Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

grpc-js-xds: Implement and enable security interop tests #2909

Merged
merged 28 commits into from
Feb 27, 2025
Merged

grpc-js-xds: Implement and enable security interop tests #2909

Changes from 1 commit
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
0b6e2a3
Add kokoro config for PSM interop security tests
murgatroid99 Feb 5, 2025
7a25539
Make secure_mode parsing case-insensitive
murgatroid99 Feb 6, 2025
a721980
xds interop server: bind IPv4 in secure mode
murgatroid99 Feb 7, 2025
e5fa6b7
Merge branch 'master' into grpc-js-xds_security_tests
murgatroid99 Feb 12, 2025
564e80f
Enable http_filter tracer on server
murgatroid99 Feb 12, 2025
eed4d54
Don't require api_listener when validating Listener
murgatroid99 Feb 12, 2025
f6631f5
Call xds library register function in interop server
murgatroid99 Feb 12, 2025
2979fa7
Enable transport and certificate_provider tracers
murgatroid99 Feb 13, 2025
6e901c1
Add more transport trace lines
murgatroid99 Feb 13, 2025
bb6fff7
Change connection handler to prependListener, add more trace logging
murgatroid99 Feb 13, 2025
b44b14d
Handle unauthorized TLS connections correctly
murgatroid99 Feb 14, 2025
a8f981a
Enable heavy-duty TLS tracing in interop client and server
murgatroid99 Feb 14, 2025
5f12dc2
Add more trace logging
murgatroid99 Feb 19, 2025
bdd0dc8
Fix a bug that caused HTTP2 sessions to be considered connected early
murgatroid99 Feb 19, 2025
1fe3f74
Use xDS creds in interop client, remove verbose TLS logging
murgatroid99 Feb 19, 2025
e883425
Wait for secure connectors to be usable before TCP connect
murgatroid99 Feb 20, 2025
87f7034
Fix Listener resource validation
murgatroid99 Feb 20, 2025
5cf1a87
Handle missing filter_chain_match differently, plus other fixes
murgatroid99 Feb 20, 2025
65f4d76
Add SAN matcher trace logging
murgatroid99 Feb 21, 2025
7d99c4a
Fix handling of subject alternative names with colons
murgatroid99 Feb 21, 2025
1e28a04
Register xds listener with channelz
murgatroid99 Feb 24, 2025
a9cfd7a
Register listener as child properly
murgatroid99 Feb 25, 2025
822af68
Only register once, add admin service response logging
murgatroid99 Feb 25, 2025
36c9a4f
Represent IPv6-mapped IPv4 addresses as IPv4 in channelz
murgatroid99 Feb 25, 2025
6965250
Handle secure context errors, fix server constructor argument handling
murgatroid99 Feb 27, 2025
510d681
Apparently unset oneof is allowed
murgatroid99 Feb 27, 2025
0ebb571
Don't unregister the xds server's channelz ref when destroying the co…
murgatroid99 Feb 27, 2025
6094ebe
Handle unset validation_config_type at use time
murgatroid99 Feb 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Handle unset validation_config_type at use time
  • Loading branch information
@murgatroid99
murgatroid99 committed Feb 27, 2025

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
commit 6094ebed618a337272bceb1a85a923defa7c5b02
22 changes: 12 additions & 10 deletions packages/grpc-js-xds/src/server.ts
View file
Original file line number Diff line number Diff line change
@@ -167,16 +167,18 @@ class FilterChainEntry {
if (!instanceCertificateProvider) {
throw new Error(`Invalid TLS context detected: unrecognized certificate instance name: ${commonTlsContext.tls_certificate_provider_instance!.instance_name}`);
}
let validationContext: CertificateValidationContext__Output | null;
switch (commonTlsContext?.validation_context_type) {
case 'validation_context':
validationContext = commonTlsContext.validation_context!;
break;
case 'combined_validation_context':
validationContext = commonTlsContext.combined_validation_context!.default_validation_context;
break;
default:
throw new Error(`Invalid TLS context detected: invalid validation_context_type: ${commonTlsContext.validation_context_type}`);
let validationContext: CertificateValidationContext__Output | null = null;
if (commonTlsContext?.validation_context_type) {
switch (commonTlsContext?.validation_context_type) {
case 'validation_context':
validationContext = commonTlsContext.validation_context!;
break;
case 'combined_validation_context':
validationContext = commonTlsContext.combined_validation_context!.default_validation_context;
break;
default:
throw new Error(`Invalid TLS context detected: invalid validation_context_type: ${commonTlsContext.validation_context_type}`);
}
}
let caCertificateProvider: experimental.CertificateProvider | null = null;
if (validationContext?.ca_certificate_provider_instance) {