cc b/test/mocks/stream_info/mocks.cc index 04861ceae97ee..b8a15b15b466a 100644 --- a/test/mocks/stream_info/mocks.cc +++ b/test/mocks/stream_info/mocks.cc @@ -6,6 +6,7 @@ #include "gtest/gtest.h" using testing::_; +using testing::Const; using testing::Invoke; using testing::Return; using testing::ReturnPointee; @@ -65,6 +66,7 @@ MockStreamInfo::MockStreamInfo() ON_CALL(*this, bytesSent()).WillByDefault(ReturnPointee(&bytes_sent_)); ON_CALL(*this, dynamicMetadata()).WillByDefault(ReturnRef(metadata_)); ON_CALL(*this, filterState()).WillByDefault(ReturnRef(filter_state_)); + ON_CALL(Const(*this), filterState()).WillByDefault(ReturnRef(filter_state_)); ON_CALL(*this, setRequestedServerName(_)) .WillByDefault(Invoke([this](const absl::string_view requested_server_name) { requested_server_name_ = std::string(requested_server_name); diff --git a/test/mocks/upstream/host.h b/test/mocks/upstream/host.h index b62a9e1aa4a22..9a5a505331c74 100644 --- a/test/mocks/upstream/host.h +++ b/test/mocks/upstream/host.h @@ -108,9 +108,9 @@ class MockHost : public Host { MockHost(); ~MockHost(); - CreateConnectionData - createConnection(Event::Dispatcher& dispatcher, - const Network::ConnectionSocket::OptionsSharedPtr& options) const override { + CreateConnectionData createConnection(Event::Dispatcher& dispatcher, + const Network::ConnectionSocket::OptionsSharedPtr& options, + absl::optional) const override { MockCreateConnectionData data = createConnection_(dispatcher, options); return {Network::ClientConnectionPtr{data.connection_}, data.host_description_}; } diff --git a/test/mocks/upstream/mocks.cc b/test/mocks/upstream/mocks.cc index f3d13cabb6aab..beabb3d66868c 100644 --- a/test/mocks/upstream/mocks.cc +++ b/test/mocks/upstream/mocks.cc @@ -104,7 +104,7 @@ MockClusterManager::MockClusterManager(TimeSource&) : MockClusterManager() {} MockClusterManager::MockClusterManager() { ON_CALL(*this, httpConnPoolForCluster(_, _, _, _)).WillByDefault(Return(&conn_pool_)); - ON_CALL(*this, tcpConnPoolForCluster(_, _, _)).WillByDefault(Return(&tcp_conn_pool_)); + ON_CALL(*this, tcpConnPoolForCluster(_, _, _, _)).WillByDefault(Return(&tcp_conn_pool_)); ON_CALL(*this, httpAsyncClientForCluster(_)).WillByDefault(ReturnRef(async_client_)); ON_CALL(*this, httpAsyncClientForCluster(_)).WillByDefault((ReturnRef(async_client_))); ON_CALL(*this, bindConfig()).WillByDefault(ReturnRef(bind_config_)); diff --git a/test/mocks/upstream/mocks.h b/test/mocks/upstream/mocks.h index 458d3b7cab65e..1c14466e18ac8 100644 --- a/test/mocks/upstream/mocks.h +++ b/test/mocks/upstream/mocks.h @@ -213,11 +213,11 @@ class MockClusterManagerFactory : public ClusterManagerFactory { ResourcePriority priority, Http::Protocol protocol, const Network::ConnectionSocket::OptionsSharedPtr& options)); - MOCK_METHOD4( - allocateTcpConnPool, - Tcp::ConnectionPool::InstancePtr(Event::Dispatcher& dispatcher, HostConstSharedPtr host, - ResourcePriority priority, - const Network::ConnectionSocket::OptionsSharedPtr& options)); + MOCK_METHOD5(allocateTcpConnPool, Tcp::ConnectionPool::InstancePtr( + Event::Dispatcher& dispatcher, HostConstSharedPtr host, + ResourcePriority priority, + const Network::ConnectionSocket::OptionsSharedPtr& options, + absl::optional)); MOCK_METHOD5(clusterFromProto, ClusterSharedPtr(const envoy::api::v2::Cluster& cluster, ClusterManager& cm, @@ -251,7 +251,8 @@ class MockClusterManager : public ClusterManager { } Host::CreateConnectionData tcpConnForCluster(const std::string& cluster, - LoadBalancerContext* context) override { + LoadBalancerContext* context, + absl::optional) override { MockHost::MockCreateConnectionData data = tcpConnForCluster_(cluster, context); return {Network::ClientConnectionPtr{data.connection_}, data.host_description_}; } @@ -268,9 +269,10 @@ class MockClusterManager : public ClusterManager { Http::ConnectionPool::Instance*(const std::string& cluster, ResourcePriority priority, Http::Protocol protocol, LoadBalancerContext* context)); - MOCK_METHOD3(tcpConnPoolForCluster, + MOCK_METHOD4(tcpConnPoolForCluster, Tcp::ConnectionPool::Instance*(const std::string& cluster, ResourcePriority priority, - LoadBalancerContext* context)); + LoadBalancerContext* context, + absl::optional override_server_name)); MOCK_METHOD2(tcpConnForCluster_, MockHost::MockCreateConnectionData(const std::string& cluster, LoadBalancerContext* context)); diff --git a/test/server/config_validation/cluster_manager_test.cc b/test/server/config_validation/cluster_manager_test.cc index f2a075723b931..c014a3a25be64 100644 --- a/test/server/config_validation/cluster_manager_test.cc +++ b/test/server/config_validation/cluster_manager_test.cc @@ -44,7 +44,8 @@ TEST(ValidationClusterManagerTest, MockedMethods) { bootstrap, stats, tls, runtime, random, local_info, log_manager, admin); EXPECT_EQ(nullptr, cluster_manager->httpConnPoolForCluster("cluster", ResourcePriority::Default, Http::Protocol::Http11, nullptr)); - Host::CreateConnectionData data = cluster_manager->tcpConnForCluster("cluster", nullptr); + Host::CreateConnectionData data = + cluster_manager->tcpConnForCluster("cluster", nullptr, absl::nullopt); EXPECT_EQ(nullptr, data.connection_); EXPECT_EQ(nullptr, data.host_description_); diff --git a/test/server/listener_manager_impl_test.cc b/test/server/listener_manager_impl_test.cc index ccef9c9cb77e0..3ac4f37a96ef6 100644 --- a/test/server/listener_manager_impl_test.cc +++ b/test/server/listener_manager_impl_test.cc @@ -1140,7 +1140,8 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, SingleFilterChainWithDestinationP filter_chain = findFilterChain(8080, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + auto transport_socket = + filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1182,7 +1183,8 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, SingleFilterChainWithDestinationI filter_chain = findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + auto transport_socket = + filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1230,7 +1232,8 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, SingleFilterChainWithServerNamesM findFilterChain(1234, true, "127.0.0.1", true, "server1.example.com", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + auto transport_socket = + filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1269,7 +1272,8 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, SingleFilterChainWithTransportPro filter_chain = findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + auto transport_socket = + filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1308,7 +1312,8 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, SingleFilterChainWithApplicationP findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {"h2", "http/1.1"}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + auto transport_socket = + filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1356,7 +1361,8 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati auto filter_chain = findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + auto transport_socket = + filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); auto ssl_socket = dynamic_cast(transport_socket.get()); auto uri = ssl_socket->uriSanLocalCertificate(); EXPECT_EQ(uri, "spiffe://lyft.com/test-team"); @@ -1365,7 +1371,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati filter_chain = findFilterChain(8080, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1375,7 +1381,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati filter_chain = findFilterChain(8081, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); ssl_socket = dynamic_cast(transport_socket.get()); server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 2); @@ -1385,7 +1391,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati filter_chain = findFilterChain(0, true, "/tmp/test.sock", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); ssl_socket = dynamic_cast(transport_socket.get()); uri = ssl_socket->uriSanLocalCertificate(); EXPECT_EQ(uri, "spiffe://lyft.com/test-team"); @@ -1432,7 +1438,8 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati auto filter_chain = findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + auto transport_socket = + filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); auto ssl_socket = dynamic_cast(transport_socket.get()); auto uri = ssl_socket->uriSanLocalCertificate(); EXPECT_EQ(uri, "spiffe://lyft.com/test-team"); @@ -1441,7 +1448,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati filter_chain = findFilterChain(1234, true, "192.168.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1451,7 +1458,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati filter_chain = findFilterChain(1234, true, "192.168.1.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); ssl_socket = dynamic_cast(transport_socket.get()); server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 2); @@ -1461,7 +1468,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati filter_chain = findFilterChain(0, true, "/tmp/test.sock", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); ssl_socket = dynamic_cast(transport_socket.get()); uri = ssl_socket->uriSanLocalCertificate(); EXPECT_EQ(uri, "spiffe://lyft.com/test-team"); @@ -1517,7 +1524,8 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithServerNam auto filter_chain = findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + auto transport_socket = + filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); auto ssl_socket = dynamic_cast(transport_socket.get()); auto uri = ssl_socket->uriSanLocalCertificate(); EXPECT_EQ(uri, "spiffe://lyft.com/test-team"); @@ -1527,7 +1535,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithServerNam findFilterChain(1234, true, "127.0.0.1", true, "server1.example.com", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1538,7 +1546,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithServerNam findFilterChain(1234, true, "127.0.0.1", true, "server2.example.com", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); ssl_socket = dynamic_cast(transport_socket.get()); server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 2); @@ -1549,7 +1557,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithServerNam findFilterChain(1234, true, "127.0.0.1", true, "www.wildcard.com", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); ssl_socket = dynamic_cast(transport_socket.get()); server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 2); @@ -1591,7 +1599,8 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithTransport filter_chain = findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + auto transport_socket = + filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1633,7 +1642,8 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithApplicati findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {"h2", "http/1.1"}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + auto transport_socket = + filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1688,7 +1698,8 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithMultipleR true, {"h2", "http/1.1"}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(); + auto transport_socket = + filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); From ab66f425940d28e605b03fe8b21b4fcf35ac89a9 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Wed, 7 Nov 2018 14:35:15 +0200 Subject: [PATCH 03/37] replace override_server_name with TransportSocketOptions Signed-off-by: Vadim Eisenberg --- include/envoy/network/transport_socket.h | 18 +- include/envoy/upstream/cluster_manager.h | 6 +- include/envoy/upstream/upstream.h | 2 +- source/common/http/http1/conn_pool.cc | 2 +- source/common/http/http2/conn_pool.cc | 2 +- source/common/network/BUILD | 9 + source/common/network/raw_buffer_socket.cc | 2 +- source/common/network/raw_buffer_socket.h | 3 +- .../network/transport_socket_options_impl.cc | 20 ++ .../network/transport_socket_options_impl.h | 19 ++ source/common/ssl/ssl_socket.cc | 15 +- source/common/ssl/ssl_socket.h | 6 +- source/common/tcp/conn_pool.cc | 6 +- source/common/tcp/conn_pool.h | 4 +- source/common/tcp_proxy/BUILD | 1 + source/common/tcp_proxy/tcp_proxy.cc | 8 +- .../common/upstream/cluster_manager_impl.cc | 28 ++- source/common/upstream/cluster_manager_impl.h | 12 +- source/common/upstream/logical_dns_cluster.cc | 4 +- source/common/upstream/logical_dns_cluster.h | 2 +- source/common/upstream/upstream_impl.cc | 10 +- source/common/upstream/upstream_impl.h | 4 +- .../network/redis_proxy/conn_pool_impl.cc | 2 +- .../thrift_proxy/router/router_impl.cc | 2 +- .../stat_sinks/common/statsd/statsd.cc | 4 +- .../transport_sockets/alts/tsi_socket.cc | 2 +- .../transport_sockets/alts/tsi_socket.h | 2 +- .../transport_sockets/capture/capture.cc | 8 +- .../transport_sockets/capture/capture.h | 2 +- .../config_validation/cluster_manager.cc | 2 +- .../config_validation/cluster_manager.h | 2 +- source/server/connection_handler_impl.cc | 3 +- .../grpc_client_integration_test_harness.h | 2 +- test/common/ssl/BUILD | 1 + test/common/ssl/ssl_socket_test.cc | 192 +++++++++--------- test/common/tcp/conn_pool_test.cc | 4 +- test/common/tcp_proxy/BUILD | 1 + test/common/tcp_proxy/tcp_proxy_test.cc | 28 +-- test/common/upstream/BUILD | 1 + .../upstream/cluster_manager_impl_test.cc | 119 +++++------ .../upstream/original_dst_cluster_test.cc | 2 +- .../alts/alts_integration_test.cc | 2 +- .../transport_sockets/alts/tsi_socket_test.cc | 2 +- .../sds_dynamic_integration_test.cc | 6 +- .../sds_static_integration_test.cc | 6 +- test/integration/ssl_integration_test.cc | 8 +- .../integration/tcp_proxy_integration_test.cc | 2 +- test/integration/xfcc_integration_test.cc | 6 +- test/mocks/network/mocks.h | 2 +- test/mocks/upstream/host.h | 2 +- test/mocks/upstream/mocks.h | 13 +- .../config_validation/cluster_manager_test.cc | 3 +- test/server/listener_manager_impl_test.cc | 51 ++--- 53 files changed, 362 insertions(+), 303 deletions(-) create mode 100644 source/common/network/transport_socket_options_impl.cc create mode 100644 source/common/network/transport_socket_options_impl.h diff --git a/include/envoy/network/transport_socket.h b/include/envoy/network/transport_socket.h index b6bbdedbb65df..75d3bcec060ae 100644 --- a/include/envoy/network/transport_socket.h +++ b/include/envoy/network/transport_socket.h @@ -138,6 +138,19 @@ class TransportSocket { typedef std::unique_ptr TransportSocketPtr; +/** + * Options for creating transport sockets. + */ +class TransportSocketOptions { +public: + virtual ~TransportSocketOptions() {} + virtual absl::optional overrideServerName() const PURE; + virtual void hashKey(std::vector& key) const PURE; +}; + +typedef std::shared_ptr + TransportSocketOptionsSharedPtr; + /** * A factory for creating transport socket. It will be associated to filter chains and clusters. */ @@ -151,12 +164,11 @@ class TransportSocketFactory { virtual bool implementsSecureTransport() const PURE; /** - * @param override_server_name set server name, disregard the value the factory was - * configured with + * @param options for creating the transport socket * @return Network::TransportSocketPtr a transport socket to be passed to connection. */ virtual TransportSocketPtr - createTransportSocket(absl::optional override_server_name) const PURE; + createTransportSocket(TransportSocketOptionsSharedPtr options) const PURE; }; typedef std::unique_ptr TransportSocketFactoryPtr; diff --git a/include/envoy/upstream/cluster_manager.h b/include/envoy/upstream/cluster_manager.h index 58d2cf2c5b3e8..78392bb818c6d 100644 --- a/include/envoy/upstream/cluster_manager.h +++ b/include/envoy/upstream/cluster_manager.h @@ -134,7 +134,7 @@ class ClusterManager { virtual Tcp::ConnectionPool::Instance* tcpConnPoolForCluster(const std::string& cluster, ResourcePriority priority, LoadBalancerContext* context, - absl::optional override_server_name) PURE; + Network::TransportSocketOptionsSharedPtr transport_socket_options) PURE; /** * Allocate a load balanced TCP connection for a cluster. The created connection is already @@ -146,7 +146,7 @@ class ClusterManager { */ virtual Host::CreateConnectionData tcpConnForCluster(const std::string& cluster, LoadBalancerContext* context, - absl::optional override_server_name) PURE; + Network::TransportSocketOptionsSharedPtr transport_socket_options) PURE; /** * Returns a client that can be used to make async HTTP calls against the given cluster. The @@ -274,7 +274,7 @@ class ClusterManagerFactory { allocateTcpConnPool(Event::Dispatcher& dispatcher, HostConstSharedPtr host, ResourcePriority priority, const Network::ConnectionSocket::OptionsSharedPtr& options, - absl::optional override_server_name) PURE; + Network::TransportSocketOptionsSharedPtr transport_socket_options) PURE; /** * Allocate a cluster from configuration proto. diff --git a/include/envoy/upstream/upstream.h b/include/envoy/upstream/upstream.h index 3294918faf890..b42e465ff9559 100644 --- a/include/envoy/upstream/upstream.h +++ b/include/envoy/upstream/upstream.h @@ -74,7 +74,7 @@ class Host : virtual public HostDescription { virtual CreateConnectionData createConnection(Event::Dispatcher& dispatcher, const Network::ConnectionSocket::OptionsSharedPtr& options, - absl::optional override_server_name) const PURE; + Network::TransportSocketOptionsSharedPtr transport_socket_options) const PURE; /** * Create a health check connection for this host. diff --git a/source/common/http/http1/conn_pool.cc b/source/common/http/http1/conn_pool.cc index 25438920d8d8e..c3745adc9c0ce 100644 --- a/source/common/http/http1/conn_pool.cc +++ b/source/common/http/http1/conn_pool.cc @@ -316,7 +316,7 @@ ConnPoolImpl::ActiveClient::ActiveClient(ConnPoolImpl& parent) parent_.conn_connect_ms_ = std::make_unique( parent_.host_->cluster().stats().upstream_cx_connect_ms_, parent_.dispatcher_.timeSystem()); Upstream::Host::CreateConnectionData data = - parent_.host_->createConnection(parent_.dispatcher_, parent_.socket_options_, absl::nullopt); + parent_.host_->createConnection(parent_.dispatcher_, parent_.socket_options_, nullptr); real_host_description_ = data.host_description_; codec_client_ = parent_.createCodecClient(data); codec_client_->addConnectionCallbacks(*this); diff --git a/source/common/http/http2/conn_pool.cc b/source/common/http/http2/conn_pool.cc index abaa8b7821e7e..716a81e144b30 100644 --- a/source/common/http/http2/conn_pool.cc +++ b/source/common/http/http2/conn_pool.cc @@ -223,7 +223,7 @@ ConnPoolImpl::ActiveClient::ActiveClient(ConnPoolImpl& parent) parent_.conn_connect_ms_ = std::make_unique( parent_.host_->cluster().stats().upstream_cx_connect_ms_, parent_.dispatcher_.timeSystem()); Upstream::Host::CreateConnectionData data = - parent_.host_->createConnection(parent_.dispatcher_, parent_.socket_options_, absl::nullopt); + parent_.host_->createConnection(parent_.dispatcher_, parent_.socket_options_, nullptr); real_host_description_ = data.host_description_; client_ = parent_.createCodecClient(data); client_->addConnectionCallbacks(*this); diff --git a/source/common/network/BUILD b/source/common/network/BUILD index fcb0f6c7d6e81..feb4beecee540 100644 --- a/source/common/network/BUILD +++ b/source/common/network/BUILD @@ -240,3 +240,12 @@ envoy_cc_library( "@envoy_api//envoy/api/v2/core:base_cc", ], ) + +envoy_cc_library( + name = "transport_socket_options_lib", + srcs = ["transport_socket_options_impl.cc"], + hdrs = ["transport_socket_options_impl.h"], + deps = [ + "//include/envoy/network:transport_socket_interface", + ], +) diff --git a/source/common/network/raw_buffer_socket.cc b/source/common/network/raw_buffer_socket.cc index fcb1273676170..1d5f2fb240d51 100644 --- a/source/common/network/raw_buffer_socket.cc +++ b/source/common/network/raw_buffer_socket.cc @@ -83,7 +83,7 @@ std::string RawBufferSocket::protocol() const { return EMPTY_STRING; } void RawBufferSocket::onConnected() { callbacks_->raiseEvent(ConnectionEvent::Connected); } TransportSocketPtr -RawBufferSocketFactory::createTransportSocket(absl::optional) const { +RawBufferSocketFactory::createTransportSocket(TransportSocketOptionsSharedPtr) const { return std::make_unique(); } diff --git a/source/common/network/raw_buffer_socket.h b/source/common/network/raw_buffer_socket.h index c943d3e1da661..aeb48825e949f 100644 --- a/source/common/network/raw_buffer_socket.h +++ b/source/common/network/raw_buffer_socket.h @@ -29,8 +29,7 @@ class RawBufferSocket : public TransportSocket, protected Logger::Loggable override_server_name) const override; + TransportSocketPtr createTransportSocket(TransportSocketOptionsSharedPtr options) const override; bool implementsSecureTransport() const override; }; diff --git a/source/common/network/transport_socket_options_impl.cc b/source/common/network/transport_socket_options_impl.cc new file mode 100644 index 0000000000000..59ddcd3783e25 --- /dev/null +++ b/source/common/network/transport_socket_options_impl.cc @@ -0,0 +1,20 @@ +#include "common/network/transport_socket_options_impl.h" + +namespace Envoy { +namespace Network { +TransportSocketOptionsImpl::TransportSocketOptionsImpl(std::string override_server_name) { + if (!override_server_name.empty()) { + override_server_name_ = override_server_name; + } +} + +void TransportSocketOptionsImpl::hashKey(std::vector& key) const { + if (!override_server_name_.has_value()) { + return; + } + + std::hash hash_function; + key.push_back(hash_function(override_server_name_.value())); +} +} // namespace Network +} // namespace Envoy diff --git a/source/common/network/transport_socket_options_impl.h b/source/common/network/transport_socket_options_impl.h new file mode 100644 index 0000000000000..660385e0b6f62 --- /dev/null +++ b/source/common/network/transport_socket_options_impl.h @@ -0,0 +1,19 @@ +#pragma once + +#include "envoy/network/transport_socket.h" + +namespace Envoy { +namespace Network { + +class TransportSocketOptionsImpl : public TransportSocketOptions { +public: + TransportSocketOptionsImpl(std::string override_server_name = ""); + absl::optional overrideServerName() const override { return override_server_name_; } + void hashKey(std::vector& key) const override; + +private: + absl::optional override_server_name_; +}; + +} // namespace Network +} // namespace Envoy diff --git a/source/common/ssl/ssl_socket.cc b/source/common/ssl/ssl_socket.cc index 235b618bc55bc..fe247373a3201 100644 --- a/source/common/ssl/ssl_socket.cc +++ b/source/common/ssl/ssl_socket.cc @@ -36,8 +36,11 @@ class NotReadySslSocket : public Network::TransportSocket { } // namespace SslSocket::SslSocket(ContextSharedPtr ctx, InitialState state, - absl::optional override_server_name) - : ctx_(std::dynamic_pointer_cast(ctx)), ssl_(ctx_->newSsl(override_server_name)) { + Network::TransportSocketOptionsSharedPtr transport_socket_options) + : ctx_(std::dynamic_pointer_cast(ctx)), + ssl_(ctx_->newSsl(transport_socket_options != nullptr + ? transport_socket_options->overrideServerName() + : absl::nullopt)) { if (state == InitialState::Client) { SSL_set_connect_state(ssl_.get()); } else { @@ -372,7 +375,7 @@ ClientSslSocketFactory::ClientSslSocketFactory(ClientContextConfigPtr config, } Network::TransportSocketPtr ClientSslSocketFactory::createTransportSocket( - absl::optional override_server_name) const { + Network::TransportSocketOptionsSharedPtr transport_socket_options) const { // onAddOrUpdateSecret() could be invoked in the middle of checking the existence of ssl_ctx and // creating SslSocket using ssl_ctx. Capture ssl_ctx_ into a local variable so that we check and // use the same ssl_ctx to create SslSocket. @@ -383,7 +386,7 @@ Network::TransportSocketPtr ClientSslSocketFactory::createTransportSocket( } if (ssl_ctx) { return std::make_unique(std::move(ssl_ctx), Ssl::InitialState::Client, - override_server_name); + transport_socket_options); } else { ENVOY_LOG(debug, "Create NotReadySslSocket"); stats_.upstream_context_secrets_not_ready_.inc(); @@ -413,7 +416,7 @@ ServerSslSocketFactory::ServerSslSocketFactory(ServerContextConfigPtr config, } Network::TransportSocketPtr -ServerSslSocketFactory::createTransportSocket(absl::optional) const { +ServerSslSocketFactory::createTransportSocket(Network::TransportSocketOptionsSharedPtr) const { // onAddOrUpdateSecret() could be invoked in the middle of checking the existence of ssl_ctx and // creating SslSocket using ssl_ctx. Capture ssl_ctx_ into a local variable so that we check and // use the same ssl_ctx to create SslSocket. @@ -424,7 +427,7 @@ ServerSslSocketFactory::createTransportSocket(absl::optional) const } if (ssl_ctx) { return std::make_unique(std::move(ssl_ctx), Ssl::InitialState::Server, - absl::nullopt); + nullptr); } else { ENVOY_LOG(debug, "Create NotReadySslSocket"); stats_.downstream_context_secrets_not_ready_.inc(); diff --git a/source/common/ssl/ssl_socket.h b/source/common/ssl/ssl_socket.h index bf43cd493545b..ef219e604dd5c 100644 --- a/source/common/ssl/ssl_socket.h +++ b/source/common/ssl/ssl_socket.h @@ -40,7 +40,7 @@ class SslSocket : public Network::TransportSocket, protected Logger::Loggable { public: SslSocket(ContextSharedPtr ctx, InitialState state, - absl::optional override_server_name); + Network::TransportSocketOptionsSharedPtr transport_socket_options); // Ssl::Connection bool peerCertificatePresented() const override; @@ -89,7 +89,7 @@ class ClientSslSocketFactory : public Network::TransportSocketFactory, Stats::Scope& stats_scope); Network::TransportSocketPtr - createTransportSocket(absl::optional override_server_name) const override; + createTransportSocket(Network::TransportSocketOptionsSharedPtr options) const override; bool implementsSecureTransport() const override; // Secret::SecretCallbacks @@ -112,7 +112,7 @@ class ServerSslSocketFactory : public Network::TransportSocketFactory, Stats::Scope& stats_scope, const std::vector& server_names); Network::TransportSocketPtr - createTransportSocket(absl::optional override_server_name) const override; + createTransportSocket(Network::TransportSocketOptionsSharedPtr options) const override; bool implementsSecureTransport() const override; // Secret::SecretCallbacks diff --git a/source/common/tcp/conn_pool.cc b/source/common/tcp/conn_pool.cc index 02c09725cf063..e753d9ba0e75d 100644 --- a/source/common/tcp/conn_pool.cc +++ b/source/common/tcp/conn_pool.cc @@ -12,9 +12,9 @@ namespace Tcp { ConnPoolImpl::ConnPoolImpl(Event::Dispatcher& dispatcher, Upstream::HostConstSharedPtr host, Upstream::ResourcePriority priority, const Network::ConnectionSocket::OptionsSharedPtr& options, - absl::optional override_server_name) + Network::TransportSocketOptionsSharedPtr transport_socket_options) : dispatcher_(dispatcher), host_(host), priority_(priority), socket_options_(options), - override_server_name_(override_server_name), + transport_socket_options_(transport_socket_options), upstream_ready_timer_(dispatcher_.createTimer([this]() { onUpstreamReady(); })) {} ConnPoolImpl::~ConnPoolImpl() { @@ -359,7 +359,7 @@ ConnPoolImpl::ActiveConn::ActiveConn(ConnPoolImpl& parent) parent_.host_->cluster().stats().upstream_cx_connect_ms_, parent_.dispatcher_.timeSystem()); Upstream::Host::CreateConnectionData data = parent_.host_->createConnection( - parent_.dispatcher_, parent_.socket_options_, parent_.override_server_name_); + parent_.dispatcher_, parent_.socket_options_, parent_.transport_socket_options_); real_host_description_ = data.host_description_; conn_ = std::move(data.connection_); diff --git a/source/common/tcp/conn_pool.h b/source/common/tcp/conn_pool.h index c2602ec9109c2..faf206726a55c 100644 --- a/source/common/tcp/conn_pool.h +++ b/source/common/tcp/conn_pool.h @@ -23,7 +23,7 @@ class ConnPoolImpl : Logger::Loggable, public ConnectionPool:: ConnPoolImpl(Event::Dispatcher& dispatcher, Upstream::HostConstSharedPtr host, Upstream::ResourcePriority priority, const Network::ConnectionSocket::OptionsSharedPtr& options, - absl::optional override_server_name); + Network::TransportSocketOptionsSharedPtr transport_socket_options); ~ConnPoolImpl(); @@ -149,7 +149,7 @@ class ConnPoolImpl : Logger::Loggable, public ConnectionPool:: Upstream::HostConstSharedPtr host_; Upstream::ResourcePriority priority_; const Network::ConnectionSocket::OptionsSharedPtr socket_options_; - absl::optional override_server_name_; + Network::TransportSocketOptionsSharedPtr transport_socket_options_; std::list pending_conns_; // conns awaiting connected event std::list ready_conns_; // conns ready for assignment diff --git a/source/common/tcp_proxy/BUILD b/source/common/tcp_proxy/BUILD index 00e458984c851..392c5408da026 100644 --- a/source/common/tcp_proxy/BUILD +++ b/source/common/tcp_proxy/BUILD @@ -34,6 +34,7 @@ envoy_cc_library( "//source/common/common:minimal_logger_lib", "//source/common/network:cidr_range_lib", "//source/common/network:filter_lib", + "//source/common/network:transport_socket_options_lib", "//source/common/network:utility_lib", "//source/common/router:metadatamatchcriteria_lib", "//source/common/stream_info:forward_requested_server_name_lib", diff --git a/source/common/tcp_proxy/tcp_proxy.cc b/source/common/tcp_proxy/tcp_proxy.cc index 45c4aec818e8d..67811e25103eb 100644 --- a/source/common/tcp_proxy/tcp_proxy.cc +++ b/source/common/tcp_proxy/tcp_proxy.cc @@ -17,6 +17,7 @@ #include "common/common/fmt.h" #include "common/common/utility.h" #include "common/config/well_known_names.h" +#include "common/network/transport_socket_options_impl.h" #include "common/router/metadatamatchcriteria_impl.h" #include "common/stream_info/forward_requested_server_name.h" @@ -360,7 +361,7 @@ Network::FilterStatus Filter::initializeUpstreamConnection() { return Network::FilterStatus::StopIteration; } - absl::optional override_server_name; + Network::TransportSocketOptionsSharedPtr transport_socket_options; if (downstreamConnection() && downstreamConnection()->streamInfo().filterState().hasData( @@ -370,11 +371,12 @@ Network::FilterStatus Filter::initializeUpstreamConnection() { ->streamInfo() .filterState() .getDataReadOnly(ForwardRequestedServerName::Key); - override_server_name = original_requested_server_name.value(); + transport_socket_options = + std::make_shared(original_requested_server_name.value()); } Tcp::ConnectionPool::Instance* conn_pool = cluster_manager_.tcpConnPoolForCluster( - cluster_name, Upstream::ResourcePriority::Default, this, override_server_name); + cluster_name, Upstream::ResourcePriority::Default, this, transport_socket_options); if (!conn_pool) { // Either cluster is unknown or there are no healthy hosts. tcpConnPoolForCluster() increments // cluster->stats().upstream_cx_none_healthy in the latter case. diff --git a/source/common/upstream/cluster_manager_impl.cc b/source/common/upstream/cluster_manager_impl.cc index 7335cd983135e..b9b4863d9ea1e 100644 --- a/source/common/upstream/cluster_manager_impl.cc +++ b/source/common/upstream/cluster_manager_impl.cc @@ -665,10 +665,9 @@ ClusterManagerImpl::httpConnPoolForCluster(const std::string& cluster, ResourceP return entry->second->connPool(priority, protocol, context); } -Tcp::ConnectionPool::Instance* -ClusterManagerImpl::tcpConnPoolForCluster(const std::string& cluster, ResourcePriority priority, - LoadBalancerContext* context, - absl::optional override_server_name) { +Tcp::ConnectionPool::Instance* ClusterManagerImpl::tcpConnPoolForCluster( + const std::string& cluster, ResourcePriority priority, LoadBalancerContext* context, + Network::TransportSocketOptionsSharedPtr transport_socket_options) { ThreadLocalClusterManagerImpl& cluster_manager = tls_->getTyped(); auto entry = cluster_manager.thread_local_clusters_.find(cluster); @@ -677,7 +676,7 @@ ClusterManagerImpl::tcpConnPoolForCluster(const std::string& cluster, ResourcePr } // Select a host and create a connection pool for it if it does not already exist. - return entry->second->tcpConnPool(priority, context, override_server_name); + return entry->second->tcpConnPool(priority, context, transport_socket_options); } void ClusterManagerImpl::postThreadLocalClusterUpdate(const Cluster& cluster, uint32_t priority, @@ -709,7 +708,7 @@ void ClusterManagerImpl::postThreadLocalHealthFailure(const HostSharedPtr& host) Host::CreateConnectionData ClusterManagerImpl::tcpConnForCluster(const std::string& cluster, LoadBalancerContext* context, - absl::optional override_server_name) { + Network::TransportSocketOptionsSharedPtr transport_socket_options) { ThreadLocalClusterManagerImpl& cluster_manager = tls_->getTyped(); auto entry = cluster_manager.thread_local_clusters_.find(cluster); @@ -720,7 +719,7 @@ ClusterManagerImpl::tcpConnForCluster(const std::string& cluster, LoadBalancerCo HostConstSharedPtr logical_host = entry->second->lb_->chooseHost(context); if (logical_host) { auto conn_info = logical_host->createConnection(cluster_manager.thread_local_dispatcher_, - nullptr, override_server_name); + nullptr, transport_socket_options); if ((entry->second->cluster_info_->features() & ClusterInfo::Features::CLOSE_CONNECTIONS_ON_HOST_HEALTH_FAILURE) && conn_info.connection_ != nullptr) { @@ -1133,7 +1132,7 @@ ClusterManagerImpl::ThreadLocalClusterManagerImpl::ClusterEntry::connPool( Tcp::ConnectionPool::Instance* ClusterManagerImpl::ThreadLocalClusterManagerImpl::ClusterEntry::tcpConnPool( ResourcePriority priority, LoadBalancerContext* context, - absl::optional override_server_name) { + Network::TransportSocketOptionsSharedPtr transport_socket_options) { HostConstSharedPtr host = lb_->chooseHost(context); if (!host) { ENVOY_LOG(debug, "no healthy host for TCP connection pool"); @@ -1159,11 +1158,8 @@ ClusterManagerImpl::ThreadLocalClusterManagerImpl::ClusterEntry::tcpConnPool( } } - // add the server-name-to-override to the hash key, so the pool will contain - // connections with the identical requested server name - if (override_server_name.has_value()) { - std::hash hash_function; - hash_key.push_back(hash_function(override_server_name.value())); + if (transport_socket_options != nullptr) { + transport_socket_options->hashKey(hash_key); } TcpConnPoolsContainer& container = parent_.host_tcp_conn_pool_map_[host]; @@ -1171,7 +1167,7 @@ ClusterManagerImpl::ThreadLocalClusterManagerImpl::ClusterEntry::tcpConnPool( container.pools_[hash_key] = parent_.parent_.factory_.allocateTcpConnPool( parent_.thread_local_dispatcher_, host, priority, have_options ? context->downstreamConnection()->socketOptions() : nullptr, - override_server_name); + transport_socket_options); } return container.pools_[hash_key].get(); @@ -1203,9 +1199,9 @@ Http::ConnectionPool::InstancePtr ProdClusterManagerFactory::allocateConnPool( Tcp::ConnectionPool::InstancePtr ProdClusterManagerFactory::allocateTcpConnPool( Event::Dispatcher& dispatcher, HostConstSharedPtr host, ResourcePriority priority, const Network::ConnectionSocket::OptionsSharedPtr& options, - absl::optional override_server_name) { + Network::TransportSocketOptionsSharedPtr transport_socket_options) { return Tcp::ConnectionPool::InstancePtr{ - new Tcp::ConnPoolImpl(dispatcher, host, priority, options, override_server_name)}; + new Tcp::ConnPoolImpl(dispatcher, host, priority, options, transport_socket_options)}; } ClusterSharedPtr ProdClusterManagerFactory::clusterFromProto( diff --git a/source/common/upstream/cluster_manager_impl.h b/source/common/upstream/cluster_manager_impl.h index 544753fe18e1f..1daaaa1af1bf5 100644 --- a/source/common/upstream/cluster_manager_impl.h +++ b/source/common/upstream/cluster_manager_impl.h @@ -58,7 +58,7 @@ class ProdClusterManagerFactory : public ClusterManagerFactory { allocateTcpConnPool(Event::Dispatcher& dispatcher, HostConstSharedPtr host, ResourcePriority priority, const Network::ConnectionSocket::OptionsSharedPtr& options, - absl::optional override_server_name) override; + Network::TransportSocketOptionsSharedPtr transport_socket_options) override; ClusterSharedPtr clusterFromProto(const envoy::api::v2::Cluster& cluster, ClusterManager& cm, Outlier::EventLoggerSharedPtr outlier_event_logger, AccessLog::AccessLogManager& log_manager, @@ -191,10 +191,10 @@ class ClusterManagerImpl : public ClusterManager, Logger::Loggable override_server_name) override; + Network::TransportSocketOptionsSharedPtr transport_socket_options) override; Host::CreateConnectionData tcpConnForCluster(const std::string& cluster, LoadBalancerContext* context, - absl::optional override_server_name) override; + Network::TransportSocketOptionsSharedPtr transport_socket_options) override; Http::AsyncClient& httpAsyncClientForCluster(const std::string& cluster) override; bool removeCluster(const std::string& cluster) override; void shutdown() override { @@ -276,9 +276,9 @@ class ClusterManagerImpl : public ClusterManager, Logger::Loggable override_server_name); + Tcp::ConnectionPool::Instance* + tcpConnPool(ResourcePriority priority, LoadBalancerContext* context, + Network::TransportSocketOptionsSharedPtr transport_socket_options); // Upstream::ThreadLocalCluster const PrioritySet& prioritySet() override { return priority_set_; } diff --git a/source/common/upstream/logical_dns_cluster.cc b/source/common/upstream/logical_dns_cluster.cc index 466babbd93d0c..e98ba6fc5c79f 100644 --- a/source/common/upstream/logical_dns_cluster.cc +++ b/source/common/upstream/logical_dns_cluster.cc @@ -142,11 +142,11 @@ void LogicalDnsCluster::startResolve() { Upstream::Host::CreateConnectionData LogicalDnsCluster::LogicalHost::createConnection( Event::Dispatcher& dispatcher, const Network::ConnectionSocket::OptionsSharedPtr& options, - absl::optional override_server_name) const { + Network::TransportSocketOptionsSharedPtr transport_socket_options) const { PerThreadCurrentHostData& data = parent_.tls_->getTyped(); ASSERT(data.current_resolved_address_); return {HostImpl::createConnection(dispatcher, *parent_.info_, data.current_resolved_address_, - options, override_server_name), + options, transport_socket_options), HostDescriptionConstSharedPtr{ new RealHostDescription(data.current_resolved_address_, parent_.localityLbEndpoint(), parent_.lbEndpoint(), shared_from_this())}}; diff --git a/source/common/upstream/logical_dns_cluster.h b/source/common/upstream/logical_dns_cluster.h index bbf8f09ed8f5c..359b47d276225 100644 --- a/source/common/upstream/logical_dns_cluster.h +++ b/source/common/upstream/logical_dns_cluster.h @@ -54,7 +54,7 @@ class LogicalDnsCluster : public ClusterImplBase { CreateConnectionData createConnection(Event::Dispatcher& dispatcher, const Network::ConnectionSocket::OptionsSharedPtr& options, - absl::optional override_server_name) const override; + Network::TransportSocketOptionsSharedPtr transport_socket_options) const override; // Upstream::HostDescription // Override setting health check address, since for logical DNS the registered host has 0.0.0.0 diff --git a/source/common/upstream/upstream_impl.cc b/source/common/upstream/upstream_impl.cc index 22cf8db3eb8b0..d53fe3f5e3717 100644 --- a/source/common/upstream/upstream_impl.cc +++ b/source/common/upstream/upstream_impl.cc @@ -149,14 +149,14 @@ parseExtensionProtocolOptions(const envoy::api::v2::Cluster& config) { Host::CreateConnectionData HostImpl::createConnection(Event::Dispatcher& dispatcher, const Network::ConnectionSocket::OptionsSharedPtr& options, - absl::optional override_server_name) const { - return {createConnection(dispatcher, *cluster_, address_, options, override_server_name), + Network::TransportSocketOptionsSharedPtr transport_socket_options) const { + return {createConnection(dispatcher, *cluster_, address_, options, transport_socket_options), shared_from_this()}; } Host::CreateConnectionData HostImpl::createHealthCheckConnection(Event::Dispatcher& dispatcher) const { - return {createConnection(dispatcher, *cluster_, healthCheckAddress(), nullptr, absl::nullopt), + return {createConnection(dispatcher, *cluster_, healthCheckAddress(), nullptr, nullptr), shared_from_this()}; } @@ -164,7 +164,7 @@ Network::ClientConnectionPtr HostImpl::createConnection(Event::Dispatcher& dispatcher, const ClusterInfo& cluster, Network::Address::InstanceConstSharedPtr address, const Network::ConnectionSocket::OptionsSharedPtr& options, - absl::optional override_server_name) { + Network::TransportSocketOptionsSharedPtr transport_socket_options) { Network::ConnectionSocket::OptionsSharedPtr connection_options; if (cluster.clusterSocketOptions() != nullptr) { if (options) { @@ -181,7 +181,7 @@ HostImpl::createConnection(Event::Dispatcher& dispatcher, const ClusterInfo& clu Network::ClientConnectionPtr connection = dispatcher.createClientConnection( address, cluster.sourceAddress(), - cluster.transportSocketFactory().createTransportSocket(override_server_name), + cluster.transportSocketFactory().createTransportSocket(transport_socket_options), connection_options); connection->setBufferLimits(cluster.perConnectionBufferLimitBytes()); return connection; diff --git a/source/common/upstream/upstream_impl.h b/source/common/upstream/upstream_impl.h index 6e68fb7b17c87..8f9b14e16f878 100644 --- a/source/common/upstream/upstream_impl.h +++ b/source/common/upstream/upstream_impl.h @@ -174,7 +174,7 @@ class HostImpl : public HostDescriptionImpl, CreateConnectionData createConnection(Event::Dispatcher& dispatcher, const Network::ConnectionSocket::OptionsSharedPtr& options, - absl::optional override_server_name) const override; + Network::TransportSocketOptionsSharedPtr transport_socket_options) const override; CreateConnectionData createHealthCheckConnection(Event::Dispatcher& dispatcher) const override; std::vector gauges() const override { return stats_store_.gauges(); } void healthFlagClear(HealthFlag flag) override { health_flags_ &= ~enumToInt(flag); } @@ -205,7 +205,7 @@ class HostImpl : public HostDescriptionImpl, createConnection(Event::Dispatcher& dispatcher, const ClusterInfo& cluster, Network::Address::InstanceConstSharedPtr address, const Network::ConnectionSocket::OptionsSharedPtr& options, - absl::optional override_server_name); + Network::TransportSocketOptionsSharedPtr transport_socket_options); private: std::atomic health_flags_{}; diff --git a/source/extensions/filters/network/redis_proxy/conn_pool_impl.cc b/source/extensions/filters/network/redis_proxy/conn_pool_impl.cc index ccfbc936c4358..6996187f22d63 100644 --- a/source/extensions/filters/network/redis_proxy/conn_pool_impl.cc +++ b/source/extensions/filters/network/redis_proxy/conn_pool_impl.cc @@ -23,7 +23,7 @@ ClientPtr ClientImpl::create(Upstream::HostConstSharedPtr host, Event::Dispatche std::unique_ptr client( new ClientImpl(host, dispatcher, std::move(encoder), decoder_factory, config)); - client->connection_ = host->createConnection(dispatcher, nullptr, absl::nullopt).connection_; + client->connection_ = host->createConnection(dispatcher, nullptr, nullptr).connection_; client->connection_->addConnectionCallbacks(*client); client->connection_->addReadFilter(Network::ReadFilterSharedPtr{new UpstreamReadFilter(*client)}); client->connection_->connect(); diff --git a/source/extensions/filters/network/thrift_proxy/router/router_impl.cc b/source/extensions/filters/network/thrift_proxy/router/router_impl.cc index ef36eabfe6242..32a6be1ac19b3 100644 --- a/source/extensions/filters/network/thrift_proxy/router/router_impl.cc +++ b/source/extensions/filters/network/thrift_proxy/router/router_impl.cc @@ -246,7 +246,7 @@ FilterStatus Router::messageBegin(MessageMetadataSharedPtr metadata) { ASSERT(protocol != ProtocolType::Auto); Tcp::ConnectionPool::Instance* conn_pool = cluster_manager_.tcpConnPoolForCluster( - route_entry_->clusterName(), Upstream::ResourcePriority::Default, this, absl::nullopt); + route_entry_->clusterName(), Upstream::ResourcePriority::Default, this, nullptr); if (!conn_pool) { callbacks_->sendLocalReply( AppException(AppExceptionType::InternalError, diff --git a/source/extensions/stat_sinks/common/statsd/statsd.cc b/source/extensions/stat_sinks/common/statsd/statsd.cc index af686c449a97d..b96653b47ae8b 100644 --- a/source/extensions/stat_sinks/common/statsd/statsd.cc +++ b/source/extensions/stat_sinks/common/statsd/statsd.cc @@ -232,8 +232,8 @@ void TcpStatsdSink::TlsSink::write(Buffer::Instance& buffer) { } if (!connection_) { - Upstream::Host::CreateConnectionData info = parent_.cluster_manager_.tcpConnForCluster( - parent_.cluster_info_->name(), nullptr, absl::nullopt); + Upstream::Host::CreateConnectionData info = + parent_.cluster_manager_.tcpConnForCluster(parent_.cluster_info_->name(), nullptr, nullptr); if (!info.connection_) { return; } diff --git a/source/extensions/transport_sockets/alts/tsi_socket.cc b/source/extensions/transport_sockets/alts/tsi_socket.cc index 586bf91e89473..65d655fbc578f 100644 --- a/source/extensions/transport_sockets/alts/tsi_socket.cc +++ b/source/extensions/transport_sockets/alts/tsi_socket.cc @@ -250,7 +250,7 @@ TsiSocketFactory::TsiSocketFactory(HandshakerFactory handshaker_factory, bool TsiSocketFactory::implementsSecureTransport() const { return true; } Network::TransportSocketPtr -TsiSocketFactory::createTransportSocket(absl::optional) const { +TsiSocketFactory::createTransportSocket(Network::TransportSocketOptionsSharedPtr) const { return std::make_unique(handshaker_factory_, handshake_validator_); } diff --git a/source/extensions/transport_sockets/alts/tsi_socket.h b/source/extensions/transport_sockets/alts/tsi_socket.h index 16466af2acb3e..4a3db22aa5574 100644 --- a/source/extensions/transport_sockets/alts/tsi_socket.h +++ b/source/extensions/transport_sockets/alts/tsi_socket.h @@ -99,7 +99,7 @@ class TsiSocketFactory : public Network::TransportSocketFactory { bool implementsSecureTransport() const override; Network::TransportSocketPtr - createTransportSocket(absl::optional override_server_name) const override; + createTransportSocket(Network::TransportSocketOptionsSharedPtr options) const override; private: HandshakerFactory handshaker_factory_; diff --git a/source/extensions/transport_sockets/capture/capture.cc b/source/extensions/transport_sockets/capture/capture.cc index 008a3b1a2f959..fe4688e93ffe5 100644 --- a/source/extensions/transport_sockets/capture/capture.cc +++ b/source/extensions/transport_sockets/capture/capture.cc @@ -100,10 +100,10 @@ CaptureSocketFactory::CaptureSocketFactory( transport_socket_factory_(std::move(transport_socket_factory)), time_system_(time_system) {} Network::TransportSocketPtr -CaptureSocketFactory::createTransportSocket(absl::optional) const { - return std::make_unique( - path_prefix_, format_, transport_socket_factory_->createTransportSocket(absl::nullopt), - time_system_); +CaptureSocketFactory::createTransportSocket(Network::TransportSocketOptionsSharedPtr) const { + return std::make_unique(path_prefix_, format_, + transport_socket_factory_->createTransportSocket(nullptr), + time_system_); } bool CaptureSocketFactory::implementsSecureTransport() const { diff --git a/source/extensions/transport_sockets/capture/capture.h b/source/extensions/transport_sockets/capture/capture.h index 9203623632103..0965ad1033fc2 100644 --- a/source/extensions/transport_sockets/capture/capture.h +++ b/source/extensions/transport_sockets/capture/capture.h @@ -50,7 +50,7 @@ class CaptureSocketFactory : public Network::TransportSocketFactory { // Network::TransportSocketFactory Network::TransportSocketPtr - createTransportSocket(absl::optional override_server_name) const override; + createTransportSocket(Network::TransportSocketOptionsSharedPtr options) const override; bool implementsSecureTransport() const override; private: diff --git a/source/server/config_validation/cluster_manager.cc b/source/server/config_validation/cluster_manager.cc index 2ce755a2f2b68..11747334289a4 100644 --- a/source/server/config_validation/cluster_manager.cc +++ b/source/server/config_validation/cluster_manager.cc @@ -50,7 +50,7 @@ ValidationClusterManager::httpConnPoolForCluster(const std::string&, ResourcePri Host::CreateConnectionData ValidationClusterManager::tcpConnForCluster(const std::string&, LoadBalancerContext*, - absl::optional) { + Network::TransportSocketOptionsSharedPtr) { return Host::CreateConnectionData{nullptr, nullptr}; } diff --git a/source/server/config_validation/cluster_manager.h b/source/server/config_validation/cluster_manager.h index 8cba693e22303..0d72c26bb5531 100644 --- a/source/server/config_validation/cluster_manager.h +++ b/source/server/config_validation/cluster_manager.h @@ -53,7 +53,7 @@ class ValidationClusterManager : public ClusterManagerImpl { Http::Protocol, LoadBalancerContext*) override; Host::CreateConnectionData tcpConnForCluster(const std::string&, LoadBalancerContext*, - absl::optional) override; + Network::TransportSocketOptionsSharedPtr) override; Http::AsyncClient& httpAsyncClientForCluster(const std::string&) override; private: diff --git a/source/server/connection_handler_impl.cc b/source/server/connection_handler_impl.cc index 4d9673938862c..39da819040c2f 100644 --- a/source/server/connection_handler_impl.cc +++ b/source/server/connection_handler_impl.cc @@ -213,8 +213,7 @@ void ConnectionHandlerImpl::ActiveListener::newConnection(Network::ConnectionSoc