grpc 1.36.0 → 1.37.0.pre1

data/src/core/ext/xds/xds_api.h

@@ -33,10 +33,12 @@
 
 #include <grpc/slice_buffer.h>
 
+#include "envoy/admin/v3/config_dump.upb.h"
 #include "src/core/ext/filters/client_channel/server_address.h"
 #include "src/core/ext/xds/xds_bootstrap.h"
 #include "src/core/ext/xds/xds_client_stats.h"
-#include "src/core/lib/security/authorization/matchers.h"
+#include "src/core/ext/xds/xds_http_filters.h"
+#include "src/core/lib/matchers/matchers.h"
 
 namespace grpc_core {
 
@@ -58,13 +60,16 @@ class XdsApi {
     int64_t seconds = 0;
     int32_t nanos = 0;
     bool operator==(const Duration& other) const {
-      return (seconds == other.seconds && nanos == other.nanos);
+      return seconds == other.seconds && nanos == other.nanos;
     }
     std::string ToString() const {
       return absl::StrFormat("Duration seconds: %ld, nanos %d", seconds, nanos);
     }
   };
 
+  using TypedPerFilterConfig =
+      std::map<std::string, XdsHttpFilterImpl::FilterConfig>;
+
   // TODO(donnadionne): When we can use absl::variant<>, consider using that
   // for: PathMatcher, HeaderMatcher, cluster_name and weighted_clusters
   struct Route {
@@ -75,14 +80,38 @@ class XdsApi {
       absl::optional<uint32_t> fraction_per_million;
 
       bool operator==(const Matchers& other) const {
-        return (path_matcher == other.path_matcher &&
-                header_matchers == other.header_matchers &&
-                fraction_per_million == other.fraction_per_million);
+        return path_matcher == other.path_matcher &&
+               header_matchers == other.header_matchers &&
+               fraction_per_million == other.fraction_per_million;
       }
       std::string ToString() const;
     };
 
+    struct HashPolicy {
+      enum Type { HEADER, CHANNEL_ID };
+      Type type;
+      bool terminal = false;
+      // Fields used for type HEADER.
+      std::string header_name;
+      std::unique_ptr<RE2> regex = nullptr;
+      std::string regex_substitution;
+
+      HashPolicy() {}
+
+      // Copyable.
+      HashPolicy(const HashPolicy& other);
+      HashPolicy& operator=(const HashPolicy& other);
+
+      // Moveable.
+      HashPolicy(HashPolicy&& other) noexcept;
+      HashPolicy& operator=(HashPolicy&& other) noexcept;
+
+      bool operator==(const HashPolicy& other) const;
+      std::string ToString() const;
+    };
+
     Matchers matchers;
+    std::vector<HashPolicy> hash_policies;
 
     // Action for this route.
     // TODO(roth): When we can use absl::variant<>, consider using that
@@ -91,8 +120,11 @@ class XdsApi {
     struct ClusterWeight {
       std::string name;
       uint32_t weight;
+      TypedPerFilterConfig typed_per_filter_config;
+
       bool operator==(const ClusterWeight& other) const {
-        return (name == other.name && weight == other.weight);
+        return name == other.name && weight == other.weight &&
+               typed_per_filter_config == other.typed_per_filter_config;
       }
       std::string ToString() const;
     };
@@ -103,11 +135,13 @@ class XdsApi {
     // not set.
     absl::optional<Duration> max_stream_duration;
 
+    TypedPerFilterConfig typed_per_filter_config;
+
     bool operator==(const Route& other) const {
-      return (matchers == other.matchers &&
-              cluster_name == other.cluster_name &&
-              weighted_clusters == other.weighted_clusters &&
-              max_stream_duration == other.max_stream_duration);
+      return matchers == other.matchers && cluster_name == other.cluster_name &&
+             weighted_clusters == other.weighted_clusters &&
+             max_stream_duration == other.max_stream_duration &&
+             typed_per_filter_config == other.typed_per_filter_config;
     }
     std::string ToString() const;
   };
@@ -116,9 +150,11 @@ class XdsApi {
     struct VirtualHost {
       std::vector<std::string> domains;
       std::vector<Route> routes;
+      TypedPerFilterConfig typed_per_filter_config;
 
       bool operator==(const VirtualHost& other) const {
-        return domains == other.domains && routes == other.routes;
+        return domains == other.domains && routes == other.routes &&
+               typed_per_filter_config == other.typed_per_filter_config;
       }
     };
 
