Skip to content

quic: improve coverage#16569

Merged
alyssawilk merged 3 commits intoenvoyproxy:mainfrom
alyssawilk:quic_coverage
May 20, 2021
Merged

quic: improve coverage#16569
alyssawilk merged 3 commits intoenvoyproxy:mainfrom
alyssawilk:quic_coverage

Conversation

@alyssawilk
Copy link
Copy Markdown
Contributor

@alyssawilk alyssawilk commented May 19, 2021

Arguably I should adjust this up but given recent CI failures I'll leave for now.

Risk Level: n/a (test only)
Testing: yes
Docs Changes: n/a
Release Notes: n/a

@alyssawilk
improve coverage
7468a30 
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
@alyssawilk
Merge branch 'main' into quic_coverage
caad86a 
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
@alyssawilk alyssawilk mentioned this pull request May 19, 2021
Merged
@alyssawilk
Merge branch 'main' into quic_coverage
1ea2aa6 
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
danzh2010
danzh2010 approved these changes May 19, 2021
View reviewed changes
test/common/quic/client_connection_factory_impl_test.cc
@@ -0,0 +1,47 @@
#include "common/quic/client_connection_factory_impl.h"
Copy link
Copy Markdown
Contributor

@danzh2010 danzh2010 May 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding these tests!

antoniovicente
antoniovicente reviewed May 19, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@antoniovicente antoniovicente left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the test coverage improvements.

Given that we are removing ASSERTs, I think we should add some nullptr checks to avoid crashes in EnvoyQuicProofVerifier::VerifyCertChain

source/common/quic/client_connection_factory_impl.cc
auto* quic_socket_factory =
dynamic_cast<QuicClientTransportSocketFactory*>(&transport_socket_factory);
ASSERT(quic_socket_factory != nullptr);
ASSERT(quic_socket_factory->sslCtx() != nullptr);
Copy link
Copy Markdown
Contributor

@antoniovicente antoniovicente May 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this ASSERT were to fail the following code would crash. If we remove the ASSERT, we should also fix this code so it doesn't crash.

envoy/source/common/quic/envoy_quic_proof_verifier.cc

Line 35 in 1ea2aa6

bool success = static_cast<Extensions::TransportSockets::Tls::ClientContextImpl*>(context_.get())

Copy link
Copy Markdown
Contributor Author

@alyssawilk alyssawilk May 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is already removed over here #16462
just hadn't merged it in.
That PR came with tests and error handling for SDS lazy loading of secrets :-)

Copy link
Copy Markdown
Contributor

@antoniovicente antoniovicente May 20, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Could we add ASSERT(context_ != nullptr) to the EnvoyQuicProofVerifier constructor as a sanity check? I'm fine with it being in this PR or a followup.

https://github.com/envoyproxy/envoy/blob/main/source/common/quic/envoy_quic_proof_verifier.h#L15

Copy link
Copy Markdown
Contributor Author

@alyssawilk alyssawilk May 20, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added in #16466 thanks

source/common/quic/quic_filter_manager_connection_impl.h
unixSocketPeerCredentials() const override {
// Unix domain socket is not supported.
NOT_REACHED_GCOVR_EXCL_LINE;
return absl::nullopt;
Copy link
Copy Markdown
Contributor

@antoniovicente antoniovicente May 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm having trouble finding non-test uses of unixSocketPeerCredentials().

What am I missing? Who depends on this API?

Copy link
Copy Markdown
Contributor Author

@alyssawilk alyssawilk May 19, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure. I'd be happy to remove as a follow-up if we think it's doable.
I wonder if it's used internally by whoever @snowp worked for at the time?

@alyssawilk alyssawilk merged commit 75aecf2 into envoyproxy:main May 20, 2021
@wrowe
Copy link
Copy Markdown
Contributor

wrowe commented May 20, 2021

This has broken four CI pipelines... better to revert for now?

@alyssawilk alyssawilk mentioned this pull request May 20, 2021
Merged
@alyssawilk
Copy link
Copy Markdown
Contributor Author

alyssawilk commented May 20, 2021

#16597 should fix

leyao-daily pushed a commit to leyao-daily/envoy that referenced this pull request Sep 30, 2021
@alyssawilk
quic: improve coverage (envoyproxy#16569)
5eb8e88 
Risk Level: n/a (test only)
Testing: yes
Docs Changes: n/a
Release Notes: n/a

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
@alyssawilk alyssawilk deleted the quic_coverage branch February 28, 2022 21:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danzh2010 danzh2010 danzh2010 approved these changes

+1 more reviewer

@antoniovicente antoniovicente antoniovicente approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@antoniovicente antoniovicente

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@alyssawilk @wrowe @danzh2010 @antoniovicente