Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

grpc-js-xds: Implement and enable security interop tests #2909

Merged
merged 28 commits into from
Feb 27, 2025
Merged

grpc-js-xds: Implement and enable security interop tests #2909

merged 28 commits into from
Feb 27, 2025

Conversation

murgatroid99
Copy link
Member

@murgatroid99 murgatroid99 commented Feb 27, 2025
edited
Loading

This change also includes a variety of fixes to make those tests pass:

  • Fix parsing of SAN entries to correctly handle colons in names.

  • Handle unset CommonTlsContext.validation_context_type.

  • Handle unset filter_chain_match.

  • Add Server protected methods experimentalRegisterListenerToChannelz, experimentalUnregisterListenerFromChannelz, and experimentalCreateConnectionInjectorWithChannelzRef.

  • Modify ServerCredentials to separate options that are used once on Http2Server construction from options that can be updated such as by a certificate provider.

  • Make transport and channel credentials connection establishment code handle and report more connection errors.

  • Wait for credentials information to be loaded from certificate providers before starting to connect, to avoid a time gap between creating a TCP connection and starting the TLS handshake.

  • Fix IPv6-mapped IPv4 address parsing in channelz, and represent them as IPv4 addresses.

  • Add error handling and logging for tls.createSecureContext.

  • grpc/node/master/psm-security

@murgatroid99
Add kokoro config for PSM interop security tests
0b6e2a3
@murgatroid99
Make secure_mode parsing case-insensitive
7a25539
@murgatroid99
xds interop server: bind IPv4 in secure mode
a721980
@murgatroid99
Merge branch 'master' into grpc-js-xds_security_tests
e5fa6b7
@murgatroid99
Enable http_filter tracer on server
564e80f
@murgatroid99
Don't require api_listener when validating Listener
eed4d54
@murgatroid99
Call xds library register function in interop server
f6631f5
@murgatroid99
Enable transport and certificate_provider tracers
2979fa7
@murgatroid99
Add more transport trace lines
6e901c1
@murgatroid99
Change connection handler to prependListener, add more trace logging
bb6fff7
@murgatroid99
Handle unauthorized TLS connections correctly
b44b14d
@murgatroid99
Enable heavy-duty TLS tracing in interop client and server
a8f981a
@murgatroid99
Add more trace logging
5f12dc2
@murgatroid99
Fix a bug that caused HTTP2 sessions to be considered connected early
bdd0dc8
@murgatroid99
Use xDS creds in interop client, remove verbose TLS logging
1fe3f74
@murgatroid99
Wait for secure connectors to be usable before TCP connect
e883425
@murgatroid99
Fix Listener resource validation
87f7034
@murgatroid99
Handle missing filter_chain_match differently, plus other fixes
5cf1a87
@murgatroid99
Add SAN matcher trace logging
65f4d76
@murgatroid99
Fix handling of subject alternative names with colons
7d99c4a
@murgatroid99
Register xds listener with channelz
1e28a04
@murgatroid99
Register listener as child properly
a9cfd7a
@murgatroid99
Only register once, add admin service response logging
822af68
@murgatroid99
Represent IPv6-mapped IPv4 addresses as IPv4 in channelz
36c9a4f
@murgatroid99
Handle secure context errors, fix server constructor argument handling
6965250
@murgatroid99
Apparently unset oneof is allowed
510d681
@murgatroid99
Don't unregister the xds server's channelz ref when destroying the co…
0ebb571 
…nnection injector
@murgatroid99
Handle unset validation_config_type at use time
6094ebe
@murgatroid99 murgatroid99 mentioned this pull request Feb 27, 2025
Merged
1 task
@murgatroid99 murgatroid99 merged commit 5eded95 into grpc:master Feb 27, 2025
8 of 10 checks passed
murgatroid99 added a commit to grpc/psm-interop that referenced this pull request Feb 27, 2025
@murgatroid99
Enable security_test for Node (#155)
9a2e7cf 
This requires the test implementation in
grpc/grpc-node#2909 to work. Test run:

- [x]
[grpc/node/master/psm-security](https://source.cloud.google.com/results/invocations/369e192d-9c64-4475-b236-55ae6155410b)
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@murgatroid99