grpc / grpc-java / #20235

/*

 * Copyright 2022 The gRPC Authors

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package io.grpc.xds;

import static com.google.common.base.Preconditions.checkNotNull;

import static io.grpc.xds.client.Bootstrapper.ServerInfo;

import static io.grpc.xds.client.LoadStatsManager2.isEnabledOrcaLrsPropagation;

import com.google.auto.value.AutoValue;

import com.google.common.annotations.VisibleForTesting;

import com.google.common.base.MoreObjects;

import com.google.common.base.Strings;

import com.google.common.collect.ImmutableList;

import com.google.common.collect.ImmutableMap;

import com.google.protobuf.Duration;

import com.google.protobuf.InvalidProtocolBufferException;

import com.google.protobuf.Message;

import com.google.protobuf.Struct;

import com.google.protobuf.util.Durations;

import io.envoyproxy.envoy.config.cluster.v3.CircuitBreakers.Thresholds;

import io.envoyproxy.envoy.config.cluster.v3.Cluster;

import io.envoyproxy.envoy.config.core.v3.RoutingPriority;

import io.envoyproxy.envoy.config.core.v3.SocketAddress;

import io.envoyproxy.envoy.config.core.v3.TransportSocket;

import io.envoyproxy.envoy.config.endpoint.v3.ClusterLoadAssignment;

import io.envoyproxy.envoy.extensions.transport_sockets.http_11_proxy.v3.Http11ProxyUpstreamTransport;

import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;

import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;

import io.grpc.LoadBalancerRegistry;

import io.grpc.NameResolver;

import io.grpc.internal.GrpcUtil;

import io.grpc.internal.ServiceConfigUtil;

import io.grpc.internal.ServiceConfigUtil.LbConfig;

import io.grpc.xds.EnvoyServerProtoData.OutlierDetection;

import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;

import io.grpc.xds.XdsClusterResource.CdsUpdate;

import io.grpc.xds.client.BackendMetricPropagation;

import io.grpc.xds.client.XdsClient.ResourceUpdate;

import io.grpc.xds.client.XdsResourceType;

import io.grpc.xds.internal.security.CommonTlsContextUtil;

import java.util.List;

import java.util.Locale;

import java.util.Set;

import javax.annotation.Nullable;

  @VisibleForTesting

  static boolean enableLeastRequest =

  @VisibleForTesting

  @VisibleForTesting

  static final String AGGREGATE_CLUSTER_TYPE_NAME = "envoy.clusters.aggregate";

  static final String ADS_TYPE_URL_CDS =

      "type.googleapis.com/envoy.config.cluster.v3.Cluster";

  private static final String TYPE_URL_CLUSTER_CONFIG =

      "type.googleapis.com/envoy.extensions.clusters.aggregate.v3.ClusterConfig";

  private static final String TYPE_URL_UPSTREAM_TLS_CONTEXT =

      "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext";

  private static final String TYPE_URL_UPSTREAM_TLS_CONTEXT_V2 =

      "type.googleapis.com/envoy.api.v2.auth.UpstreamTlsContext";

  public static XdsClusterResource getInstance() {

  }

  @Override

  @Nullable

  protected String extractResourceName(Message unpackedResource) {

    }

  }

  @Override

  public String typeName() {

  }

  @Override

  public String typeUrl() {

  }

  @Override

  public boolean shouldRetrieveResourceKeysForArgs() {

  }

  @Override

  protected boolean isFullStateOfTheWorld() {

  }

  @Override

  @SuppressWarnings("unchecked")

  protected Class<Cluster> unpackedClassName() {

  }

  @Override

  protected CdsUpdate doParse(Args args, Message unpackedMessage) throws ResourceInvalidException {

    }

    }

  }

  @VisibleForTesting

  static CdsUpdate processCluster(Cluster cluster,

                                  Set<String> certProviderInstances,

                                  ServerInfo serverInfo,

                                  LoadBalancerRegistry loadBalancerRegistry)

      throws ResourceInvalidException {

    StructOrError<CdsUpdate.Builder> structOrError;

      case TYPE:

            certProviderInstances, serverInfo);

      case CLUSTER_TYPE:

      case CLUSTERDISCOVERYTYPE_NOT_SET:

      default:

    }

    }

        enableLeastRequest);

    // Validate the LB config by trying to parse it with the corresponding LB provider.

