xds: add protection flag for federation (#8619)

See https://github.com/grpc/proposal/pull/268/files#diff-e68147af61f13db5bd497e86ffd970fef6af29b88f4f23fb486deefdb35dfea3R659 for detail.
grpc · Oct 21, 2021 · d7454ed · d7454ed
1 parent d2b9151
commit d7454ed
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 0 deletions.
diff --git a/xds/src/main/java/io/grpc/xds/BootstrapperImpl.java b/xds/src/main/java/io/grpc/xds/BootstrapperImpl.java
@@ -17,6 +17,7 @@
 package io.grpc.xds;
 
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import io.grpc.ChannelCredentials;
@@ -62,6 +63,10 @@ public class BootstrapperImpl extends Bootstrapper {
   @VisibleForTesting
   static final String CLIENT_FEATURE_DISABLE_OVERPROVISIONING =
       "envoy.lb.does_not_support_overprovisioning";
+  @VisibleForTesting
+  static boolean enableFederation =
+      !Strings.isNullOrEmpty(System.getenv("GRPC_EXPERIMENTAL_XDS_FEDERATION"))
+          && Boolean.parseBoolean(System.getenv("GRPC_EXPERIMENTAL_XDS_FEDERATION"));
 
   private final XdsLogger logger;
   private FileReader reader = LocalFileReader.INSTANCE;
@@ -199,6 +204,9 @@ BootstrapInfo bootstrap(Map<String, ?> rawData) throws XdsInitializationExceptio
         XdsLogLevel.INFO, "server_listener_resource_name_template: {0}", grpcServerResourceId);
     builder.serverListenerResourceNameTemplate(grpcServerResourceId);
 
+    if (!enableFederation) {
+      return builder.build();
+    }
     String grpcClientDefaultListener =
         JsonUtil.getString(rawData, "client_default_listener_resource_name_template");
     logger.log(

diff --git a/xds/src/test/java/io/grpc/xds/BootstrapperImplTest.java b/xds/src/test/java/io/grpc/xds/BootstrapperImplTest.java
@@ -57,6 +57,7 @@ public class BootstrapperImplTest {
   private String originalBootstrapPathFromSysProp;
   private String originalBootstrapConfigFromEnvVar;
   private String originalBootstrapConfigFromSysProp;
+  private boolean originalEnableFederation;
 
   @Before
   public void setUp() {
@@ -69,6 +70,7 @@ private void saveEnvironment() {
     originalBootstrapPathFromSysProp = BootstrapperImpl.bootstrapPathFromSysProp;
     originalBootstrapConfigFromEnvVar = BootstrapperImpl.bootstrapConfigFromEnvVar;
     originalBootstrapConfigFromSysProp = BootstrapperImpl.bootstrapConfigFromSysProp;
+    originalEnableFederation = BootstrapperImpl.enableFederation;
   }
 
   @After
@@ -77,6 +79,7 @@ public void restoreEnvironment() {
     BootstrapperImpl.bootstrapPathFromSysProp = originalBootstrapPathFromSysProp;
     BootstrapperImpl.bootstrapConfigFromEnvVar = originalBootstrapConfigFromEnvVar;
     BootstrapperImpl.bootstrapConfigFromSysProp = originalBootstrapConfigFromSysProp;
+    BootstrapperImpl.enableFederation = originalEnableFederation;
   }
 
   @Test
@@ -680,6 +683,7 @@ public void fallbackToConfigFromSysProp() throws XdsInitializationException {
 
   @Test
   public void parseClientDefaultListenerResourceNameTemplate() throws Exception {
+    BootstrapperImpl.enableFederation = true;
     String rawData = "{\n"
         + "  \"xds_servers\": [\n"
         + "  ]\n"
@@ -701,6 +705,7 @@ public void parseClientDefaultListenerResourceNameTemplate() throws Exception {
 
   @Test
   public void parseAuthorities() throws Exception {
+    BootstrapperImpl.enableFederation = true;
     String rawData = "{\n"
         + "  \"xds_servers\": [\n"
         + "    {\n"
@@ -773,6 +778,37 @@ public void parseAuthorities() throws Exception {
     assertThat(authorityInfo.xdsServers().get(0).target()).isEqualTo("td2.googleapis.com:443");
   }
 
+  @Test
+  public void badFederationConfig() throws Exception {
+    BootstrapperImpl.enableFederation = true;
+    String rawData = "{\n"
+        + "  \"authorities\": {\n"
+        + "    \"a.com\": {\n"
+        + "      \"client_listener_resource_name_template\": \"xdstp://wrong/\"\n"
+        + "    }\n"
+        + "  },\n"
+        + "  \"xds_servers\": [\n"
+        + "    {\n"
+        + "      \"server_uri\": \"" + SERVER_URI + "\",\n"
+        + "      \"channel_creds\": [\n"
+        + "        {\"type\": \"insecure\"}\n"
+        + "      ]\n"
+        + "    }\n"
+        + "  ]\n"
+        + "}";
+    bootstrapper.setFileReader(createFileReader(BOOTSTRAP_FILE_PATH, rawData));
+    try {
+      bootstrapper.bootstrap();
+      fail("should fail");
+    } catch (XdsInitializationException e) {
+      assertThat(e).hasMessageThat().isEqualTo(
+          "client_listener_resource_name_template: 'xdstp://wrong/' does not start with "
+              + "xdstp://a.com/");
+    }
+    BootstrapperImpl.enableFederation = false;
+    bootstrapper.bootstrap();
+  }
+
   private static BootstrapperImpl.FileReader createFileReader(
       final String expectedPath, final String rawData) {
     return new BootstrapperImpl.FileReader() {