@@ -204,29 +240,157 @@ class XdsApi {
       kTcpListener = 0,
       kHttpApiListener,
     } type;
-    DownstreamTlsContext downstream_tls_context;
-    // The name to use in the RDS request.
-    std::string route_config_name;
-    // Storing the Http Connection Manager Common Http Protocol Option
-    // max_stream_duration
-    Duration http_max_stream_duration;
-    // The RouteConfiguration to use for this listener.
-    // Present only if it is inlined in the LDS response.
-    absl::optional<RdsUpdate> rds_update;
+
+    struct HttpConnectionManager {
+      // The name to use in the RDS request.
+      std::string route_config_name;
+      // Storing the Http Connection Manager Common Http Protocol Option
+      // max_stream_duration
+      Duration http_max_stream_duration;
+      // The RouteConfiguration to use for this listener.
+      // Present only if it is inlined in the LDS response.
+      absl::optional<RdsUpdate> rds_update;
+
+      struct HttpFilter {
+        std::string name;
+        XdsHttpFilterImpl::FilterConfig config;
+
+        bool operator==(const HttpFilter& other) const {
+          return name == other.name && config == other.config;
+        }
+
+        std::string ToString() const;
+      };
+      std::vector<HttpFilter> http_filters;
+
+      bool operator==(const HttpConnectionManager& other) const {
+        return route_config_name == other.route_config_name &&
+               http_max_stream_duration == other.http_max_stream_duration &&
+               rds_update == other.rds_update &&
+               http_filters == other.http_filters;
+      }
+
+      std::string ToString() const;
+    };
+
+    // Populated for type=kHttpApiListener.
+    HttpConnectionManager http_connection_manager;
+
+    // Populated for type=kTcpListener.
+    // host:port listening_address set when type is kTcpListener
+    std::string address;
+
+    struct FilterChainData {
+      DownstreamTlsContext downstream_tls_context;
+      // This is in principle the filter list.
+      // We currently require exactly one filter, which is the HCM.
+      HttpConnectionManager http_connection_manager;
+
+      bool operator==(const FilterChainData& other) const {
+        return downstream_tls_context == other.downstream_tls_context &&
+               http_connection_manager == other.http_connection_manager;
+      }
+
+      std::string ToString() const;
+    } filter_chain_data;
+
+    // A multi-level map used to determine which filter chain to use for a given
+    // incoming connection. Determining the right filter chain for a given
+    // connection checks the following properties, in order:
+    // - destination port (never matched, so not present in map)
+    // - destination IP address
+    // - server name (never matched, so not present in map)
+    // - transport protocol (allows only "raw_buffer" or unset, prefers the
+    //   former, so only one of those two types is present in map)
+    // - application protocol (never matched, so not present in map)
+    // - connection source type (any, local or external)
+    // - source IP address
+    // - source port
+    // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener_components.proto#config-listener-v3-filterchainmatch
+    // for more details
+    struct FilterChainMap {
+      struct FilterChainDataSharedPtr {
+        std::shared_ptr<FilterChainData> data;
+        bool operator==(const FilterChainDataSharedPtr& other) const {
+          return *data == *other.data;
+        }
+      };
+      struct CidrRange {
+        grpc_resolved_address address;
+        uint32_t prefix_len;
+
+        bool operator==(const CidrRange& other) const {
+          return memcmp(&address, &other.address, sizeof(address)) == 0 &&
+                 prefix_len == other.prefix_len;
+        }
+
+        std::string ToString() const;
+      };
+      using SourcePortsMap = std::map<uint16_t, FilterChainDataSharedPtr>;
+      struct SourceIp {
+        absl::optional<CidrRange> prefix_range;
+        SourcePortsMap ports_map;
+
+        bool operator==(const SourceIp& other) const {
+          return prefix_range == other.prefix_range &&
+                 ports_map == other.ports_map;
+        }
+      };
+      using SourceIpVector = std::vector<SourceIp>;
+      enum class ConnectionSourceType {
+        kAny = 0,
+        kSameIpOrLoopback,
+        kExternal
+      };
+      using ConnectionSourceTypesArray = std::array<SourceIpVector, 3>;
+      struct DestinationIp {
+        absl::optional<CidrRange> prefix_range;
+        // We always fail match on server name, so those filter chains are not
+        // included here.
+        ConnectionSourceTypesArray source_types_array;
+
+        bool operator==(const DestinationIp& other) const {
+          return prefix_range == other.prefix_range &&
+                 source_types_array == other.source_types_array;
+        }
+      };
+      // We always fail match on destination ports map
+      using DestinationIpVector = std::vector<DestinationIp>;
+      DestinationIpVector destination_ip_vector;
+
+      bool operator==(const FilterChainMap& other) const {
+        return destination_ip_vector == other.destination_ip_vector;
+      }
+
+      std::string ToString() const;
+    } filter_chain_map;
+
+    absl::optional<FilterChainData> default_filter_chain;
 
