grpc 1.39.0 → 1.41.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (885) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +45 -38
  3. data/include/grpc/byte_buffer.h +1 -1
  4. data/include/grpc/byte_buffer_reader.h +1 -1
  5. data/include/grpc/event_engine/endpoint_config.h +6 -11
  6. data/include/grpc/event_engine/event_engine.h +73 -72
  7. data/include/grpc/event_engine/port.h +1 -3
  8. data/include/grpc/event_engine/slice_allocator.h +14 -34
  9. data/include/grpc/fork.h +1 -1
  10. data/include/grpc/grpc.h +10 -4
  11. data/include/grpc/grpc_posix.h +5 -2
  12. data/include/grpc/impl/codegen/atm.h +5 -3
  13. data/include/grpc/impl/codegen/atm_gcc_atomic.h +2 -0
  14. data/include/grpc/impl/codegen/atm_gcc_sync.h +2 -0
  15. data/include/grpc/impl/codegen/atm_windows.h +2 -0
  16. data/include/grpc/impl/codegen/byte_buffer.h +2 -0
  17. data/include/grpc/impl/codegen/byte_buffer_reader.h +2 -0
  18. data/include/grpc/impl/codegen/compression_types.h +2 -0
  19. data/include/grpc/impl/codegen/connectivity_state.h +2 -0
  20. data/include/grpc/impl/codegen/fork.h +2 -0
  21. data/include/grpc/impl/codegen/gpr_slice.h +2 -0
  22. data/include/grpc/impl/codegen/gpr_types.h +2 -0
  23. data/include/grpc/impl/codegen/grpc_types.h +22 -13
  24. data/include/grpc/impl/codegen/log.h +2 -0
  25. data/include/grpc/impl/codegen/port_platform.h +50 -22
  26. data/include/grpc/impl/codegen/propagation_bits.h +2 -0
  27. data/include/grpc/impl/codegen/slice.h +2 -0
  28. data/include/grpc/impl/codegen/status.h +2 -0
  29. data/include/grpc/impl/codegen/sync.h +8 -5
  30. data/include/grpc/impl/codegen/sync_abseil.h +2 -0
  31. data/include/grpc/impl/codegen/sync_custom.h +2 -0
  32. data/include/grpc/impl/codegen/sync_generic.h +3 -0
  33. data/include/grpc/impl/codegen/sync_posix.h +4 -2
  34. data/include/grpc/impl/codegen/sync_windows.h +2 -0
  35. data/include/grpc/slice.h +1 -1
  36. data/include/grpc/status.h +1 -1
  37. data/include/grpc/support/atm.h +1 -1
  38. data/include/grpc/support/atm_gcc_atomic.h +1 -1
  39. data/include/grpc/support/atm_gcc_sync.h +1 -1
  40. data/include/grpc/support/atm_windows.h +1 -1
  41. data/include/grpc/support/log.h +1 -1
  42. data/include/grpc/support/port_platform.h +1 -1
  43. data/include/grpc/support/sync.h +1 -1
  44. data/include/grpc/support/sync_abseil.h +1 -1
  45. data/include/grpc/support/sync_custom.h +1 -1
  46. data/include/grpc/support/sync_generic.h +1 -1
  47. data/include/grpc/support/sync_posix.h +1 -1
  48. data/include/grpc/support/sync_windows.h +1 -1
  49. data/include/grpc/support/time.h +2 -2
  50. data/src/core/ext/filters/census/grpc_context.cc +1 -0
  51. data/src/core/ext/filters/client_channel/backend_metric.cc +0 -1
  52. data/src/core/ext/filters/client_channel/backup_poller.h +1 -0
  53. data/src/core/ext/filters/client_channel/channel_connectivity.cc +1 -2
  54. data/src/core/ext/filters/client_channel/client_channel.cc +437 -299
  55. data/src/core/ext/filters/client_channel/client_channel.h +45 -21
  56. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +6 -5
  57. data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
  58. data/src/core/ext/filters/client_channel/client_channel_factory.cc +1 -0
  59. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +8 -1
  60. data/src/core/ext/filters/client_channel/config_selector.cc +1 -0
  61. data/src/core/ext/filters/client_channel/config_selector.h +19 -6
  62. data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -6
  63. data/src/core/ext/filters/client_channel/health/health_check_client.h +4 -3
  64. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +8 -7
  65. data/src/core/ext/filters/client_channel/http_connect_handshaker.h +10 -2
  66. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +2 -2
  67. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +9 -16
  68. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
  69. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +2 -2
  70. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -2
  71. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +2 -1
  72. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +12 -21
  73. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +17 -28
  74. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +18 -38
  75. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +8 -15
  76. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +2 -2
  77. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +5 -14
  78. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +23 -30
  79. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +24 -29
  80. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +4 -17
  81. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +7 -11
  82. data/src/core/ext/filters/client_channel/lb_policy.cc +1 -15
  83. data/src/core/ext/filters/client_channel/lb_policy.h +81 -90
  84. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -7
  85. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +2 -10
  86. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -0
  87. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -3
  88. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +6 -5
  89. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +14 -19
  90. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +1 -0
  91. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +2 -2
  92. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +5 -5
  93. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +106 -81
  94. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +2 -3
  95. data/src/core/ext/filters/client_channel/retry_filter.cc +408 -246
  96. data/src/core/ext/filters/client_channel/retry_service_config.cc +36 -26
  97. data/src/core/ext/filters/client_channel/retry_service_config.h +1 -1
  98. data/src/core/ext/filters/client_channel/service_config_call_data.h +45 -5
  99. data/src/core/ext/filters/client_idle/client_idle_filter.cc +36 -30
  100. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +8 -12
  101. data/src/core/ext/filters/fault_injection/service_config_parser.cc +6 -13
  102. data/src/core/ext/filters/http/client/http_client_filter.cc +8 -4
  103. data/src/core/ext/filters/http/client_authority_filter.cc +2 -1
  104. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +2 -1
  105. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +7 -8
  106. data/src/core/ext/filters/http/server/http_server_filter.cc +5 -3
  107. data/src/core/ext/filters/message_size/message_size_filter.cc +9 -13
  108. data/src/core/ext/transport/chttp2/alpn/alpn.cc +2 -1
  109. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +29 -12
  110. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +2 -0
  111. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +2 -3
  112. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +10 -6
  113. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +2 -3
  114. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +65 -38
  115. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +0 -1
  116. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +12 -6
  117. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +5 -9
  118. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +4 -2
  119. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +2 -1
  120. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +1 -0
  121. data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.cc +67 -0
  122. data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.h +74 -0
  123. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +26 -36
  124. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +4 -1
  125. data/src/core/ext/transport/chttp2/transport/context_list.h +1 -2
  126. data/src/core/ext/transport/chttp2/transport/flow_control.cc +39 -23
  127. data/src/core/ext/transport/chttp2/transport/flow_control.h +10 -4
  128. data/src/core/ext/transport/chttp2/transport/frame_data.cc +11 -11
  129. data/src/core/ext/transport/chttp2/transport/frame_data.h +1 -0
  130. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +12 -11
  131. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +1 -0
  132. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +4 -4
  133. data/src/core/ext/transport/chttp2/transport/frame_ping.h +1 -0
  134. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +3 -5
  135. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +1 -0
  136. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +41 -10
  137. data/src/core/ext/transport/chttp2/transport/frame_settings.h +1 -0
  138. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +12 -7
  139. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +1 -0
  140. data/src/core/ext/transport/chttp2/transport/hpack_constants.h +41 -0
  141. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +272 -666
  142. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +236 -70
  143. data/src/core/ext/transport/chttp2/transport/hpack_encoder_index.h +107 -0
  144. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +86 -0
  145. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +69 -0
  146. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +821 -1195
  147. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +76 -76
  148. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +159 -0
  149. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +130 -0
  150. data/src/core/ext/transport/chttp2/transport/hpack_utils.cc +46 -0
  151. data/src/core/ext/transport/chttp2/transport/hpack_utils.h +30 -0
  152. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
  153. data/src/core/ext/transport/chttp2/transport/internal.h +3 -3
  154. data/src/core/ext/transport/chttp2/transport/parsing.cc +89 -83
  155. data/src/core/ext/transport/chttp2/transport/popularity_count.h +60 -0
  156. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +2 -2
  157. data/src/core/ext/transport/chttp2/transport/varint.cc +13 -7
  158. data/src/core/ext/transport/chttp2/transport/varint.h +39 -28
  159. data/src/core/ext/transport/chttp2/transport/writing.cc +32 -28
  160. data/src/core/ext/transport/inproc/inproc_transport.cc +6 -4
  161. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +96 -96
  162. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +221 -89
  163. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +1 -1
  164. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +1 -1
  165. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +3 -3
  166. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +11 -5
  167. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +48 -48
  168. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +151 -61
  169. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +117 -96
  170. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +347 -141
  171. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +15 -15
  172. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +31 -13
  173. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +133 -126
  174. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +326 -149
  175. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +4 -4
  176. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +11 -5
  177. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +23 -23
  178. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +11 -5
  179. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +28 -28
  180. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +71 -29
  181. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +4 -4
  182. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +11 -5
  183. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +114 -78
  184. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +268 -88
  185. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +24 -24
  186. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +51 -21
  187. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +3 -3
  188. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +11 -5
  189. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +9 -9
  190. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +21 -9
  191. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +62 -62
  192. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +131 -53
  193. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +51 -51
  194. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +81 -33
  195. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +5 -5
  196. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +11 -5
  197. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +110 -53
  198. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +356 -45
  199. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +3 -3
  200. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +11 -5
  201. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +46 -0
  202. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +133 -0
  203. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +8 -8
  204. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +11 -5
  205. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +9 -8
  206. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +11 -5
  207. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +35 -0
  208. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +96 -0
  209. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +16 -16
  210. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +31 -13
  211. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +57 -22
  212. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +174 -17
  213. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +32 -32
  214. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +51 -21
  215. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +3 -3
  216. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +11 -5
  217. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +45 -37
  218. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +177 -94
  219. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +42 -40
  220. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +86 -29
  221. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +48 -0
  222. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +177 -0
  223. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +10 -8
  224. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +48 -28
  225. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +30 -30
  226. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +81 -33
  227. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +41 -29
  228. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +141 -43
  229. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +47 -43
  230. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +88 -29
  231. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +34 -17
  232. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +84 -9
  233. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +293 -277
  234. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +633 -240
  235. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +10 -10
  236. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +31 -13
  237. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +6 -6
  238. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +21 -9
  239. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +3 -3
  240. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +11 -5
  241. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +13 -13
  242. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +51 -21
  243. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +24 -23
  244. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +35 -13
  245. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +10 -9
  246. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +26 -16
  247. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +147 -106
  248. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +457 -160
  249. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +1 -1
  250. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +1 -1
  251. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +48 -31
  252. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +135 -34
  253. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +12 -12
  254. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +31 -13
  255. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +44 -42
  256. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +108 -55
  257. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +2 -2
  258. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +11 -5
  259. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +2 -2
  260. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +11 -5
  261. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +42 -42
  262. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +61 -25
  263. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +2 -2
  264. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +11 -5
  265. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +2 -2
  266. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +11 -5
  267. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +9 -9
  268. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +21 -9
  269. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +2 -2
  270. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +11 -5
  271. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +2 -2
  272. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +11 -5
  273. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +48 -20
  274. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +162 -17
  275. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +60 -0
  276. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +205 -0
  277. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +9 -8
  278. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +25 -9
  279. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +4 -4
  280. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +11 -5
  281. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +4 -4
