diff --git a/source/common/network/resolver_impl.cc b/source/common/network/resolver_impl.cc index 8aa49b8bb8bca..66554c0d23674 100644 --- a/source/common/network/resolver_impl.cc +++ b/source/common/network/resolver_impl.cc @@ -48,7 +48,7 @@ InstanceConstSharedPtr resolveProtoAddress(const envoy::config::core::v3::Addres case envoy::config::core::v3::Address::AddressCase::kSocketAddress: return resolveProtoSocketAddress(address.socket_address()); case envoy::config::core::v3::Address::AddressCase::kPipe: - return std::make_shared(address.pipe().path()); + return std::make_shared(address.pipe().path(), address.pipe().mode()); case envoy::config::core::v3::Address::AddressCase::kEnvoyInternalAddress: switch (address.envoy_internal_address().address_name_specifier_case()) { case envoy::config::core::v3::EnvoyInternalAddress::AddressNameSpecifierCase:: diff --git a/test/common/network/address_impl_test.cc b/test/common/network/address_impl_test.cc index 2090ac3933453..d1a01ca6734b7 100644 --- a/test/common/network/address_impl_test.cc +++ b/test/common/network/address_impl_test.cc @@ -335,6 +335,8 @@ TEST(InteralInstanceTest, Basic) { EXPECT_EQ(static_cast(0), address.sockAddrLen()); } +// Excluding Windows; chmod(2) against Windows AF_UNIX socket files succeeds, +// but stat(2) against those returns ENOENT. #ifndef WIN32 TEST(PipeInstanceTest, BasicPermission) { std::string path = TestEnvironment::unixDomainSocketPath("foo.sock"); diff --git a/test/integration/uds_integration_test.cc b/test/integration/uds_integration_test.cc index e1e63b8fbfb55..6fce94e56646c 100644 --- a/test/integration/uds_integration_test.cc +++ b/test/integration/uds_integration_test.cc @@ -2,6 +2,7 @@ #include "envoy/config/bootstrap/v3/bootstrap.pb.h" +#include "common/api/os_sys_calls_impl.h" #include "common/event/dispatcher_impl.h" #include "common/network/utility.h" @@ -47,14 +48,20 @@ TEST_P(UdsUpstreamIntegrationTest, RouterDownstreamDisconnectBeforeResponseCompl INSTANTIATE_TEST_SUITE_P( TestParameters, UdsListenerIntegrationTest, testing::Combine(testing::ValuesIn(TestEnvironment::getIpVersionsForTest()), - testing::Values(false, true))); + testing::Values(false, true), testing::Values(0))); #else INSTANTIATE_TEST_SUITE_P( TestParameters, UdsListenerIntegrationTest, testing::Combine(testing::ValuesIn(TestEnvironment::getIpVersionsForTest()), - testing::Values(false))); + testing::Values(false), testing::Values(0))); #endif +// Test the mode parameter, excluding abstract namespace enabled +INSTANTIATE_TEST_SUITE_P( + TestModeParameter, UdsListenerIntegrationTest, + testing::Combine(testing::ValuesIn(TestEnvironment::getIpVersionsForTest()), + testing::Values(false), testing::Values(0662))); + void UdsListenerIntegrationTest::initialize() { config_helper_.addConfigModifier([&](envoy::config::bootstrap::v3::Bootstrap& bootstrap) -> void { auto* admin_addr = bootstrap.mutable_admin()->mutable_address(); @@ -68,6 +75,7 @@ void UdsListenerIntegrationTest::initialize() { auto* listener = listeners->Add(); listener->set_name("listener_0"); listener->mutable_address()->mutable_pipe()->set_path(getListenerSocketName()); + listener->mutable_address()->mutable_pipe()->set_mode(getMode()); *(listener->mutable_filter_chains()) = filter_chains; }); HttpIntegrationTest::initialize(); @@ -84,6 +92,28 @@ HttpIntegrationTest::ConnectionCreationFunction UdsListenerIntegrationTest::crea }; } +// Excluding Windows; chmod(2) against Windows AF_UNIX socket files succeeds, +// but stat(2) against those returns ENOENT. +#ifndef WIN32 +TEST_P(UdsListenerIntegrationTest, TestSocketMode) { + if (abstract_namespace_) { + // stat(2) against sockets in abstract namespace is not possible + GTEST_SKIP(); + } + + initialize(); + + Api::OsSysCalls& os_sys_calls = Api::OsSysCallsSingleton::get(); + struct stat listener_stat; + EXPECT_EQ(os_sys_calls.stat(getListenerSocketName().c_str(), &listener_stat).rc_, 0); + if (mode_ == 0) { + EXPECT_NE(listener_stat.st_mode & 0777, 0); + } else { + EXPECT_EQ(listener_stat.st_mode & mode_, mode_); + } +} +#endif + TEST_P(UdsListenerIntegrationTest, TestPeerCredentials) { fake_upstreams_count_ = 1; initialize(); diff --git a/test/integration/uds_integration_test.h b/test/integration/uds_integration_test.h index 9ebd30cd006ee..43fdeabd5b569 100644 --- a/test/integration/uds_integration_test.h +++ b/test/integration/uds_integration_test.h @@ -54,12 +54,12 @@ class UdsUpstreamIntegrationTest }; class UdsListenerIntegrationTest - : public testing::TestWithParam>, + : public testing::TestWithParam>, public HttpIntegrationTest { public: UdsListenerIntegrationTest() : HttpIntegrationTest(Http::CodecClient::Type::HTTP1, std::get<0>(GetParam())), - abstract_namespace_(std::get<1>(GetParam())) {} + abstract_namespace_(std::get<1>(GetParam())), mode_(std::get<2>(GetParam())) {} void initialize() override; @@ -71,10 +71,13 @@ class UdsListenerIntegrationTest return TestEnvironment::unixDomainSocketPath("listener_0.sock", abstract_namespace_); } + mode_t getMode() { return mode_; } + protected: HttpIntegrationTest::ConnectionCreationFunction createConnectionFn(); const bool abstract_namespace_; + const mode_t mode_; }; } // namespace Envoy diff --git a/tools/spelling/spelling_dictionary.txt b/tools/spelling/spelling_dictionary.txt index 0a28f00119709..5eaaceff978fc 100644 --- a/tools/spelling/spelling_dictionary.txt +++ b/tools/spelling/spelling_dictionary.txt @@ -95,6 +95,7 @@ EINPROGRESS EINVAL ELB EMSGSIZE +ENOENT ENOTFOUND ENOTSUP ENV