    }

    try {

  }

  private static StructOrError<CdsUpdate.Builder> parseAggregateCluster(Cluster cluster) {

          "Cluster " + clusterName + ": unsupported custom cluster type: " + typeName);

    }

    io.envoyproxy.envoy.extensions.clusters.aggregate.v3.ClusterConfig clusterConfig;

    try {

          io.envoyproxy.envoy.extensions.clusters.aggregate.v3.ClusterConfig.class,

          TYPE_URL_CLUSTER_CONFIG, null);

          + ": aggregate ClusterConfig.clusters must not be empty");

    }

  }

  private static StructOrError<CdsUpdate.Builder> parseNonAggregateCluster(

      Cluster cluster, Set<String> certProviderInstances, ServerInfo serverInfo) {

    }

            "Cluster " + clusterName + ": only support LRS for the same management server");

      }

    }

        }

        }

    }

          + ": transport-socket-matches not supported.");

    }

        Http11ProxyUpstreamTransport.class))) {

    }

        Http11ProxyUpstreamTransport.class)) {

      try {

                .http_11_proxy.v3.Http11ProxyUpstreamTransport.class);

            "Cluster " + clusterName + ": malformed Http11ProxyUpstreamTransport: " + e);

            "Cluster " + clusterName

                + ": invalid transport_socket type in Http11ProxyUpstreamTransport");

    }

      try {

                    io.envoyproxy.envoy.extensions

                        .transport_sockets.tls.v3.UpstreamTlsContext.class,

                    TYPE_URL_UPSTREAM_TLS_CONTEXT, TYPE_URL_UPSTREAM_TLS_CONTEXT_V2),

                certProviderInstances));

            "Cluster " + clusterName + ": malformed UpstreamTlsContext: " + e);

    }

      try {

            "Cluster " + clusterName + ": malformed outlier_detection: " + e);

    }

            "Cluster " + clusterName + ": field eds_cluster_config must be set to indicate to use"

                + " EDS over ADS or self ConfigSource");

      }

      // If the service_name field is set, that value will be used for the EDS request.

      }

      // edsServiceName is required if the CDS resource has an xdstp name.

            "EDS service_name must be set when Cluster resource has an xdstp name");

      }

          clusterName, edsServiceName, lrsServerInfo, maxConcurrentRequests, upstreamTlsContext,

          outlierDetection, isHttp11ProxyAvailable, backendMetricPropagation));

            "Cluster " + clusterName + ": LOGICAL_DNS clusters must have a single host");

      }

            "Cluster " + clusterName + ": LOGICAL_DNS clusters must have a single "

                + "locality_lb_endpoint and a single lb_endpoint");

      }

            "Cluster " + clusterName

                + ": LOGICAL_DNS clusters must have an endpoint with address and socket_address");

      }

            "Cluster " + clusterName

                + ": LOGICAL DNS clusters must NOT have a custom resolver name set");

      }

            "Cluster " + clusterName

                + ": LOGICAL DNS clusters socket_address must have port_value");

      }

          clusterName, dnsHostName, lrsServerInfo, maxConcurrentRequests,

          upstreamTlsContext, isHttp11ProxyAvailable, backendMetricPropagation));

    }

        "Cluster " + clusterName + ": unsupported built-in discovery type: " + type);

  }

  static io.envoyproxy.envoy.config.cluster.v3.OutlierDetection validateOutlierDetection(

      io.envoyproxy.envoy.config.cluster.v3.OutlierDetection outlierDetection)

      throws ResourceInvalidException {

      }

      }

    }

            "outlier_detection base_ejection_time is not a valid Duration");

      }

            "outlier_detection base_ejection_time has a negative value");