  282. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +11 -5
  283. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +3 -3
  284. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +11 -5
  285. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +10 -9
  286. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +31 -13
  287. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +10 -10
  288. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +21 -9
  289. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +6 -6
  290. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +21 -9
  291. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +11 -11
  292. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +31 -13
  293. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +15 -15
  294. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +71 -29
  295. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +19 -19
  296. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +51 -21
  297. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +1 -1
  298. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +1 -1
  299. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +6 -6
  300. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +21 -9
  301. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +10 -10
  302. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +31 -13
  303. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +5 -5
  304. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +11 -5
  305. data/src/core/ext/upb-generated/google/api/annotations.upb.c +1 -1
  306. data/src/core/ext/upb-generated/google/api/annotations.upb.h +1 -1
  307. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +58 -58
  308. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +111 -45
  309. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +68 -68
  310. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +121 -49
  311. data/src/core/ext/upb-generated/google/api/http.upb.c +18 -18
  312. data/src/core/ext/upb-generated/google/api/http.upb.h +31 -13
  313. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +4 -4
  314. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +11 -5
  315. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +153 -153
  316. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +271 -109
  317. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +4 -4
  318. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +11 -5
  319. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +2 -2
  320. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +11 -5
  321. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +15 -15
  322. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +31 -13
  323. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +4 -4
  324. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +11 -5
  325. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +19 -19
  326. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +91 -37
  327. data/src/core/ext/upb-generated/google/rpc/status.upb.c +5 -5
  328. data/src/core/ext/upb-generated/google/rpc/status.upb.h +11 -5
  329. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +12 -12
  330. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +11 -5
  331. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +60 -60
  332. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +101 -41
  333. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +7 -7
  334. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +21 -9
  335. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +5 -5
  336. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +21 -9
  337. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +31 -31
  338. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +91 -37
  339. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +8 -8
  340. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +31 -13
  341. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +4 -4
  342. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +11 -5
  343. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +1 -1
  344. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +1 -1
  345. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +4 -4
  346. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +11 -5
  347. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +3 -3
  348. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +11 -5
  349. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +13 -13
  350. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +11 -5
  351. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +4 -4
  352. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +11 -5
  353. data/src/core/ext/upb-generated/validate/validate.upb.c +240 -224
  354. data/src/core/ext/upb-generated/validate/validate.upb.h +451 -217
  355. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +3 -3
  356. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +11 -5
  357. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +8 -8
  358. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +21 -9
  359. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +6 -6
  360. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +11 -5
  361. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +5 -5
  362. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +11 -5
  363. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +11 -11
  364. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +21 -9
  365. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +6 -6
  366. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +11 -5
  367. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +15 -7
  368. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +53 -52
  369. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +318 -277
  370. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +5 -0
  371. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +438 -409
  372. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +198 -170
  373. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
  374. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +9 -8
  375. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +219 -163
  376. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +15 -0
  377. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +59 -0
  378. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +40 -0
  379. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +29 -25
  380. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +52 -0
  381. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +35 -0
  382. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +94 -63
  383. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +10 -0
  384. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +135 -125
  385. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +5 -0
  386. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +131 -123
  387. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +90 -0
  388. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +35 -0
  389. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +32 -24
  390. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +30 -19
  391. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +5 -0
  392. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +69 -55
  393. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +5 -0
  394. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +796 -765
  395. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
  396. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +13 -10
  397. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +13 -10
  398. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +436 -374
  399. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +10 -0
  400. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +140 -114
  401. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +5 -0
  402. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +178 -173
  403. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +112 -79
  404. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +5 -0
  405. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +64 -0
  406. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +50 -0
  407. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +14 -13
  408. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +35 -32
  409. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +103 -103
  410. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +4 -4
  411. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +182 -160
  412. data/src/core/ext/xds/certificate_provider_registry.cc +2 -2
  413. data/src/core/ext/xds/certificate_provider_store.h +1 -1
  414. data/src/core/ext/xds/xds_api.cc +1116 -1054
  415. data/src/core/ext/xds/xds_api.h +47 -35
  416. data/src/core/ext/xds/xds_bootstrap.cc +29 -51
  417. data/src/core/ext/xds/xds_client.cc +130 -68
  418. data/src/core/ext/xds/xds_client.h +0 -4
  419. data/src/core/ext/xds/xds_client_stats.cc +16 -15
  420. data/src/core/ext/xds/xds_client_stats.h +6 -6
  421. data/src/core/ext/xds/xds_http_fault_filter.cc +4 -3
  422. data/src/core/ext/xds/xds_http_fault_filter.h +3 -2
  423. data/src/core/ext/xds/xds_http_filters.cc +4 -2
  424. data/src/core/ext/xds/xds_http_filters.h +3 -0
  425. data/src/core/ext/xds/xds_server_config_fetcher.cc +10 -10
  426. data/src/core/lib/address_utils/parse_address.cc +4 -8
  427. data/src/core/lib/address_utils/sockaddr_utils.cc +2 -2
  428. data/src/core/lib/channel/call_tracer.h +85 -0
  429. data/src/core/lib/channel/channel_args.cc +2 -1
  430. data/src/core/lib/channel/channel_stack.cc +5 -3
  431. data/src/core/lib/channel/channel_stack.h +1 -1
  432. data/src/core/lib/channel/channel_stack_builder.cc +1 -11
  433. data/src/core/lib/channel/channel_stack_builder.h +0 -8
  434. data/src/core/lib/channel/channel_trace.cc +4 -3
  435. data/src/core/lib/channel/channel_trace.h +1 -0
  436. data/src/core/lib/channel/channelz.cc +40 -36
  437. data/src/core/lib/channel/channelz.h +27 -27
  438. data/src/core/lib/channel/channelz_registry.cc +7 -6
  439. data/src/core/lib/channel/connected_channel.cc +1 -0
  440. data/src/core/lib/channel/context.h +3 -0
  441. data/src/core/lib/channel/handshaker.cc +2 -1
  442. data/src/core/lib/channel/handshaker.h +1 -2
  443. data/src/core/lib/channel/handshaker_factory.h +10 -2
  444. data/src/core/lib/channel/handshaker_registry.cc +15 -70
  445. data/src/core/lib/channel/handshaker_registry.h +29 -12
  446. data/src/core/lib/channel/status_util.h +6 -2
  447. data/src/core/lib/compression/algorithm_metadata.h +1 -0
  448. data/src/core/lib/compression/compression_args.cc +2 -1
  449. data/src/core/lib/compression/compression_internal.cc +2 -4
  450. data/src/core/lib/compression/message_compress.cc +2 -2
  451. data/src/core/lib/compression/stream_compression.cc +2 -1
  452. data/src/core/lib/compression/stream_compression.h +3 -2
  453. data/src/core/lib/compression/stream_compression_gzip.cc +2 -1
  454. data/src/core/lib/compression/stream_compression_gzip.h +1 -1
  455. data/src/core/lib/compression/stream_compression_identity.cc +2 -1
  456. data/src/core/lib/compression/stream_compression_identity.h +1 -1
  457. data/src/core/lib/config/core_configuration.cc +54 -0
  458. data/src/core/lib/config/core_configuration.h +108 -0
  459. data/src/core/lib/debug/stats.h +2 -1
  460. data/src/core/lib/debug/stats_data.cc +2 -1
  461. data/src/core/lib/debug/stats_data.h +1 -0
  462. data/src/core/lib/debug/trace.cc +1 -0
  463. data/src/core/lib/debug/trace.h +2 -1
  464. data/src/core/lib/event_engine/endpoint_config.cc +0 -1
  465. data/src/core/lib/event_engine/event_engine.cc +3 -3
  466. data/src/core/lib/event_engine/sockaddr.cc +3 -3
  467. data/src/core/lib/gpr/alloc.cc +4 -3
  468. data/src/core/lib/gpr/env_linux.cc +1 -2
  469. data/src/core/lib/gpr/env_posix.cc +2 -3
  470. data/src/core/lib/gpr/log.cc +3 -3
  471. data/src/core/lib/gpr/log_android.cc +3 -2
  472. data/src/core/lib/gpr/log_linux.cc +7 -4
  473. data/src/core/lib/gpr/log_posix.cc +6 -3
  474. data/src/core/lib/gpr/murmur_hash.cc +4 -2
  475. data/src/core/lib/gpr/string.h +2 -2
  476. data/src/core/lib/gpr/sync.cc +2 -2
  477. data/src/core/lib/gpr/sync_abseil.cc +7 -6
  478. data/src/core/lib/gpr/sync_posix.cc +3 -3
  479. data/src/core/lib/gpr/time.cc +3 -2
  480. data/src/core/lib/gpr/time_windows.cc +3 -2
  481. data/src/core/lib/gpr/tls.h +120 -41
  482. data/src/core/lib/gpr/tmpfile_posix.cc +1 -2
  483. data/src/core/lib/gprpp/arena.cc +2 -1
  484. data/src/core/lib/gprpp/arena.h +5 -5
  485. data/src/core/lib/gprpp/atomic_utils.h +47 -0
  486. data/src/core/lib/gprpp/bitset.h +166 -0
  487. data/src/core/lib/gprpp/construct_destruct.h +39 -0
  488. data/src/core/lib/gprpp/dual_ref_counted.h +25 -26
  489. data/src/core/lib/gprpp/fork.cc +14 -12
  490. data/src/core/lib/gprpp/fork.h +4 -4
  491. data/src/core/lib/gprpp/global_config.h +1 -2
  492. data/src/core/lib/gprpp/global_config_env.cc +7 -7
  493. data/src/core/lib/gprpp/global_config_generic.h +2 -2
  494. data/src/core/lib/gprpp/manual_constructor.h +9 -6
  495. data/src/core/lib/gprpp/match.h +73 -0
  496. data/src/core/lib/gprpp/memory.h +3 -3
  497. data/src/core/lib/gprpp/mpscq.cc +7 -7
  498. data/src/core/lib/gprpp/mpscq.h +6 -5
  499. data/src/core/lib/gprpp/orphanable.h +6 -6
  500. data/src/core/lib/gprpp/overload.h +59 -0
  501. data/src/core/lib/gprpp/ref_counted.h +18 -18
  502. data/src/core/lib/gprpp/status_helper.cc +4 -4
  503. data/src/core/lib/gprpp/sync.h +5 -31
  504. data/src/core/lib/gprpp/thd_posix.cc +5 -5
  505. data/src/core/lib/gprpp/thd_windows.cc +4 -11
  506. data/src/core/lib/gprpp/time_util.cc +2 -2
  507. data/src/core/lib/gprpp/time_util.h +2 -2
  508. data/src/core/lib/http/format_request.cc +1 -0
  509. data/src/core/lib/http/format_request.h +1 -0
  510. data/src/core/lib/http/httpcli.cc +9 -9
  511. data/src/core/lib/http/httpcli.h +3 -0
  512. data/src/core/lib/http/httpcli_security_connector.cc +5 -8
  513. data/src/core/lib/http/parser.h +1 -0
  514. data/src/core/lib/iomgr/buffer_list.cc +3 -2
  515. data/src/core/lib/iomgr/buffer_list.h +1 -2
  516. data/src/core/lib/iomgr/call_combiner.cc +1 -0
  517. data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
  518. data/src/core/lib/iomgr/combiner.cc +3 -2
  519. data/src/core/lib/iomgr/combiner.h +1 -0
  520. data/src/core/lib/iomgr/dualstack_socket_posix.cc +1 -0
  521. data/src/core/lib/iomgr/endpoint.cc +0 -4
  522. data/src/core/lib/iomgr/endpoint.h +1 -3
  523. data/src/core/lib/iomgr/endpoint_cfstream.cc +9 -20
  524. data/src/core/lib/iomgr/endpoint_cfstream.h +1 -1
  525. data/src/core/lib/iomgr/endpoint_pair.h +1 -0
  526. data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +1 -2
  527. data/src/core/lib/iomgr/endpoint_pair_posix.cc +15 -11
  528. data/src/core/lib/iomgr/endpoint_pair_windows.cc +17 -9
  529. data/src/core/lib/iomgr/error.h +23 -9
  530. data/src/core/lib/iomgr/error_cfstream.cc +2 -2
  531. data/src/core/lib/iomgr/error_internal.h +1 -0
  532. data/src/core/lib/iomgr/ev_apple.h +1 -1
  533. data/src/core/lib/iomgr/ev_epoll1_linux.cc +14 -22
  534. data/src/core/lib/iomgr/ev_epollex_linux.cc +15 -22
  535. data/src/core/lib/iomgr/ev_poll_posix.cc +13 -25
  536. data/src/core/lib/iomgr/ev_posix.cc +1 -2
  537. data/src/core/lib/iomgr/event_engine/endpoint.cc +9 -30
  538. data/src/core/lib/iomgr/event_engine/endpoint.h +1 -2
  539. data/src/core/lib/iomgr/event_engine/iomgr.cc +17 -18
  540. data/src/core/lib/iomgr/event_engine/iomgr.h +20 -2
  541. data/src/core/lib/iomgr/event_engine/resolver.cc +2 -1
  542. data/src/core/lib/iomgr/event_engine/tcp.cc +68 -19
  543. data/src/core/lib/iomgr/exec_ctx.cc +3 -4
  544. data/src/core/lib/iomgr/exec_ctx.h +11 -19
  545. data/src/core/lib/iomgr/executor/mpmcqueue.cc +10 -9
  546. data/src/core/lib/iomgr/executor/mpmcqueue.h +4 -3
  547. data/src/core/lib/iomgr/executor/threadpool.cc +2 -2
  548. data/src/core/lib/iomgr/executor/threadpool.h +2 -1
  549. data/src/core/lib/iomgr/executor.cc +5 -6
  550. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
  551. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
  552. data/src/core/lib/iomgr/internal_errqueue.cc +3 -2
  553. data/src/core/lib/iomgr/iocp_windows.cc +1 -0
  554. data/src/core/lib/iomgr/iomgr.h +2 -2
  555. data/src/core/lib/iomgr/iomgr_custom.cc +2 -2
  556. data/src/core/lib/iomgr/iomgr_custom.h +2 -2
  557. data/src/core/lib/iomgr/iomgr_internal.cc +2 -1
  558. data/src/core/lib/iomgr/iomgr_windows.cc +1 -2
  559. data/src/core/lib/iomgr/is_epollexclusive_available.cc +4 -4
  560. data/src/core/lib/iomgr/polling_entity.cc +2 -2
  561. data/src/core/lib/iomgr/pollset_custom.cc +3 -4
  562. data/src/core/lib/iomgr/pollset_custom.h +2 -2
  563. data/src/core/lib/iomgr/pollset_set_custom.cc +1 -2
  564. data/src/core/lib/iomgr/pollset_set_windows.cc +1 -0
  565. data/src/core/lib/iomgr/port.h +0 -5
  566. data/src/core/lib/iomgr/python_util.h +2 -1
  567. data/src/core/lib/iomgr/resolve_address.cc +2 -1
  568. data/src/core/lib/iomgr/resolve_address.h +0 -4
  569. data/src/core/lib/iomgr/resolve_address_custom.cc +4 -4
  570. data/src/core/lib/iomgr/resolve_address_custom.h +0 -1
  571. data/src/core/lib/iomgr/resolve_address_posix.cc +2 -4
  572. data/src/core/lib/iomgr/resolve_address_windows.cc +6 -8
  573. data/src/core/lib/iomgr/resource_quota.cc +127 -40
  574. data/src/core/lib/iomgr/resource_quota.h +66 -17
  575. data/src/core/lib/iomgr/sockaddr.h +1 -1
  576. data/src/core/lib/iomgr/socket_factory_posix.cc +3 -3
  577. data/src/core/lib/iomgr/socket_factory_posix.h +1 -0
  578. data/src/core/lib/iomgr/socket_mutator.h +2 -2
  579. data/src/core/lib/iomgr/socket_utils_common_posix.cc +3 -3
  580. data/src/core/lib/iomgr/socket_utils_linux.cc +4 -4
  581. data/src/core/lib/iomgr/socket_utils_posix.cc +2 -2
  582. data/src/core/lib/iomgr/socket_utils_posix.h +2 -2
  583. data/src/core/lib/iomgr/socket_utils_windows.cc +2 -2
  584. data/src/core/lib/iomgr/tcp_client.cc +4 -2