return; } - auto transport_socket = - filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); Network::ConnectionPtr new_connection = parent_.dispatcher_.createServerConnection(std::move(socket), std::move(transport_socket)); new_connection->setBufferLimits(config_.perConnectionBufferLimitBytes()); diff --git a/test/common/grpc/grpc_client_integration_test_harness.h b/test/common/grpc/grpc_client_integration_test_harness.h index d39dc2a70cbde..f669d8017e468 100644 --- a/test/common/grpc/grpc_client_integration_test_harness.h +++ b/test/common/grpc/grpc_client_integration_test_harness.h @@ -474,7 +474,7 @@ class GrpcSslClientIntegrationTest : public GrpcClientIntegrationTest { ON_CALL(*mock_cluster_info_, transportSocketFactory()) .WillByDefault(ReturnRef(*mock_cluster_info_->transport_socket_factory_)); async_client_transport_socket_ = - mock_cluster_info_->transport_socket_factory_->createTransportSocket(absl::nullopt); + mock_cluster_info_->transport_socket_factory_->createTransportSocket(nullptr); fake_upstream_ = std::make_unique(createUpstreamSslContext(), 0, FakeHttpConnection::Type::HTTP2, ipVersion(), test_time_.timeSystem()); diff --git a/test/common/ssl/BUILD b/test/common/ssl/BUILD index 3ef019b7367c8..dc9f5193d48e5 100644 --- a/test/common/ssl/BUILD +++ b/test/common/ssl/BUILD @@ -28,6 +28,7 @@ envoy_cc_test( "//source/common/event:dispatcher_lib", "//source/common/json:json_loader_lib", "//source/common/network:listen_socket_lib", + "//source/common/network:transport_socket_options_lib", "//source/common/network:utility_lib", "//source/common/ssl:context_config_lib", "//source/common/ssl:context_lib", diff --git a/test/common/ssl/ssl_socket_test.cc b/test/common/ssl/ssl_socket_test.cc index 30cffc82de80c..0f9c632316e5d 100644 --- a/test/common/ssl/ssl_socket_test.cc +++ b/test/common/ssl/ssl_socket_test.cc @@ -10,6 +10,7 @@ #include "common/json/json_loader.h" #include "common/network/address_impl.h" #include "common/network/listen_socket_impl.h" +#include "common/network/transport_socket_options_impl.h" #include "common/network/utility.h" #include "common/ssl/context_config_impl.h" #include "common/ssl/context_impl.h" @@ -78,13 +79,13 @@ void testUtil(const std::string& client_ctx_yaml, const std::string& server_ctx_ client_stats_store); Network::ClientConnectionPtr client_connection = dispatcher.createClientConnection( socket.localAddress(), Network::Address::InstanceConstSharedPtr(), - client_ssl_socket_factory.createTransportSocket(absl::nullopt), nullptr); + client_ssl_socket_factory.createTransportSocket(nullptr), nullptr); Network::ConnectionPtr server_connection; Network::MockConnectionCallbacks server_connection_callbacks; EXPECT_CALL(callbacks, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher.createServerConnection( - std::move(socket), server_ssl_socket_factory.createTransportSocket(absl::nullopt)); + std::move(socket), server_ssl_socket_factory.createTransportSocket(nullptr)); callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(callbacks, onNewConnection_(_)) @@ -163,7 +164,7 @@ const std::string testUtilV2( const std::string& expected_client_cert_uri, const std::string& expected_requested_server_name, const std::string& expected_alpn_protocol, const std::string& expected_server_stats, const std::string& expected_client_stats, const Network::Address::IpVersion version, - absl::optional override_server_name) { + Network::TransportSocketOptionsSharedPtr transport_socket_options) { Event::SimulatedTimeSystem time_system; testing::NiceMock factory_context; ContextManagerImpl manager(time_system); @@ -194,7 +195,7 @@ const std::string testUtilV2( client_stats_store); Network::ClientConnectionPtr client_connection = dispatcher.createClientConnection( socket.localAddress(), Network::Address::InstanceConstSharedPtr(), - client_ssl_socket_factory.createTransportSocket(override_server_name), nullptr); + client_ssl_socket_factory.createTransportSocket(transport_socket_options), nullptr); if (!client_session.empty()) { const Ssl::SslSocket* ssl_socket = @@ -213,11 +214,12 @@ const std::string testUtilV2( Network::MockConnectionCallbacks server_connection_callbacks; EXPECT_CALL(callbacks, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { - std::string sni = override_server_name.has_value() ? override_server_name.value() - : client_ctx_proto.sni(); + std::string sni = transport_socket_options != NULL && transport_socket_options->overrideServerName().has_value() + ? transport_socket_options->overrideServerName().value() + : client_ctx_proto.sni(); socket->setRequestedServerName(sni); Network::ConnectionPtr new_connection = dispatcher.createServerConnection( - std::move(socket), server_ssl_socket_factory.createTransportSocket(absl::nullopt)); + std::move(socket), server_ssl_socket_factory.createTransportSocket(nullptr)); callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(callbacks, onNewConnection_(_)) @@ -516,7 +518,7 @@ TEST_P(SslSocketTest, GetCertDigestInline) { testUtilV2(listener, client_ctx, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), - absl::nullopt); + nullptr); } TEST_P(SslSocketTest, GetCertDigestServerCertWithIntermediateCA) { @@ -852,7 +854,7 @@ TEST_P(SslSocketTest, FailedClientCertificateDefaultExpirationVerification) { configureServerAndExpiredClientCertificate(listener, client); testUtilV2(listener, client, "", false, "", "", "spiffe://lyft.com/test-team", "", "", - "ssl.fail_verify_error", "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.fail_verify_error", "ssl.connection_error", GetParam(), nullptr); } // Expired certificates will not be accepted when explicitly disallowed via @@ -870,7 +872,7 @@ TEST_P(SslSocketTest, FailedClientCertificateExpirationVerification) { ->set_allow_expired_certificate(false); testUtilV2(listener, client, "", false, "", "", "spiffe://lyft.com/test-team", "", "", - "ssl.fail_verify_error", "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.fail_verify_error", "ssl.connection_error", GetParam(), nullptr); } // Expired certificates will be accepted when explicitly allowed via allow_expired_certificate. @@ -887,7 +889,7 @@ TEST_P(SslSocketTest, ClientCertificateExpirationAllowedVerification) { ->set_allow_expired_certificate(true); testUtilV2(listener, client, "", true, "", "", "spiffe://lyft.com/test-team", "", "", - "ssl.handshake", "ssl.handshake", GetParam(), absl::nullopt); + "ssl.handshake", "ssl.handshake", GetParam(), nullptr); } // Allow expired certificates, but add a certificate hash requirement so it still fails. @@ -908,7 +910,7 @@ TEST_P(SslSocketTest, FailedClientCertAllowExpiredBadHashVerification) { "0000000000000000000000000000000000000000000000000000000000000000"); testUtilV2(listener, client, "", false, "", "", "spiffe://lyft.com/test-team", "", "", - "ssl.fail_verify_cert_hash", "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.fail_verify_cert_hash", "ssl.connection_error", GetParam(), nullptr); } // Allow expired certificatess, but use the wrong CA so it should fail still. @@ -931,7 +933,7 @@ TEST_P(SslSocketTest, FailedClientCertAllowServerExpiredWrongCAVerification) { TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/fake_ca_cert.pem")); testUtilV2(listener, client, "", false, "", "", "spiffe://lyft.com/test-team", "", "", - "ssl.fail_verify_error", "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.fail_verify_error", "ssl.connection_error", GetParam(), nullptr); } TEST_P(SslSocketTest, ClientCertificateHashVerification) { @@ -1017,14 +1019,14 @@ TEST_P(SslSocketTest, ClientCertificateHashListVerification) { testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), - absl::nullopt); + nullptr); // Works even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), - absl::nullopt); + nullptr); } TEST_P(SslSocketTest, ClientCertificateHashListVerificationNoCA) { @@ -1056,14 +1058,14 @@ TEST_P(SslSocketTest, ClientCertificateHashListVerificationNoCA) { testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), - absl::nullopt); + nullptr); // Works even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), - absl::nullopt); + nullptr); } TEST_P(SslSocketTest, FailedClientCertificateHashVerificationNoClientCertificate) { @@ -1218,14 +1220,14 @@ TEST_P(SslSocketTest, ClientCertificateSpkiVerification) { testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), - absl::nullopt); + nullptr); // Works even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), - absl::nullopt); + nullptr); } TEST_P(SslSocketTest, ClientCertificateSpkiVerificationNoCA) { @@ -1257,14 +1259,14 @@ TEST_P(SslSocketTest, ClientCertificateSpkiVerificationNoCA) { testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), - absl::nullopt); + nullptr); // Works even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), - absl::nullopt); + nullptr); } TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationNoClientCertificate) { @@ -1290,12 +1292,12 @@ TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationNoClientCertificate envoy::api::v2::auth::UpstreamTlsContext client; testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); } TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationNoCANoClientCertificate) { @@ -1319,12 +1321,12 @@ TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationNoCANoClientCertifi envoy::api::v2::auth::UpstreamTlsContext client; testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); } TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationWrongClientCertificate) { @@ -1356,12 +1358,12 @@ TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationWrongClientCertific TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/no_san_key.pem")); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); } TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationNoCAWrongClientCertificate) { @@ -1391,12 +1393,12 @@ TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationNoCAWrongClientCert TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/no_san_key.pem")); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); } TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationWrongCA) { @@ -1428,12 +1430,12 @@ TEST_P(SslSocketTest, FailedClientCertificateSpkiVerificationWrongCA) { TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/san_uri_key.pem")); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_error", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_error", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); } TEST_P(SslSocketTest, ClientCertificateHashAndSpkiVerification) { @@ -1469,14 +1471,14 @@ TEST_P(SslSocketTest, ClientCertificateHashAndSpkiVerification) { testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), - absl::nullopt); + nullptr); // Works even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), - absl::nullopt); + nullptr); } TEST_P(SslSocketTest, ClientCertificateHashAndSpkiVerificationNoCA) { @@ -1510,14 +1512,14 @@ TEST_P(SslSocketTest, ClientCertificateHashAndSpkiVerificationNoCA) { testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), - absl::nullopt); + nullptr); // Works even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "1406294e80c818158697d65d2aaca16748ff132442ab0e2f28bc1109f1d47a2e", "spiffe://lyft.com/test-team", "", "", "ssl.handshake", "ssl.handshake", GetParam(), - absl::nullopt); + nullptr); } TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationNoClientCertificate) { @@ -1543,12 +1545,12 @@ TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationNoClientCert envoy::api::v2::auth::UpstreamTlsContext client; testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); } TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationNoCANoClientCertificate) { @@ -1572,12 +1574,12 @@ TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationNoCANoClient envoy::api::v2::auth::UpstreamTlsContext client; testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_no_cert", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); } TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationWrongClientCertificate) { @@ -1609,12 +1611,12 @@ TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationWrongClientC TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/no_san_key.pem")); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); } TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationNoCAWrongClientCertificate) { @@ -1644,12 +1646,12 @@ TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationNoCAWrongCli TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/no_san_key.pem")); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_cert_hash", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); } TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationWrongCA) { @@ -1681,12 +1683,12 @@ TEST_P(SslSocketTest, FailedClientCertificateHashAndSpkiVerificationWrongCA) { TestEnvironment::substitute("{{ test_rundir }}/test/common/ssl/test_data/san_uri_key.pem")); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_error", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); // Fails even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.fail_verify_error", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); } // Make sure that we do not flush code and do an immediate close if we have not completed the @@ -1731,7 +1733,7 @@ TEST_P(SslSocketTest, FlushCloseDuringHandshake) { EXPECT_CALL(callbacks, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(socket), server_ssl_socket_factory.createTransportSocket(absl::nullopt)); + std::move(socket), server_ssl_socket_factory.createTransportSocket(nullptr)); callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(callbacks, onNewConnection_(_)) @@ -1795,7 +1797,7 @@ TEST_P(SslSocketTest, HalfClose) { client_stats_store); Network::ClientConnectionPtr client_connection = dispatcher_->createClientConnection( socket.localAddress(), Network::Address::InstanceConstSharedPtr(), - client_ssl_socket_factory.createTransportSocket(absl::nullopt), nullptr); + client_ssl_socket_factory.createTransportSocket(nullptr), nullptr); client_connection->enableHalfClose(true); client_connection->addReadFilter(client_read_filter); client_connection->connect(); @@ -1807,7 +1809,7 @@ TEST_P(SslSocketTest, HalfClose) { EXPECT_CALL(listener_callbacks, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(socket), server_ssl_socket_factory.createTransportSocket(absl::nullopt)); + std::move(socket), server_ssl_socket_factory.createTransportSocket(nullptr)); listener_callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(listener_callbacks, onNewConnection_(_)) @@ -1886,7 +1888,7 @@ TEST_P(SslSocketTest, ClientAuthMultipleCAs) { ClientSslSocketFactory ssl_socket_factory(std::move(client_cfg), manager, client_stats_store); Network::ClientConnectionPtr client_connection = dispatcher_->createClientConnection( socket.localAddress(), Network::Address::InstanceConstSharedPtr(), - ssl_socket_factory.createTransportSocket(absl::nullopt), nullptr); + ssl_socket_factory.createTransportSocket(nullptr), nullptr); // Verify that server sent list with 2 acceptable client certificate CA names. const Ssl::SslSocket* ssl_socket = dynamic_cast(client_connection->ssl()); @@ -1906,7 +1908,7 @@ TEST_P(SslSocketTest, ClientAuthMultipleCAs) { EXPECT_CALL(callbacks, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(socket), server_ssl_socket_factory.createTransportSocket(absl::nullopt)); + std::move(socket), server_ssl_socket_factory.createTransportSocket(nullptr)); callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(callbacks, onNewConnection_(_)) @@ -1974,7 +1976,7 @@ void testTicketSessionResumption(const std::string& server_ctx_yaml1, ClientSslSocketFactory ssl_socket_factory(std::move(client_cfg), manager, client_stats_store); Network::ClientConnectionPtr client_connection = dispatcher.createClientConnection( socket1.localAddress(), Network::Address::InstanceConstSharedPtr(), - ssl_socket_factory.createTransportSocket(absl::nullopt), nullptr); + ssl_socket_factory.createTransportSocket(nullptr), nullptr); Network::MockConnectionCallbacks client_connection_callbacks; client_connection->addConnectionCallbacks(client_connection_callbacks); @@ -1988,7 +1990,7 @@ void testTicketSessionResumption(const std::string& server_ctx_yaml1, ? server_ssl_socket_factory1 : server_ssl_socket_factory2; Network::ConnectionPtr new_connection = dispatcher.createServerConnection( - std::move(socket), tsf.createTransportSocket(absl::nullopt)); + std::move(socket), tsf.createTransportSocket(nullptr)); callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(callbacks, onNewConnection_(_)) @@ -2014,7 +2016,7 @@ void testTicketSessionResumption(const std::string& server_ctx_yaml1, client_connection = dispatcher.createClientConnection( socket2.localAddress(), Network::Address::InstanceConstSharedPtr(), - ssl_socket_factory.createTransportSocket(absl::nullopt), nullptr); + ssl_socket_factory.createTransportSocket(nullptr), nullptr); client_connection->addConnectionCallbacks(client_connection_callbacks); const Ssl::SslSocket* ssl_socket = dynamic_cast(client_connection->ssl()); SSL_set_session(ssl_socket->rawSslForTest(), ssl_session); @@ -2385,7 +2387,7 @@ TEST_P(SslSocketTest, ClientAuthCrossListenerSessionResumption) { ClientSslSocketFactory ssl_socket_factory(std::move(client_cfg), manager, client_stats_store); Network::ClientConnectionPtr client_connection = dispatcher_->createClientConnection( socket.localAddress(), Network::Address::InstanceConstSharedPtr(), - ssl_socket_factory.createTransportSocket(absl::nullopt), nullptr); + ssl_socket_factory.createTransportSocket(nullptr), nullptr); Network::MockConnectionCallbacks client_connection_callbacks; client_connection->addConnectionCallbacks(client_connection_callbacks); @@ -2401,7 +2403,7 @@ TEST_P(SslSocketTest, ClientAuthCrossListenerSessionResumption) { : server2_ssl_socket_factory; Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(accepted_socket), tsf.createTransportSocket(absl::nullopt)); + std::move(accepted_socket), tsf.createTransportSocket(nullptr)); callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(callbacks, onNewConnection_(_)) @@ -2431,7 +2433,7 @@ TEST_P(SslSocketTest, ClientAuthCrossListenerSessionResumption) { client_connection = dispatcher_->createClientConnection( socket2.localAddress(), Network::Address::InstanceConstSharedPtr(), - ssl_socket_factory.createTransportSocket(absl::nullopt), nullptr); + ssl_socket_factory.createTransportSocket(nullptr), nullptr); client_connection->addConnectionCallbacks(client_connection_callbacks); const Ssl::SslSocket* ssl_socket = dynamic_cast(client_connection->ssl()); SSL_set_session(ssl_socket->rawSslForTest(), ssl_session); @@ -2496,7 +2498,7 @@ TEST_P(SslSocketTest, SslError) { EXPECT_CALL(callbacks, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(socket), server_ssl_socket_factory.createTransportSocket(absl::nullopt)); + std::move(socket), server_ssl_socket_factory.createTransportSocket(nullptr)); callbacks.onNewConnection(std::move(new_connection)); })); EXPECT_CALL(callbacks, onNewConnection_(_)) @@ -2534,44 +2536,44 @@ TEST_P(SslSocketTest, ProtocolVersions) { // Connection using defaults (client & server) succeeds, negotiating TLSv1.2. testUtilV2(listener, client, "", true, "TLSv1.2", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam(), absl::nullopt); + "ssl.handshake", GetParam(), nullptr); // Connection using defaults (client & server) succeeds, negotiating TLSv1.2, // even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "TLSv1.2", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam(), absl::nullopt); + "ssl.handshake", GetParam(), nullptr); client.set_allow_renegotiation(false); // Connection using TLSv1.0 (client) and defaults (server) succeeds. client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); testUtilV2(listener, client, "", true, "TLSv1", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); // Connection using TLSv1.1 (client) and defaults (server) succeeds. client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_1); client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_1); testUtilV2(listener, client, "", true, "TLSv1.1", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam(), absl::nullopt); + "ssl.handshake", GetParam(), nullptr); // Connection using TLSv1.2 (client) and defaults (server) succeeds. client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); testUtilV2(listener, client, "", true, "TLSv1.2", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam(), absl::nullopt); + "ssl.handshake", GetParam(), nullptr); // Connection using TLSv1.3 (client) and defaults (server) fails. client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.connection_error", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); // Connection using TLSv1.3 (client) and TLSv1.0-1.3 (server) succeeds. server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); testUtilV2(listener, client, "", true, "TLSv1.3", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam(), absl::nullopt); + "ssl.handshake", GetParam(), nullptr); // Connection using defaults (client) and TLSv1.0 (server) succeeds. client_params->clear_tls_minimum_protocol_version(); @@ -2579,31 +2581,31 @@ TEST_P(SslSocketTest, ProtocolVersions) { server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); testUtilV2(listener, client, "", true, "TLSv1", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); // Connection using defaults (client) and TLSv1.1 (server) succeeds. server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_1); server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_1); testUtilV2(listener, client, "", true, "TLSv1.1", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam(), absl::nullopt); + "ssl.handshake", GetParam(), nullptr); // Connection using defaults (client) and TLSv1.2 (server) succeeds. server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_2); testUtilV2(listener, client, "", true, "TLSv1.2", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam(), absl::nullopt); + "ssl.handshake", GetParam(), nullptr); // Connection using defaults (client) and TLSv1.3 (server) fails. server_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); server_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.connection_error", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); // Connection using TLSv1.0-TLSv1.3 (client) and TLSv1.3 (server) succeeds. client_params->set_tls_minimum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_0); client_params->set_tls_maximum_protocol_version(envoy::api::v2::auth::TlsParameters::TLSv1_3); testUtilV2(listener, client, "", true, "TLSv1.3", "", "", "", "", "ssl.handshake", - "ssl.handshake", GetParam(), absl::nullopt); + "ssl.handshake", GetParam(), nullptr); } TEST_P(SslSocketTest, ALPN) { @@ -2623,32 +2625,32 @@ TEST_P(SslSocketTest, ALPN) { // Connection using defaults (client & server) succeeds, no ALPN is negotiated. testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); // Connection using defaults (client & server) succeeds, no ALPN is negotiated, // even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); client.set_allow_renegotiation(false); // Client connects without ALPN to a server with "test" ALPN, no ALPN is negotiated. server_ctx->add_alpn_protocols("test"); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); server_ctx->clear_alpn_protocols(); // Client connects with "test" ALPN to a server without ALPN, no ALPN is negotiated. client_ctx->add_alpn_protocols("test"); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); client_ctx->clear_alpn_protocols(); // Client connects with "test" ALPN to a server with "test" ALPN, "test" ALPN is negotiated. client_ctx->add_alpn_protocols("test"); server_ctx->add_alpn_protocols("test"); testUtilV2(listener, client, "", true, "", "", "", "", "test", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); client_ctx->clear_alpn_protocols(); server_ctx->clear_alpn_protocols(); @@ -2658,7 +2660,7 @@ TEST_P(SslSocketTest, ALPN) { client_ctx->add_alpn_protocols("test"); server_ctx->add_alpn_protocols("test"); testUtilV2(listener, client, "", true, "", "", "", "", "test", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); client.set_allow_renegotiation(false); client_ctx->clear_alpn_protocols(); server_ctx->clear_alpn_protocols(); @@ -2667,7 +2669,7 @@ TEST_P(SslSocketTest, ALPN) { client_ctx->add_alpn_protocols("test"); server_ctx->add_alpn_protocols("test2"); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); client_ctx->clear_alpn_protocols(); server_ctx->clear_alpn_protocols(); } @@ -2690,12 +2692,12 @@ TEST_P(SslSocketTest, CipherSuites) { // Connection using defaults (client & server) succeeds. testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); // Connection using defaults (client & server) succeeds, even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); client.set_allow_renegotiation(false); // Client connects with one of the supported cipher suites, connection succeeds. @@ -2703,7 +2705,7 @@ TEST_P(SslSocketTest, CipherSuites) { server_params->add_cipher_suites("ECDHE-RSA-CHACHA20-POLY1305"); server_params->add_cipher_suites("ECDHE-RSA-AES128-GCM-SHA256"); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); client_params->clear_cipher_suites(); server_params->clear_cipher_suites(); @@ -2711,7 +2713,7 @@ TEST_P(SslSocketTest, CipherSuites) { client_params->add_cipher_suites("ECDHE-RSA-AES128-GCM-SHA256"); server_params->add_cipher_suites("ECDHE-RSA-CHACHA20-POLY1305"); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.connection_error", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); client_params->clear_cipher_suites(); server_params->clear_cipher_suites(); } @@ -2734,12 +2736,12 @@ TEST_P(SslSocketTest, EcdhCurves) { // Connection using defaults (client & server) succeeds. testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); // Connection using defaults (client & server) succeeds, even with client renegotiation. client.set_allow_renegotiation(true); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); client.set_allow_renegotiation(false); // Client connects with one of the supported ECDH curves, connection succeeds. @@ -2748,7 +2750,7 @@ TEST_P(SslSocketTest, EcdhCurves) { server_params->add_ecdh_curves("P-256"); server_params->add_cipher_suites("ECDHE-RSA-AES128-GCM-SHA256"); testUtilV2(listener, client, "", true, "", "", "", "", "", "ssl.handshake", "ssl.handshake", - GetParam(), absl::nullopt); + GetParam(), nullptr); client_params->clear_ecdh_curves(); server_params->clear_ecdh_curves(); server_params->clear_cipher_suites(); @@ -2758,7 +2760,7 @@ TEST_P(SslSocketTest, EcdhCurves) { server_params->add_ecdh_curves("P-256"); server_params->add_cipher_suites("ECDHE-RSA-AES128-GCM-SHA256"); testUtilV2(listener, client, "", false, "", "", "", "", "", "ssl.connection_error", - "ssl.connection_error", GetParam(), absl::nullopt); + "ssl.connection_error", GetParam(), nullptr); client_params->clear_ecdh_curves(); server_params->clear_ecdh_curves(); server_params->clear_cipher_suites(); @@ -2862,7 +2864,7 @@ TEST_P(SslSocketTest, GetRequestedServerName) { client.set_sni("lyft.com"); testUtilV2(listener, client, "", true, "", "", "", "lyft.com", "", "ssl.handshake", - "ssl.handshake", GetParam(), absl::nullopt); + "ssl.handshake", GetParam(), nullptr); } TEST_P(SslSocketTest, OverrideRequestedServerName) { @@ -2878,9 +2880,10 @@ TEST_P(SslSocketTest, OverrideRequestedServerName) { envoy::api::v2::auth::UpstreamTlsContext client; client.set_sni("lyft.com"); - absl::optional override_server_name = "example.com"; + Network::TransportSocketOptionsSharedPtr transport_socket_options(new Network::TransportSocketOptionsImpl("example.com")); + testUtilV2(listener, client, "", true, "", "", "", "example.com", "", "ssl.handshake", - "ssl.handshake", GetParam(), override_server_name); + "ssl.handshake", GetParam(), transport_socket_options); } TEST_P(SslSocketTest, OverrideRequestedServerNameWithoutSniInUpstreamTlsContext) { @@ -2895,7 +2898,8 @@ TEST_P(SslSocketTest, OverrideRequestedServerNameWithoutSniInUpstreamTlsContext) envoy::api::v2::auth::UpstreamTlsContext client; - absl::optional override_server_name = "example.com"; + Network::TransportSocketOptionsSharedPtr transport_socket_options(new + Network::TransportSocketOptionsImpl("example.com")); testUtilV2(listener, client, "", true, "", "", "", "example.com", "", "ssl.handshake", "ssl.handshake", GetParam(), override_server_name); } @@ -2930,7 +2934,7 @@ TEST_P(SslSocketTest, DownstreamNotReadySslSocket) { ContextManagerImpl manager(time_system); Ssl::ServerSslSocketFactory server_ssl_socket_factory(std::move(server_cfg), manager, stats_store, std::vector{}); - auto transport_socket = server_ssl_socket_factory.createTransportSocket(absl::nullopt); + auto transport_socket = server_ssl_socket_factory.createTransportSocket(nullptr); EXPECT_EQ(EMPTY_STRING, transport_socket->protocol()); EXPECT_EQ(nullptr, transport_socket->ssl()); Buffer::OwnedImpl buffer; @@ -2970,7 +2974,7 @@ TEST_P(SslSocketTest, UpstreamNotReadySslSocket) { ContextManagerImpl manager(time_system); Ssl::ClientSslSocketFactory client_ssl_socket_factory(std::move(client_cfg), manager, stats_store); - auto transport_socket = client_ssl_socket_factory.createTransportSocket(absl::nullopt); + auto transport_socket = client_ssl_socket_factory.createTransportSocket(nullptr); EXPECT_EQ(EMPTY_STRING, transport_socket->protocol()); EXPECT_EQ(nullptr, transport_socket->ssl()); Buffer::OwnedImpl buffer; @@ -3002,7 +3006,7 @@ class SslReadBufferLimitTest : public SslSocketTest { std::move(client_cfg), *manager_, client_stats_store_); client_connection_ = dispatcher_->createClientConnection( socket_.localAddress(), source_address_, - client_ssl_socket_factory_->createTransportSocket(absl::nullopt), nullptr); + client_ssl_socket_factory_->createTransportSocket(nullptr), nullptr); client_connection_->addConnectionCallbacks(client_callbacks_); client_connection_->connect(); read_filter_.reset(new Network::MockReadFilter()); @@ -3015,7 +3019,7 @@ class SslReadBufferLimitTest : public SslSocketTest { EXPECT_CALL(listener_callbacks_, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(socket), server_ssl_socket_factory_->createTransportSocket(absl::nullopt)); + std::move(socket), server_ssl_socket_factory_->createTransportSocket(nullptr)); new_connection->setBufferLimits(read_buffer_limit); listener_callbacks_.onNewConnection(std::move(new_connection)); })); @@ -3100,7 +3104,7 @@ class SslReadBufferLimitTest : public SslSocketTest { EXPECT_CALL(listener_callbacks_, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(socket), server_ssl_socket_factory_->createTransportSocket(absl::nullopt)); + std::move(socket), server_ssl_socket_factory_->createTransportSocket(nullptr)); new_connection->setBufferLimits(read_buffer_limit); listener_callbacks_.onNewConnection(std::move(new_connection)); })); @@ -3224,7 +3228,7 @@ TEST_P(SslReadBufferLimitTest, TestBind) { EXPECT_CALL(listener_callbacks_, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { Network::ConnectionPtr new_connection = dispatcher_->createServerConnection( - std::move(socket), server_ssl_socket_factory_->createTransportSocket(absl::nullopt)); + std::move(socket), server_ssl_socket_factory_->createTransportSocket(nullptr)); new_connection->setBufferLimits(0); listener_callbacks_.onNewConnection(std::move(new_connection)); })); diff --git a/test/common/tcp/conn_pool_test.cc b/test/common/tcp/conn_pool_test.cc index 5cdea36149de8..b3f26916eabad 100644 --- a/test/common/tcp/conn_pool_test.cc +++ b/test/common/tcp/conn_pool_test.cc @@ -76,7 +76,7 @@ class ConnPoolImplForTest : public ConnPoolImpl { Upstream::ClusterInfoConstSharedPtr cluster, NiceMock* upstream_ready_timer) : ConnPoolImpl(dispatcher, Upstream::makeTestHost(cluster, "tcp://127.0.0.1:9000"), - Upstream::ResourcePriority::Default, nullptr, absl::nullopt), + Upstream::ResourcePriority::Default, nullptr, nullptr), mock_dispatcher_(dispatcher), mock_upstream_ready_timer_(upstream_ready_timer) {} ~ConnPoolImplForTest() { @@ -181,7 +181,7 @@ class TcpConnPoolImplDestructorTest : public testing::Test { : upstream_ready_timer_(new NiceMock(&dispatcher_)), conn_pool_{new ConnPoolImpl(dispatcher_, Upstream::makeTestHost(cluster_, "tcp://127.0.0.1:9000"), - Upstream::ResourcePriority::Default, nullptr, absl::nullopt)} {} + Upstream::ResourcePriority::Default, nullptr, nullptr)} {} ~TcpConnPoolImplDestructorTest() {} diff --git a/test/common/tcp_proxy/BUILD b/test/common/tcp_proxy/BUILD index a5533322ec326..66b22260058f9 100644 --- a/test/common/tcp_proxy/BUILD +++ b/test/common/tcp_proxy/BUILD @@ -16,6 +16,7 @@ envoy_cc_test( "//source/common/config:filter_json_lib", "//source/common/event:dispatcher_lib", "//source/common/network:address_lib", + "//source/common/network:transport_socket_options_lib", "//source/common/stats:stats_lib", "//source/common/stream_info:forward_requested_server_name_lib", "//source/common/tcp_proxy", diff --git a/test/common/tcp_proxy/tcp_proxy_test.cc b/test/common/tcp_proxy/tcp_proxy_test.cc index b76b65898d7c7..c490f6c5778fb 100644 --- a/test/common/tcp_proxy/tcp_proxy_test.cc +++ b/test/common/tcp_proxy/tcp_proxy_test.cc @@ -7,6 +7,7 @@ #include "common/buffer/buffer_impl.h" #include "common/config/filter_json.h" #include "common/network/address_impl.h" +#include "common/network/transport_socket_options_impl.h" #include "common/router/metadatamatchcriteria_impl.h" #include "common/stream_info/forward_requested_server_name.h" #include "common/tcp_proxy/tcp_proxy.h" @@ -1180,19 +1181,20 @@ TEST_F(TcpProxyRoutingTest, ForwardRequestedServerName) { // Expect filter to try to open a connection to a cluster with the override_server_name EXPECT_CALL(factory_context_.cluster_manager_, tcpConnPoolForCluster(_, _, _, _)) - .WillOnce(Invoke( - [](const std::string& cluster, Upstream::ResourcePriority priority, - Upstream::LoadBalancerContext* context, - absl::optional override_server_name) -> Tcp::ConnectionPool::Instance* { - EXPECT_EQ(cluster, "fake_cluster"); - EXPECT_TRUE(override_server_name.has_value()); - EXPECT_EQ(override_server_name.value(), "www.example.com"); - - (void)priority; // suppress unused warning - (void)context; // suppress unused warning - - return nullptr; - })); + .WillOnce(Invoke([](const std::string& cluster, Upstream::ResourcePriority priority, + Upstream::LoadBalancerContext* context, + Network::TransportSocketOptionsSharedPtr transport_socket_options) + -> Tcp::ConnectionPool::Instance* { + EXPECT_EQ(cluster, "fake_cluster"); + EXPECT_NE(transport_socket_options); + EXPECT_TRUE(transport_socket_options->overrideServerName().has_value()); + EXPECT_EQ(transport_socket_options->overrideServerName().value(), "www.example.com"); + + (void)priority; // suppress unused warning + (void)context; // suppress unused warning + + return nullptr; + })); // Port 9999 is within the specified destination port range. connection_.local_address_ = std::make_shared("1.2.3.4", 9999); diff --git a/test/common/upstream/BUILD b/test/common/upstream/BUILD index 9533ca4c83b80..9ce0635f3e384 100644 --- a/test/common/upstream/BUILD +++ b/test/common/upstream/BUILD @@ -36,6 +36,7 @@ envoy_cc_test( "//source/common/config:utility_lib", "//source/common/event:dispatcher_lib", "//source/common/network:socket_option_lib", + "//source/common/network:transport_socket_options_lib", "//source/common/network:utility_lib", "//source/common/ssl:context_lib", "//source/common/stats:stats_lib", diff --git a/test/common/upstream/cluster_manager_impl_test.cc b/test/common/upstream/cluster_manager_impl_test.cc index 519fc67c34c2a..5ab90ca6145f0 100644 --- a/test/common/upstream/cluster_manager_impl_test.cc +++ b/test/common/upstream/cluster_manager_impl_test.cc @@ -8,6 +8,7 @@ #include "common/config/bootstrap_json.h" #include "common/config/utility.h" #include "common/network/socket_option_impl.h" +#include "common/network/transport_socket_options_impl.h" #include "common/network/utility.h" #include "common/ssl/context_manager_impl.h" #include "common/upstream/cluster_manager_impl.h" @@ -72,7 +73,7 @@ class TestClusterManagerFactory : public ClusterManagerFactory { Tcp::ConnectionPool::InstancePtr allocateTcpConnPool(Event::Dispatcher&, HostConstSharedPtr host, ResourcePriority, const Network::ConnectionSocket::OptionsSharedPtr&, - absl::optional) override { + Network::TransportSocketOptionsSharedPtr) override { return Tcp::ConnectionPool::InstancePtr{allocateTcpConnPool_(host)}; } @@ -709,16 +710,16 @@ TEST_F(ClusterManagerImplTest, UnknownCluster) { EXPECT_EQ(nullptr, cluster_manager_->get("hello")); EXPECT_EQ(nullptr, cluster_manager_->httpConnPoolForCluster("hello", ResourcePriority::Default, Http::Protocol::Http2, nullptr)); - absl::optional override_server_name; + Network::TransportSocketOptionsSharedPtr transport_socket_options; EXPECT_EQ(nullptr, cluster_manager_->tcpConnPoolForCluster("hello", ResourcePriority::Default, - nullptr, override_server_name)); - EXPECT_THROW(cluster_manager_->tcpConnForCluster("hello", nullptr, override_server_name), + nullptr, transport_socket_options)); + EXPECT_THROW(cluster_manager_->tcpConnForCluster("hello", nullptr, transport_socket_options), EnvoyException); - override_server_name = "example.com"; + transport_socket_options = std::make_shared("example.com"); EXPECT_EQ(nullptr, cluster_manager_->tcpConnPoolForCluster("hello", ResourcePriority::Default, - nullptr, override_server_name)); - EXPECT_THROW(cluster_manager_->tcpConnForCluster("hello", nullptr, override_server_name), + nullptr, transport_socket_options)); + EXPECT_THROW(cluster_manager_->tcpConnForCluster("hello", nullptr, transport_socket_options), EnvoyException); EXPECT_THROW(cluster_manager_->httpAsyncClientForCluster("hello"), EnvoyException); @@ -748,7 +749,7 @@ TEST_F(ClusterManagerImplTest, VerifyBufferLimits) { EXPECT_CALL(*connection, setBufferLimits(8192)); EXPECT_CALL(factory_.tls_.dispatcher_, createClientConnection_(_, _, _, _)) .WillOnce(Return(connection)); - auto conn_data = cluster_manager_->tcpConnForCluster("cluster_1", nullptr, absl::nullopt); + auto conn_data = cluster_manager_->tcpConnForCluster("cluster_1", nullptr, nullptr); EXPECT_EQ(connection, conn_data.connection_.get()); factory_.tls_.shutdownThread(); } @@ -1101,7 +1102,7 @@ TEST_F(ClusterManagerImplTest, DynamicAddRemove) { Tcp::ConnectionPool::MockInstance* cp2 = new Tcp::ConnectionPool::MockInstance(); EXPECT_CALL(factory_, allocateTcpConnPool_(_)).WillOnce(Return(cp2)); EXPECT_EQ(cp2, cluster_manager_->tcpConnPoolForCluster("fake_cluster", ResourcePriority::Default, - nullptr, absl::nullopt)); + nullptr, nullptr)); Network::MockClientConnection* connection = new Network::MockClientConnection(); ON_CALL(*cluster2->info_, features()) @@ -1110,7 +1111,7 @@ TEST_F(ClusterManagerImplTest, DynamicAddRemove) { .WillOnce(Return(connection)); EXPECT_CALL(*connection, setBufferLimits(_)); EXPECT_CALL(*connection, addConnectionCallbacks(_)); - auto conn_info = cluster_manager_->tcpConnForCluster("fake_cluster", nullptr, absl::nullopt); + auto conn_info = cluster_manager_->tcpConnForCluster("fake_cluster", nullptr, nullptr); EXPECT_EQ(conn_info.connection_.get(), connection); // Now remove the cluster. This should drain the connection pools, but not affect @@ -1265,7 +1266,7 @@ TEST_F(ClusterManagerImplTest, CloseTcpConnectionPoolsOnHealthFailure) { EXPECT_CALL(factory_, allocateTcpConnPool_(_)).WillOnce(Return(cp1)); cluster_manager_->tcpConnPoolForCluster("some_cluster", ResourcePriority::Default, nullptr, - absl::nullopt); + nullptr); outlier_detector.runCallbacks(test_host); health_checker.runCallbacks(test_host, HealthTransition::Unchanged); @@ -1276,7 +1277,7 @@ TEST_F(ClusterManagerImplTest, CloseTcpConnectionPoolsOnHealthFailure) { EXPECT_CALL(factory_, allocateTcpConnPool_(_)).WillOnce(Return(cp2)); cluster_manager_->tcpConnPoolForCluster("some_cluster", ResourcePriority::High, nullptr, - absl::nullopt); + nullptr); } // Order of these calls is implementation dependent, so can't sequence them! @@ -1337,7 +1338,7 @@ TEST_F(ClusterManagerImplTest, CloseTcpConnectionsOnHealthFailure) { EXPECT_CALL(factory_.tls_.dispatcher_, createClientConnection_(_, _, _, _)) .WillOnce(Return(connection1)); - conn_info1 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr, absl::nullopt); + conn_info1 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr, nullptr); outlier_detector.runCallbacks(test_host); health_checker.runCallbacks(test_host, HealthTransition::Unchanged); @@ -1349,11 +1350,11 @@ TEST_F(ClusterManagerImplTest, CloseTcpConnectionsOnHealthFailure) { connection1 = new NiceMock(); EXPECT_CALL(factory_.tls_.dispatcher_, createClientConnection_(_, _, _, _)) .WillOnce(Return(connection1)); - conn_info1 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr, absl::nullopt); + conn_info1 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr, nullptr); EXPECT_CALL(factory_.tls_.dispatcher_, createClientConnection_(_, _, _, _)) .WillOnce(Return(connection2)); - conn_info2 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr, absl::nullopt); + conn_info2 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr, nullptr); } // Order of these calls is implementation dependent, so can't sequence them! @@ -1409,7 +1410,7 @@ TEST_F(ClusterManagerImplTest, DoNotCloseTcpConnectionsOnHealthFailure) { EXPECT_CALL(factory_.tls_.dispatcher_, createClientConnection_(_, _, _, _)) .WillOnce(Return(connection1)); - conn_info1 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr, absl::nullopt); + conn_info1 = cluster_manager_->tcpConnForCluster("some_cluster", nullptr, nullptr); outlier_detector.runCallbacks(test_host); health_checker.runCallbacks(test_host, HealthTransition::Unchanged); @@ -1451,9 +1452,9 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemove) { EXPECT_EQ(nullptr, cluster_manager_->httpConnPoolForCluster( "cluster_1", ResourcePriority::Default, Http::Protocol::Http11, nullptr)); EXPECT_EQ(nullptr, cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, - nullptr, absl::nullopt)); + nullptr, nullptr)); EXPECT_EQ(nullptr, - cluster_manager_->tcpConnForCluster("cluster_1", nullptr, absl::nullopt).connection_); + cluster_manager_->tcpConnForCluster("cluster_1", nullptr, nullptr).connection_); EXPECT_EQ(3UL, factory_.stats_.counter("cluster.cluster_1.upstream_cx_none_healthy").value()); // Set up for an initialize callback. @@ -1502,16 +1503,16 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemove) { // This should provide us a CP for each of the above hosts. Tcp::ConnectionPool::MockInstance* tcp1 = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); + "cluster_1", ResourcePriority::Default, nullptr, nullptr)); Tcp::ConnectionPool::MockInstance* tcp2 = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); + "cluster_1", ResourcePriority::Default, nullptr, nullptr)); Tcp::ConnectionPool::MockInstance* tcp1_high = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::High, nullptr, absl::nullopt)); + "cluster_1", ResourcePriority::High, nullptr, nullptr)); Tcp::ConnectionPool::MockInstance* tcp2_high = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::High, nullptr, absl::nullopt)); + "cluster_1", ResourcePriority::High, nullptr, nullptr)); EXPECT_NE(tcp1, tcp2); EXPECT_NE(tcp1_high, tcp2_high); @@ -1547,10 +1548,10 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemove) { Tcp::ConnectionPool::MockInstance* tcp3 = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); + "cluster_1", ResourcePriority::Default, nullptr, nullptr)); Tcp::ConnectionPool::MockInstance* tcp3_high = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::High, nullptr, absl::nullopt)); + "cluster_1", ResourcePriority::High, nullptr, nullptr)); EXPECT_EQ(tcp2, tcp3); EXPECT_EQ(tcp2_high, tcp3_high); @@ -1588,30 +1589,32 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemoveWithTls) { create(parseBootstrapFromJson(json)); EXPECT_FALSE(cluster_manager_->get("cluster_1")->info()->addedViaApi()); - absl::optional override_server_name_example_com = "example.com"; - absl::optional override_server_name_ibm_com = "ibm.com"; + Network:::TransportSocketOptionsSharedPtr transport_socket_options_example_com(Network::TransportSocketOptionsImpl("example.com")); + Network::TransportSocketOptionsSharedPtr transport_socket_options_ibm_com( + Network::TransportSocketOptionsImpl("ibm.com")); // Test for no hosts returning the correct values before we have hosts. EXPECT_EQ(nullptr, cluster_manager_->httpConnPoolForCluster( "cluster_1", ResourcePriority::Default, Http::Protocol::Http11, nullptr)); EXPECT_EQ(nullptr, cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, - nullptr, absl::nullopt)); + nullptr, nullptr)); EXPECT_EQ(nullptr, - cluster_manager_->tcpConnForCluster("cluster_1", nullptr, absl::nullopt).connection_); + cluster_manager_->tcpConnForCluster("cluster_1", nullptr, nullptr).connection_); EXPECT_EQ(nullptr, cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, nullptr, - override_server_name_example_com)); - EXPECT_EQ(nullptr, cluster_manager_ - ->tcpConnForCluster("cluster_1", nullptr, override_server_name_example_com) - .connection_); + transport_socket_options_example_com)); + EXPECT_EQ(nullptr, + cluster_manager_ + ->tcpConnForCluster("cluster_1", nullptr, transport_socket_options_example_com) + .connection_); EXPECT_EQ(nullptr, cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, nullptr, - override_server_name_ibm_com)); - EXPECT_EQ(nullptr, - cluster_manager_->tcpConnForCluster("cluster_1", nullptr, override_server_name_ibm_com) - .connection_); + transport_socket_options_ibm_com)); + EXPECT_EQ(nullptr, cluster_manager_ + ->tcpConnForCluster("cluster_1", nullptr, transport_socket_options_ibm_com) + .connection_); EXPECT_EQ(7UL, factory_.stats_.counter("cluster.cluster_1.upstream_cx_none_healthy").value()); @@ -1661,30 +1664,30 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemoveWithTls) { // This should provide us a CP for each of the above hosts, and for different SNIs Tcp::ConnectionPool::MockInstance* tcp1 = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); + "cluster_1", ResourcePriority::Default, nullptr, nullptr)); Tcp::ConnectionPool::MockInstance* tcp2 = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); + "cluster_1", ResourcePriority::Default, nullptr, nullpr)); Tcp::ConnectionPool::MockInstance* tcp1_high = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::High, nullptr, absl::nullopt)); + "cluster_1", ResourcePriority::High, nullptr, nullptr)); Tcp::ConnectionPool::MockInstance* tcp2_high = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::High, nullptr, absl::nullopt)); + "cluster_1", ResourcePriority::High, nullptr, nullptr)); Tcp::ConnectionPool::MockInstance* tcp1_example_com = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, override_server_name_example_com)); + "cluster_1", ResourcePriority::Default, nullptr, transport_socket_options_example_com)); Tcp::ConnectionPool::MockInstance* tcp2_example_com = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, override_server_name_example_com)); + "cluster_1", ResourcePriority::Default, nullptr, transport_socket_options_example_com)); Tcp::ConnectionPool::MockInstance* tcp1_ibm_com = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, override_server_name_ibm_com)); + "cluster_1", ResourcePriority::Default, nullptr, transport_socket_options_ibm_com)); Tcp::ConnectionPool::MockInstance* tcp2_ibm_com = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, override_server_name_ibm_com)); + "cluster_1", ResourcePriority::Default, nullptr, transport_socket_options_ibm_com)); EXPECT_NE(tcp1, tcp2); EXPECT_NE(tcp1_high, tcp2_high); @@ -1757,17 +1760,17 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemoveWithTls) { Tcp::ConnectionPool::MockInstance* tcp3 = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); + "cluster_1", ResourcePriority::Default, nullptr, nullptr)); Tcp::ConnectionPool::MockInstance* tcp3_high = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::High, nullptr, absl::nullopt)); + "cluster_1", ResourcePriority::High, nullptr, nullptr)); Tcp::ConnectionPool::MockInstance* tcp3_example_com = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, override_server_name_example_com)); + "cluster_1", ResourcePriority::Default, nullptr, transport_socket_options_example_com)); Tcp::ConnectionPool::MockInstance* tcp3_ibm_com = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, override_server_name_ibm_com)); + "cluster_1", ResourcePriority::Default, nullptr, transport_socket_options_ibm_com)); EXPECT_EQ(tcp2, tcp3); EXPECT_EQ(tcp2_high, tcp3_high); @@ -1830,7 +1833,7 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemoveDefaultPriority) { Tcp::ConnectionPool::MockInstance* tcp = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); + "cluster_1", ResourcePriority::Default, nullptr, nullptr)); // Immediate