     bool operator==(const LdsUpdate& other) const {
-      return downstream_tls_context == other.downstream_tls_context &&
-             route_config_name == other.route_config_name &&
-             rds_update == other.rds_update &&
-             http_max_stream_duration == other.http_max_stream_duration;
+      return http_connection_manager == other.http_connection_manager &&
+             address == other.address &&
+             filter_chain_map == other.filter_chain_map &&
+             default_filter_chain == other.default_filter_chain;
     }
 
     std::string ToString() const;
   };
 
-  using LdsUpdateMap = std::map<std::string /*server_name*/, LdsUpdate>;
+  struct LdsResourceData {
+    LdsUpdate resource;
+    std::string serialized_proto;
+  };
 
-  using RdsUpdateMap = std::map<std::string /*route_config_name*/, RdsUpdate>;
+  using LdsUpdateMap = std::map<std::string /*server_name*/, LdsResourceData>;
+
+  struct RdsResourceData {
+    RdsUpdate resource;
+    std::string serialized_proto;
+  };
+
+  using RdsUpdateMap =
+      std::map<std::string /*route_config_name*/, RdsResourceData>;
 
   struct CdsUpdate {
     enum ClusterType { EDS, LOGICAL_DNS, AGGREGATE };
@@ -269,7 +433,12 @@ class XdsApi {
     std::string ToString() const;
   };
 
-  using CdsUpdateMap = std::map<std::string /*cluster_name*/, CdsUpdate>;
+  struct CdsResourceData {
+    CdsUpdate resource;
+    std::string serialized_proto;
+  };
+
+  using CdsUpdateMap = std::map<std::string /*cluster_name*/, CdsResourceData>;
 
   struct EdsUpdate {
     struct Priority {
@@ -353,7 +522,13 @@ class XdsApi {
     std::string ToString() const;
   };
 
-  using EdsUpdateMap = std::map<std::string /*eds_service_name*/, EdsUpdate>;
+  struct EdsResourceData {
+    EdsUpdate resource;
+    std::string serialized_proto;
+  };
+
+  using EdsUpdateMap =
+      std::map<std::string /*eds_service_name*/, EdsResourceData>;
 
   struct ClusterLoadReport {
     XdsClusterDropStats::Snapshot dropped_requests;
@@ -366,18 +541,66 @@ class XdsApi {
       std::pair<std::string /*cluster_name*/, std::string /*eds_service_name*/>,
       ClusterLoadReport>;
 