  585. data/src/core/lib/iomgr/tcp_client.h +4 -0
  586. data/src/core/lib/iomgr/tcp_client_cfstream.cc +9 -19
  587. data/src/core/lib/iomgr/tcp_client_custom.cc +9 -17
  588. data/src/core/lib/iomgr/tcp_client_posix.cc +24 -9
  589. data/src/core/lib/iomgr/tcp_client_posix.h +5 -2
  590. data/src/core/lib/iomgr/tcp_client_windows.cc +16 -6
  591. data/src/core/lib/iomgr/tcp_custom.cc +11 -23
  592. data/src/core/lib/iomgr/tcp_custom.h +2 -1
  593. data/src/core/lib/iomgr/tcp_posix.cc +29 -59
  594. data/src/core/lib/iomgr/tcp_posix.h +11 -12
  595. data/src/core/lib/iomgr/tcp_server.cc +6 -4
  596. data/src/core/lib/iomgr/tcp_server.h +12 -9
  597. data/src/core/lib/iomgr/tcp_server_custom.cc +15 -33
  598. data/src/core/lib/iomgr/tcp_server_posix.cc +21 -13
  599. data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -0
  600. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +1 -2
  601. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +3 -4
  602. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
  603. data/src/core/lib/iomgr/tcp_server_windows.cc +13 -9
  604. data/src/core/lib/iomgr/tcp_windows.cc +6 -25
  605. data/src/core/lib/iomgr/tcp_windows.h +2 -1
  606. data/src/core/lib/iomgr/timer.cc +1 -0
  607. data/src/core/lib/iomgr/timer.h +1 -2
  608. data/src/core/lib/iomgr/timer_custom.cc +2 -2
  609. data/src/core/lib/iomgr/timer_generic.cc +8 -38
  610. data/src/core/lib/iomgr/timer_generic.h +1 -0
  611. data/src/core/lib/iomgr/timer_heap.cc +1 -2
  612. data/src/core/lib/iomgr/timer_manager.cc +1 -1
  613. data/src/core/lib/iomgr/udp_server.cc +1 -2
  614. data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -5
  615. data/src/core/lib/iomgr/unix_sockets_posix.h +2 -3
  616. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -0
  617. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -3
  618. data/src/core/lib/iomgr/wakeup_fd_posix.cc +1 -0
  619. data/src/core/lib/iomgr/work_serializer.cc +4 -4
  620. data/src/core/lib/iomgr/work_serializer.h +1 -1
  621. data/src/core/lib/json/json_reader.cc +10 -19
  622. data/src/core/lib/json/json_util.h +18 -26
  623. data/src/core/lib/matchers/matchers.cc +8 -20
  624. data/src/core/lib/matchers/matchers.h +2 -2
  625. data/src/core/lib/profiling/basic_timers.cc +8 -6
  626. data/src/core/lib/profiling/stap_timers.cc +2 -2
  627. data/src/core/lib/security/authorization/authorization_policy_provider.h +5 -4
  628. data/src/core/lib/security/authorization/evaluate_args.cc +2 -0
  629. data/src/core/lib/security/authorization/sdk_server_authz_filter.cc +159 -0
  630. data/src/core/lib/security/authorization/sdk_server_authz_filter.h +67 -0
  631. data/src/core/lib/security/context/security_context.cc +7 -6
  632. data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +2 -2
  633. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +2 -2
  634. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +2 -2
  635. data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -3
  636. data/src/core/lib/security/credentials/credentials.cc +6 -6
  637. data/src/core/lib/security/credentials/credentials.h +1 -1
  638. data/src/core/lib/security/credentials/credentials_metadata.cc +2 -3
  639. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +13 -26
  640. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -2
  641. data/src/core/lib/security/credentials/external/aws_request_signer.cc +3 -3
  642. data/src/core/lib/security/credentials/external/external_account_credentials.cc +13 -22
  643. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +2 -4
  644. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +1 -2
  645. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +55 -3
  646. data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -1
  647. data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
  648. data/src/core/lib/security/credentials/jwt/json_token.h +2 -1
  649. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +31 -14
  650. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +11 -3
  651. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -2
  652. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +3 -3
  653. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +3 -7
  654. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -0
  655. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -4
  656. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +4 -4
  657. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +0 -1
  658. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +3 -2
  659. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +10 -6
  660. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +50 -0
  661. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +14 -5
  662. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +2 -2
  663. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +4 -6
  664. data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +1 -0
  665. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -3
  666. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +4 -7
  667. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +1 -2
  668. data/src/core/lib/security/security_connector/ssl_utils.cc +2 -3
  669. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +15 -32
  670. data/src/core/lib/security/transport/auth_filters.h +1 -0
  671. data/src/core/lib/security/transport/client_auth_filter.cc +4 -6
  672. data/src/core/lib/security/transport/secure_endpoint.cc +4 -14
  673. data/src/core/lib/security/transport/secure_endpoint.h +1 -0
  674. data/src/core/lib/security/transport/security_handshaker.cc +17 -8
  675. data/src/core/lib/security/transport/security_handshaker.h +2 -1
  676. data/src/core/lib/security/transport/server_auth_filter.cc +0 -7
  677. data/src/core/lib/security/util/json_util.cc +6 -8
  678. data/src/core/lib/slice/percent_encoding.cc +73 -30
  679. data/src/core/lib/slice/percent_encoding.h +29 -28
  680. data/src/core/lib/slice/slice.cc +14 -5
  681. data/src/core/lib/slice/slice_buffer.cc +1 -2
  682. data/src/core/lib/slice/slice_intern.cc +2 -3
  683. data/src/core/lib/slice/slice_internal.h +3 -2
  684. data/src/core/lib/surface/api_trace.cc +2 -1
  685. data/src/core/lib/surface/api_trace.h +1 -0
  686. data/src/core/lib/surface/byte_buffer_reader.cc +1 -1
  687. data/src/core/lib/surface/call.cc +14 -14
  688. data/src/core/lib/surface/call.h +3 -3
  689. data/src/core/lib/surface/call_details.cc +2 -2
  690. data/src/core/lib/surface/call_log_batch.cc +2 -2
  691. data/src/core/lib/surface/channel.cc +22 -9
  692. data/src/core/lib/surface/channel.h +14 -2
  693. data/src/core/lib/surface/channel_ping.cc +1 -2
  694. data/src/core/lib/surface/channel_stack_type.cc +2 -1
  695. data/src/core/lib/surface/completion_queue.cc +54 -64
  696. data/src/core/lib/surface/completion_queue_factory.cc +2 -1
  697. data/src/core/lib/surface/completion_queue_factory.h +1 -0
  698. data/src/core/lib/surface/event_string.cc +1 -0
  699. data/src/core/lib/surface/init.cc +4 -9
  700. data/src/core/lib/surface/init.h +0 -1
  701. data/src/core/lib/surface/init_secure.cc +23 -4
  702. data/src/core/lib/surface/lame_client.cc +6 -5
  703. data/src/core/lib/surface/metadata_array.cc +2 -2
  704. data/src/core/lib/surface/server.cc +20 -34
  705. data/src/core/lib/surface/server.h +14 -16
  706. data/src/core/lib/surface/validate_metadata.cc +44 -16
  707. data/src/core/lib/surface/version.cc +2 -4
  708. data/src/core/lib/transport/byte_stream.h +1 -0
  709. data/src/core/lib/transport/connectivity_state.cc +8 -5
  710. data/src/core/lib/transport/connectivity_state.h +2 -2
  711. data/src/core/lib/transport/error_utils.cc +1 -0
  712. data/src/core/lib/transport/metadata.cc +10 -10
  713. data/src/core/lib/transport/metadata.h +13 -11
  714. data/src/core/lib/transport/metadata_batch.cc +13 -2
  715. data/src/core/lib/transport/metadata_batch.h +15 -0
  716. data/src/core/lib/transport/transport_op_string.cc +2 -2
  717. data/src/core/plugin_registry/grpc_plugin_registry.cc +14 -0
  718. data/src/core/tsi/alts/crypt/aes_gcm.cc +3 -2
  719. data/src/core/tsi/alts/crypt/gsec.h +2 -3
  720. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +2 -2
  721. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +2 -3
  722. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +2 -2
  723. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +4 -3
  724. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +2 -2
  725. data/src/core/tsi/ssl_transport_security.cc +11 -9
  726. data/src/core/tsi/ssl_transport_security.h +3 -1
  727. data/src/core/tsi/transport_security.cc +3 -3
  728. data/src/core/tsi/transport_security_grpc.h +1 -0
  729. data/src/ruby/ext/grpc/extconf.rb +1 -1
  730. data/src/ruby/ext/grpc/rb_byte_buffer.c +2 -1
  731. data/src/ruby/ext/grpc/rb_call.c +5 -5
  732. data/src/ruby/ext/grpc/rb_call_credentials.c +5 -5
  733. data/src/ruby/ext/grpc/rb_channel.c +10 -8
  734. data/src/ruby/ext/grpc/rb_channel_args.c +2 -2
  735. data/src/ruby/ext/grpc/rb_channel_credentials.c +4 -4
  736. data/src/ruby/ext/grpc/rb_channel_credentials.h +1 -0
  737. data/src/ruby/ext/grpc/rb_completion_queue.c +3 -2
  738. data/src/ruby/ext/grpc/rb_compression_options.c +5 -4
  739. data/src/ruby/ext/grpc/rb_event_thread.c +4 -4
  740. data/src/ruby/ext/grpc/rb_grpc.c +5 -4
  741. data/src/ruby/ext/grpc/rb_grpc.h +1 -0
  742. data/src/ruby/ext/grpc/rb_server.c +6 -5
  743. data/src/ruby/ext/grpc/rb_server_credentials.c +3 -3
  744. data/src/ruby/ext/grpc/rb_server_credentials.h +1 -0
  745. data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +8 -5
  746. data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +3 -1
  747. data/src/ruby/ext/grpc/rb_xds_server_credentials.c +6 -5
  748. data/src/ruby/ext/grpc/rb_xds_server_credentials.h +3 -1
  749. data/src/ruby/lib/grpc/version.rb +1 -1
  750. data/third_party/boringssl-with-bazel/err_data.c +294 -292
  751. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +52 -47
  752. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +1 -1
  753. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +1 -1
  754. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +1 -0
  755. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +1 -1
  756. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
  757. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +1 -1
  758. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +1 -1
  759. data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_locl.h → internal.h} +20 -1
  760. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +1 -1
  761. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -1
  762. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +1 -1
  763. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +1 -1
  764. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +1 -1
  765. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +1 -1
  766. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +14 -3
  767. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +5 -3
  768. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +5 -6
  769. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
  770. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +5 -9
  771. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +1 -1
  772. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +4 -6
  773. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +34 -0
  774. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +219 -121
  775. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +9 -2
  776. data/third_party/boringssl-with-bazel/src/crypto/internal.h +23 -2
  777. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +253 -0
  778. data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +28 -23
  779. data/third_party/boringssl-with-bazel/src/crypto/mem.c +2 -0
  780. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +7 -3
  781. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +1 -1
  782. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +1 -0
  783. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +4 -0
  784. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/fuchsia.c +4 -0
  785. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +4 -0
  786. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +2 -2
  787. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +15 -11
  788. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -1
  789. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +1 -0
  790. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +45 -2
  791. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +4 -2
  792. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +10 -3
  793. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +6 -23
  794. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +2 -2
  795. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +1 -0
  796. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +25 -22
  797. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +0 -4
  798. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +1 -0
  799. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +1 -3
  800. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +9 -11
  801. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +2 -0
  802. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +1 -3
  803. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +1 -3
  804. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +1 -0
  805. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +0 -2
  806. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +2 -0
  807. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -11
  808. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +5 -5
  809. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +160 -74
  810. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +0 -1
  811. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +8 -5
  812. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +3 -0
  813. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +6 -0
  814. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +25 -0
  815. data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +14 -12
  816. data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +4 -205
  817. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +3 -0
  818. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +5 -4
  819. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +58 -6
  820. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +184 -55
  821. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +0 -5
  822. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +9 -16
  823. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +44 -2
  824. data/third_party/boringssl-with-bazel/src/ssl/{t1_lib.cc → extensions.cc} +24 -11
  825. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +9 -0
  826. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +75 -68
  827. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +17 -9
  828. data/third_party/boringssl-with-bazel/src/ssl/internal.h +25 -6
  829. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +1 -2
  830. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +11 -5
  831. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +0 -49
  832. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +121 -65
  833. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +14 -6
  834. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +9 -11
  835. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +2 -2
  836. data/third_party/upb/upb/decode.c +129 -60
  837. data/third_party/upb/upb/decode.h +32 -4
  838. data/third_party/upb/upb/decode_fast.c +513 -500
  839. data/third_party/upb/upb/decode_fast.h +27 -0
  840. data/third_party/upb/upb/{decode.int.h → decode_internal.h} +38 -8
  841. data/third_party/upb/upb/def.c +171 -181
  842. data/third_party/upb/upb/def.h +41 -19
  843. data/third_party/upb/upb/def.hpp +29 -0
  844. data/third_party/upb/upb/encode.c +49 -16
  845. data/third_party/upb/upb/encode.h +29 -2
  846. data/third_party/upb/upb/msg.c +169 -28
  847. data/third_party/upb/upb/msg.h +75 -580
  848. data/third_party/upb/upb/msg_internal.h +687 -0
  849. data/third_party/upb/upb/port_def.inc +85 -24
  850. data/third_party/upb/upb/port_undef.inc +38 -1
  851. data/third_party/upb/upb/reflection.c +29 -37
  852. data/third_party/upb/upb/reflection.h +36 -8
  853. data/third_party/upb/upb/reflection.hpp +37 -0
  854. data/third_party/upb/upb/table.c +211 -86
  855. data/third_party/upb/upb/{table.int.h → table_internal.h} +56 -180
  856. data/third_party/upb/upb/text_encode.c +32 -4
  857. data/third_party/upb/upb/text_encode.h +26 -0
  858. data/third_party/upb/upb/upb.c +59 -8
  859. data/third_party/upb/upb/upb.h +36 -6
  860. data/third_party/upb/upb/upb.hpp +24 -0
  861. data/third_party/upb/upb/upb_internal.h +58 -0
  862. data/third_party/xxhash/xxhash.h +77 -195
  863. metadata +79 -60
  864. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +0 -179
  865. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +0 -38
  866. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +0 -243
  867. data/src/core/ext/transport/chttp2/transport/hpack_table.h +0 -148
  868. data/src/core/lib/event_engine/slice_allocator.cc +0 -89
  869. data/src/core/lib/gpr/arena.h +0 -47
  870. data/src/core/lib/gpr/tls_gcc.h +0 -52
  871. data/src/core/lib/gpr/tls_msvc.h +0 -54
  872. data/src/core/lib/gpr/tls_pthread.cc +0 -30
  873. data/src/core/lib/gpr/tls_pthread.h +0 -56
  874. data/src/core/lib/gpr/tls_stdcpp.h +0 -48
  875. data/src/core/lib/gprpp/atomic.h +0 -104
  876. data/src/core/lib/iomgr/endpoint_pair_uv.cc +0 -40
  877. data/src/core/lib/iomgr/iomgr_uv.cc +0 -43
  878. data/src/core/lib/iomgr/pollset_uv.cc +0 -95
  879. data/src/core/lib/iomgr/pollset_uv.h +0 -36
  880. data/src/core/lib/iomgr/sockaddr_custom.h +0 -54
  881. data/src/core/lib/iomgr/socket_utils_uv.cc +0 -49
  882. data/src/core/lib/iomgr/tcp_uv.cc +0 -421
  883. data/src/core/lib/iomgr/timer_uv.cc +0 -66
  884. data/third_party/upb/third_party/wyhash/wyhash.h +0 -145
  885. data/third_party/upb/upb/upb.int.h +0 -29
@@ -18,6 +18,8 @@
18
18
 