drain, since this can happen with the HTTP codecs. EXPECT_CALL(*cp, addDrainedCallback(_)) @@ -1906,7 +1909,7 @@ TEST_F(ClusterManagerImplTest, ConnPoolDestroyWithDraining) { Tcp::ConnectionPool::MockInstance* tcp = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, absl::nullopt)); + "cluster_1", ResourcePriority::Default, nullptr, nullptr)); // Remove the first host, this should lead to the cp being drained. Http::ConnectionPool::Instance::DrainedCb drained_cb; @@ -1949,9 +1952,9 @@ TEST_F(ClusterManagerImplTest, OriginalDstInitialization) { EXPECT_EQ(nullptr, cluster_manager_->httpConnPoolForCluster( "cluster_1", ResourcePriority::Default, Http::Protocol::Http11, nullptr)); EXPECT_EQ(nullptr, cluster_manager_->tcpConnPoolForCluster("cluster_1", ResourcePriority::Default, - nullptr, absl::nullopt)); + nullptr, nullptr)); EXPECT_EQ(nullptr, - cluster_manager_->tcpConnForCluster("cluster_1", nullptr, absl::nullopt).connection_); + cluster_manager_->tcpConnForCluster("cluster_1", nullptr, nullptr).connection_); EXPECT_EQ(3UL, factory_.stats_.counter("cluster.cluster_1.upstream_cx_none_healthy").value()); factory_.tls_.shutdownThread(); @@ -2451,7 +2454,7 @@ class SockoptsTest : public ClusterManagerImplTest { } return connection_; })); - cluster_manager_->tcpConnForCluster("SockoptsCluster", nullptr, absl::nullopt); + cluster_manager_->tcpConnForCluster("SockoptsCluster", nullptr, nullptr); } void expectSetsockoptFreebind() { @@ -2470,7 +2473,7 @@ class SockoptsTest : public ClusterManagerImplTest { EXPECT_EQ(nullptr, options.get()); return connection_; })); - auto conn_data = cluster_manager_->tcpConnForCluster("SockoptsCluster", nullptr, absl::nullopt); + auto conn_data = cluster_manager_->tcpConnForCluster("SockoptsCluster", nullptr, nullptr); EXPECT_EQ(connection_, conn_data.connection_.get()); } @@ -2657,7 +2660,7 @@ class TcpKeepaliveTest : public ClusterManagerImplTest { options, socket, envoy::api::v2::core::SocketOption::STATE_PREBIND))); return connection_; })); - cluster_manager_->tcpConnForCluster("TcpKeepaliveCluster", nullptr, absl::nullopt); + cluster_manager_->tcpConnForCluster("TcpKeepaliveCluster", nullptr, nullptr); return; } NiceMock os_sys_calls; @@ -2709,8 +2712,7 @@ class TcpKeepaliveTest : public ClusterManagerImplTest { return 0; })); } - auto conn_data = - cluster_manager_->tcpConnForCluster("TcpKeepaliveCluster", nullptr, absl::nullopt); + auto conn_data = cluster_manager_->tcpConnForCluster("TcpKeepaliveCluster", nullptr, nullptr); EXPECT_EQ(connection_, conn_data.connection_.get()); } @@ -2724,8 +2726,7 @@ class TcpKeepaliveTest : public ClusterManagerImplTest { EXPECT_EQ(nullptr, options.get()); return connection_; })); - auto conn_data = - cluster_manager_->tcpConnForCluster("TcpKeepaliveCluster", nullptr, absl::nullopt); + auto conn_data = cluster_manager_->tcpConnForCluster("TcpKeepaliveCluster", nullptr, nullptr); EXPECT_EQ(connection_, conn_data.connection_.get()); } diff --git a/test/common/upstream/original_dst_cluster_test.cc b/test/common/upstream/original_dst_cluster_test.cc index ea613f08655f0..4c8ea8c0d2cc0 100644 --- a/test/common/upstream/original_dst_cluster_test.cc +++ b/test/common/upstream/original_dst_cluster_test.cc @@ -428,7 +428,7 @@ TEST_F(OriginalDstClusterTest, Connection) { EXPECT_CALL(dispatcher_, createClientConnection_(PointeesEq(connection.local_address_), _, _, _)) .WillOnce(Return(new NiceMock())); - host->createConnection(dispatcher_, nullptr, absl::nullopt); + host->createConnection(dispatcher_, nullptr, nullptr); } TEST_F(OriginalDstClusterTest, MultipleClusters) { diff --git a/test/extensions/transport_sockets/alts/alts_integration_test.cc b/test/extensions/transport_sockets/alts/alts_integration_test.cc index b12d845c6cbf4..2607c38bc646b 100644 --- a/test/extensions/transport_sockets/alts/alts_integration_test.cc +++ b/test/extensions/transport_sockets/alts/alts_integration_test.cc @@ -98,7 +98,7 @@ class AltsIntegrationTestBase : public HttpIntegrationTest, Network::ClientConnectionPtr makeAltsConnection() { Network::Address::InstanceConstSharedPtr address = getAddress(version_, lookupPort("http")); return dispatcher_->createClientConnection(address, Network::Address::InstanceConstSharedPtr(), - client_alts_->createTransportSocket(absl::nullopt), + client_alts_->createTransportSocket(nullptr), nullptr); } diff --git a/test/extensions/transport_sockets/alts/tsi_socket_test.cc b/test/extensions/transport_sockets/alts/tsi_socket_test.cc index 1c94d6182a819..f3e42b231f952 100644 --- a/test/extensions/transport_sockets/alts/tsi_socket_test.cc +++ b/test/extensions/transport_sockets/alts/tsi_socket_test.cc @@ -399,7 +399,7 @@ class TsiSocketFactoryTest : public testing::Test { }; TEST_F(TsiSocketFactoryTest, CreateTransportSocket) { - EXPECT_NE(nullptr, socket_factory_->createTransportSocket(absl::nullopt)); + EXPECT_NE(nullptr, socket_factory_->createTransportSocket(nullptr)); } TEST_F(TsiSocketFactoryTest, ImplementsSecureTransport) { diff --git a/test/integration/sds_dynamic_integration_test.cc b/test/integration/sds_dynamic_integration_test.cc index 70e822c46ddb0..a8022383a495f 100644 --- a/test/integration/sds_dynamic_integration_test.cc +++ b/test/integration/sds_dynamic_integration_test.cc @@ -193,9 +193,9 @@ class SdsDynamicDownstreamIntegrationTest : public SdsDynamicIntegrationBaseTest Network::ClientConnectionPtr makeSslClientConnection() { Network::Address::InstanceConstSharedPtr address = getSslAddress(version_, lookupPort("http")); - return dispatcher_->createClientConnection( - address, Network::Address::InstanceConstSharedPtr(), - client_ssl_ctx_->createTransportSocket(absl::nullopt), nullptr); + return dispatcher_->createClientConnection(address, Network::Address::InstanceConstSharedPtr(), + client_ssl_ctx_->createTransportSocket(nullptr), + nullptr); } protected: diff --git a/test/integration/sds_static_integration_test.cc b/test/integration/sds_static_integration_test.cc index b5e3dedf22ccb..7c117bd7c0080 100644 --- a/test/integration/sds_static_integration_test.cc +++ b/test/integration/sds_static_integration_test.cc @@ -85,9 +85,9 @@ class SdsStaticDownstreamIntegrationTest Network::ClientConnectionPtr makeSslClientConnection() { Network::Address::InstanceConstSharedPtr address = getSslAddress(version_, lookupPort("http")); - return dispatcher_->createClientConnection( - address, Network::Address::InstanceConstSharedPtr(), - client_ssl_ctx_->createTransportSocket(absl::nullopt), nullptr); + return dispatcher_->createClientConnection(address, Network::Address::InstanceConstSharedPtr(), + client_ssl_ctx_->createTransportSocket(nullptr), + nullptr); } private: diff --git a/test/integration/ssl_integration_test.cc b/test/integration/ssl_integration_test.cc index 6f831c825936d..2b0856ba0dce4 100644 --- a/test/integration/ssl_integration_test.cc +++ b/test/integration/ssl_integration_test.cc @@ -55,14 +55,14 @@ Network::ClientConnectionPtr SslIntegrationTest::makeSslClientConnection(bool al if (alpn) { return dispatcher_->createClientConnection( address, Network::Address::InstanceConstSharedPtr(), - san ? client_ssl_ctx_alpn_san_->createTransportSocket(absl::nullopt) - : client_ssl_ctx_alpn_->createTransportSocket(absl::nullopt), + san ? client_ssl_ctx_alpn_san_->createTransportSocket(nullptr) + : client_ssl_ctx_alpn_->createTransportSocket(nullptr), nullptr); } else { return dispatcher_->createClientConnection( address, Network::Address::InstanceConstSharedPtr(), - san ? client_ssl_ctx_san_->createTransportSocket(absl::nullopt) - : client_ssl_ctx_plain_->createTransportSocket(absl::nullopt), + san ? client_ssl_ctx_san_->createTransportSocket(nullptr) + : client_ssl_ctx_plain_->createTransportSocket(nullptr), nullptr); } } diff --git a/test/integration/tcp_proxy_integration_test.cc b/test/integration/tcp_proxy_integration_test.cc index ae8a634c6a2fd..c4bcefb4a8b02 100644 --- a/test/integration/tcp_proxy_integration_test.cc +++ b/test/integration/tcp_proxy_integration_test.cc @@ -392,7 +392,7 @@ void TcpProxySslIntegrationTest::setupConnections() { context_ = Ssl::createClientSslTransportSocketFactory(false, false, *context_manager_); ssl_client_ = dispatcher_->createClientConnection(address, Network::Address::InstanceConstSharedPtr(), - context_->createTransportSocket(absl::nullopt), nullptr); + context_->createTransportSocket(nullptr), nullptr); // Perform the SSL handshake. Loopback is whitelisted in tcp_proxy.json for the ssl_auth // filter so there will be no pause waiting on auth data. diff --git a/test/integration/xfcc_integration_test.cc b/test/integration/xfcc_integration_test.cc index 17fce9347ac08..c70e946c1d09b 100644 --- a/test/integration/xfcc_integration_test.cc +++ b/test/integration/xfcc_integration_test.cc @@ -94,9 +94,9 @@ Network::ClientConnectionPtr XfccIntegrationTest::makeMtlsClientConnection() { Network::Address::InstanceConstSharedPtr address = Network::Utility::resolveUrl("tcp://" + Network::Test::getLoopbackAddressUrlString(version_) + ":" + std::to_string(lookupPort("http"))); - return dispatcher_->createClientConnection( - address, Network::Address::InstanceConstSharedPtr(), - client_mtls_ssl_ctx_->createTransportSocket(absl::nullopt), nullptr); + return dispatcher_->createClientConnection(address, Network::Address::InstanceConstSharedPtr(), + client_mtls_ssl_ctx_->createTransportSocket(nullptr), + nullptr); } void XfccIntegrationTest::createUpstreams() { diff --git a/test/mocks/network/mocks.h b/test/mocks/network/mocks.h index ef0d523c0c48c..9f76169447fc9 100644 --- a/test/mocks/network/mocks.h +++ b/test/mocks/network/mocks.h @@ -462,7 +462,7 @@ class MockTransportSocketFactory : public TransportSocketFactory { ~MockTransportSocketFactory(); MOCK_CONST_METHOD0(implementsSecureTransport, bool()); - MOCK_CONST_METHOD1(createTransportSocket, TransportSocketPtr(absl::optional)); + MOCK_CONST_METHOD1(createTransportSocket, TransportSocketPtr(TransportSocketOptionsSharedPtr)); }; class MockTransportSocketCallbacks : public TransportSocketCallbacks { diff --git a/test/mocks/upstream/host.h b/test/mocks/upstream/host.h index 9a5a505331c74..14600932fad49 100644 --- a/test/mocks/upstream/host.h +++ b/test/mocks/upstream/host.h @@ -110,7 +110,7 @@ class MockHost : public Host { CreateConnectionData createConnection(Event::Dispatcher& dispatcher, const Network::ConnectionSocket::OptionsSharedPtr& options, - absl::optional) const override { + Network::TransportSocketOptionsSharedPtr) const override { MockCreateConnectionData data = createConnection_(dispatcher, options); return {Network::ClientConnectionPtr{data.connection_}, data.host_description_}; } diff --git a/test/mocks/upstream/mocks.h b/test/mocks/upstream/mocks.h index 1c14466e18ac8..ab46020608d4a 100644 --- a/test/mocks/upstream/mocks.h +++ b/test/mocks/upstream/mocks.h @@ -217,7 +217,7 @@ class MockClusterManagerFactory : public ClusterManagerFactory { Event::Dispatcher& dispatcher, HostConstSharedPtr host, ResourcePriority priority, const Network::ConnectionSocket::OptionsSharedPtr& options, - absl::optional)); + Network::TransportSocketOptionsSharedPtr)); MOCK_METHOD5(clusterFromProto, ClusterSharedPtr(const envoy::api::v2::Cluster& cluster, ClusterManager& cm, @@ -252,7 +252,7 @@ class MockClusterManager : public ClusterManager { Host::CreateConnectionData tcpConnForCluster(const std::string& cluster, LoadBalancerContext* context, - absl::optional) override { + Network::TransportSocketOptionsSharedPtr) override { MockHost::MockCreateConnectionData data = tcpConnForCluster_(cluster, context); return {Network::ClientConnectionPtr{data.connection_}, data.host_description_}; } @@ -269,10 +269,11 @@ class MockClusterManager : public ClusterManager { Http::ConnectionPool::Instance*(const std::string& cluster, ResourcePriority priority, Http::Protocol protocol, LoadBalancerContext* context)); - MOCK_METHOD4(tcpConnPoolForCluster, - Tcp::ConnectionPool::Instance*(const std::string& cluster, ResourcePriority priority, - LoadBalancerContext* context, - absl::optional override_server_name)); + MOCK_METHOD4( + tcpConnPoolForCluster, + Tcp::ConnectionPool::Instance*(const std::string& cluster, ResourcePriority priority, + LoadBalancerContext* context, + Network::TransportSocketOptionsSharedPtr transport_socket_options)); MOCK_METHOD2(tcpConnForCluster_, MockHost::MockCreateConnectionData(const std::string& cluster, LoadBalancerContext* context)); diff --git a/test/server/config_validation/cluster_manager_test.cc b/test/server/config_validation/cluster_manager_test.cc index c014a3a25be64..de332321190b0 100644 --- a/test/server/config_validation/cluster_manager_test.cc +++ b/test/server/config_validation/cluster_manager_test.cc @@ -44,8 +44,7 @@ TEST(ValidationClusterManagerTest, MockedMethods) { bootstrap, stats, tls, runtime, random, local_info, log_manager, admin); EXPECT_EQ(nullptr, cluster_manager->httpConnPoolForCluster("cluster", ResourcePriority::Default, Http::Protocol::Http11, nullptr)); - Host::CreateConnectionData data = - cluster_manager->tcpConnForCluster("cluster", nullptr, absl::nullopt); + Host::CreateConnectionData data = cluster_manager->tcpConnForCluster("cluster", nullptr, nullptr); EXPECT_EQ(nullptr, data.connection_); EXPECT_EQ(nullptr, data.host_description_); diff --git a/test/server/listener_manager_impl_test.cc b/test/server/listener_manager_impl_test.cc index 3ac4f37a96ef6..bbb58a8619aa0 100644 --- a/test/server/listener_manager_impl_test.cc +++ b/test/server/listener_manager_impl_test.cc @@ -1140,8 +1140,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, SingleFilterChainWithDestinationP filter_chain = findFilterChain(8080, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = - filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1183,8 +1182,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, SingleFilterChainWithDestinationI filter_chain = findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = - filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1232,8 +1230,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, SingleFilterChainWithServerNamesM findFilterChain(1234, true, "127.0.0.1", true, "server1.example.com", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = - filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1272,8 +1269,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, SingleFilterChainWithTransportPro filter_chain = findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = - filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1312,8 +1308,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, SingleFilterChainWithApplicationP findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {"h2", "http/1.1"}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = - filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1361,8 +1356,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati auto filter_chain = findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = - filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); auto ssl_socket = dynamic_cast(transport_socket.get()); auto uri = ssl_socket->uriSanLocalCertificate(); EXPECT_EQ(uri, "spiffe://lyft.com/test-team"); @@ -1371,7 +1365,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati filter_chain = findFilterChain(8080, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1381,7 +1375,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati filter_chain = findFilterChain(8081, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); ssl_socket = dynamic_cast(transport_socket.get()); server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 2); @@ -1391,7 +1385,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati filter_chain = findFilterChain(0, true, "/tmp/test.sock", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); ssl_socket = dynamic_cast(transport_socket.get()); uri = ssl_socket->uriSanLocalCertificate(); EXPECT_EQ(uri, "spiffe://lyft.com/test-team"); @@ -1438,8 +1432,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati auto filter_chain = findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = - filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); auto ssl_socket = dynamic_cast(transport_socket.get()); auto uri = ssl_socket->uriSanLocalCertificate(); EXPECT_EQ(uri, "spiffe://lyft.com/test-team"); @@ -1448,7 +1441,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati filter_chain = findFilterChain(1234, true, "192.168.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1458,7 +1451,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati filter_chain = findFilterChain(1234, true, "192.168.1.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); ssl_socket = dynamic_cast(transport_socket.get()); server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 2); @@ -1468,7 +1461,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithDestinati filter_chain = findFilterChain(0, true, "/tmp/test.sock", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); ssl_socket = dynamic_cast(transport_socket.get()); uri = ssl_socket->uriSanLocalCertificate(); EXPECT_EQ(uri, "spiffe://lyft.com/test-team"); @@ -1524,8 +1517,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithServerNam auto filter_chain = findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = - filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); auto ssl_socket = dynamic_cast(transport_socket.get()); auto uri = ssl_socket->uriSanLocalCertificate(); EXPECT_EQ(uri, "spiffe://lyft.com/test-team"); @@ -1535,7 +1527,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithServerNam findFilterChain(1234, true, "127.0.0.1", true, "server1.example.com", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1546,7 +1538,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithServerNam findFilterChain(1234, true, "127.0.0.1", true, "server2.example.com", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); ssl_socket = dynamic_cast(transport_socket.get()); server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 2); @@ -1557,7 +1549,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithServerNam findFilterChain(1234, true, "127.0.0.1", true, "www.wildcard.com", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - transport_socket = filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); ssl_socket = dynamic_cast(transport_socket.get()); server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 2); @@ -1599,8 +1591,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithTransport filter_chain = findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = - filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1642,8 +1633,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithApplicati findFilterChain(1234, true, "127.0.0.1", true, "", true, "tls", true, {"h2", "http/1.1"}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = - filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); @@ -1698,8 +1688,7 @@ TEST_F(ListenerManagerImplWithRealFiltersTest, MultipleFilterChainsWithMultipleR true, {"h2", "http/1.1"}); ASSERT_NE(filter_chain, nullptr); EXPECT_TRUE(filter_chain->transportSocketFactory().implementsSecureTransport()); - auto transport_socket = - filter_chain->transportSocketFactory().createTransportSocket(absl::nullopt); + auto transport_socket = filter_chain->transportSocketFactory().createTransportSocket(nullptr); auto ssl_socket = dynamic_cast(transport_socket.get()); auto server_names = ssl_socket->dnsSansLocalCertificate(); EXPECT_EQ(server_names.size(), 1); From 5fe6e3e424f553a108e275206c66e808e39e63dd Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 06:12:16 +0200 Subject: [PATCH 04/37] fix compilation errors in tests Signed-off-by: Vadim Eisenberg --- test/common/upstream/logical_dns_cluster_test.cc | 8 ++++---- test/integration/tcp_conn_pool_integration_test.cc | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/common/upstream/logical_dns_cluster_test.cc b/test/common/upstream/logical_dns_cluster_test.cc index 8d3c1e408f501..961bc9790ed2b 100644 --- a/test/common/upstream/logical_dns_cluster_test.cc +++ b/test/common/upstream/logical_dns_cluster_test.cc @@ -116,7 +116,7 @@ class LogicalDnsClusterTest : public testing::Test { createClientConnection_( PointeesEq(Network::Utility::resolveUrl("tcp://127.0.0.1:443")), _, _, _)) .WillOnce(Return(new NiceMock())); - logical_host->createConnection(dispatcher_, nullptr, absl::nullopt); + logical_host->createConnection(dispatcher_, nullptr, nullptr); logical_host->outlierDetector().putHttpResponseCode(200); expectResolve(Network::DnsLookupFamily::V4Only, expected_address); @@ -136,7 +136,7 @@ class LogicalDnsClusterTest : public testing::Test { PointeesEq(Network::Utility::resolveUrl("tcp://127.0.0.1:443")), _, _, _)) .WillOnce(Return(new NiceMock())); Host::CreateConnectionData data = - logical_host->createConnection(dispatcher_, nullptr, absl::nullopt); + logical_host->createConnection(dispatcher_, nullptr, nullptr); EXPECT_FALSE(data.host_description_->canary()); EXPECT_EQ(&cluster_->prioritySet().hostSetsPerPriority()[0]->hosts()[0]->cluster(), &data.host_description_->cluster()); @@ -168,7 +168,7 @@ class LogicalDnsClusterTest : public testing::Test { createClientConnection_( PointeesEq(Network::Utility::resolveUrl("tcp://127.0.0.3:443")), _, _, _)) .WillOnce(Return(new NiceMock())); - logical_host->createConnection(dispatcher_, nullptr, absl::nullopt); + logical_host->createConnection(dispatcher_, nullptr, nullptr); expectResolve(Network::DnsLookupFamily::V4Only, expected_address); resolve_timer_->callback_(); @@ -182,7 +182,7 @@ class LogicalDnsClusterTest : public testing::Test { createClientConnection_( PointeesEq(Network::Utility::resolveUrl("tcp://127.0.0.3:443")), _, _, _)) .WillOnce(Return(new NiceMock())); - logical_host->createConnection(dispatcher_, nullptr, absl::nullopt); + logical_host->createConnection(dispatcher_, nullptr, nullptr); // Make sure we cancel. EXPECT_CALL(active_dns_query_, cancel()); diff --git a/test/integration/tcp_conn_pool_integration_test.cc b/test/integration/tcp_conn_pool_integration_test.cc index 4932b8c21d30b..0d5f8f0452435 100644 --- a/test/integration/tcp_conn_pool_integration_test.cc +++ b/test/integration/tcp_conn_pool_integration_test.cc @@ -26,7 +26,7 @@ class TestFilter : public Network::ReadFilter { UNREFERENCED_PARAMETER(end_stream); Tcp::ConnectionPool::Instance* pool = cluster_manager_.tcpConnPoolForCluster( - "cluster_0", Upstream::ResourcePriority::Default, nullptr, absl::nullopt); + "cluster_0", Upstream::ResourcePriority::Default, nullptr, nullptr); ASSERT(pool != nullptr); requests_.emplace_back(*this, data); From b6f32d73c01ed9340750d0bea69f1ec6974f4a55 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 07:06:15 +0200 Subject: [PATCH 05/37] fix format Signed-off-by: Vadim Eisenberg --- include/envoy/network/transport_socket.h | 3 +-- source/common/ssl/ssl_socket.cc | 5 ++--- source/common/ssl/ssl_socket.h | 4 ++-- source/common/tcp_proxy/tcp_proxy.cc | 4 ++-- source/common/upstream/cluster_manager_impl.cc | 6 +++--- source/common/upstream/logical_dns_cluster.h | 7 +++---- source/common/upstream/upstream_impl.cc | 7 +++---- source/common/upstream/upstream_impl.h | 7 +++---- source/extensions/transport_sockets/alts/tsi_socket.h | 2 +- source/extensions/transport_sockets/capture/capture.h | 2 +- test/common/ssl/ssl_socket_test.cc | 10 ++++++---- test/common/upstream/cluster_manager_impl_test.cc | 3 ++- test/common/upstream/logical_dns_cluster_test.cc | 3 +-- test/mocks/upstream/mocks.h | 10 +++++----- 14 files changed, 35 insertions(+), 38 deletions(-) diff --git a/include/envoy/network/transport_socket.h b/include/envoy/network/transport_socket.h index 75d3bcec060ae..b9f881e0d3bd9 100644 --- a/include/envoy/network/transport_socket.h +++ b/include/envoy/network/transport_socket.h @@ -148,8 +148,7 @@ class TransportSocketOptions { virtual void hashKey(std::vector& key) const PURE; }; -typedef std::shared_ptr - TransportSocketOptionsSharedPtr; +typedef std::shared_ptr TransportSocketOptionsSharedPtr; /** * A factory for creating transport socket. It will be associated to filter chains and clusters. diff --git a/source/common/ssl/ssl_socket.cc b/source/common/ssl/ssl_socket.cc index fe247373a3201..e9735fb6a4ef5 100644 --- a/source/common/ssl/ssl_socket.cc +++ b/source/common/ssl/ssl_socket.cc @@ -375,7 +375,7 @@ ClientSslSocketFactory::ClientSslSocketFactory(ClientContextConfigPtr config, } Network::TransportSocketPtr