-  XdsApi(XdsClient* client, TraceFlag* tracer, const XdsBootstrap::Node* node);
+  // The metadata of the xDS resource; used by the xDS config dump.
+  struct ResourceMetadata {
+    // Resource status from the view of a xDS client, which tells the
+    // synchronization status between the xDS client and the xDS server.
+    enum ClientResourceStatus {
+      // Client requested this resource but hasn't received any update from
+      // management server. The client will not fail requests, but will queue
+      // them
+      // until update arrives or the client times out waiting for the resource.
+      REQUESTED = 1,
+      // This resource has been requested by the client but has either not been
+      // delivered by the server or was previously delivered by the server and
+      // then subsequently removed from resources provided by the server.
+      DOES_NOT_EXIST,
+      // Client received this resource and replied with ACK.
+      ACKED,
+      // Client received this resource and replied with NACK.
+      NACKED
+    };
 
-  // Creates an ADS request.
-  // Takes ownership of \a error.
-  grpc_slice CreateAdsRequest(const XdsBootstrap::XdsServer& server,
-                              const std::string& type_url,
-                              const std::set<absl::string_view>& resource_names,
-                              const std::string& version,
-                              const std::string& nonce, grpc_error* error,
-                              bool populate_node);
+    // The client status of this resource.
+    ClientResourceStatus client_status = REQUESTED;
+    // The serialized bytes of the last successfully updated raw xDS resource.
+    std::string serialized_proto;
+    // The timestamp when the resource was last successfully updated.
+    grpc_millis update_time = 0;
+    // The last successfully updated version of the resource.
+    std::string version;
+    // The rejected version string of the last failed update attempt.
+    std::string failed_version;
+    // Details about the last failed update attempt.
+    std::string failed_details;
+    // Timestamp of the last failed update attempt.
+    grpc_millis failed_update_time = 0;
+  };
+  using ResourceMetadataMap =
+      std::map<absl::string_view /*resource_name*/, const ResourceMetadata*>;
+  struct ResourceTypeMetadata {
+    absl::string_view version;
+    ResourceMetadataMap resource_metadata_map;
+  };
+  using ResourceTypeMetadataMap =
+      std::map<absl::string_view /*type_url*/, ResourceTypeMetadata>;
+  static_assert(static_cast<ResourceMetadata::ClientResourceStatus>(
+                    envoy_admin_v3_REQUESTED) ==
+                    ResourceMetadata::ClientResourceStatus::REQUESTED,
+                "");
+  static_assert(static_cast<ResourceMetadata::ClientResourceStatus>(
+                    envoy_admin_v3_DOES_NOT_EXIST) ==
+                    ResourceMetadata::ClientResourceStatus::DOES_NOT_EXIST,
+                "");
+  static_assert(static_cast<ResourceMetadata::ClientResourceStatus>(
+                    envoy_admin_v3_ACKED) ==
+                    ResourceMetadata::ClientResourceStatus::ACKED,
+                "");
+  static_assert(static_cast<ResourceMetadata::ClientResourceStatus>(
+                    envoy_admin_v3_NACKED) ==
+                    ResourceMetadata::ClientResourceStatus::NACKED,
+                "");
 
-  // Parses an ADS response.
   // If the response can't be parsed at the top level, the resulting
   // type_url will be empty.
   // If there is any other type of validation error, the parse_error
@@ -396,8 +619,21 @@ class XdsApi {
     EdsUpdateMap eds_update_map;
     std::set<std::string> resource_names_failed;
   };
+
+  XdsApi(XdsClient* client, TraceFlag* tracer, const XdsBootstrap::Node* node);
+
+  // Creates an ADS request.
+  // Takes ownership of \a error.
+  grpc_slice CreateAdsRequest(const XdsBootstrap::XdsServer& server,
+                              const std::string& type_url,
+                              const std::set<absl::string_view>& resource_names,
+                              const std::string& version,
+                              const std::string& nonce, grpc_error* error,
+                              bool populate_node);
+
+  // Parses an ADS response.
   AdsParseResult ParseAdsResponse(
-      const grpc_slice& encoded_response,
+      const XdsBootstrap::XdsServer& server, const grpc_slice& encoded_response,
       const std::set<absl::string_view>& expected_listener_names,
       const std::set<absl::string_view>& expected_route_configuration_names,
       const std::set<absl::string_view>& expected_cluster_names,
@@ -417,6 +653,10 @@ class XdsApi {
                                std::set<std::string>* cluster_names,
                                grpc_millis* load_reporting_interval);
 