19
19
  #include <grpc/support/port_platform.h>
20
20
 
21
+ #include "src/core/ext/xds/xds_api.h"
22
+
21
23
  #include <algorithm>
22
24
  #include <cctype>
23
25
  #include <cstdint>
@@ -89,7 +91,6 @@
89
91
  #include <grpc/support/alloc.h>
90
92
  #include <grpc/support/string_util.h>
91
93
 
92
- #include "src/core/ext/xds/xds_api.h"
93
94
  #include "src/core/lib/address_utils/sockaddr_utils.h"
94
95
  #include "src/core/lib/gpr/env.h"
95
96
  #include "src/core/lib/gpr/string.h"
@@ -115,28 +116,6 @@ bool XdsAggregateAndLogicalDnsClusterEnabled() {
115
116
  return parse_succeeded && parsed_value;
116
117
  }
117
118
 
118
- // TODO(donnadionne): Check to see if ring hash policy is enabled, this will be
119
- // removed once ring hash policy is fully integration-tested and enabled by
120
- // default.
121
- bool XdsRingHashEnabled() {
122
- char* value = gpr_getenv("GRPC_XDS_EXPERIMENTAL_ENABLE_RING_HASH");
123
- bool parsed_value;
124
- bool parse_succeeded = gpr_parse_bool_value(value, &parsed_value);
125
- gpr_free(value);
126
- return parse_succeeded && parsed_value;
127
- }
128
-
129
- // TODO(yashykt): Check to see if xDS security is enabled. This will be
130
- // removed once this feature is fully integration-tested and enabled by
131
- // default.
132
- bool XdsSecurityEnabled() {
133
- char* value = gpr_getenv("GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT");
134
- bool parsed_value;
135
- bool parse_succeeded = gpr_parse_bool_value(value, &parsed_value);
136
- gpr_free(value);
137
- return parse_succeeded && parsed_value;
138
- }
139
-
140
119
  //
141
120
  // XdsApi::Route::HashPolicy
142
121
  //
@@ -214,6 +193,25 @@ std::string XdsApi::Route::HashPolicy::ToString() const {
214
193
  return absl::StrCat("{", absl::StrJoin(contents, ", "), "}");
215
194
  }
216
195
 