ClientSslSocketFactory::createTransportSocket( - Network::TransportSocketOptionsSharedPtr transport_socket_options) const { + Network::TransportSocketOptionsSharedPtr transport_socket_options) const { // onAddOrUpdateSecret() could be invoked in the middle of checking the existence of ssl_ctx and // creating SslSocket using ssl_ctx. Capture ssl_ctx_ into a local variable so that we check and // use the same ssl_ctx to create SslSocket. @@ -426,8 +426,7 @@ ServerSslSocketFactory::createTransportSocket(Network::TransportSocketOptionsSha ssl_ctx = ssl_ctx_; } if (ssl_ctx) { - return std::make_unique(std::move(ssl_ctx), Ssl::InitialState::Server, - nullptr); + return std::make_unique(std::move(ssl_ctx), Ssl::InitialState::Server, nullptr); } else { ENVOY_LOG(debug, "Create NotReadySslSocket"); stats_.downstream_context_secrets_not_ready_.inc(); diff --git a/source/common/ssl/ssl_socket.h b/source/common/ssl/ssl_socket.h index ef219e604dd5c..d9888ba228913 100644 --- a/source/common/ssl/ssl_socket.h +++ b/source/common/ssl/ssl_socket.h @@ -89,7 +89,7 @@ class ClientSslSocketFactory : public Network::TransportSocketFactory, Stats::Scope& stats_scope); Network::TransportSocketPtr - createTransportSocket(Network::TransportSocketOptionsSharedPtr options) const override; + createTransportSocket(Network::TransportSocketOptionsSharedPtr options) const override; bool implementsSecureTransport() const override; // Secret::SecretCallbacks @@ -112,7 +112,7 @@ class ServerSslSocketFactory : public Network::TransportSocketFactory, Stats::Scope& stats_scope, const std::vector& server_names); Network::TransportSocketPtr - createTransportSocket(Network::TransportSocketOptionsSharedPtr options) const override; + createTransportSocket(Network::TransportSocketOptionsSharedPtr options) const override; bool implementsSecureTransport() const override; // Secret::SecretCallbacks diff --git a/source/common/tcp_proxy/tcp_proxy.cc b/source/common/tcp_proxy/tcp_proxy.cc index 67811e25103eb..0fb700aceb030 100644 --- a/source/common/tcp_proxy/tcp_proxy.cc +++ b/source/common/tcp_proxy/tcp_proxy.cc @@ -371,8 +371,8 @@ Network::FilterStatus Filter::initializeUpstreamConnection() { ->streamInfo() .filterState() .getDataReadOnly(ForwardRequestedServerName::Key); - transport_socket_options = - std::make_shared(original_requested_server_name.value()); + transport_socket_options = std::make_shared( + original_requested_server_name.value()); } Tcp::ConnectionPool::Instance* conn_pool = cluster_manager_.tcpConnPoolForCluster( diff --git a/source/common/upstream/cluster_manager_impl.cc b/source/common/upstream/cluster_manager_impl.cc index b9b4863d9ea1e..e0459a10639a8 100644 --- a/source/common/upstream/cluster_manager_impl.cc +++ b/source/common/upstream/cluster_manager_impl.cc @@ -706,9 +706,9 @@ void ClusterManagerImpl::postThreadLocalHealthFailure(const HostSharedPtr& host) [this, host] { ThreadLocalClusterManagerImpl::onHostHealthFailure(host, *tls_); }); } -Host::CreateConnectionData -ClusterManagerImpl::tcpConnForCluster(const std::string& cluster, LoadBalancerContext* context, - Network::TransportSocketOptionsSharedPtr transport_socket_options) { +Host::CreateConnectionData ClusterManagerImpl::tcpConnForCluster( + const std::string& cluster, LoadBalancerContext* context, + Network::TransportSocketOptionsSharedPtr transport_socket_options) { ThreadLocalClusterManagerImpl& cluster_manager = tls_->getTyped(); auto entry = cluster_manager.thread_local_clusters_.find(cluster); diff --git a/source/common/upstream/logical_dns_cluster.h b/source/common/upstream/logical_dns_cluster.h index 359b47d276225..0c25c5ff8255e 100644 --- a/source/common/upstream/logical_dns_cluster.h +++ b/source/common/upstream/logical_dns_cluster.h @@ -51,10 +51,9 @@ class LogicalDnsCluster : public ClusterImplBase { parent_(parent) {} // Upstream::Host - CreateConnectionData - createConnection(Event::Dispatcher& dispatcher, - const Network::ConnectionSocket::OptionsSharedPtr& options, - Network::TransportSocketOptionsSharedPtr transport_socket_options) const override; + CreateConnectionData createConnection( + Event::Dispatcher& dispatcher, const Network::ConnectionSocket::OptionsSharedPtr& options, + Network::TransportSocketOptionsSharedPtr transport_socket_options) const override; // Upstream::HostDescription // Override setting health check address, since for logical DNS the registered host has 0.0.0.0 diff --git a/source/common/upstream/upstream_impl.cc b/source/common/upstream/upstream_impl.cc index d53fe3f5e3717..a4f873dd62e31 100644 --- a/source/common/upstream/upstream_impl.cc +++ b/source/common/upstream/upstream_impl.cc @@ -146,10 +146,9 @@ parseExtensionProtocolOptions(const envoy::api::v2::Cluster& config) { } // namespace -Host::CreateConnectionData -HostImpl::createConnection(Event::Dispatcher& dispatcher, - const Network::ConnectionSocket::OptionsSharedPtr& options, - Network::TransportSocketOptionsSharedPtr transport_socket_options) const { +Host::CreateConnectionData HostImpl::createConnection( + Event::Dispatcher& dispatcher, const Network::ConnectionSocket::OptionsSharedPtr& options, + Network::TransportSocketOptionsSharedPtr transport_socket_options) const { return {createConnection(dispatcher, *cluster_, address_, options, transport_socket_options), shared_from_this()}; } diff --git a/source/common/upstream/upstream_impl.h b/source/common/upstream/upstream_impl.h index 8f9b14e16f878..dd9208f47e837 100644 --- a/source/common/upstream/upstream_impl.h +++ b/source/common/upstream/upstream_impl.h @@ -171,10 +171,9 @@ class HostImpl : public HostDescriptionImpl, // Upstream::Host std::vector counters() const override { return stats_store_.counters(); } - CreateConnectionData - createConnection(Event::Dispatcher& dispatcher, - const Network::ConnectionSocket::OptionsSharedPtr& options, - Network::TransportSocketOptionsSharedPtr transport_socket_options) const override; + CreateConnectionData createConnection( + Event::Dispatcher& dispatcher, const Network::ConnectionSocket::OptionsSharedPtr& options, + Network::TransportSocketOptionsSharedPtr transport_socket_options) const override; CreateConnectionData createHealthCheckConnection(Event::Dispatcher& dispatcher) const override; std::vector gauges() const override { return stats_store_.gauges(); } void healthFlagClear(HealthFlag flag) override { health_flags_ &= ~enumToInt(flag); } diff --git a/source/extensions/transport_sockets/alts/tsi_socket.h b/source/extensions/transport_sockets/alts/tsi_socket.h index 4a3db22aa5574..8e3ee5e954438 100644 --- a/source/extensions/transport_sockets/alts/tsi_socket.h +++ b/source/extensions/transport_sockets/alts/tsi_socket.h @@ -99,7 +99,7 @@ class TsiSocketFactory : public Network::TransportSocketFactory { bool implementsSecureTransport() const override; Network::TransportSocketPtr - createTransportSocket(Network::TransportSocketOptionsSharedPtr options) const override; + createTransportSocket(Network::TransportSocketOptionsSharedPtr options) const override; private: HandshakerFactory handshaker_factory_; diff --git a/source/extensions/transport_sockets/capture/capture.h b/source/extensions/transport_sockets/capture/capture.h index 0965ad1033fc2..b1419a1b95a38 100644 --- a/source/extensions/transport_sockets/capture/capture.h +++ b/source/extensions/transport_sockets/capture/capture.h @@ -50,7 +50,7 @@ class CaptureSocketFactory : public Network::TransportSocketFactory { // Network::TransportSocketFactory Network::TransportSocketPtr - createTransportSocket(Network::TransportSocketOptionsSharedPtr options) const override; + createTransportSocket(Network::TransportSocketOptionsSharedPtr options) const override; bool implementsSecureTransport() const override; private: diff --git a/test/common/ssl/ssl_socket_test.cc b/test/common/ssl/ssl_socket_test.cc index 0f9c632316e5d..4186a6fdd8aec 100644 --- a/test/common/ssl/ssl_socket_test.cc +++ b/test/common/ssl/ssl_socket_test.cc @@ -214,7 +214,8 @@ const std::string testUtilV2( Network::MockConnectionCallbacks server_connection_callbacks; EXPECT_CALL(callbacks, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { - std::string sni = transport_socket_options != NULL && transport_socket_options->overrideServerName().has_value() + std::string sni = transport_socket_options != NULL && + transport_socket_options->overrideServerName().has_value() ? transport_socket_options->overrideServerName().value() : client_ctx_proto.sni(); socket->setRequestedServerName(sni); @@ -2880,7 +2881,8 @@ TEST_P(SslSocketTest, OverrideRequestedServerName) { envoy::api::v2::auth::UpstreamTlsContext client; client.set_sni("lyft.com"); - Network::TransportSocketOptionsSharedPtr transport_socket_options(new Network::TransportSocketOptionsImpl("example.com")); + Network::TransportSocketOptionsSharedPtr transport_socket_options( + new Network::TransportSocketOptionsImpl("example.com")); testUtilV2(listener, client, "", true, "", "", "", "example.com", "", "ssl.handshake", "ssl.handshake", GetParam(), transport_socket_options); @@ -2898,8 +2900,8 @@ TEST_P(SslSocketTest, OverrideRequestedServerNameWithoutSniInUpstreamTlsContext) envoy::api::v2::auth::UpstreamTlsContext client; - Network::TransportSocketOptionsSharedPtr transport_socket_options(new - Network::TransportSocketOptionsImpl("example.com")); + Network::TransportSocketOptionsSharedPtr transport_socket_options( + new Network::TransportSocketOptionsImpl("example.com")); testUtilV2(listener, client, "", true, "", "", "", "example.com", "", "ssl.handshake", "ssl.handshake", GetParam(), override_server_name); } diff --git a/test/common/upstream/cluster_manager_impl_test.cc b/test/common/upstream/cluster_manager_impl_test.cc index 5ab90ca6145f0..b6e3c0a263673 100644 --- a/test/common/upstream/cluster_manager_impl_test.cc +++ b/test/common/upstream/cluster_manager_impl_test.cc @@ -1589,7 +1589,8 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemoveWithTls) { create(parseBootstrapFromJson(json)); EXPECT_FALSE(cluster_manager_->get("cluster_1")->info()->addedViaApi()); - Network:::TransportSocketOptionsSharedPtr transport_socket_options_example_com(Network::TransportSocketOptionsImpl("example.com")); + Network:: : TransportSocketOptionsSharedPtr transport_socket_options_example_com( + Network::TransportSocketOptionsImpl("example.com")); Network::TransportSocketOptionsSharedPtr transport_socket_options_ibm_com( Network::TransportSocketOptionsImpl("ibm.com")); diff --git a/test/common/upstream/logical_dns_cluster_test.cc b/test/common/upstream/logical_dns_cluster_test.cc index 961bc9790ed2b..1b694483be9d8 100644 --- a/test/common/upstream/logical_dns_cluster_test.cc +++ b/test/common/upstream/logical_dns_cluster_test.cc @@ -135,8 +135,7 @@ class LogicalDnsClusterTest : public testing::Test { createClientConnection_( PointeesEq(Network::Utility::resolveUrl("tcp://127.0.0.1:443")), _, _, _)) .WillOnce(Return(new NiceMock())); - Host::CreateConnectionData data = - logical_host->createConnection(dispatcher_, nullptr, nullptr); + Host::CreateConnectionData data = logical_host->createConnection(dispatcher_, nullptr, nullptr); EXPECT_FALSE(data.host_description_->canary()); EXPECT_EQ(&cluster_->prioritySet().hostSetsPerPriority()[0]->hosts()[0]->cluster(), &data.host_description_->cluster()); diff --git a/test/mocks/upstream/mocks.h b/test/mocks/upstream/mocks.h index ab46020608d4a..cce4d9b747c73 100644 --- a/test/mocks/upstream/mocks.h +++ b/test/mocks/upstream/mocks.h @@ -269,11 +269,11 @@ class MockClusterManager : public ClusterManager { Http::ConnectionPool::Instance*(const std::string& cluster, ResourcePriority priority, Http::Protocol protocol, LoadBalancerContext* context)); - MOCK_METHOD4( - tcpConnPoolForCluster, - Tcp::ConnectionPool::Instance*(const std::string& cluster, ResourcePriority priority, - LoadBalancerContext* context, - Network::TransportSocketOptionsSharedPtr transport_socket_options)); + MOCK_METHOD4(tcpConnPoolForCluster, + Tcp::ConnectionPool::Instance*( + const std::string& cluster, ResourcePriority priority, + LoadBalancerContext* context, + Network::TransportSocketOptionsSharedPtr transport_socket_options)); MOCK_METHOD2(tcpConnForCluster_, MockHost::MockCreateConnectionData(const std::string& cluster, LoadBalancerContext* context)); From 6aff2eab64aece082b1b0513f3cbbed1cff230bb Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 07:21:47 +0200 Subject: [PATCH 06/37] fix compilation errors Signed-off-by: Vadim Eisenberg --- test/common/upstream/cluster_manager_impl_test.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/common/upstream/cluster_manager_impl_test.cc b/test/common/upstream/cluster_manager_impl_test.cc index b6e3c0a263673..fcbc7473f5a8a 100644 --- a/test/common/upstream/cluster_manager_impl_test.cc +++ b/test/common/upstream/cluster_manager_impl_test.cc @@ -1589,10 +1589,10 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemoveWithTls) { create(parseBootstrapFromJson(json)); EXPECT_FALSE(cluster_manager_->get("cluster_1")->info()->addedViaApi()); - Network:: : TransportSocketOptionsSharedPtr transport_socket_options_example_com( - Network::TransportSocketOptionsImpl("example.com")); + Network::TransportSocketOptionsSharedPtr transport_socket_options_example_com( + new Network::TransportSocketOptionsImpl("example.com")); Network::TransportSocketOptionsSharedPtr transport_socket_options_ibm_com( - Network::TransportSocketOptionsImpl("ibm.com")); + new Network::TransportSocketOptionsImpl("ibm.com")); // Test for no hosts returning the correct values before we have hosts. EXPECT_EQ(nullptr, cluster_manager_->httpConnPoolForCluster( From 0b2a296e14630e116d7e16e6badc82c03868ebe1 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 07:26:54 +0200 Subject: [PATCH 07/37] make overrideServerName() return const& Signed-off-by: Vadim Eisenberg --- include/envoy/network/transport_socket.h | 2 +- source/common/network/transport_socket_options_impl.h | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/envoy/network/transport_socket.h b/include/envoy/network/transport_socket.h index b9f881e0d3bd9..69073db9422b2 100644 --- a/include/envoy/network/transport_socket.h +++ b/include/envoy/network/transport_socket.h @@ -144,7 +144,7 @@ typedef std::unique_ptr TransportSocketPtr; class TransportSocketOptions { public: virtual ~TransportSocketOptions() {} - virtual absl::optional overrideServerName() const PURE; + virtual const absl::optional& overrideServerName() const PURE; virtual void hashKey(std::vector& key) const PURE; }; diff --git a/source/common/network/transport_socket_options_impl.h b/source/common/network/transport_socket_options_impl.h index 660385e0b6f62..dcd95ab0ce6cb 100644 --- a/source/common/network/transport_socket_options_impl.h +++ b/source/common/network/transport_socket_options_impl.h @@ -8,7 +8,9 @@ namespace Network { class TransportSocketOptionsImpl : public TransportSocketOptions { public: TransportSocketOptionsImpl(std::string override_server_name = ""); - absl::optional overrideServerName() const override { return override_server_name_; } + const absl::optional& overrideServerName() const override { + return override_server_name_; + } void hashKey(std::vector& key) const override; private: From 6c9128dafa8a885c043f8cb55656c3ea6970a680 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 07:34:28 +0200 Subject: [PATCH 08/37] make the parameter of newSSL() const& Signed-off-by: Vadim Eisenberg --- source/common/ssl/context_impl.cc | 4 ++-- source/common/ssl/context_impl.h | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/source/common/ssl/context_impl.cc b/source/common/ssl/context_impl.cc index 2fd2eee4ea1a0..fc75c12c8064a 100644 --- a/source/common/ssl/context_impl.cc +++ b/source/common/ssl/context_impl.cc @@ -275,7 +275,7 @@ std::vector ContextImpl::parseAlpnProtocols(const std::string& alpn_pro return out; } -bssl::UniquePtr ContextImpl::newSsl(absl::optional) const { +bssl::UniquePtr ContextImpl::newSsl(const absl::optional&) const { return bssl::UniquePtr(SSL_new(ctx_.get())); } @@ -499,7 +499,7 @@ ClientContextImpl::ClientContextImpl(Stats::Scope& scope, const ClientContextCon } bssl::UniquePtr -ClientContextImpl::newSsl(absl::optional override_server_name) const { +ClientContextImpl::newSsl(const absl::optional& override_server_name) const { bssl::UniquePtr ssl_con(ContextImpl::newSsl(absl::nullopt)); std::string server_name_indication = diff --git a/source/common/ssl/context_impl.h b/source/common/ssl/context_impl.h index 4fb733df025be..abc51839ee573 100644 --- a/source/common/ssl/context_impl.h +++ b/source/common/ssl/context_impl.h @@ -42,7 +42,8 @@ struct SslStats { class ContextImpl : public virtual Context { public: - virtual bssl::UniquePtr newSsl(absl::optional override_server_name) const; + virtual bssl::UniquePtr + newSsl(const absl::optional& override_server_name) const; /** * Logs successful TLS handshake and updates stats. @@ -143,7 +144,8 @@ class ClientContextImpl : public ContextImpl, public ClientContext { ClientContextImpl(Stats::Scope& scope, const ClientContextConfig& config, TimeSource& time_source); - bssl::UniquePtr newSsl(absl::optional override_server_name) const override; + bssl::UniquePtr + newSsl(const absl::optional& override_server_name) const override; private: const std::string server_name_indication_; From dedd511d8ab5b7a007c1df739ef88ae08b6adfe0 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 07:40:54 +0200 Subject: [PATCH 09/37] fix a compilation error Signed-off-by: Vadim Eisenberg --- test/common/tcp_proxy/tcp_proxy_test.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/common/tcp_proxy/tcp_proxy_test.cc b/test/common/tcp_proxy/tcp_proxy_test.cc index c490f6c5778fb..8f04bb7011d79 100644 --- a/test/common/tcp_proxy/tcp_proxy_test.cc +++ b/test/common/tcp_proxy/tcp_proxy_test.cc @@ -1186,7 +1186,7 @@ TEST_F(TcpProxyRoutingTest, ForwardRequestedServerName) { Network::TransportSocketOptionsSharedPtr transport_socket_options) -> Tcp::ConnectionPool::Instance* { EXPECT_EQ(cluster, "fake_cluster"); - EXPECT_NE(transport_socket_options); + EXPECT_NE(transport_socket_options, nullptr); EXPECT_TRUE(transport_socket_options->overrideServerName().has_value()); EXPECT_EQ(transport_socket_options->overrideServerName().value(), "www.example.com"); From 27557deaec6f3bb10ce9d3aaedb7ab6da1a39c6b Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 10:42:13 +0200 Subject: [PATCH 10/37] fixed missed refactoring Signed-off-by: Vadim Eisenberg --- test/common/ssl/ssl_socket_test.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/common/ssl/ssl_socket_test.cc b/test/common/ssl/ssl_socket_test.cc index 4186a6fdd8aec..3aa41666df834 100644 --- a/test/common/ssl/ssl_socket_test.cc +++ b/test/common/ssl/ssl_socket_test.cc @@ -2903,7 +2903,7 @@ TEST_P(SslSocketTest, OverrideRequestedServerNameWithoutSniInUpstreamTlsContext) Network::TransportSocketOptionsSharedPtr transport_socket_options( new Network::TransportSocketOptionsImpl("example.com")); testUtilV2(listener, client, "", true, "", "", "", "example.com", "", "ssl.handshake", - "ssl.handshake", GetParam(), override_server_name); + "ssl.handshake", GetParam(), transport_socket_options); } // Validate that if downstream secrets are not yet downloaded from SDS server, Envoy creates From b019a994f469bc6020b1b3c22854324fdb392156 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 10:42:38 +0200 Subject: [PATCH 11/37] "refactor" a comment Signed-off-by: Vadim Eisenberg --- test/common/tcp_proxy/tcp_proxy_test.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/common/tcp_proxy/tcp_proxy_test.cc b/test/common/tcp_proxy/tcp_proxy_test.cc index 8f04bb7011d79..47d99e8f8028e 100644 --- a/test/common/tcp_proxy/tcp_proxy_test.cc +++ b/test/common/tcp_proxy/tcp_proxy_test.cc @@ -1179,7 +1179,8 @@ TEST_F(TcpProxyRoutingTest, ForwardRequestedServerName) { ON_CALL(connection_, streamInfo()).WillByDefault(ReturnRef(stream_info)); EXPECT_CALL(Const(connection_), streamInfo()).WillRepeatedly(ReturnRef(stream_info)); - // Expect filter to try to open a connection to a cluster with the override_server_name + // Expect filter to try to open a connection to a cluster with the transport socket options with + // override-server-name EXPECT_CALL(factory_context_.cluster_manager_, tcpConnPoolForCluster(_, _, _, _)) .WillOnce(Invoke([](const std::string& cluster, Upstream::ResourcePriority priority, Upstream::LoadBalancerContext* context, From 09af68233869ab599589cc12f52ad67a7ece0450 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 11:00:45 +0200 Subject: [PATCH 12/37] fix a typo Signed-off-by: Vadim Eisenberg --- test/common/upstream/cluster_manager_impl_test.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/common/upstream/cluster_manager_impl_test.cc b/test/common/upstream/cluster_manager_impl_test.cc index fcbc7473f5a8a..dd31802b32130 100644 --- a/test/common/upstream/cluster_manager_impl_test.cc +++ b/test/common/upstream/cluster_manager_impl_test.cc @@ -1668,7 +1668,7 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemoveWithTls) { "cluster_1", ResourcePriority::Default, nullptr, nullptr)); Tcp::ConnectionPool::MockInstance* tcp2 = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( - "cluster_1", ResourcePriority::Default, nullptr, nullpr)); + "cluster_1", ResourcePriority::Default, nullptr, nullptr)); Tcp::ConnectionPool::MockInstance* tcp1_high = dynamic_cast(cluster_manager_->tcpConnPoolForCluster( "cluster_1", ResourcePriority::High, nullptr, nullptr)); From 8ff3b25a8212cae5e0895347d65f4c095134ab91 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 12:58:51 +0200 Subject: [PATCH 13/37] move stream_info/forward_requested_server_name to source/common/network/upstream_server_name Signed-off-by: Vadim Eisenberg --- source/common/network/BUILD | 10 ++++++++++ .../upstream_server_name.cc} | 2 +- .../upstream_server_name.h} | 0 source/common/stream_info/BUILD | 9 --------- source/common/tcp_proxy/BUILD | 2 +- source/common/tcp_proxy/tcp_proxy.cc | 2 +- test/common/tcp_proxy/BUILD | 2 +- test/common/tcp_proxy/tcp_proxy_test.cc | 2 +- 8 files changed, 15 insertions(+), 14 deletions(-) rename source/common/{stream_info/forward_requested_server_name.cc => network/upstream_server_name.cc} (76%) rename source/common/{stream_info/forward_requested_server_name.h => network/upstream_server_name.h} (100%) diff --git a/source/common/network/BUILD b/source/common/network/BUILD index feb4beecee540..00ea73bb3581c 100644 --- a/source/common/network/BUILD +++ b/source/common/network/BUILD @@ -249,3 +249,13 @@ envoy_cc_library( "//include/envoy/network:transport_socket_interface", ], ) + + +envoy_cc_library( + name = "upstream_server_name_lib", + srcs = ["upstream_server_name.cc"], + hdrs = ["upstream_server_name.h"], + deps = [ + "//include/envoy/stream_info:filter_state_interface", + ], +) diff --git a/source/common/stream_info/forward_requested_server_name.cc b/source/common/network/upstream_server_name.cc similarity index 76% rename from source/common/stream_info/forward_requested_server_name.cc rename to source/common/network/upstream_server_name.cc index c00d89f4da775..a95b156dda4be 100644 --- a/source/common/stream_info/forward_requested_server_name.cc +++ b/source/common/network/upstream_server_name.cc @@ -1,4 +1,4 @@ -#include "common/stream_info/forward_requested_server_name.h" +#include "common/network/upstream_server_name.h" namespace Envoy { namespace StreamInfo { diff --git a/source/common/stream_info/forward_requested_server_name.h b/source/common/network/upstream_server_name.h similarity index 100% rename from source/common/stream_info/forward_requested_server_name.h rename to source/common/network/upstream_server_name.h diff --git a/source/common/stream_info/BUILD b/source/common/stream_info/BUILD index a932c2c8741e6..639805f711f68 100644 --- a/source/common/stream_info/BUILD +++ b/source/common/stream_info/BUILD @@ -27,15 +27,6 @@ envoy_cc_library( ], ) -envoy_cc_library( - name = "forward_requested_server_name_lib", - srcs = ["forward_requested_server_name.cc"], - hdrs = ["forward_requested_server_name.h"], - deps = [ - "//include/envoy/stream_info:filter_state_interface", - ], -) - envoy_cc_library( name = "utility_lib", srcs = ["utility.cc"], diff --git a/source/common/tcp_proxy/BUILD b/source/common/tcp_proxy/BUILD index 392c5408da026..0f29b52865ec4 100644 --- a/source/common/tcp_proxy/BUILD +++ b/source/common/tcp_proxy/BUILD @@ -35,9 +35,9 @@ envoy_cc_library( "//source/common/network:cidr_range_lib", "//source/common/network:filter_lib", "//source/common/network:transport_socket_options_lib", + "//source/common/network:upstream_server_name_lib", "//source/common/network:utility_lib", "//source/common/router:metadatamatchcriteria_lib", - "//source/common/stream_info:forward_requested_server_name_lib", "//source/common/stream_info:stream_info_lib", "//source/common/upstream:load_balancer_lib", "@envoy_api//envoy/config/filter/network/tcp_proxy/v2:tcp_proxy_cc", diff --git a/source/common/tcp_proxy/tcp_proxy.cc b/source/common/tcp_proxy/tcp_proxy.cc index 0fb700aceb030..0f68351f88830 100644 --- a/source/common/tcp_proxy/tcp_proxy.cc +++ b/source/common/tcp_proxy/tcp_proxy.cc @@ -18,8 +18,8 @@ #include "common/common/utility.h" #include "common/config/well_known_names.h" #include "common/network/transport_socket_options_impl.h" +#include "common/network/upstream_server_name.h" #include "common/router/metadatamatchcriteria_impl.h" -#include "common/stream_info/forward_requested_server_name.h" namespace Envoy { namespace TcpProxy { diff --git a/test/common/tcp_proxy/BUILD b/test/common/tcp_proxy/BUILD index 66b22260058f9..4563a193ec43b 100644 --- a/test/common/tcp_proxy/BUILD +++ b/test/common/tcp_proxy/BUILD @@ -17,8 +17,8 @@ envoy_cc_test( "//source/common/event:dispatcher_lib", "//source/common/network:address_lib", "//source/common/network:transport_socket_options_lib", + "//source/common/network:upstream_server_name_lib", "//source/common/stats:stats_lib", - "//source/common/stream_info:forward_requested_server_name_lib", "//source/common/tcp_proxy", "//source/common/upstream:upstream_includes", "//source/common/upstream:upstream_lib", diff --git a/test/common/tcp_proxy/tcp_proxy_test.cc b/test/common/tcp_proxy/tcp_proxy_test.cc index 47d99e8f8028e..b4c36c1aa7d72 100644 --- a/test/common/tcp_proxy/tcp_proxy_test.cc +++ b/test/common/tcp_proxy/tcp_proxy_test.cc @@ -8,8 +8,8 @@ #include "common/config/filter_json.h" #include "common/network/address_impl.h" #include "common/network/transport_socket_options_impl.h" +#include "common/network/upstream_server_name.h" #include "common/router/metadatamatchcriteria_impl.h" -#include "common/stream_info/forward_requested_server_name.h" #include "common/tcp_proxy/tcp_proxy.h" #include "common/upstream/upstream_impl.h" From cfbb753c7c930eee09730423565f03efc3694a81 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 13:25:51 +0200 Subject: [PATCH 14/37] StreamInfo::ForwardRequestedServerName -> Network::UpstreamServerName Signed-off-by: Vadim Eisenberg --- source/common/network/upstream_server_name.cc | 8 ++++---- source/common/network/upstream_server_name.h | 8 ++++---- source/common/tcp_proxy/tcp_proxy.cc | 8 ++++---- test/common/tcp_proxy/tcp_proxy_test.cc | 8 ++++---- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/source/common/network/upstream_server_name.cc b/source/common/network/upstream_server_name.cc index a95b156dda4be..dea479282c34c 100644 --- a/source/common/network/upstream_server_name.cc +++ b/source/common/network/upstream_server_name.cc @@ -1,10 +1,10 @@ #include "common/network/upstream_server_name.h" namespace Envoy { -namespace StreamInfo { +namespace Network { -const std::string ForwardRequestedServerName::Key = - "envoy.stream_info.forward_requested_server_name"; +const std::string UpstreamServerName::Key = + "envoy.network.upstream_server_name"; -} // namespace StreamInfo +} // namespace Network } // namespace Envoy diff --git a/source/common/network/upstream_server_name.h b/source/common/network/upstream_server_name.h index ce3c925004b6d..141f94afac89f 100644 --- a/source/common/network/upstream_server_name.h +++ b/source/common/network/upstream_server_name.h @@ -5,14 +5,14 @@ #include "absl/strings/string_view.h" namespace Envoy { -namespace StreamInfo { +namespace Network { /** * Original Requested Server Name */ -class ForwardRequestedServerName : public FilterState::Object { +class UpstreamServerName : public FilterState::Object { public: - ForwardRequestedServerName(absl::string_view server_name) : server_name_(server_name) {} + UpstreamServerName(absl::string_view server_name) : server_name_(server_name) {} const std::string& value() const { return server_name_; } static const std::string Key; @@ -20,5 +20,5 @@ class ForwardRequestedServerName : public FilterState::Object { const std::string server_name_; }; -} // namespace StreamInfo +} // namespace Network } // namespace Envoy diff --git a/source/common/tcp_proxy/tcp_proxy.cc b/source/common/tcp_proxy/tcp_proxy.cc index 0f68351f88830..33301344a2413 100644 --- a/source/common/tcp_proxy/tcp_proxy.cc +++ b/source/common/tcp_proxy/tcp_proxy.cc @@ -25,7 +25,7 @@ namespace Envoy { namespace TcpProxy { const std::string PerConnectionCluster::Key = "envoy.tcp_proxy.cluster"; -using ::Envoy::StreamInfo::ForwardRequestedServerName; +using ::Envoy::Network::UpstreamServerName; Config::Route::Route( const envoy::config::filter::network::tcp_proxy::v2::TcpProxy::DeprecatedV1::TCPRoute& config) { @@ -364,13 +364,13 @@ Network::FilterStatus Filter::initializeUpstreamConnection() { Network::TransportSocketOptionsSharedPtr transport_socket_options; if (downstreamConnection() && - downstreamConnection()->streamInfo().filterState().hasData( - ForwardRequestedServerName::Key)) { + downstreamConnection()->streamInfo().filterState().hasData( + UpstreamServerName::Key)) { const auto& original_requested_server_name = downstreamConnection() ->streamInfo() .filterState() - .getDataReadOnly(ForwardRequestedServerName::Key); + .getDataReadOnly(UpstreamServerName::Key); transport_socket_options = std::make_shared( original_requested_server_name.value()); } diff --git a/test/common/tcp_proxy/tcp_proxy_test.cc b/test/common/tcp_proxy/tcp_proxy_test.cc index b4c36c1aa7d72..c7da30d534564 100644 --- a/test/common/tcp_proxy/tcp_proxy_test.cc +++ b/test/common/tcp_proxy/tcp_proxy_test.cc @@ -42,7 +42,7 @@ using testing::SaveArg; namespace Envoy { namespace TcpProxy { -using ::Envoy::StreamInfo::ForwardRequestedServerName; +using ::Envoy::Network::UpstreamServerName; namespace { Config constructConfigFromJson(const Json::Object& json, @@ -1168,12 +1168,12 @@ TEST_F(TcpProxyRoutingTest, UseClusterFromPerConnectionCluster) { } // Test that the tcp proxy forwards the requested server name from FilterState if set -TEST_F(TcpProxyRoutingTest, ForwardRequestedServerName) { +TEST_F(TcpProxyRoutingTest, UpstreamServerName) { setup(); NiceMock stream_info; - stream_info.filterState().setData("envoy.stream_info.forward_requested_server_name", - std::make_unique("www.example.com"), + stream_info.filterState().setData("envoy.network.upstream_server_name", + std::make_unique("www.example.com"), StreamInfo::FilterState::StateType::ReadOnly); ON_CALL(connection_, streamInfo()).WillByDefault(ReturnRef(stream_info)); From 566570fe8da0f0dffe2dbb4c0d0dd4959740dca7 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 13:29:48 +0200 Subject: [PATCH 15/37] append missing StreamInfo namespace Signed-off-by: Vadim Eisenberg --- source/common/network/upstream_server_name.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/common/network/upstream_server_name.h b/source/common/network/upstream_server_name.h index 141f94afac89f..7e13a997c1b1d 100644 --- a/source/common/network/upstream_server_name.h +++ b/source/common/network/upstream_server_name.h @@ -10,7 +10,7 @@ namespace Network { /** * Original Requested Server Name */ -class UpstreamServerName : public FilterState::Object { +class UpstreamServerName : public StreamInfo::FilterState::Object { public: UpstreamServerName(absl::string_view server_name) : server_name_(server_name) {} const std::string& value() const { return server_name_; } From 173849ba6b3bf75562e637cf875b7dc803712a6a Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 14:39:03 +0200 Subject: [PATCH 16/37] remove a leftover from the PR this PR was extracted from Signed-off-by: Vadim Eisenberg --- source/extensions/filters/network/well_known_names.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/source/extensions/filters/network/well_known_names.h b/source/extensions/filters/network/well_known_names.h index f007ba06674a6..6a68c32223c41 100644 --- a/source/extensions/filters/network/well_known_names.h +++ b/source/extensions/filters/network/well_known_names.h @@ -36,8 +36,6 @@ class NetworkFilterNameValues { const std::string Rbac = "envoy.filters.network.rbac"; // SNI Cluster filter const std::string SniCluster = "envoy.filters.network.sni_cluster"; - // Forward Original SNI filter - const std::string ForwardOriginalSni = "envoy.filters.network.forward_original_sni"; // Converts names from v1 to v2 const Config::V1Converter v1_converter_; From 41cf2c7f92a65e88e89b8128a60e23d0849c8311 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 14:43:33 +0200 Subject: [PATCH 17/37] fix format Signed-off-by: Vadim Eisenberg --- source/common/network/BUILD | 1 - source/common/network/upstream_server_name.cc | 3 +-- source/common/tcp_proxy/tcp_proxy.cc | 6 ++---- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/source/common/network/BUILD b/source/common/network/BUILD index 00ea73bb3581c..5fef9ea6f2405 100644 --- a/source/common/network/BUILD +++ b/source/common/network/BUILD @@ -250,7 +250,6 @@ envoy_cc_library( ], ) - envoy_cc_library( name = "upstream_server_name_lib", srcs = ["upstream_server_name.cc"], diff --git a/source/common/network/upstream_server_name.cc b/source/common/network/upstream_server_name.cc index dea479282c34c..3b732080b4b15 100644 --- a/source/common/network/upstream_server_name.cc +++ b/source/common/network/upstream_server_name.cc @@ -3,8 +3,7 @@ namespace Envoy { namespace Network { -const std::string UpstreamServerName::Key = - "envoy.network.upstream_server_name"; +const std::string UpstreamServerName::Key = "envoy.network.upstream_server_name"; } // namespace Network } // namespace Envoy diff --git a/source/common/tcp_proxy/tcp_proxy.cc b/source/common/tcp_proxy/tcp_proxy.cc index 33301344a2413..e5f97252fa220 100644 --- a/source/common/tcp_proxy/tcp_proxy.cc +++ b/source/common/tcp_proxy/tcp_proxy.cc @@ -367,10 +367,8 @@ Network::FilterStatus Filter::initializeUpstreamConnection() { downstreamConnection()->streamInfo().filterState().hasData( UpstreamServerName::Key)) { const auto& original_requested_server_name = - downstreamConnection() - ->streamInfo() - .filterState() - .getDataReadOnly(UpstreamServerName::Key); + downstreamConnection()->streamInfo().filterState().getDataReadOnly( + UpstreamServerName::Key); transport_socket_options = std::make_shared( original_requested_server_name.value()); } From 995d15ea0f69df52f4cdeaa9b831685323fba77b Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 8 Nov 2018 16:30:19 +0200 Subject: [PATCH 18/37] remove names of the unused parameters Signed-off-by: Vadim Eisenberg --- test/common/tcp_proxy/tcp_proxy_test.cc | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/test/common/tcp_proxy/tcp_proxy_test.cc b/test/common/tcp_proxy/tcp_proxy_test.cc index c7da30d534564..915701f84aa30 100644 --- a/test/common/tcp_proxy/tcp_proxy_test.cc +++ b/test/common/tcp_proxy/tcp_proxy_test.cc @@ -1182,18 +1182,14 @@ TEST_F(TcpProxyRoutingTest, UpstreamServerName) { // Expect filter to try to open a connection to a cluster with the transport socket options with // override-server-name EXPECT_CALL(factory_context_.cluster_manager_, tcpConnPoolForCluster(_, _, _, _)) - .WillOnce(Invoke([](const std::string& cluster, Upstream::ResourcePriority priority, - Upstream::LoadBalancerContext* context, + .WillOnce(Invoke([](const std::string& cluster, Upstream::ResourcePriority, + Upstream::LoadBalancerContext*, Network::TransportSocketOptionsSharedPtr transport_socket_options) -> Tcp::ConnectionPool::Instance* { EXPECT_EQ(cluster, "fake_cluster"); EXPECT_NE(transport_socket_options, nullptr); EXPECT_TRUE(transport_socket_options->overrideServerName().has_value()); EXPECT_EQ(transport_socket_options->overrideServerName().value(), "www.example.com"); - - (void)priority; // suppress unused warning - (void)context; // suppress unused warning - return nullptr; })); From c8afa184059b564010cf29448354c05b7c34549b Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Fri, 9 Nov 2018 06:19:33 +0200 Subject: [PATCH 19/37] add comments Signed-off-by: Vadim Eisenberg --- include/envoy/network/transport_socket.h | 12 ++++++++++++ .../common/network/transport_socket_options_impl.h | 2 ++ source/common/network/upstream_server_name.h | 4 +++- 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/include/envoy/network/transport_socket.h b/include/envoy/network/transport_socket.h index 69073db9422b2..8e5ff9457d2ed 100644 --- a/include/envoy/network/transport_socket.h +++ b/include/envoy/network/transport_socket.h @@ -144,7 +144,19 @@ typedef std::unique_ptr TransportSocketPtr; class TransportSocketOptions { public: virtual ~TransportSocketOptions() {} + + /** + * @return the const optional server name to set in the transport socket, for example SNI for + * SSL, regardless of the upstream cluster configuration. The filters like tcp_proxy + * should override the server name in the upstream cluster configuration with that value. + */ virtual const absl::optional& overrideServerName() const PURE; + + /** + * @param vector of bytes to which the option should append hash key data that will be used + * to separate connections based on the option. Any data already in the key vector must + * not be modified. + */ virtual void hashKey(std::vector& key) const PURE; }; diff --git a/source/common/network/transport_socket_options_impl.h b/source/common/network/transport_socket_options_impl.h index dcd95ab0ce6cb..6a121838bdafe 100644 --- a/source/common/network/transport_socket_options_impl.h +++ b/source/common/network/transport_socket_options_impl.h @@ -8,6 +8,8 @@ namespace Network { class TransportSocketOptionsImpl : public TransportSocketOptions { public: TransportSocketOptionsImpl(std::string override_server_name = ""); + + // Network::TransportSocketOptions const absl::optional& overrideServerName() const override { return override_server_name_; } diff --git a/source/common/network/upstream_server_name.h b/source/common/network/upstream_server_name.h index 7e13a997c1b1d..f9211d867819c 100644 --- a/source/common/network/upstream_server_name.h +++ b/source/common/network/upstream_server_name.h @@ -8,7 +8,9 @@ namespace Envoy { namespace Network { /** - * Original Requested Server Name + * Server name to set in the upstream connection. The filters like tcp_proxy should use this + * value to override the server name specified in the upstream cluster, for example to override + * the SNI value in the upstream TLS context. */ class UpstreamServerName : public StreamInfo::FilterState::Object { public: From c9ed4a7146d5e5398f6a62c6f739d3ac5df2332c Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Thu, 15 Nov 2018 23:09:54 +0200 Subject: [PATCH 20/37] overrideServerName -> serverNameOverride Signed-off-by: Vadim Eisenberg --- include/envoy/network/transport_socket.h | 2 +- source/common/network/transport_socket_options_impl.h | 2 +- source/common/ssl/ssl_socket.cc | 2 +- test/common/ssl/ssl_socket_test.cc | 4 ++-- test/common/tcp_proxy/tcp_proxy_test.cc | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/envoy/network/transport_socket.h b/include/envoy/network/transport_socket.h index 8e5ff9457d2ed..843b5fea56a61 100644 --- a/include/envoy/network/transport_socket.h +++ b/include/envoy/network/transport_socket.h @@ -150,7 +150,7 @@ class TransportSocketOptions { * SSL, regardless of the upstream cluster configuration. The filters like tcp_proxy * should override the server name in the upstream cluster configuration with that value. */ - virtual const absl::optional& overrideServerName() const PURE; + virtual const absl::optional& serverNameOverride() const PURE; /** * @param vector of bytes to which the option should append hash key data that will be used diff --git a/source/common/network/transport_socket_options_impl.h b/source/common/network/transport_socket_options_impl.h index 6a121838bdafe..d3438ccd8d1eb 100644 --- a/source/common/network/transport_socket_options_impl.h +++ b/source/common/network/transport_socket_options_impl.h @@ -10,7 +10,7 @@ class TransportSocketOptionsImpl : public TransportSocketOptions { TransportSocketOptionsImpl(std::string override_server_name = ""); // Network::TransportSocketOptions - const absl::optional& overrideServerName() const override { + const absl::optional& serverNameOverride() const override { return override_server_name_; } void hashKey(std::vector& key) const override; diff --git a/source/common/ssl/ssl_socket.cc b/source/common/ssl/ssl_socket.cc index e9735fb6a4ef5..983f1b586ed0a 100644 --- a/source/common/ssl/ssl_socket.cc +++ b/source/common/ssl/ssl_socket.cc @@ -39,7 +39,7 @@ SslSocket::SslSocket(ContextSharedPtr ctx, InitialState state, Network::TransportSocketOptionsSharedPtr transport_socket_options) : ctx_(std::dynamic_pointer_cast(ctx)), ssl_(ctx_->newSsl(transport_socket_options != nullptr - ? transport_socket_options->overrideServerName() + ? transport_socket_options->serverNameOverride() : absl::nullopt)) { if (state == InitialState::Client) { SSL_set_connect_state(ssl_.get()); diff --git a/test/common/ssl/ssl_socket_test.cc b/test/common/ssl/ssl_socket_test.cc index 3aa41666df834..20d6f1da548ea 100644 --- a/test/common/ssl/ssl_socket_test.cc +++ b/test/common/ssl/ssl_socket_test.cc @@ -215,8 +215,8 @@ const std::string testUtilV2( EXPECT_CALL(callbacks, onAccept_(_, _)) .WillOnce(Invoke([&](Network::ConnectionSocketPtr& socket, bool) -> void { std::string sni = transport_socket_options != NULL && - transport_socket_options->overrideServerName().has_value() - ? transport_socket_options->overrideServerName().value() + transport_socket_options->serverNameOverride().has_value() + ? transport_socket_options->serverNameOverride().value() : client_ctx_proto.sni(); socket->setRequestedServerName(sni); Network::ConnectionPtr new_connection = dispatcher.createServerConnection( diff --git a/test/common/tcp_proxy/tcp_proxy_test.cc b/test/common/tcp_proxy/tcp_proxy_test.cc index 915701f84aa30..704b68c8bc4f6 100644 --- a/test/common/tcp_proxy/tcp_proxy_test.cc +++ b/test/common/tcp_proxy/tcp_proxy_test.cc @@ -1188,8 +1188,8 @@ TEST_F(TcpProxyRoutingTest, UpstreamServerName) { -> Tcp::ConnectionPool::Instance* { EXPECT_EQ(cluster, "fake_cluster"); EXPECT_NE(transport_socket_options, nullptr); - EXPECT_TRUE(transport_socket_options->overrideServerName().has_value()); - EXPECT_EQ(transport_socket_options->overrideServerName().value(), "www.example.com"); + EXPECT_TRUE(transport_socket_options->serverNameOverride().has_value()); + EXPECT_EQ(transport_socket_options->serverNameOverride().value(), "www.example.com"); return nullptr; })); From bdce6bb53c6abed41c31092f088dae8dd612e798 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Fri, 16 Nov 2018 18:02:41 +0200 Subject: [PATCH 21/37] make TransportSocketOptionsImpl::override_server_name_ const Signed-off-by: Vadim Eisenberg --- source/common/network/transport_socket_options_impl.cc | 6 ------ source/common/network/transport_socket_options_impl.h | 7 +++++-- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/source/common/network/transport_socket_options_impl.cc b/source/common/network/transport_socket_options_impl.cc index 59ddcd3783e25..35f683adeee20 100644 --- a/source/common/network/transport_socket_options_impl.cc +++ b/source/common/network/transport_socket_options_impl.cc @@ -2,12 +2,6 @@ namespace Envoy { namespace Network { -TransportSocketOptionsImpl::TransportSocketOptionsImpl(std::string override_server_name) { - if (!override_server_name.empty()) { - override_server_name_ = override_server_name; - } -} - void TransportSocketOptionsImpl::hashKey(std::vector& key) const { if (!override_server_name_.has_value()) { return; diff --git a/source/common/network/transport_socket_options_impl.h b/source/common/network/transport_socket_options_impl.h index d3438ccd8d1eb..c159b58947c2f 100644 --- a/source/common/network/transport_socket_options_impl.h +++ b/source/common/network/transport_socket_options_impl.h @@ -7,7 +7,10 @@ namespace Network { class TransportSocketOptionsImpl : public TransportSocketOptions { public: - TransportSocketOptionsImpl(std::string override_server_name = ""); + TransportSocketOptionsImpl(std::string override_server_name = "") + : override_server_name_(override_server_name.empty() + ? absl::nullopt + : absl::optional(override_server_name)) {} // Network::TransportSocketOptions const absl::optional& serverNameOverride() const override { @@ -16,7 +19,7 @@ class TransportSocketOptionsImpl : public TransportSocketOptions { void hashKey(std::vector& key) const override; private: - absl::optional override_server_name_; + const absl::optional override_server_name_; }; } // namespace Network From 895dafbfdaad26399e87b38673c055fae7279420 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Fri, 16 Nov 2018 20:15:18 +0200 Subject: [PATCH 22/37] std::string -> absl::string_view Signed-off-by: Vadim Eisenberg --- source/common/network/transport_socket_options_impl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/common/network/transport_socket_options_impl.h b/source/common/network/transport_socket_options_impl.h index c159b58947c2f..ba544a67d7656 100644 --- a/source/common/network/transport_socket_options_impl.h +++ b/source/common/network/transport_socket_options_impl.h @@ -7,7 +7,7 @@ namespace Network { class TransportSocketOptionsImpl : public TransportSocketOptions { public: - TransportSocketOptionsImpl(std::string override_server_name = "") + TransportSocketOptionsImpl(absl::string_view override_server_name = "") : override_server_name_(override_server_name.empty() ? absl::nullopt : absl::optional(override_server_name)) {} From 088f2d8cafcfd81dd0b646ffad727439cd8789f9 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Fri, 16 Nov 2018 22:11:33 +0200 Subject: [PATCH 23/37] fix the hashKey() method Signed-off-by: Vadim Eisenberg --- source/common/network/BUILD | 1 + .../common/network/transport_socket_options_impl.cc | 11 +++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/source/common/network/BUILD b/source/common/network/BUILD index 5fef9ea6f2405..3def66cfa8d7e 100644 --- a/source/common/network/BUILD +++ b/source/common/network/BUILD @@ -247,6 +247,7 @@ envoy_cc_library( hdrs = ["transport_socket_options_impl.h"], deps = [ "//include/envoy/network:transport_socket_interface", + "//source/common/common:utility_lib", ], ) diff --git a/source/common/network/transport_socket_options_impl.cc b/source/common/network/transport_socket_options_impl.cc index 35f683adeee20..5c6718f79556e 100644 --- a/source/common/network/transport_socket_options_impl.cc +++ b/source/common/network/transport_socket_options_impl.cc @@ -1,5 +1,7 @@ #include "common/network/transport_socket_options_impl.h" +#include "common/common/utility.h" + namespace Envoy { namespace Network { void TransportSocketOptionsImpl::hashKey(std::vector& key) const { @@ -7,8 +9,13 @@ void TransportSocketOptionsImpl::hashKey(std::vector& key) const { return; } - std::hash hash_function; - key.push_back(hash_function(override_server_name_.value())); + uint64_t hash = StringUtil::CaseInsensitiveHash()(override_server_name_.value()); + + uint8_t* byte_ptr = reinterpret_cast(&hash); + for (int byte_index = 0; byte_index < 8; byte_index++) { + key.push_back(*byte_ptr); + byte_ptr++; + } } } // namespace Network } // namespace Envoy From 88b3d312e7c28b8ba965b280273e05a50e2ec56d Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Sat, 17 Nov 2018 07:46:33 +0200 Subject: [PATCH 24/37] update the comments - explanation about serverNameOverride Signed-off-by: Vadim Eisenberg --- include/envoy/network/transport_socket.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/include/envoy/network/transport_socket.h b/include/envoy/network/transport_socket.h index 843b5fea56a61..cd43c0deb003d 100644 --- a/include/envoy/network/transport_socket.h +++ b/include/envoy/network/transport_socket.h @@ -147,8 +147,10 @@ class TransportSocketOptions { /** * @return the const optional server name to set in the transport socket, for example SNI for - * SSL, regardless of the upstream cluster configuration. The filters like tcp_proxy - * should override the server name in the upstream cluster configuration with that value. + * SSL, regardless of the upstream cluster configuration. Filters that influence + * upstream connection selection, such as tcp_proxy, should take this option into account + * and should pass it through to the connection pool to ensure the correct endpoints are + * selected and the upstream connection is set up accordingly. */ virtual const absl::optional& serverNameOverride() const PURE; From e9c0a87b6ad41599e96c3e400c1573d05f4eca01 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Tue, 20 Nov 2018 03:47:03 +0200 Subject: [PATCH 25/37] use sizeof of a variable instead of hardcoded size value Signed-off-by: Vadim Eisenberg --- source/common/network/transport_socket_options_impl.