Skip to content

Deprecate cluster's and listener's tls_context in favor of transport socket#17163

Merged
htuch merged 13 commits intoenvoyproxy:mainfrom
tyxia:tls
Jul 9, 2021
Merged

Deprecate cluster's and listener's tls_context in favor of transport socket#17163
htuch merged 13 commits intoenvoyproxy:mainfrom
tyxia:tls

Conversation

@tyxia
Copy link
Member

@tyxia tyxia commented Jun 27, 2021
edited
Loading

  1. Remove cluster's and listener's tls_context since we are using transport socket's tls_context/

  2. Refactor the sslSocketTest : centralize the server configuration in one place --configureServerAndExpiredClientCertificate function. Note: The test could be further refactored by leveraging this function I modified, but I feel that is not worth the large amount of effort and current code also provides a bit flexibility of configuration (e.g. specifies various config like cert_hash, cert_spki in place)

  3. Move createProtocolTestOptions to unnamed namespace. Even though superiority of unnamed namespace over static is more applied to user-defined types rather than variables and functions (i.e. static no longer deprecated in standard and should do the same thing for latter two), it is still good to keep it in the unnamed namespace like other internal helper functions . Also, unnamed namespace should be encouraged for such usage in general

Signed-off-by: Tianyu Xia tyxia@google.com

Risk Level: Low
Testing: Local tests and CI run (All tests passed)

tyxia added 8 commits June 26, 2021 15:28
@tyxia
remove tls context
9eccba2 
Signed-off-by: Tianyu Xia <tyxia@google.com>
@tyxia
Merge branch 'main' of https://github.com/envoyproxy/envoy into tls
77fd1fa 
Signed-off-by: Tianyu Xia <tyxia@google.com>
@tyxia
Deprecate tls_context in listener and cluster in favor of transport
1951d59 
socket

Signed-off-by: Tianyu Xia <tyxia@google.com>
@tyxia
fix typo
9193e33 
Signed-off-by: Tianyu Xia <tyxia@google.com>
@tyxia
format
8f5d2bf 
Signed-off-by: Tianyu Xia <tyxia@google.com>
@tyxia
format
498bf8f 
Signed-off-by: Tianyu Xia <tyxia@google.com>
@tyxia
Envoy code style disallows designated initializers:(
de9f5df 
Signed-off-by: Tianyu Xia <tyxia@google.com>
@tyxia
fix CI
54b026e 
Signed-off-by: Tianyu Xia <tyxia@google.com>
@tyxia tyxia marked this pull request as ready for review June 28, 2021 13:52
@tyxia
Copy link
Member Author

tyxia commented Jun 28, 2021

@htuch Please take a look. Thanks!

@yanavlasov yanavlasov self-assigned this Jun 28, 2021
@tyxia
Tweak code per styple guide: put all input-only parameters before any…
10763d6 
… output parameters and remove default arg

Signed-off-by: Tianyu Xia <tyxia@google.com>
@lizan lizan added the waiting label Jun 28, 2021
@tyxia
Copy link
Member Author

tyxia commented Jun 28, 2021

/retest

@repokitteh-read-only
Copy link

repokitteh-read-only bot commented Jun 28, 2021

Retrying Azure Pipelines:
Check envoy-presubmit isn't fully completed, but will still attempt retrying.
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #17163 (comment) was created by @tyxia.

see: more, trace.

htuch
htuch suggested changes Jun 29, 2021
View reviewed changes
Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! A few comments..
/wait

@tyxia
update per review
acc83f9 
Signed-off-by: Tianyu Xia <tyxia@google.com>
@tyxia
Copy link
Member Author

tyxia commented Jun 29, 2021
edited
Loading

Looks good! A few comments..
/wait

Thanks for the review! PTAL.
PS: The CI regression was caused by #17025 and should be fixed by #17191

@tyxia tyxia requested a review from htuch June 29, 2021 22:02
tyxia added 2 commits June 30, 2021 03:05
@tyxia
use unnamed namespace over static
aff0e40 
Signed-off-by: Tianyu Xia <tyxia@google.com>
@tyxia
Merge branch 'main' of https://github.com/envoyproxy/envoy into tls
71f53c1 
Signed-off-by: Tianyu Xia <tyxia@google.com>
htuch
htuch suggested changes Jul 1, 2021
View reviewed changes
Copy link
Member

@htuch htuch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM modulo few remaining nits and CI passing.
/wait

@tyxia
style guide
552a553 
Signed-off-by: Tianyu Xia <tyxia@google.com>
@tyxia
Copy link
Member Author

tyxia commented Jul 1, 2021

/retest

@repokitteh-read-only
Copy link

repokitteh-read-only bot commented Jul 1, 2021

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #17163 (comment) was created by @tyxia.

see: more, trace.

@tyxia
Copy link
Member Author

tyxia commented Jul 2, 2021

/retest

@repokitteh-read-only
Copy link

repokitteh-read-only bot commented Jul 2, 2021

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #17163 (comment) was created by @tyxia.

see: more, trace.

@tyxia
Copy link
Member Author

tyxia commented Jul 2, 2021
edited
Loading

Thanks for the review! The failures in previous CI run were caused by tests' flakiness. All the tests passed in the most recent CI run

@tyxia tyxia requested a review from htuch July 7, 2021 19:20
@htuch htuch merged commit bcd80f1 into envoyproxy:main Jul 9, 2021
leyao-daily pushed a commit to leyao-daily/envoy that referenced this pull request Sep 30, 2021
@tyxia
Deprecate cluster's and listener's tls_context in favor of transpor…
44492a4 
…t socket (envoyproxy#17163)

Remove cluster's and listener's tls_context since we are using transport socket's tls_context/

Refactor the sslSocketTest : centralize the server configuration in one place --configureServerAndExpiredClientCertificate function. Note: The test could be further refactored by leveraging this function I modified, but I feel that is not worth the large amount of effort and current code also provides a bit flexibility of configuration (e.g. specifies various config like cert_hash, cert_spki in place)

Move createProtocolTestOptions to unnamed namespace. Even though superiority of unnamed namespace over static is more applied to user-defined types rather than variables and functions (i.e. static no longer deprecated in standard and should do the same thing for latter two), it is still good to keep it in the unnamed namespace like other internal helper functions . Also, unnamed namespace should be encouraged for such usage in general

Risk Level: Low
Testing: Local tests and CI run (All tests passed)

Signed-off-by: Tianyu Xia <tyxia@google.com>
@tyxia tyxia deleted the tls branch March 15, 2023 14:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yanavlasov yanavlasov yanavlasov approved these changes

@alyssawilk alyssawilk Awaiting requested review from alyssawilk

@asraa asraa Awaiting requested review from asraa

@ggreenway ggreenway Awaiting requested review from ggreenway ggreenway is a code owner

@lizan lizan Awaiting requested review from lizan

@mattklein123 mattklein123 Awaiting requested review from mattklein123 mattklein123 is a code owner

+1 more reviewer

@htuch htuch htuch approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@yanavlasov yanavlasov

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tyxia @yanavlasov @htuch @lizan