196
+ //
197
+ // XdsApi::Route::RetryPolicy
198
+ //
199
+ std::string XdsApi::Route::RetryPolicy::RetryBackOff::ToString() const {
200
+ std::vector<std::string> contents;
201
+ contents.push_back(
202
+ absl::StrCat("RetryBackOff Base: ", base_interval.ToString()));
203
+ contents.push_back(
204
+ absl::StrCat("RetryBackOff max: ", max_interval.ToString()));
205
+ return absl::StrJoin(contents, ",");
206
+ }
207
+
208
+ std::string XdsApi::Route::RetryPolicy::ToString() const {
209
+ std::vector<std::string> contents;
210
+ contents.push_back(absl::StrFormat("num_retries=%d", num_retries));
211
+ contents.push_back(retry_back_off.ToString());
212
+ return absl::StrJoin(contents, ",");
213
+ }
214
+
217
215
  //
218
216
  // XdsApi::Route
219
217
  //
@@ -255,6 +253,10 @@ std::string XdsApi::Route::ToString() const {
255
253
  for (const HashPolicy& hash_policy : hash_policies) {
256
254
  contents.push_back(absl::StrCat("hash_policy=", hash_policy.ToString()));
257
255
  }
256
+ if (retry_policy.has_value()) {
257
+ contents.push_back(
258
+ absl::StrCat("retry_policy={", retry_policy->ToString(), "}"));
259
+ }
258
260
  if (!cluster_name.empty()) {
259
261
  contents.push_back(absl::StrFormat("Cluster name: %s", cluster_name));
260
262
  }
@@ -425,11 +427,11 @@ bool XdsApi::CommonTlsContext::CertificateValidationContext::Empty() const {
425
427
  }
426
428
 
427
429
  //
428
- // XdsApi::CommonTlsContext::CertificateValidationContext
430
+ // XdsApi::CommonTlsContext::CertificateProviderPluginInstance
429
431
  //
430
432
 
431
- std::string XdsApi::CommonTlsContext::CertificateProviderInstance::ToString()
432
- const {
433
+ std::string
434
+ XdsApi::CommonTlsContext::CertificateProviderPluginInstance::ToString() const {
433
435
  absl::InlinedVector<std::string, 2> contents;
434
436
  if (!instance_name.empty()) {
435
437
  contents.push_back(absl::StrFormat("instance_name=%s", instance_name));
@@ -441,34 +443,9 @@ std::string XdsApi::CommonTlsContext::CertificateProviderInstance::ToString()
441
443
  return absl::StrCat("{", absl::StrJoin(contents, ", "), "}");
442
444
  }
443
445
 
444
- bool XdsApi::CommonTlsContext::CertificateProviderInstance::Empty() const {
445
- return instance_name.empty() && certificate_name.empty();
446
- }
447
-
448
- //
449
- // XdsApi::CommonTlsContext::CombinedCertificateValidationContext
450
- //
451
-
452
- std::string
453
- XdsApi::CommonTlsContext::CombinedCertificateValidationContext::ToString()
454
- const {
455
- absl::InlinedVector<std::string, 2> contents;
456
- if (!default_validation_context.Empty()) {
457
- contents.push_back(absl::StrFormat("default_validation_context=%s",
458
- default_validation_context.ToString()));
459
- }
460
- if (!validation_context_certificate_provider_instance.Empty()) {
461
- contents.push_back(absl::StrFormat(
462
- "validation_context_certificate_provider_instance=%s",
463
- validation_context_certificate_provider_instance.ToString()));
464
- }
465
- return absl::StrCat("{", absl::StrJoin(contents, ", "), "}");
466
- }
467
-
468
- bool XdsApi::CommonTlsContext::CombinedCertificateValidationContext::Empty()
446
+ bool XdsApi::CommonTlsContext::CertificateProviderPluginInstance::Empty()
469
447
  const {
470
- return default_validation_context.Empty() &&
471
- validation_context_certificate_provider_instance.Empty();
448
+ return instance_name.empty() && certificate_name.empty();
472
449
  }
473
450
 
474
451
  //
@@ -477,21 +454,22 @@ bool XdsApi::CommonTlsContext::CombinedCertificateValidationContext::Empty()
477
454
 
478
455
  std::string XdsApi::CommonTlsContext::ToString() const {
479
456
  absl::InlinedVector<std::string, 2> contents;
480
- if (!tls_certificate_certificate_provider_instance.Empty()) {
481
- contents.push_back(absl::StrFormat(
482
- "tls_certificate_certificate_provider_instance=%s",
483
- tls_certificate_certificate_provider_instance.ToString()));
457
+ if (!tls_certificate_provider_instance.Empty()) {
458
+ contents.push_back(
459
+ absl::StrFormat("tls_certificate_provider_instance=%s",
460
+ tls_certificate_provider_instance.ToString()));
484
461
  }
485
- if (!combined_validation_context.Empty()) {
486
- contents.push_back(absl::StrFormat("combined_validation_context=%s",
487
- combined_validation_context.ToString()));
462
+ if (!certificate_validation_context.Empty()) {
463
+ contents.push_back(
464
+ absl::StrFormat("certificate_validation_context=%s",
465
+ certificate_validation_context.ToString()));
488
466
  }
489
467
  return absl::StrCat("{", absl::StrJoin(contents, ", "), "}");
490
468
  }
491
469
 
492
470
  bool XdsApi::CommonTlsContext::Empty() const {
493
- return tls_certificate_certificate_provider_instance.Empty() &&
494
- combined_validation_context.Empty();
471
+ return tls_certificate_provider_instance.Empty() &&
472
+ certificate_validation_context.Empty();
495
473
  }
496
474
 
497
475
  //
@@ -835,15 +813,15 @@ bool IsLds(absl::string_view type_url, bool* is_v2 = nullptr) {
835
813
  return false;
836
814
  }
837
815
 
838
- bool IsRds(absl::string_view type_url) {
816
+ bool IsRds(absl::string_view type_url, bool* /*is_v2*/ = nullptr) {
839
817
  return type_url == XdsApi::kRdsTypeUrl || type_url == kRdsV2TypeUrl;
840
818
  }
841
819
 
842
- bool IsCds(absl::string_view type_url) {
820
+ bool IsCds(absl::string_view type_url, bool* /*is_v2*/ = nullptr) {
843
821
  return type_url == XdsApi::kCdsTypeUrl || type_url == kCdsV2TypeUrl;
844
822
  }
845
823
 
846
- bool IsEds(absl::string_view type_url) {
824
+ bool IsEds(absl::string_view type_url, bool* /*is_v2*/ = nullptr) {
847
825
  return type_url == XdsApi::kEdsTypeUrl || type_url == kEdsV2TypeUrl;
848
826
  }
849
827
 
@@ -868,10 +846,13 @@ bool IsEds(absl::string_view type_url) {
868
846
  #endif
869
847
 
870
848
  XdsApi::XdsApi(XdsClient* client, TraceFlag* tracer,
871
- const XdsBootstrap::Node* node)
849
+ const XdsBootstrap::Node* node,
850
+ const CertificateProviderStore::PluginDefinitionMap*
851
+ certificate_provider_definition_map)
872
852
  : client_(client),
873
853
  tracer_(tracer),
874
854
  node_(node),
855
+ certificate_provider_definition_map_(certificate_provider_definition_map),
875
856
  build_version_(absl::StrCat("gRPC C-core ", GPR_PLATFORM_STRING, " ",
876
857
  grpc_version_string(),
877
858
  GRPC_XDS_USER_AGENT_NAME_SUFFIX_STRING,
@@ -903,11 +884,13 @@ XdsApi::XdsApi(XdsClient* client, TraceFlag* tracer,
903
884
  namespace {
904
885
 
905
886
  struct EncodingContext {
906
- XdsClient* client;
887
+ XdsClient* client; // Used only for logging. Unsafe for dereferencing.
907
888
  TraceFlag* tracer;
908
889
  upb_symtab* symtab;
909
890
  upb_arena* arena;
910
891
  bool use_v3;
892
+ const CertificateProviderStore::PluginDefinitionMap*
893
+ certificate_provider_definition_map;
911
894
  };
912
895
 
913
896
  // Works for both std::string and absl::string_view.
@@ -1116,8 +1099,12 @@ grpc_slice XdsApi::CreateAdsRequest(
1116
1099
  const std::string& version, const std::string& nonce,
1117
1100
  grpc_error_handle error, bool populate_node) {
1118
1101
  upb::Arena arena;
1119
- const EncodingContext context = {client_, tracer_, symtab_.ptr(), arena.ptr(),
1120
- server.ShouldUseV3()};
1102
+ const EncodingContext context = {client_,
1103
+ tracer_,
1104
+ symtab_.ptr(),
1105
+ arena.ptr(),
1106
+ server.ShouldUseV3(),
1107
+ certificate_provider_definition_map_};
1121
1108
  // Create a request.
1122
1109
  envoy_service_discovery_v3_DiscoveryRequest* request =
1123
1110
  envoy_service_discovery_v3_DiscoveryRequest_new(arena.ptr());
@@ -1186,6 +1173,18 @@ void MaybeLogDiscoveryResponse(
1186
1173
  }
1187
1174
  }
1188
1175
 
