quic: test fast-fail if secrets not loaded when create quic connection

source/common/http/http3/conn_pool.cc

@@ -89,9 +89,10 @@ allocateConnPool(Event::Dispatcher& dispatcher, Random::RandomGenerator& random_
         auto factory = &pool->host()->transportSocketFactory();
         ASSERT(dynamic_cast<Quic::QuicClientTransportSocketFactory*>(factory) != nullptr);
         if (static_cast<Quic::QuicClientTransportSocketFactory*>(factory)->sslCtx() == nullptr) {
-          ENVOY_LOG_TO_LOGGER(Envoy::Logger::Registry::getLog(Envoy::Logger::Id::pool), warn,
-                              "Failed to create Http/3 client. Transport socket "
-                              "factory is not configured correctly.");
+          ENVOY_LOG_EVERY_POW_2_TO_LOGGER(Envoy::Logger::Registry::getLog(Envoy::Logger::Id::pool),
+                                          warn,
+                                          "Failed to create Http/3 client. Transport socket "
+                                          "factory is not configured correctly.");
           return nullptr;
         }
         Http3ConnPoolImpl* h3_pool = reinterpret_cast<Http3ConnPoolImpl*>(pool);
@@ -105,6 +106,12 @@ allocateConnPool(Event::Dispatcher& dispatcher, Random::RandomGenerator& random_
         data.connection_ =
             Quic::createQuicNetworkConnection(h3_pool->quicInfo(), pool->dispatcher(), host_address,
                                               source_address, quic_stat_names, scope);
+        if (data.connection_ == nullptr) {
+          ENVOY_LOG_EVERY_POW_2_TO_LOGGER(
+              Envoy::Logger::Registry::getLog(Envoy::Logger::Id::pool), warn,
+              "Failed to create Http/3 client. Failed to create quic network connection.");
+          return nullptr;
+        }
         // Store a handle to connection as it will be moved during client construction.
         Network::Connection& connection = *data.connection_;
         auto client = std::make_unique<ActiveClient>(*pool, data);

source/common/quic/quic_transport_socket_factory.h

@@ -108,7 +108,7 @@ class QuicClientTransportSocketFactory : public QuicTransportSocketFactoryBase {
     return fallback_factory_->createTransportSocket(options);
   }
 
-  Envoy::Ssl::ClientContextSharedPtr sslCtx() { return fallback_factory_->sslCtx(); }
+  virtual Envoy::Ssl::ClientContextSharedPtr sslCtx() { return fallback_factory_->sslCtx(); }
 
   const Ssl::ClientContextConfig& clientContextConfig() const {
     return fallback_factory_->config();

test/common/http/http3/conn_pool_test.cc

@@ -68,6 +68,60 @@ class Http3ConnPoolImplTest : public Event::TestUsingSimulatedTime, public testi
   ConnectionPool::InstancePtr pool_;
 };
 
+class MockQuicClientTransportSocketFactory : public Quic::QuicClientTransportSocketFactory {
+public:
+  MockQuicClientTransportSocketFactory(
+      Ssl::ClientContextConfigPtr config,
+      Server::Configuration::TransportSocketFactoryContext& factory_context)
+      : Quic::QuicClientTransportSocketFactory(move(config), factory_context) {}
+
+  MOCK_METHOD(Envoy::Ssl::ClientContextSharedPtr, sslCtx, ());
+};
+
+TEST_F(Http3ConnPoolImplTest, FastFailWithoutSecretsLoaded) {
+  MockQuicClientTransportSocketFactory factory{
+      std::unique_ptr<Envoy::Ssl::ClientContextConfig>(new NiceMock<Ssl::MockClientContextConfig>),
+      context_};
+
+  EXPECT_CALL(factory, sslCtx()).WillRepeatedly(Return(nullptr));
+
+  EXPECT_CALL(mockHost(), address()).WillRepeatedly(Return(test_address_));
+  EXPECT_CALL(mockHost(), transportSocketFactory()).WillRepeatedly(testing::ReturnRef(factory));
+  // The unique pointer of this object will be returned in createSchedulableCallback_ of
+  // dispatcher_, so there is no risk of object leak.
+  new Event::MockSchedulableCallback(&dispatcher_);
+  Network::ConnectionSocket::OptionsSharedPtr options;
+  Network::TransportSocketOptionsConstSharedPtr transport_options;
+  ConnectionPool::InstancePtr pool =
+      allocateConnPool(dispatcher_, random_, host_, Upstream::ResourcePriority::Default, options,
+                       transport_options, state_, simTime(), quic_stat_names_, store_);
+
+  EXPECT_EQ(static_cast<Http3ConnPoolImpl*>(pool.get())->instantiateActiveClient(), nullptr);
+}
+
+TEST_F(Http3ConnPoolImplTest, FailWithSecretsBecomeEmpty) {
+  MockQuicClientTransportSocketFactory factory{
+      std::unique_ptr<Envoy::Ssl::ClientContextConfig>(new NiceMock<Ssl::MockClientContextConfig>),
+      context_};
+
+  Ssl::ClientContextSharedPtr ssl_context(new Ssl::MockClientContext());
+  EXPECT_CALL(factory, sslCtx())
+      .WillOnce(Return(ssl_context))
+      .WillOnce(Return(nullptr))
+      .WillRepeatedly(Return(ssl_context));
+
+  EXPECT_CALL(mockHost(), address()).WillRepeatedly(Return(test_address_));
+  EXPECT_CALL(mockHost(), transportSocketFactory()).WillRepeatedly(testing::ReturnRef(factory));
+  new Event::MockSchedulableCallback(&dispatcher_);
+  Network::ConnectionSocket::OptionsSharedPtr options;
+  Network::TransportSocketOptionsConstSharedPtr transport_options;
+  ConnectionPool::InstancePtr pool =
+      allocateConnPool(dispatcher_, random_, host_, Upstream::ResourcePriority::Default, options,
+                       transport_options, state_, simTime(), quic_stat_names_, store_);
+
+  EXPECT_EQ(static_cast<Http3ConnPoolImpl*>(pool.get())->instantiateActiveClient(), nullptr);
+}
+
 TEST_F(Http3ConnPoolImplTest, CreationWithBufferLimits) {
   EXPECT_CALL(mockHost().cluster_, perConnectionBufferLimitBytes);
   initialize();