+  // Assemble the client config proto message and return the serialized result.
+  std::string AssembleClientConfig(
+      const ResourceTypeMetadataMap& resource_type_metadata_map);
+
  private:
   XdsClient* client_;
   TraceFlag* tracer_;

data/src/core/ext/xds/xds_bootstrap.cc

@@ -93,13 +93,14 @@ std::string BootstrapString(const XdsBootstrap& bootstrap) {
         "  locality={\n"
         "    region=\"%s\",\n"
         "    zone=\"%s\",\n"
-        "    subzone=\"%s\"\n"
+        "    sub_zone=\"%s\"\n"
         "  },\n"
         "  metadata=%s,\n"
         "},\n",
         bootstrap.node()->id, bootstrap.node()->cluster,
         bootstrap.node()->locality_region, bootstrap.node()->locality_zone,
-        bootstrap.node()->locality_subzone, bootstrap.node()->metadata.Dump()));
+        bootstrap.node()->locality_sub_zone,
+        bootstrap.node()->metadata.Dump()));
   }
   parts.push_back(absl::StrFormat(
       "servers=[\n"
@@ -118,6 +119,11 @@ std::string BootstrapString(const XdsBootstrap& bootstrap) {
         absl::StrJoin(bootstrap.server().server_features, ", "), "],\n"));
   }
   parts.push_back("  }\n],\n");
+  if (!bootstrap.server_listener_resource_name_template().empty()) {
+    parts.push_back(
+        absl::StrFormat("server_listener_resource_name_template=\"%s\",\n",
+                        bootstrap.server_listener_resource_name_template()));
+  }
   parts.push_back("certificate_providers={\n");
   for (const auto& entry : bootstrap.certificate_providers()) {
     parts.push_back(
@@ -232,6 +238,16 @@ XdsBootstrap::XdsBootstrap(Json json, grpc_error** error) {
       if (parse_error != GRPC_ERROR_NONE) error_list.push_back(parse_error);
     }
   }
+  it = json.mutable_object()->find("server_listener_resource_name_template");
+  if (it != json.mutable_object()->end()) {
+    if (it->second.type() != Json::Type::STRING) {
+      error_list.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
+          "\"server_listener_resource_name_template\" field is not a string"));
+    } else {
+      server_listener_resource_name_template_ =
+          std::move(*it->second.mutable_string_value());
+    }
+  }
   if (XdsSecurityEnabled()) {
     it = json.mutable_object()->find("certificate_providers");
     if (it != json.mutable_object()->end()) {
@@ -455,13 +471,13 @@ grpc_error* XdsBootstrap::ParseLocality(Json* json) {
       node_->locality_zone = std::move(*it->second.mutable_string_value());
     }
   }
-  it = json->mutable_object()->find("subzone");
+  it = json->mutable_object()->find("sub_zone");
   if (it != json->mutable_object()->end()) {
     if (it->second.type() != Json::Type::STRING) {
       error_list.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
-          "\"subzone\" field is not a string"));
+          "\"sub_zone\" field is not a string"));
     } else {
-      node_->locality_subzone = std::move(*it->second.mutable_string_value());
+      node_->locality_sub_zone = std::move(*it->second.mutable_string_value());
     }
   }
   return GRPC_ERROR_CREATE_FROM_VECTOR("errors parsing \"locality\" object",