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/common/network/transport_socket_options_impl.cc b/source/common/network/transport_socket_options_impl.cc index 5c6718f79556e..0bda13bdbb1a3 100644 --- a/source/common/network/transport_socket_options_impl.cc +++ b/source/common/network/transport_socket_options_impl.cc @@ -12,7 +12,7 @@ void TransportSocketOptionsImpl::hashKey(std::vector& key) const { uint64_t hash = StringUtil::CaseInsensitiveHash()(override_server_name_.value()); uint8_t* byte_ptr = reinterpret_cast(&hash); - for (int byte_index = 0; byte_index < 8; byte_index++) { + for (uint byte_index = 0; byte_index < sizeof hash; byte_index++) { key.push_back(*byte_ptr); byte_ptr++; } From 0fa1bd3a370ac7378dc13e84523c022378687c4a Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Tue, 20 Nov 2018 04:12:42 +0200 Subject: [PATCH 26/37] refactor scalar to byte vector conversion into pushScalarToByteVector() Signed-off-by: Vadim Eisenberg --- source/common/common/BUILD | 5 +++++ source/common/common/scalar_to_byte_vector.h | 11 +++++++++++ source/common/network/BUILD | 1 + .../common/network/transport_socket_options_impl.cc | 9 ++------- 4 files changed, 19 insertions(+), 7 deletions(-) create mode 100644 source/common/common/scalar_to_byte_vector.h diff --git a/source/common/common/BUILD b/source/common/common/BUILD index 59b4eae1b3efd..e26036b1e3c02 100644 --- a/source/common/common/BUILD +++ b/source/common/common/BUILD @@ -261,6 +261,11 @@ envoy_cc_library( ], ) +envoy_cc_library( + name = "scalar_to_byte_vector_lib", + hdrs = ["scalar_to_byte_vector.h"], +) + envoy_cc_library( name = "token_bucket_impl_lib", srcs = ["token_bucket_impl.cc"], diff --git a/source/common/common/scalar_to_byte_vector.h b/source/common/common/scalar_to_byte_vector.h new file mode 100644 index 0000000000000..7c4b800c14449 --- /dev/null +++ b/source/common/common/scalar_to_byte_vector.h @@ -0,0 +1,11 @@ +#pragma once + +namespace Envoy { +template void pushScalarToByteVector(T val, std::vector& bytes) { + uint8_t* byte_ptr = reinterpret_cast(&val); + for (uint byte_index = 0; byte_index < sizeof val; byte_index++) { + bytes.push_back(*byte_ptr); + byte_ptr++; + } +} +} // namespace Envoy diff --git a/source/common/network/BUILD b/source/common/network/BUILD index 3def66cfa8d7e..4c910541316a1 100644 --- a/source/common/network/BUILD +++ b/source/common/network/BUILD @@ -247,6 +247,7 @@ envoy_cc_library( hdrs = ["transport_socket_options_impl.h"], deps = [ "//include/envoy/network:transport_socket_interface", + "//source/common/common:scalar_to_byte_vector_lib", "//source/common/common:utility_lib", ], ) diff --git a/source/common/network/transport_socket_options_impl.cc b/source/common/network/transport_socket_options_impl.cc index 0bda13bdbb1a3..a8f315cde1dbe 100644 --- a/source/common/network/transport_socket_options_impl.cc +++ b/source/common/network/transport_socket_options_impl.cc @@ -1,5 +1,6 @@ #include "common/network/transport_socket_options_impl.h" +#include "common/common/scalar_to_byte_vector.h" #include "common/common/utility.h" namespace Envoy { @@ -9,13 +10,7 @@ void TransportSocketOptionsImpl::hashKey(std::vector& key) const { return; } - uint64_t hash = StringUtil::CaseInsensitiveHash()(override_server_name_.value()); - - uint8_t* byte_ptr = reinterpret_cast(&hash); - for (uint byte_index = 0; byte_index < sizeof hash; byte_index++) { - key.push_back(*byte_ptr); - byte_ptr++; - } + pushScalarToByteVector(StringUtil::CaseInsensitiveHash()(override_server_name_.value()), key); } } // namespace Network } // namespace Envoy From 71098948709038e40c62ffdc0b722b3c73b6360f Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Tue, 20 Nov 2018 06:19:48 +0200 Subject: [PATCH 27/37] uint -> unsigned int Signed-off-by: Vadim Eisenberg --- source/common/common/scalar_to_byte_vector.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/common/common/scalar_to_byte_vector.h b/source/common/common/scalar_to_byte_vector.h index 7c4b800c14449..af11ada0518a7 100644 --- a/source/common/common/scalar_to_byte_vector.h +++ b/source/common/common/scalar_to_byte_vector.h @@ -3,7 +3,7 @@ namespace Envoy { template void pushScalarToByteVector(T val, std::vector& bytes) { uint8_t* byte_ptr = reinterpret_cast(&val); - for (uint byte_index = 0; byte_index < sizeof val; byte_index++) { + for (unsigned int byte_index = 0; byte_index < sizeof val; byte_index++) { bytes.push_back(*byte_ptr); byte_ptr++; } From b8f0d3c510c5316bfdab631876043cc99617b8fc Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Tue, 20 Nov 2018 10:04:12 +0200 Subject: [PATCH 28/37] add missing includes required for clang_tidy Signed-off-by: Vadim Eisenberg --- source/common/common/scalar_to_byte_vector.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source/common/common/scalar_to_byte_vector.h b/source/common/common/scalar_to_byte_vector.h index af11ada0518a7..b3a53d51c7ecc 100644 --- a/source/common/common/scalar_to_byte_vector.h +++ b/source/common/common/scalar_to_byte_vector.h @@ -1,5 +1,9 @@ #pragma once +#include + +#include + namespace Envoy { template void pushScalarToByteVector(T val, std::vector& bytes) { uint8_t* byte_ptr = reinterpret_cast(&val); From dddd8e32196588c4c3658d11f0a2e525919c76de Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Tue, 20 Nov 2018 11:20:42 +0200 Subject: [PATCH 29/37] fix static initialization problem Signed-off-by: Vadim Eisenberg --- source/common/network/upstream_server_name.cc | 7 +++++-- source/common/network/upstream_server_name.h | 2 +- source/common/tcp_proxy/tcp_proxy.cc | 15 ++++++++++----- source/common/tcp_proxy/tcp_proxy.h | 2 +- .../filters/network/sni_cluster/sni_cluster.cc | 2 +- 5 files changed, 18 insertions(+), 10 deletions(-) diff --git a/source/common/network/upstream_server_name.cc b/source/common/network/upstream_server_name.cc index 3b732080b4b15..e2726332d0587 100644 --- a/source/common/network/upstream_server_name.cc +++ b/source/common/network/upstream_server_name.cc @@ -3,7 +3,10 @@ namespace Envoy { namespace Network { -const std::string UpstreamServerName::Key = "envoy.network.upstream_server_name"; - +absl::string_view UpstreamServerName::key() { + // Construct On First Use Idiom: https://isocpp.org/wiki/faq/ctors#static-init-order-on-first-use + static const char* cstring_key = "envoy.network.upstream_server_name"; + return absl::string_view(cstring_key); +} } // namespace Network } // namespace Envoy diff --git a/source/common/network/upstream_server_name.h b/source/common/network/upstream_server_name.h index f9211d867819c..ec65752b7c6ff 100644 --- a/source/common/network/upstream_server_name.h +++ b/source/common/network/upstream_server_name.h @@ -16,7 +16,7 @@ class UpstreamServerName : public StreamInfo::FilterState::Object { public: UpstreamServerName(absl::string_view server_name) : server_name_(server_name) {} const std::string& value() const { return server_name_; } - static const std::string Key; + static absl::string_view key(); private: const std::string server_name_; diff --git a/source/common/tcp_proxy/tcp_proxy.cc b/source/common/tcp_proxy/tcp_proxy.cc index e5f97252fa220..e20bd30ee350e 100644 --- a/source/common/tcp_proxy/tcp_proxy.cc +++ b/source/common/tcp_proxy/tcp_proxy.cc @@ -24,9 +24,14 @@ namespace Envoy { namespace TcpProxy { -const std::string PerConnectionCluster::Key = "envoy.tcp_proxy.cluster"; using ::Envoy::Network::UpstreamServerName; +absl::string_view PerConnectionCluster::key() { + // Construct On First Use Idiom: https://isocpp.org/wiki/faq/ctors#static-init-order-on-first-use + static const char* cstring_key = "envoy.tcp_proxy.cluster"; + return absl::string_view(cstring_key); +} + Config::Route::Route( const envoy::config::filter::network::tcp_proxy::v2::TcpProxy::DeprecatedV1::TCPRoute& config) { cluster_name_ = config.cluster(); @@ -115,10 +120,10 @@ Config::Config(const envoy::config::filter::network::tcp_proxy::v2::TcpProxy& co const std::string& Config::getRegularRouteFromEntries(Network::Connection& connection) { // First check if the per-connection state to see if we need to route to a pre-selected cluster if (connection.streamInfo().filterState().hasData( - PerConnectionCluster::Key)) { + PerConnectionCluster::key())) { const PerConnectionCluster& per_connection_cluster = connection.streamInfo().filterState().getDataReadOnly( - PerConnectionCluster::Key); + PerConnectionCluster::key()); return per_connection_cluster.value(); } @@ -365,10 +370,10 @@ Network::FilterStatus Filter::initializeUpstreamConnection() { if (downstreamConnection() && downstreamConnection()->streamInfo().filterState().hasData( - UpstreamServerName::Key)) { + UpstreamServerName::key())) { const auto& original_requested_server_name = downstreamConnection()->streamInfo().filterState().getDataReadOnly( - UpstreamServerName::Key); + UpstreamServerName::key()); transport_socket_options = std::make_shared( original_requested_server_name.value()); } diff --git a/source/common/tcp_proxy/tcp_proxy.h b/source/common/tcp_proxy/tcp_proxy.h index bba6f6faad9ca..2a09029631fd3 100644 --- a/source/common/tcp_proxy/tcp_proxy.h +++ b/source/common/tcp_proxy/tcp_proxy.h @@ -162,7 +162,7 @@ class PerConnectionCluster : public StreamInfo::FilterState::Object { public: PerConnectionCluster(absl::string_view cluster) : cluster_(cluster) {} const std::string& value() const { return cluster_; } - static const std::string Key; + static absl::string_view key(); private: const std::string cluster_; diff --git a/source/extensions/filters/network/sni_cluster/sni_cluster.cc b/source/extensions/filters/network/sni_cluster/sni_cluster.cc index 62eb7143ce865..6c2a70934ddca 100644 --- a/source/extensions/filters/network/sni_cluster/sni_cluster.cc +++ b/source/extensions/filters/network/sni_cluster/sni_cluster.cc @@ -19,7 +19,7 @@ Network::FilterStatus SniClusterFilter::onNewConnection() { // Set the tcp_proxy cluster to the same value as SNI. The data is mutable to allow // other filters to change it. read_callbacks_->connection().streamInfo().filterState().setData( - TcpProxy::PerConnectionCluster::Key, std::make_unique(sni), + TcpProxy::PerConnectionCluster::key(), std::make_unique(sni), StreamInfo::FilterState::StateType::Mutable); } From 2532513e5fe7960eb50475182b8162e78fa02c5f Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Tue, 20 Nov 2018 12:51:54 +0200 Subject: [PATCH 30/37] fix format Signed-off-by: Vadim Eisenberg --- source/extensions/filters/network/sni_cluster/sni_cluster.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source/extensions/filters/network/sni_cluster/sni_cluster.cc b/source/extensions/filters/network/sni_cluster/sni_cluster.cc index 6c2a70934ddca..2b403b586a198 100644 --- a/source/extensions/filters/network/sni_cluster/sni_cluster.cc +++ b/source/extensions/filters/network/sni_cluster/sni_cluster.cc @@ -19,7 +19,8 @@ Network::FilterStatus SniClusterFilter::onNewConnection() { // Set the tcp_proxy cluster to the same value as SNI. The data is mutable to allow // other filters to change it. read_callbacks_->connection().streamInfo().filterState().setData( - TcpProxy::PerConnectionCluster::key(), std::make_unique(sni), + TcpProxy::PerConnectionCluster::key(), + std::make_unique(sni), StreamInfo::FilterState::StateType::Mutable); } From 588fa9862c75fd1183de3bffb30aba4e84c7d168 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Tue, 20 Nov 2018 14:12:39 +0200 Subject: [PATCH 31/37] PerConnectionCluster::Key -> PerConnectionCluster::key() in tests Signed-off-by: Vadim Eisenberg --- .../filters/network/sni_cluster/sni_cluster_test.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/extensions/filters/network/sni_cluster/sni_cluster_test.cc b/test/extensions/filters/network/sni_cluster/sni_cluster_test.cc index 74a8ae6474ba0..9cc39bd6d2e61 100644 --- a/test/extensions/filters/network/sni_cluster/sni_cluster_test.cc +++ b/test/extensions/filters/network/sni_cluster/sni_cluster_test.cc @@ -51,7 +51,7 @@ TEST(SniCluster, SetTcpProxyClusterOnlyIfSniIsPresent) { filter.onNewConnection(); EXPECT_FALSE(stream_info.filterState().hasData( - TcpProxy::PerConnectionCluster::Key)); + TcpProxy::PerConnectionCluster::key())); } // with sni @@ -61,11 +61,11 @@ TEST(SniCluster, SetTcpProxyClusterOnlyIfSniIsPresent) { filter.onNewConnection(); EXPECT_TRUE(stream_info.filterState().hasData( - TcpProxy::PerConnectionCluster::Key)); + TcpProxy::PerConnectionCluster::key())); auto per_connection_cluster = stream_info.filterState().getDataReadOnly( - TcpProxy::PerConnectionCluster::Key); + TcpProxy::PerConnectionCluster::key()); EXPECT_EQ(per_connection_cluster.value(), "filter_state_cluster"); } } From 2f231418932fea5b68f8cd36df8b781567b6fafa Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Tue, 20 Nov 2018 22:26:09 +0200 Subject: [PATCH 32/37] add TODO replace long parameter lists with options objects Signed-off-by: Vadim Eisenberg --- test/common/ssl/ssl_socket_test.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/common/ssl/ssl_socket_test.cc b/test/common/ssl/ssl_socket_test.cc index 20d6f1da548ea..f5d995bd265d5 100644 --- a/test/common/ssl/ssl_socket_test.cc +++ b/test/common/ssl/ssl_socket_test.cc @@ -45,6 +45,7 @@ namespace Ssl { namespace { +// TODO replace the long parameter list with an options object void testUtil(const std::string& client_ctx_yaml, const std::string& server_ctx_yaml, const std::string& expected_digest, const std::string& expected_uri, const std::string& expected_local_uri, const std::string& expected_serial_number, @@ -156,6 +157,7 @@ void testUtil(const std::string& client_ctx_yaml, const std::string& server_ctx_ } } +// TODO replace the long parameter list with an options object const std::string testUtilV2( const envoy::api::v2::Listener& server_proto, const envoy::api::v2::auth::UpstreamTlsContext& client_ctx_proto, From b31e6f66f1e9771c7525621f5e4923fa688b9a85 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Tue, 20 Nov 2018 23:24:18 +0200 Subject: [PATCH 33/37] use CONSTRUCT_ON_FIRST_USE macro Signed-off-by: Vadim Eisenberg --- source/common/network/BUILD | 1 + source/common/network/upstream_server_name.cc | 8 ++++---- source/common/network/upstream_server_name.h | 2 +- source/common/tcp_proxy/BUILD | 1 + source/common/tcp_proxy/tcp_proxy.cc | 7 +++---- source/common/tcp_proxy/tcp_proxy.h | 2 +- 6 files changed, 11 insertions(+), 10 deletions(-) diff --git a/source/common/network/BUILD b/source/common/network/BUILD index 4c910541316a1..d88ad8cabae62 100644 --- a/source/common/network/BUILD +++ b/source/common/network/BUILD @@ -258,5 +258,6 @@ envoy_cc_library( hdrs = ["upstream_server_name.h"], deps = [ "//include/envoy/stream_info:filter_state_interface", + "//source/common/common:macros", ], ) diff --git a/source/common/network/upstream_server_name.cc b/source/common/network/upstream_server_name.cc index e2726332d0587..d4bd93a94dc15 100644 --- a/source/common/network/upstream_server_name.cc +++ b/source/common/network/upstream_server_name.cc @@ -1,12 +1,12 @@ #include "common/network/upstream_server_name.h" +#include "common/common/macros.h" + namespace Envoy { namespace Network { -absl::string_view UpstreamServerName::key() { - // Construct On First Use Idiom: https://isocpp.org/wiki/faq/ctors#static-init-order-on-first-use - static const char* cstring_key = "envoy.network.upstream_server_name"; - return absl::string_view(cstring_key); +const std::string& UpstreamServerName::key() { + CONSTRUCT_ON_FIRST_USE(std::string, "envoy.network.upstream_server_name"); } } // namespace Network } // namespace Envoy diff --git a/source/common/network/upstream_server_name.h b/source/common/network/upstream_server_name.h index ec65752b7c6ff..e50bb906af5c6 100644 --- a/source/common/network/upstream_server_name.h +++ b/source/common/network/upstream_server_name.h @@ -16,7 +16,7 @@ class UpstreamServerName : public StreamInfo::FilterState::Object { public: UpstreamServerName(absl::string_view server_name) : server_name_(server_name) {} const std::string& value() const { return server_name_; } - static absl::string_view key(); + static const std::string& key(); private: const std::string server_name_; diff --git a/source/common/tcp_proxy/BUILD b/source/common/tcp_proxy/BUILD index 0f29b52865ec4..f28529e05dbbf 100644 --- a/source/common/tcp_proxy/BUILD +++ b/source/common/tcp_proxy/BUILD @@ -31,6 +31,7 @@ envoy_cc_library( "//source/common/access_log:access_log_lib", "//source/common/common:assert_lib", "//source/common/common:empty_string", + "//source/common/common:macros", "//source/common/common:minimal_logger_lib", "//source/common/network:cidr_range_lib", "//source/common/network:filter_lib", diff --git a/source/common/tcp_proxy/tcp_proxy.cc b/source/common/tcp_proxy/tcp_proxy.cc index e20bd30ee350e..a871f48939c30 100644 --- a/source/common/tcp_proxy/tcp_proxy.cc +++ b/source/common/tcp_proxy/tcp_proxy.cc @@ -15,6 +15,7 @@ #include "common/common/assert.h" #include "common/common/empty_string.h" #include "common/common/fmt.h" +#include "common/common/macros.h" #include "common/common/utility.h" #include "common/config/well_known_names.h" #include "common/network/transport_socket_options_impl.h" @@ -26,10 +27,8 @@ namespace TcpProxy { using ::Envoy::Network::UpstreamServerName; -absl::string_view PerConnectionCluster::key() { - // Construct On First Use Idiom: https://isocpp.org/wiki/faq/ctors#static-init-order-on-first-use - static const char* cstring_key = "envoy.tcp_proxy.cluster"; - return absl::string_view(cstring_key); +const std::string& PerConnectionCluster::key() { + CONSTRUCT_ON_FIRST_USE(std::string, "envoy.tcp_proxy.cluster"); } Config::Route::Route( diff --git a/source/common/tcp_proxy/tcp_proxy.h b/source/common/tcp_proxy/tcp_proxy.h index 2a09029631fd3..405b6cd2fbc62 100644 --- a/source/common/tcp_proxy/tcp_proxy.h +++ b/source/common/tcp_proxy/tcp_proxy.h @@ -162,7 +162,7 @@ class PerConnectionCluster : public StreamInfo::FilterState::Object { public: PerConnectionCluster(absl::string_view cluster) : cluster_(cluster) {} const std::string& value() const { return cluster_; } - static absl::string_view key(); + static const std::string& key(); private: const std::string cluster_; From d84b46778b031ffd013cfa3d2d465b71f6b787f8 Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Tue, 20 Nov 2018 23:30:39 +0200 Subject: [PATCH 34/37] combine pointer dereferencing and increment into one line Signed-off-by: Vadim Eisenberg --- source/common/common/scalar_to_byte_vector.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/source/common/common/scalar_to_byte_vector.h b/source/common/common/scalar_to_byte_vector.h index b3a53d51c7ecc..120dbd3da0e97 100644 --- a/source/common/common/scalar_to_byte_vector.h +++ b/source/common/common/scalar_to_byte_vector.h @@ -8,8 +8,7 @@ namespace Envoy { template void pushScalarToByteVector(T val, std::vector& bytes) { uint8_t* byte_ptr = reinterpret_cast(&val); for (unsigned int byte_index = 0; byte_index < sizeof val; byte_index++) { - bytes.push_back(*byte_ptr); - byte_ptr++; + bytes.push_back(*byte_ptr++); } } } // namespace Envoy From d6583b94b1d64a73fa18c88f0f49f220e7a989ce Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Tue, 20 Nov 2018 23:31:09 +0200 Subject: [PATCH 35/37] unsigned int -> uint32_t Signed-off-by: Vadim Eisenberg --- source/common/common/scalar_to_byte_vector.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/common/common/scalar_to_byte_vector.h b/source/common/common/scalar_to_byte_vector.h index 120dbd3da0e97..9db11f90e56f1 100644 --- a/source/common/common/scalar_to_byte_vector.h +++ b/source/common/common/scalar_to_byte_vector.h @@ -7,7 +7,7 @@ namespace Envoy { template void pushScalarToByteVector(T val, std::vector& bytes) { uint8_t* byte_ptr = reinterpret_cast(&val); - for (unsigned int byte_index = 0; byte_index < sizeof val; byte_index++) { + for (uint32_t byte_index = 0; byte_index < sizeof val; byte_index++) { bytes.push_back(*byte_ptr++); } } From 505cce2d357b95c4caa7c15b3be4478e547c93ef Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Tue, 20 Nov 2018 23:31:39 +0200 Subject: [PATCH 36/37] Revert "make the parameter of newSSL() const&" This reverts commit 6c9128dafa8a885c043f8cb55656c3ea6970a680. Signed-off-by: Vadim Eisenberg --- source/common/ssl/context_impl.cc | 4 ++-- source/common/ssl/context_impl.h | 6 ++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/source/common/ssl/context_impl.cc b/source/common/ssl/context_impl.cc index fc75c12c8064a..2fd2eee4ea1a0 100644 --- a/source/common/ssl/context_impl.cc +++ b/source/common/ssl/context_impl.cc @@ -275,7 +275,7 @@ std::vector ContextImpl::parseAlpnProtocols(const std::string& alpn_pro return out; } -bssl::UniquePtr ContextImpl::newSsl(const absl::optional&) const { +bssl::UniquePtr ContextImpl::newSsl(absl::optional) const { return bssl::UniquePtr(SSL_new(ctx_.get())); } @@ -499,7 +499,7 @@ ClientContextImpl::ClientContextImpl(Stats::Scope& scope, const ClientContextCon } bssl::UniquePtr -ClientContextImpl::newSsl(const absl::optional& override_server_name) const { +ClientContextImpl::newSsl(absl::optional override_server_name) const { bssl::UniquePtr ssl_con(ContextImpl::newSsl(absl::nullopt)); std::string server_name_indication = diff --git a/source/common/ssl/context_impl.h b/source/common/ssl/context_impl.h index abc51839ee573..4fb733df025be 100644 --- a/source/common/ssl/context_impl.h +++ b/source/common/ssl/context_impl.h @@ -42,8 +42,7 @@ struct SslStats { class ContextImpl : public virtual Context { public: - virtual bssl::UniquePtr - newSsl(const absl::optional& override_server_name) const; + virtual bssl::UniquePtr newSsl(absl::optional override_server_name) const; /** * Logs successful TLS handshake and updates stats. @@ -144,8 +143,7 @@ class ClientContextImpl : public ContextImpl, public ClientContext { ClientContextImpl(Stats::Scope& scope, const ClientContextConfig& config, TimeSource& time_source); - bssl::UniquePtr - newSsl(const absl::optional& override_server_name) const override; + bssl::UniquePtr newSsl(absl::optional override_server_name) const override; private: const std::string server_name_indication_; From 7080014563f6c8f243b5f11a7ca663561def7f5b Mon Sep 17 00:00:00 2001 From: Vadim Eisenberg Date: Wed, 21 Nov 2018 18:44:24 +0200 Subject: [PATCH 37/37] replace v1 json with v2 yaml in DynamicHostRemoveWithTls test Signed-off-by: Vadim Eisenberg --- .../upstream/cluster_manager_impl_test.cc | 29 ++++++++++--------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/test/common/upstream/cluster_manager_impl_test.cc b/test/common/upstream/cluster_manager_impl_test.cc index 911367f528b3f..c960b057966e8 100644 --- a/test/common/upstream/cluster_manager_impl_test.cc +++ b/test/common/upstream/cluster_manager_impl_test.cc @@ -1569,18 +1569,21 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemove) { } TEST_F(ClusterManagerImplTest, DynamicHostRemoveWithTls) { - const std::string json = R"EOF( - { - "clusters": [ - { - "name": "cluster_1", - "connect_timeout_ms": 250, - "type": "strict_dns", - "dns_resolvers": [ "1.2.3.4:80" ], - "lb_type": "round_robin", - "hosts": [{"url": "tcp://localhost:11001"}] - }] - } + const std::string yaml = R"EOF( + static_resources: + clusters: + - name: cluster_1 + connect_timeout: 0.250s + type: STRICT_DNS + dns_resolvers: + - socket_address: + address: 1.2.3.4 + port_value: 80 + lb_policy: ROUND_ROBIN + hosts: + - socket_address: + address: localhost + port_value: 11001 )EOF"; std::shared_ptr dns_resolver(new Network::MockDnsResolver()); @@ -1591,7 +1594,7 @@ TEST_F(ClusterManagerImplTest, DynamicHostRemoveWithTls) { Network::MockActiveDnsQuery active_dns_query; EXPECT_CALL(*dns_resolver, resolve(_, _, _)) .WillRepeatedly(DoAll(SaveArg<2>(&dns_callback), Return(&active_dns_query))); - create(parseBootstrapFromJson(json)); + create(parseBootstrapFromV2Yaml(yaml)); EXPECT_FALSE(cluster_manager_->get("cluster_1")->info()->addedViaApi()); Network::TransportSocketOptionsSharedPtr transport_socket_options_example_com(