1176
+ void MaybeLogListener(const EncodingContext& context,
1177
+ const envoy_config_listener_v3_Listener* listener) {
1178
+ if (GRPC_TRACE_FLAG_ENABLED(*context.tracer) &&
1179
+ gpr_should_log(GPR_LOG_SEVERITY_DEBUG)) {
1180
+ const upb_msgdef* msg_type =
1181
+ envoy_config_listener_v3_Listener_getmsgdef(context.symtab);
1182
+ char buf[10240];
1183
+ upb_text_encode(listener, msg_type, nullptr, 0, buf, sizeof(buf));
1184
+ gpr_log(GPR_DEBUG, "[xds_client %p] Listener: %s", context.client, buf);
1185
+ }
1186
+ }
1187
+
1189
1188
  void MaybeLogHttpConnectionManager(
1190
1189
  const EncodingContext& context,
1191
1190
  const envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager*
@@ -1329,10 +1328,8 @@ grpc_error_handle RoutePathMatchParse(
1329
1328
  absl::StatusOr<StringMatcher> string_matcher =
1330
1329
  StringMatcher::Create(type, match_string, case_sensitive);
1331
1330
  if (!string_matcher.ok()) {
1332
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
1333
- absl::StrCat("path matcher: ", string_matcher.status().message())
1334
- .c_str());
1335
- ;
1331
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
1332
+ absl::StrCat("path matcher: ", string_matcher.status().message()));
1336
1333
  }
1337
1334
  route->matchers.path_matcher = std::move(string_matcher.value());
1338
1335
  return GRPC_ERROR_NONE;
@@ -1395,9 +1392,8 @@ grpc_error_handle RouteHeaderMatchersParse(
1395
1392
  HeaderMatcher::Create(name, type, match_string, range_start, range_end,
1396
1393
  present_match, invert_match);
1397
1394
  if (!header_matcher.ok()) {
1398
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
1399
- absl::StrCat("header matcher: ", header_matcher.status().message())
1400
- .c_str());
1395
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
1396
+ absl::StrCat("header matcher: ", header_matcher.status().message()));
1401
1397
  }
1402
1398
  route->matchers.header_matchers.emplace_back(
1403
1399
  std::move(header_matcher.value()));
@@ -1477,9 +1473,8 @@ grpc_error_handle ParseTypedPerFilterConfig(
1477
1473
  absl::string_view filter_type =
1478
1474
  UpbStringToAbsl(google_protobuf_Any_type_url(any));
1479
1475
  if (filter_type.empty()) {
1480
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
1481
- absl::StrCat("no filter config specified for filter name ", key)
1482
- .c_str());
1476
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
1477
+ absl::StrCat("no filter config specified for filter name ", key));
1483
1478
  }
1484
1479
  bool is_optional = false;
1485
1480
  if (filter_type ==
@@ -1488,18 +1483,16 @@ grpc_error_handle ParseTypedPerFilterConfig(
1488
1483
  const auto* filter_config = envoy_config_route_v3_FilterConfig_parse(
1489
1484
  any_value.data, any_value.size, context.arena);
1490
1485
  if (filter_config == nullptr) {
1491
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
1492
- absl::StrCat("could not parse FilterConfig wrapper for ", key)
1493
- .c_str());
1486
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
1487
+ absl::StrCat("could not parse FilterConfig wrapper for ", key));
1494
1488
  }
1495
1489
  is_optional =
1496
1490
  envoy_config_route_v3_FilterConfig_is_optional(filter_config);
1497
1491
  any = envoy_config_route_v3_FilterConfig_config(filter_config);
1498
1492
  if (any == nullptr) {
1499
1493
  if (is_optional) continue;
1500
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
1501
- absl::StrCat("no filter config specified for filter name ", key)
1502
- .c_str());
1494
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
1495
+ absl::StrCat("no filter config specified for filter name ", key));
1503
1496
  }
1504
1497
  }
1505
1498
  grpc_error_handle error =
@@ -1509,24 +1502,116 @@ grpc_error_handle ParseTypedPerFilterConfig(
1509
1502
  XdsHttpFilterRegistry::GetFilterForType(filter_type);
1510
1503
  if (filter_impl == nullptr) {
1511
1504
  if (is_optional) continue;
1512
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
1513
- absl::StrCat("no filter registered for config type ", filter_type)
1514
- .c_str());
1505
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
1506
+ absl::StrCat("no filter registered for config type ", filter_type));
1515
1507
  }
1516
1508
  absl::StatusOr<XdsHttpFilterImpl::FilterConfig> filter_config =
1517
1509
  filter_impl->GenerateFilterConfigOverride(
1518
1510
  google_protobuf_Any_value(any), context.arena);
1519
1511
  if (!filter_config.ok()) {
1520
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
1521
- absl::StrCat("filter config for type ", filter_type,
1522
- " failed to parse: ", filter_config.status().ToString())
1523
- .c_str());
1512
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrCat(
1513
+ "filter config for type ", filter_type,
1514
+ " failed to parse: ", filter_config.status().ToString()));
1524
1515
  }
1525
1516
  (*typed_per_filter_config)[std::string(key)] = std::move(*filter_config);
1526
1517
  }
1527
1518
  return GRPC_ERROR_NONE;
1528
1519
  }
1529
1520
 