      }

    }

            "outlier_detection max_ejection_time is not a valid Duration");

      }

            "outlier_detection max_ejection_time has a negative value");

      }

    }

          "outlier_detection max_ejection_percent is > 100");

    }

          "outlier_detection enforcing_success_rate is > 100");

    }

          "outlier_detection failure_percentage_threshold is > 100");

    }

          "outlier_detection enforcing_failure_percentage is > 100");

    }

  }

  static boolean hasNegativeValues(Duration duration) {

  }

  @VisibleForTesting

  static io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext

      validateUpstreamTlsContext(

      io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext upstreamTlsContext,

      Set<String> certProviderInstances)

      throws ResourceInvalidException {

          false);

    } else {

    }

  }

  @VisibleForTesting

  static void validateCommonTlsContext(

      CommonTlsContext commonTlsContext, Set<String> certProviderInstances, boolean server)

      throws ResourceInvalidException {

          "common-tls-context with custom_handshaker is not supported");

    }

    }

          "common-tls-context with validation_context_sds_secret_config is not supported");

    }

            "tls_certificate_provider_instance is required in downstream-tls-context");

      }

            "tls_certificate_provider_instance is unset");

      }

            "tls_certificate_provider_instance is unset");

      }

          "CertificateProvider instance name '" + certInstanceName

              + "' not defined in the bootstrap file.");

    }

            "ca_certificate_provider_instance or system_root_certs is required in "

                + "upstream-tls-context");

      }

    } else {

            "ca_certificate_provider_instance name '" + rootCaInstanceName

                + "' not defined in the bootstrap file.");

      }

      }

        @SuppressWarnings("deprecation") // gRFC A29 predates match_typed_subject_alt_names

              "match_subject_alt_names only allowed in upstream_tls_context");

        }

              "verify_certificate_spki in default_validation_context is not supported");

        }

              "verify_certificate_hash in default_validation_context is not supported");

        }

              "require_signed_certificate_timestamp in default_validation_context is not "

                  + "supported");

        }

        }

              "custom_validator_config in default_validation_context is not supported");

        }

      }

    }

  private static String getIdentityCertInstanceName(CommonTlsContext commonTlsContext) {

    }

    // Fall back to deprecated field (field 11) for backward compatibility with Istio

    @SuppressWarnings("deprecation")

  }

  private static String getRootCertInstanceName(CommonTlsContext commonTlsContext) {

      }

      }

      // Fall back to deprecated field (field 4) in CombinedValidationContext

      @SuppressWarnings("deprecation")

      String instanceName = combinedCertificateValidationContext

      }

    }

  }

  /** xDS resource update for cluster-level configuration. */

  @AutoValue

    abstract String clusterName();

    abstract ClusterType clusterType();

    abstract ImmutableMap<String, ?> lbPolicyConfig();

    // Only valid if lbPolicy is "ring_hash_experimental".

    abstract long minRingSize();

    // Only valid if lbPolicy is "ring_hash_experimental".

    abstract long maxRingSize();

    // Only valid if lbPolicy is "least_request_experimental".

    abstract int choiceCount();

    // Alternative resource name to be used in EDS requests.

    /// Only valid for EDS cluster.

    @Nullable

    abstract String edsServiceName();

    // Corresponding DNS name to be used if upstream endpoints of the cluster is resolvable

    // via DNS.

    // Only valid for LOGICAL_DNS cluster.

    @Nullable

    abstract String dnsHostName();

    // Load report server info for reporting loads via LRS.

    // Only valid for EDS or LOGICAL_DNS cluster.

    @Nullable

    abstract ServerInfo lrsServerInfo();

    // Max number of concurrent requests can be sent to this cluster.

    // Only valid for EDS or LOGICAL_DNS cluster.

    @Nullable

    abstract Long maxConcurrentRequests();

    // TLS context used to connect to connect to this cluster.

    // Only valid for EDS or LOGICAL_DNS cluster.

