diff --git a/configs/envoy-tap-config.yaml b/configs/envoy-tap-config.yaml new file mode 100644 index 0000000000000..f8d4ef0836484 --- /dev/null +++ b/configs/envoy-tap-config.yaml @@ -0,0 +1,69 @@ +admin: + address: + socket_address: + protocol: TCP + address: 0.0.0.0 + port_value: 9901 +static_resources: + listeners: + - name: listener_0 + address: + socket_address: + protocol: TCP + address: 0.0.0.0 + port_value: 10000 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + access_log: + - name: envoy.access_loggers.stdout + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog + route_config: + name: local_route + virtual_hosts: + - name: local_service + domains: ["*"] + routes: + - match: + prefix: "/" + route: + host_rewrite_literal: www.envoyproxy.io + cluster: service_envoyproxy_io + http_filters: + - name: envoy.filters.http.router + clusters: + - name: service_envoyproxy_io + connect_timeout: 30s + type: LOGICAL_DNS + # Comment out the following line to test on v6 networks + dns_lookup_family: V4_ONLY + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: service_envoyproxy_io + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: www.envoyproxy.io + port_value: 443 + transport_socket: + name: envoy.transport_sockets.tap + typed_config: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tap.v3.Tap + common_config: + admin_config: + config_id: api-gateway + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + allow_renegotiation: true + common_tls_context: + tls_params: + tls_minimum_protocol_version: TLSv1_2 + sni: "service" diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 5a2ca3d708776..3c811e2bfdd34 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -19,6 +19,7 @@ Bug Fixes --------- *Changes expected to improve the state of the world and are unlikely to have negative effects* +* validation: fix an issue that causes TAP sockets to panic during config validation mode. * zipkin: fix timestamp serializaiton in annotations. A prior bug fix exposed an issue with timestamps being serialized as strings. Removed Config or Runtime diff --git a/source/server/config_validation/BUILD b/source/server/config_validation/BUILD index cabe630583071..bcf753dcf197c 100644 --- a/source/server/config_validation/BUILD +++ b/source/server/config_validation/BUILD @@ -9,8 +9,10 @@ envoy_cc_library( srcs = ["admin.cc"], hdrs = ["admin.h"], deps = [ + "//include/envoy/network:listen_socket_interface", "//include/envoy/server:admin_interface", "//source/common/common:assert_lib", + "//source/common/network:listen_socket_lib", "//source/server/admin:config_tracker_lib", ], ) diff --git a/source/server/config_validation/admin.cc b/source/server/config_validation/admin.cc index b0ecaf1014865..8a0874ee0e119 100644 --- a/source/server/config_validation/admin.cc +++ b/source/server/config_validation/admin.cc @@ -10,7 +10,7 @@ bool ValidationAdmin::addHandler(const std::string&, const std::string&, Handler bool ValidationAdmin::removeHandler(const std::string&) { return true; } -const Network::Socket& ValidationAdmin::socket() { NOT_IMPLEMENTED_GCOVR_EXCL_LINE; } +const Network::Socket& ValidationAdmin::socket() { return *socket_; } ConfigTracker& ValidationAdmin::getConfigTracker() { return config_tracker_; } diff --git a/source/server/config_validation/admin.h b/source/server/config_validation/admin.h index f10a5f8b6d889..68a309aee4bb9 100644 --- a/source/server/config_validation/admin.h +++ b/source/server/config_validation/admin.h @@ -1,8 +1,10 @@ #pragma once +#include "envoy/network/listen_socket.h" #include "envoy/server/admin.h" #include "common/common/assert.h" +#include "common/network/listen_socket_impl.h" #include "server/admin/config_tracker_impl.h" @@ -16,6 +18,12 @@ namespace Server { */ class ValidationAdmin : public Admin { public: + // We want to implement the socket interface without implementing the http listener function. + // This is useful for TAP because it wants to emit warnings when the address type is UDS + explicit ValidationAdmin(Network::Address::InstanceConstSharedPtr address) + : socket_(address ? std::make_shared(nullptr, std::move(address), + nullptr) + : nullptr) {} bool addHandler(const std::string&, const std::string&, HandlerCb, bool, bool) override; bool removeHandler(const std::string&) override; const Network::Socket& socket() override; @@ -32,6 +40,7 @@ class ValidationAdmin : public Admin { private: ConfigTrackerImpl config_tracker_; + Network::SocketSharedPtr socket_; }; } // namespace Server diff --git a/source/server/config_validation/server.cc b/source/server/config_validation/server.cc index 2dced0c68d5db..100647275b8c7 100644 --- a/source/server/config_validation/server.cc +++ b/source/server/config_validation/server.cc @@ -92,8 +92,9 @@ void ValidationInstance::initialize(const Options& options, overload_manager_ = std::make_unique( dispatcher(), stats(), threadLocal(), bootstrap.overload_manager(), messageValidationContext().staticValidationVisitor(), *api_, options_); - listener_manager_ = std::make_unique(*this, *this, *this, false); Configuration::InitialImpl initial_config(bootstrap, options, *this); + admin_ = std::make_unique(initial_config.admin().address()); + listener_manager_ = std::make_unique(*this, *this, *this, false); thread_local_.registerThread(*dispatcher_, true); runtime_singleton_ = std::make_unique( component_factory.createRuntime(*this, initial_config)); diff --git a/source/server/config_validation/server.h b/source/server/config_validation/server.h index dc137d8fc2711..1919a6643ad85 100644 --- a/source/server/config_validation/server.h +++ b/source/server/config_validation/server.h @@ -69,7 +69,7 @@ class ValidationInstance final : Logger::Loggable, Filesystem::Instance& file_system); // Server::Instance - Admin& admin() override { return admin_; } + Admin& admin() override { return *admin_; } Api::Api& api() override { return *api_; } Upstream::ClusterManager& clusterManager() override { return *config_.clusterManager(); } Ssl::ContextManager& sslContextManager() override { return *ssl_context_manager_; } @@ -192,7 +192,7 @@ class ValidationInstance final : Logger::Loggable, ThreadLocal::InstanceImpl thread_local_; Api::ApiPtr api_; Event::DispatcherPtr dispatcher_; - Server::ValidationAdmin admin_; + std::unique_ptr admin_; Singleton::ManagerPtr singleton_manager_; std::unique_ptr runtime_singleton_; Random::RandomGeneratorImpl random_generator_; diff --git a/test/mocks/server/admin.cc b/test/mocks/server/admin.cc index 61d5e6dea1753..db35d25034e4f 100644 --- a/test/mocks/server/admin.cc +++ b/test/mocks/server/admin.cc @@ -3,6 +3,7 @@ #include "gmock/gmock.h" #include "gtest/gtest.h" +using testing::_; using testing::Return; using testing::ReturnRef; @@ -13,6 +14,8 @@ MockAdmin::MockAdmin() { ON_CALL(*this, getConfigTracker()).WillByDefault(ReturnRef(config_tracker_)); ON_CALL(*this, concurrency()).WillByDefault(Return(1)); ON_CALL(*this, socket()).WillByDefault(ReturnRef(socket_)); + ON_CALL(*this, addHandler(_, _, _, _, _)).WillByDefault(Return(true)); + ON_CALL(*this, removeHandler(_)).WillByDefault(Return(true)); } MockAdmin::~MockAdmin() = default;