1521
+ XdsApi::Duration DurationParse(const google_protobuf_Duration* proto_duration) {
1522
+ XdsApi::Duration duration;
1523
+ duration.seconds = google_protobuf_Duration_seconds(proto_duration);
1524
+ duration.nanos = google_protobuf_Duration_nanos(proto_duration);
1525
+ return duration;
1526
+ }
1527
+
1528
+ grpc_error_handle RetryPolicyParse(
1529
+ const EncodingContext& context,
1530
+ const envoy_config_route_v3_RetryPolicy* retry_policy,
1531
+ absl::optional<XdsApi::Route::RetryPolicy>* retry) {
1532
+ std::vector<grpc_error_handle> errors;
1533
+ XdsApi::Route::RetryPolicy retry_to_return;
1534
+ auto retry_on = UpbStringToStdString(
1535
+ envoy_config_route_v3_RetryPolicy_retry_on(retry_policy));
1536
+ std::vector<absl::string_view> codes = absl::StrSplit(retry_on, ',');
1537
+ for (const auto& code : codes) {
1538
+ if (code == "cancelled") {
1539
+ retry_to_return.retry_on.Add(GRPC_STATUS_CANCELLED);
1540
+ } else if (code == "deadline-exceeded") {
1541
+ retry_to_return.retry_on.Add(GRPC_STATUS_DEADLINE_EXCEEDED);
1542
+ } else if (code == "internal") {
1543
+ retry_to_return.retry_on.Add(GRPC_STATUS_INTERNAL);
1544
+ } else if (code == "resource-exhausted") {
1545
+ retry_to_return.retry_on.Add(GRPC_STATUS_RESOURCE_EXHAUSTED);
1546
+ } else if (code == "unavailable") {
1547
+ retry_to_return.retry_on.Add(GRPC_STATUS_UNAVAILABLE);
1548
+ } else {
1549
+ if (GRPC_TRACE_FLAG_ENABLED(*context.tracer)) {
1550
+ gpr_log(GPR_INFO, "Unsupported retry_on policy %s.",
1551
+ std::string(code).c_str());
1552
+ }
1553
+ }
1554
+ }
1555
+ // TODO(donnadionne): when we add support for per_try_timeout, we will need to
1556
+ // return a policy if per_try_timeout is set even if retry_on specified no
1557
+ // supported policies.
1558
+ if (retry_to_return.retry_on.Empty()) return GRPC_ERROR_NONE;
1559
+ const google_protobuf_UInt32Value* num_retries =
1560
+ envoy_config_route_v3_RetryPolicy_num_retries(retry_policy);
1561
+ if (num_retries != nullptr) {
1562
+ uint32_t num_retries_value = google_protobuf_UInt32Value_value(num_retries);
1563
+ if (num_retries_value == 0) {
1564
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
1565
+ "RouteAction RetryPolicy num_retries set to invalid value 0."));
1566
+ } else {
1567
+ retry_to_return.num_retries = num_retries_value;
1568
+ }
1569
+ } else {
1570
+ retry_to_return.num_retries = 1;
1571
+ }
1572
+ const envoy_config_route_v3_RetryPolicy_RetryBackOff* backoff =
1573
+ envoy_config_route_v3_RetryPolicy_retry_back_off(retry_policy);
1574
+ if (backoff != nullptr) {
1575
+ const google_protobuf_Duration* base_interval =
1576
+ envoy_config_route_v3_RetryPolicy_RetryBackOff_base_interval(backoff);
1577
+ if (base_interval == nullptr) {
1578
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
1579
+ "RouteAction RetryPolicy RetryBackoff missing base interval."));
1580
+ } else {
1581
+ retry_to_return.retry_back_off.base_interval =
1582
+ DurationParse(base_interval);
1583
+ }
1584
+ const google_protobuf_Duration* max_interval =
1585
+ envoy_config_route_v3_RetryPolicy_RetryBackOff_max_interval(backoff);
1586
+ XdsApi::Duration max;
1587
+ if (max_interval != nullptr) {
1588
+ max = DurationParse(max_interval);
1589
+ } else {
1590
+ // if max interval is not set, it is 10x the base, if the value in nanos
1591
+ // can yield another second, adjust the value in seconds accordingly.
1592
+ max.seconds = retry_to_return.retry_back_off.base_interval.seconds * 10;
1593
+ max.nanos = retry_to_return.retry_back_off.base_interval.nanos * 10;
1594
+ if (max.nanos > 1000000000) {
1595
+ max.seconds += max.nanos / 1000000000;
1596
+ max.nanos = max.nanos % 1000000000;
1597
+ }
1598
+ }
1599
+ retry_to_return.retry_back_off.max_interval = max;
1600
+ } else {
1601
+ retry_to_return.retry_back_off.base_interval.seconds = 0;
1602
+ retry_to_return.retry_back_off.base_interval.nanos = 25000000;
1603
+ retry_to_return.retry_back_off.max_interval.seconds = 0;
1604
+ retry_to_return.retry_back_off.max_interval.nanos = 250000000;
1605
+ }
1606
+ if (errors.empty()) {
1607
+ *retry = retry_to_return;
1608
+ return GRPC_ERROR_NONE;
1609
+ } else {
1610
+ return GRPC_ERROR_CREATE_FROM_VECTOR("errors parsing retry policy",
1611
+ &errors);
1612
+ }
1613
+ }
1614
+
1530
1615
  grpc_error_handle RouteActionParse(const EncodingContext& context,
1531
1616
  const envoy_config_route_v3_Route* route_msg,
1532
1617
  XdsApi::Route* route, bool* ignore_route) {
@@ -1620,89 +1705,92 @@ grpc_error_handle RouteActionParse(const EncodingContext& context,
1620
1705
  max_stream_duration);
1621
1706
  }
1622
1707
  if (duration != nullptr) {
1623
- XdsApi::Duration duration_in_route;
1624
- duration_in_route.seconds = google_protobuf_Duration_seconds(duration);
1625
- duration_in_route.nanos = google_protobuf_Duration_nanos(duration);
1626
- route->max_stream_duration = duration_in_route;
1708
+ route->max_stream_duration = DurationParse(duration);
1627
1709
  }
1628
1710
  }
1629
1711
  }
1630
1712
  // Get HashPolicy from RouteAction
1631
- if (XdsRingHashEnabled()) {
1632
- size_t size = 0;
1633
- const envoy_config_route_v3_RouteAction_HashPolicy* const* hash_policies =
1634
- envoy_config_route_v3_RouteAction_hash_policy(route_action, &size);
1635
- for (size_t i = 0; i < size; ++i) {
1636
- const envoy_config_route_v3_RouteAction_HashPolicy* hash_policy =
1637
- hash_policies[i];
1638
- XdsApi::Route::HashPolicy policy;
1639
- policy.terminal =
1640
- envoy_config_route_v3_RouteAction_HashPolicy_terminal(hash_policy);
1641
- const envoy_config_route_v3_RouteAction_HashPolicy_Header* header;
1642
- const envoy_config_route_v3_RouteAction_HashPolicy_FilterState*
1643
- filter_state;
1644
- if ((header = envoy_config_route_v3_RouteAction_HashPolicy_header(
1645
- hash_policy)) != nullptr) {
1646
- policy.type = XdsApi::Route::HashPolicy::Type::HEADER;
1647
- policy.header_name = UpbStringToStdString(
1648
- envoy_config_route_v3_RouteAction_HashPolicy_Header_header_name(
1649
- header));
1650
- const struct envoy_type_matcher_v3_RegexMatchAndSubstitute*
1651
- regex_rewrite =
1652
- envoy_config_route_v3_RouteAction_HashPolicy_Header_regex_rewrite(
1653
- header);
1654
- if (regex_rewrite != nullptr) {
1655
- const envoy_type_matcher_v3_RegexMatcher* regex_matcher =
1656
- envoy_type_matcher_v3_RegexMatchAndSubstitute_pattern(
1657
- regex_rewrite);
1658
- if (regex_matcher == nullptr) {
1659
- gpr_log(
1660
- GPR_DEBUG,
1661
- "RouteAction HashPolicy contains policy specifier Header with "
1662
- "RegexMatchAndSubstitution but RegexMatcher pattern is "
1663
- "missing");
1664
- continue;
1665
- }
1666
- RE2::Options options;
1667
- policy.regex = absl::make_unique<RE2>(
1668
- UpbStringToStdString(
1669
- envoy_type_matcher_v3_RegexMatcher_regex(regex_matcher)),
1670
- options);
1671
- if (!policy.regex->ok()) {
1672
- gpr_log(
1673
- GPR_DEBUG,
1674
- "RouteAction HashPolicy contains policy specifier Header with "
1675
- "RegexMatchAndSubstitution but RegexMatcher pattern does not "
1676
- "compile");
1677
- continue;
1678
- }
1679
- policy.regex_substitution = UpbStringToStdString(
1680
- envoy_type_matcher_v3_RegexMatchAndSubstitute_substitution(
1681
- regex_rewrite));
1713
+ size_t size = 0;
1714
+ const envoy_config_route_v3_RouteAction_HashPolicy* const* hash_policies =
1715
+ envoy_config_route_v3_RouteAction_hash_policy(route_action, &size);
1716
+ for (size_t i = 0; i < size; ++i) {
1717
+ const envoy_config_route_v3_RouteAction_HashPolicy* hash_policy =
1718
+ hash_policies[i];
1719
+ XdsApi::Route::HashPolicy policy;
1720
+ policy.terminal =
1721
+ envoy_config_route_v3_RouteAction_HashPolicy_terminal(hash_policy);
1722
+ const envoy_config_route_v3_RouteAction_HashPolicy_Header* header;
1723
+ const envoy_config_route_v3_RouteAction_HashPolicy_FilterState*
1724
+ filter_state;
1725
+ if ((header = envoy_config_route_v3_RouteAction_HashPolicy_header(
1726
+ hash_policy)) != nullptr) {
1727
+ policy.type = XdsApi::Route::HashPolicy::Type::HEADER;
1728
+ policy.header_name = UpbStringToStdString(
1729
+ envoy_config_route_v3_RouteAction_HashPolicy_Header_header_name(
1730
+ header));
1731
+ const struct envoy_type_matcher_v3_RegexMatchAndSubstitute*
1732
+ regex_rewrite =
1733
+ envoy_config_route_v3_RouteAction_HashPolicy_Header_regex_rewrite(
1734
+ header);
1735
+ if (regex_rewrite != nullptr) {
1736
+ const envoy_type_matcher_v3_RegexMatcher* regex_matcher =
1737
+ envoy_type_matcher_v3_RegexMatchAndSubstitute_pattern(
1738
+ regex_rewrite);
1739
+ if (regex_matcher == nullptr) {
1740
+ gpr_log(
1741
+ GPR_DEBUG,
1742
+ "RouteAction HashPolicy contains policy specifier Header with "
1743
+ "RegexMatchAndSubstitution but RegexMatcher pattern is "
1744
+ "missing");
1745
+ continue;
1682
1746
  }
1683
- } else if ((filter_state =
1684
- envoy_config_route_v3_RouteAction_HashPolicy_filter_state(
1685
- hash_policy)) != nullptr) {
1686
- std::string key = UpbStringToStdString(
1687
- envoy_config_route_v3_RouteAction_HashPolicy_FilterState_key(
1688
- filter_state));
1689
- if (key == "io.grpc.channel_id") {
1690
- policy.type = XdsApi::Route::HashPolicy::Type::CHANNEL_ID;
1691
- } else {
1692
- gpr_log(GPR_DEBUG,
1693
- "RouteAction HashPolicy contains policy specifier "
1694
- "FilterState but "
1695
- "key is not io.grpc.channel_id.");
1747
+ RE2::Options options;
1748
+ policy.regex = absl::make_unique<RE2>(
1749
+ UpbStringToStdString(
1750
+ envoy_type_matcher_v3_RegexMatcher_regex(regex_matcher)),
1751
+ options);
1752
+ if (!policy.regex->ok()) {
1753
+ gpr_log(
1754
+ GPR_DEBUG,
1755
+ "RouteAction HashPolicy contains policy specifier Header with "
1756
+ "RegexMatchAndSubstitution but RegexMatcher pattern does not "
1757
+ "compile");
1696
1758
  continue;
1697
1759
  }
1760
+ policy.regex_substitution = UpbStringToStdString(
1761
+ envoy_type_matcher_v3_RegexMatchAndSubstitute_substitution(
1762
+ regex_rewrite));
1763
+ }
1764
+ } else if ((filter_state =
1765
+ envoy_config_route_v3_RouteAction_HashPolicy_filter_state(
1766
+ hash_policy)) != nullptr) {
1767
+ std::string key = UpbStringToStdString(
1768
+ envoy_config_route_v3_RouteAction_HashPolicy_FilterState_key(
1769
+ filter_state));
1770
+ if (key == "io.grpc.channel_id") {
1771
+ policy.type = XdsApi::Route::HashPolicy::Type::CHANNEL_ID;
1698
1772
  } else {
1699
- gpr_log(
1700
- GPR_DEBUG,
1701
- "RouteAction HashPolicy contains unsupported policy specifier.");
1773
+ gpr_log(GPR_DEBUG,
1774
+ "RouteAction HashPolicy contains policy specifier "
1775
+ "FilterState but "
1776
+ "key is not io.grpc.channel_id.");
1702
1777
  continue;
1703
1778
  }
1704
- route->hash_policies.emplace_back(std::move(policy));
1779
+ } else {
1780
+ gpr_log(GPR_DEBUG,
1781
+ "RouteAction HashPolicy contains unsupported policy specifier.");
1782
+ continue;
1705
1783
  }
1784
+ route->hash_policies.emplace_back(std::move(policy));
1785
+ }
1786
+ // Get retry policy
1787
+ const envoy_config_route_v3_RetryPolicy* retry_policy =
1788
+ envoy_config_route_v3_RouteAction_retry_policy(route_action);
1789
+ if (retry_policy != nullptr) {
1790
+ absl::optional<XdsApi::Route::RetryPolicy> retry;
1791
+ grpc_error_handle error = RetryPolicyParse(context, retry_policy, &retry);
1792
+ if (error != GRPC_ERROR_NONE) return error;
1793
+ route->retry_policy = retry;
1706
1794
  }
1707
1795
  return GRPC_ERROR_NONE;
1708
1796
  }
@@ -1710,7 +1798,7 @@ grpc_error_handle RouteActionParse(const EncodingContext& context,
1710
1798
  grpc_error_handle RouteConfigParse(
1711
1799
  const EncodingContext& context,
1712
1800
  const envoy_config_route_v3_RouteConfiguration* route_config,
1713
- XdsApi::RdsUpdate* rds_update) {
1801
+ bool /*is_v2*/, XdsApi::RdsUpdate* rds_update) {
1714
1802
  MaybeLogRouteConfiguration(context, route_config);
1715
1803
  // Get the virtual hosts.
1716
1804
  size_t num_virtual_hosts;
@@ -1728,9 +1816,8 @@ grpc_error_handle RouteConfigParse(
1728
1816
  std::string domain_pattern = UpbStringToStdString(domains[j]);
1729
1817
  const MatchType match_type = DomainPatternMatchType(domain_pattern);
1730
1818
  if (match_type == INVALID_MATCH) {
1731
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
1732
- absl::StrCat("Invalid domain pattern \"", domain_pattern, "\".")
1733
- .c_str());
1819
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
1820
+ absl::StrCat("Invalid domain pattern \"", domain_pattern, "\"."));
1734
1821
  }
1735
1822
  vhost.domains.emplace_back(std::move(domain_pattern));
1736
1823
  }
@@ -1749,6 +1836,15 @@ grpc_error_handle RouteConfigParse(
1749
1836
  &vhost.typed_per_filter_config);
1750
1837
  if (error != GRPC_ERROR_NONE) return error;
1751
1838
  }
1839
+ // Parse retry policy.
1840
+ absl::optional<XdsApi::Route::RetryPolicy> virtual_host_retry_policy;
1841
+ const envoy_config_route_v3_RetryPolicy* retry_policy =
1842
+ envoy_config_route_v3_VirtualHost_retry_policy(virtual_hosts[i]);
1843
+ if (retry_policy != nullptr) {
1844
+ grpc_error_handle error =
1845
+ RetryPolicyParse(context, retry_policy, &virtual_host_retry_policy);
1846
+ if (error != GRPC_ERROR_NONE) return error;
1847
+ }
1752
1848
  // Parse routes.
1753
1849
  size_t num_routes;
1754
1850
  const envoy_config_route_v3_Route* const* routes =
@@ -1783,6 +1879,9 @@ grpc_error_handle RouteConfigParse(
1783
1879
  error = RouteActionParse(context, routes[j], &route, &ignore_route);
1784
1880
  if (error != GRPC_ERROR_NONE) return error;
1785
1881
  if (ignore_route) continue;
1882
+ if (route.retry_policy == absl::nullopt && retry_policy != nullptr) {
1883
+ route.retry_policy = virtual_host_retry_policy;
1884
+ }
1786
1885
  if (context.use_v3) {
1787
1886
  grpc_error_handle error = ParseTypedPerFilterConfig<
1788
1887
  envoy_config_route_v3_Route,
@@ -1803,27 +1902,176 @@ grpc_error_handle RouteConfigParse(
1803
1902
  return GRPC_ERROR_NONE;
1804
1903
  }
1805
1904
 