    @Nullable

    abstract UpstreamTlsContext upstreamTlsContext();

    abstract boolean isHttp11ProxyAvailable();

    // List of underlying clusters making of this aggregate cluster.

    // Only valid for AGGREGATE cluster.

    @Nullable

    abstract ImmutableList<String> prioritizedClusterNames();

    // Outlier detection configuration.

    @Nullable

    abstract OutlierDetection outlierDetection();

    abstract ImmutableMap<String, Struct> filterMetadata();

    abstract ImmutableMap<String, Object> parsedMetadata();

    @Nullable

    abstract BackendMetricPropagation backendMetricPropagation();

    private static Builder newBuilder(String clusterName) {

    }

    static Builder forAggregate(String clusterName, List<String> prioritizedClusterNames) {

    }

    static Builder forEds(String clusterName, @Nullable String edsServiceName,

                          @Nullable ServerInfo lrsServerInfo, @Nullable Long maxConcurrentRequests,

                          @Nullable UpstreamTlsContext upstreamTlsContext,

                          @Nullable OutlierDetection outlierDetection,

                          boolean isHttp11ProxyAvailable,

                          BackendMetricPropagation backendMetricPropagation) {

    }

    static Builder forLogicalDns(String clusterName, String dnsHostName,

                                 @Nullable ServerInfo lrsServerInfo,

                                 @Nullable Long maxConcurrentRequests,

                                 @Nullable UpstreamTlsContext upstreamTlsContext,

                                 boolean isHttp11ProxyAvailable,

                                 BackendMetricPropagation backendMetricPropagation) {

    }

    }

    }

    // FIXME(chengyuanzhang): delete this after UpstreamTlsContext's toString() is fixed.

    @Override

    public final String toString() {

          // Exclude upstreamTlsContext and outlierDetection as their string representations are

          // cumbersome.

    }

    @AutoValue.Builder

      // Private, use one of the static factory methods instead.

      protected abstract Builder clusterName(String clusterName);

      // Private, use one of the static factory methods instead.

      protected abstract Builder clusterType(ClusterType clusterType);

      protected abstract Builder lbPolicyConfig(ImmutableMap<String, ?> lbPolicyConfig);

      Builder roundRobinLbPolicy() {

      }

      Builder ringHashLbPolicy(Long minRingSize, Long maxRingSize) {

      }

      Builder leastRequestLbPolicy(Integer choiceCount) {

      }

      // Private, use leastRequestLbPolicy(int).

      protected abstract Builder choiceCount(int choiceCount);

      // Private, use ringHashLbPolicy(long, long).

      protected abstract Builder minRingSize(long minRingSize);

      // Private, use ringHashLbPolicy(long, long).

      protected abstract Builder maxRingSize(long maxRingSize);

      // Private, use CdsUpdate.forEds() instead.

      protected abstract Builder edsServiceName(String edsServiceName);

      // Private, use CdsUpdate.forLogicalDns() instead.

      protected abstract Builder dnsHostName(String dnsHostName);

      // Private, use one of the static factory methods instead.

      protected abstract Builder lrsServerInfo(ServerInfo lrsServerInfo);

      // Private, use one of the static factory methods instead.

      protected abstract Builder maxConcurrentRequests(Long maxConcurrentRequests);

      protected abstract Builder isHttp11ProxyAvailable(boolean isHttp11ProxyAvailable);

      // Private, use one of the static factory methods instead.

      protected abstract Builder upstreamTlsContext(UpstreamTlsContext upstreamTlsContext);

      // Private, use CdsUpdate.forAggregate() instead.

      protected abstract Builder prioritizedClusterNames(List<String> prioritizedClusterNames);

      protected abstract Builder outlierDetection(OutlierDetection outlierDetection);

      protected abstract Builder filterMetadata(ImmutableMap<String, Struct> filterMetadata);

      protected abstract Builder parsedMetadata(ImmutableMap<String, Object> parsedMetadata);

      protected abstract Builder backendMetricPropagation(

          BackendMetricPropagation backendMetricPropagation);

      abstract CdsUpdate build();

    }

  }

}