1806
- XdsApi::CommonTlsContext::CertificateProviderInstance
1807
- CertificateProviderInstanceParse(
1905
+ // CertificateProviderInstance is deprecated but we are still supporting it for
1906
+ // backward compatibility reasons. Note that we still parse the data into the
1907
+ // same CertificateProviderPluginInstance struct since the fields are the same.
1908
+ // TODO(yashykt): Remove this once we stop supporting the old way of fetching
1909
+ // certificate provider instances.
1910
+ grpc_error_handle CertificateProviderInstanceParse(
1911
+ const EncodingContext& context,
1808
1912
  const envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CertificateProviderInstance*
1809
- certificate_provider_instance_proto) {
1810
- return {
1913
+ certificate_provider_instance_proto,
1914
+ XdsApi::CommonTlsContext::CertificateProviderPluginInstance*
1915
+ certificate_provider_plugin_instance) {
1916
+ *certificate_provider_plugin_instance = {
1811
1917
  UpbStringToStdString(
1812
1918
  envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CertificateProviderInstance_instance_name(
1813
1919
  certificate_provider_instance_proto)),
1814
1920
  UpbStringToStdString(
1815
1921
  envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CertificateProviderInstance_certificate_name(
1816
1922
  certificate_provider_instance_proto))};
1923
+ if (context.certificate_provider_definition_map->find(
1924
+ certificate_provider_plugin_instance->instance_name) ==
1925
+ context.certificate_provider_definition_map->end()) {
1926
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
1927
+ absl::StrCat("Unrecognized certificate provider instance name: ",
1928
+ certificate_provider_plugin_instance->instance_name));
1929
+ }
1930
+ return GRPC_ERROR_NONE;
1931
+ }
1932
+
1933
+ grpc_error_handle CertificateProviderPluginInstanceParse(
1934
+ const EncodingContext& context,
1935
+ const envoy_extensions_transport_sockets_tls_v3_CertificateProviderPluginInstance*
1936
+ certificate_provider_plugin_instance_proto,
1937
+ XdsApi::CommonTlsContext::CertificateProviderPluginInstance*
1938
+ certificate_provider_plugin_instance) {
1939
+ *certificate_provider_plugin_instance = {
1940
+ UpbStringToStdString(
1941
+ envoy_extensions_transport_sockets_tls_v3_CertificateProviderPluginInstance_instance_name(
1942
+ certificate_provider_plugin_instance_proto)),
1943
+ UpbStringToStdString(
1944
+ envoy_extensions_transport_sockets_tls_v3_CertificateProviderPluginInstance_certificate_name(
1945
+ certificate_provider_plugin_instance_proto))};
1946
+ if (context.certificate_provider_definition_map->find(
1947
+ certificate_provider_plugin_instance->instance_name) ==
1948
+ context.certificate_provider_definition_map->end()) {
1949
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
1950
+ absl::StrCat("Unrecognized certificate provider instance name: ",
1951
+ certificate_provider_plugin_instance->instance_name));
1952
+ }
1953
+ return GRPC_ERROR_NONE;
1954
+ }
1955
+
1956
+ grpc_error_handle CertificateValidationContextParse(
1957
+ const EncodingContext& context,
1958
+ const envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext*
1959
+ certificate_validation_context_proto,
1960
+ XdsApi::CommonTlsContext::CertificateValidationContext*
1961
+ certificate_validation_context) {
1962
+ std::vector<grpc_error_handle> errors;
1963
+ size_t len = 0;
1964
+ auto* subject_alt_names_matchers =
1965
+ envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_match_subject_alt_names(
1966
+ certificate_validation_context_proto, &len);
1967
+ for (size_t i = 0; i < len; ++i) {
1968
+ StringMatcher::Type type;
1969
+ std::string matcher;
1970
+ if (envoy_type_matcher_v3_StringMatcher_has_exact(
1971
+ subject_alt_names_matchers[i])) {
1972
+ type = StringMatcher::Type::kExact;
1973
+ matcher = UpbStringToStdString(envoy_type_matcher_v3_StringMatcher_exact(
1974
+ subject_alt_names_matchers[i]));
1975
+ } else if (envoy_type_matcher_v3_StringMatcher_has_prefix(
1976
+ subject_alt_names_matchers[i])) {
1977
+ type = StringMatcher::Type::kPrefix;
1978
+ matcher = UpbStringToStdString(envoy_type_matcher_v3_StringMatcher_prefix(
1979
+ subject_alt_names_matchers[i]));
1980
+ } else if (envoy_type_matcher_v3_StringMatcher_has_suffix(
1981
+ subject_alt_names_matchers[i])) {
1982
+ type = StringMatcher::Type::kSuffix;
1983
+ matcher = UpbStringToStdString(envoy_type_matcher_v3_StringMatcher_suffix(
1984
+ subject_alt_names_matchers[i]));
1985
+ } else if (envoy_type_matcher_v3_StringMatcher_has_contains(
1986
+ subject_alt_names_matchers[i])) {
1987
+ type = StringMatcher::Type::kContains;
1988
+ matcher =
1989
+ UpbStringToStdString(envoy_type_matcher_v3_StringMatcher_contains(
1990
+ subject_alt_names_matchers[i]));
1991
+ } else if (envoy_type_matcher_v3_StringMatcher_has_safe_regex(
1992
+ subject_alt_names_matchers[i])) {
1993
+ type = StringMatcher::Type::kSafeRegex;
1994
+ auto* regex_matcher = envoy_type_matcher_v3_StringMatcher_safe_regex(
1995
+ subject_alt_names_matchers[i]);
1996
+ matcher = UpbStringToStdString(
1997
+ envoy_type_matcher_v3_RegexMatcher_regex(regex_matcher));
1998
+ } else {
1999
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2000
+ "Invalid StringMatcher specified"));
2001
+ continue;
2002
+ }
2003
+ bool ignore_case = envoy_type_matcher_v3_StringMatcher_ignore_case(
2004
+ subject_alt_names_matchers[i]);
2005
+ absl::StatusOr<StringMatcher> string_matcher =
2006
+ StringMatcher::Create(type, matcher,
2007
+ /*case_sensitive=*/!ignore_case);
2008
+ if (!string_matcher.ok()) {
2009
+ errors.push_back(GRPC_ERROR_CREATE_FROM_CPP_STRING(
2010
+ absl::StrCat("string matcher: ", string_matcher.status().message())));
2011
+ continue;
2012
+ }
2013
+ if (type == StringMatcher::Type::kSafeRegex && ignore_case) {
2014
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2015
+ "StringMatcher: ignore_case has no effect for SAFE_REGEX."));
2016
+ continue;
2017
+ }
2018
+ certificate_validation_context->match_subject_alt_names.push_back(
2019
+ std::move(string_matcher.value()));
2020
+ }
2021
+ auto* ca_certificate_provider_instance =
2022
+ envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_ca_certificate_provider_instance(
2023
+ certificate_validation_context_proto);
2024
+ if (ca_certificate_provider_instance != nullptr) {
2025
+ grpc_error_handle error = CertificateProviderPluginInstanceParse(
2026
+ context, ca_certificate_provider_instance,
2027
+ &certificate_validation_context->ca_certificate_provider_instance);
2028
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
2029
+ }
2030
+ if (envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_verify_certificate_spki(
2031
+ certificate_validation_context_proto, nullptr) != nullptr) {
2032
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2033
+ "CertificateValidationContext: verify_certificate_spki "
2034
+ "unsupported"));
2035
+ }
2036
+ if (envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_verify_certificate_hash(
2037
+ certificate_validation_context_proto, nullptr) != nullptr) {
2038
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2039
+ "CertificateValidationContext: verify_certificate_hash "
2040
+ "unsupported"));
2041
+ }
2042
+ auto* require_signed_certificate_timestamp =
2043
+ envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_require_signed_certificate_timestamp(
2044
+ certificate_validation_context_proto);
2045
+ if (require_signed_certificate_timestamp != nullptr &&
2046
+ google_protobuf_BoolValue_value(require_signed_certificate_timestamp)) {
2047
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2048
+ "CertificateValidationContext: "
2049
+ "require_signed_certificate_timestamp unsupported"));
2050
+ }
2051
+ if (envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_has_crl(
2052
+ certificate_validation_context_proto)) {
2053
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2054
+ "CertificateValidationContext: crl unsupported"));
2055
+ }
2056
+ if (envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_has_custom_validator_config(
2057
+ certificate_validation_context_proto)) {
2058
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2059
+ "CertificateValidationContext: custom_validator_config "
2060
+ "unsupported"));
2061
+ }
2062
+ return GRPC_ERROR_CREATE_FROM_VECTOR(
2063
+ "Error parsing CertificateValidationContext", &errors);
1817
2064
  }
1818
2065
 
1819
2066
  grpc_error_handle CommonTlsContextParse(
1820
- const envoy_extensions_transport_sockets_tls_v3_CommonTlsContext*
1821
- common_tls_context_proto,
1822
- XdsApi::CommonTlsContext* common_tls_context) GRPC_MUST_USE_RESULT;
1823
- grpc_error_handle CommonTlsContextParse(
2067
+ const EncodingContext& context,
1824
2068
  const envoy_extensions_transport_sockets_tls_v3_CommonTlsContext*
1825
2069
  common_tls_context_proto,
1826
2070
  XdsApi::CommonTlsContext* common_tls_context) {
2071
+ std::vector<grpc_error_handle> errors;
2072
+ // The validation context is derived from the oneof in
2073
+ // 'validation_context_type'. 'validation_context_sds_secret_config' is not
2074
+ // supported.
1827
2075
  auto* combined_validation_context =
1828
2076
  envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_combined_validation_context(
1829
2077
  common_tls_context_proto);
@@ -1832,87 +2080,92 @@ grpc_error_handle CommonTlsContextParse(
1832
2080
  envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CombinedCertificateValidationContext_default_validation_context(
1833
2081
  combined_validation_context);
1834
2082
  if (default_validation_context != nullptr) {
1835
- size_t len = 0;
1836
- auto* subject_alt_names_matchers =
1837
- envoy_extensions_transport_sockets_tls_v3_CertificateValidationContext_match_subject_alt_names(
1838
- default_validation_context, &len);
1839
- for (size_t i = 0; i < len; ++i) {
1840
- StringMatcher::Type type;
1841
- std::string matcher;
1842
- if (envoy_type_matcher_v3_StringMatcher_has_exact(
1843
- subject_alt_names_matchers[i])) {
1844
- type = StringMatcher::Type::kExact;
1845
- matcher =
1846
- UpbStringToStdString(envoy_type_matcher_v3_StringMatcher_exact(
1847
- subject_alt_names_matchers[i]));
1848
- } else if (envoy_type_matcher_v3_StringMatcher_has_prefix(
1849
- subject_alt_names_matchers[i])) {
1850
- type = StringMatcher::Type::kPrefix;
1851
- matcher =
1852
- UpbStringToStdString(envoy_type_matcher_v3_StringMatcher_prefix(
1853
- subject_alt_names_matchers[i]));
1854
- } else if (envoy_type_matcher_v3_StringMatcher_has_suffix(
1855
- subject_alt_names_matchers[i])) {
1856
- type = StringMatcher::Type::kSuffix;
1857
- matcher =
1858
- UpbStringToStdString(envoy_type_matcher_v3_StringMatcher_suffix(
1859
- subject_alt_names_matchers[i]));
1860
- } else if (envoy_type_matcher_v3_StringMatcher_has_contains(
1861
- subject_alt_names_matchers[i])) {
1862
- type = StringMatcher::Type::kContains;
1863
- matcher =
1864
- UpbStringToStdString(envoy_type_matcher_v3_StringMatcher_contains(
1865
- subject_alt_names_matchers[i]));
1866
- } else if (envoy_type_matcher_v3_StringMatcher_has_safe_regex(
1867
- subject_alt_names_matchers[i])) {
1868
- type = StringMatcher::Type::kSafeRegex;
1869
- auto* regex_matcher = envoy_type_matcher_v3_StringMatcher_safe_regex(
1870
- subject_alt_names_matchers[i]);
1871
- matcher = UpbStringToStdString(
1872
- envoy_type_matcher_v3_RegexMatcher_regex(regex_matcher));
1873
- } else {
1874
- return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
1875
- "Invalid StringMatcher specified");
1876
- }
1877
- bool ignore_case = envoy_type_matcher_v3_StringMatcher_ignore_case(
1878
- subject_alt_names_matchers[i]);
1879
- absl::StatusOr<StringMatcher> string_matcher =
1880
- StringMatcher::Create(type, matcher,
1881
- /*case_sensitive=*/!ignore_case);
1882
- if (!string_matcher.ok()) {
1883
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
1884
- absl::StrCat("string matcher: ",
1885
- string_matcher.status().message())
1886
- .c_str());
1887
- }
1888
- if (type == StringMatcher::Type::kSafeRegex && ignore_case) {
1889
- return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
1890
- "StringMatcher: ignore_case has no effect for SAFE_REGEX.");
1891
- }
1892
- common_tls_context->combined_validation_context
1893
- .default_validation_context.match_subject_alt_names.push_back(
1894
- std::move(string_matcher.value()));
1895
- }
1896
- }
2083
+ grpc_error_handle error = CertificateValidationContextParse(
2084
+ context, default_validation_context,
2085
+ &common_tls_context->certificate_validation_context);
2086
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
2087
+ }
2088
+ // If after parsing default_validation_context,
2089
+ // common_tls_context->certificate_validation_context.ca_certificate_provider_instance
2090
+ // is empty, fall back onto
2091
+ // 'validation_context_certificate_provider_instance' inside
2092
+ // 'combined_validation_context'. Note that this way of fetching root
2093
+ // certificates is deprecated and will be removed in the future.
2094
+ // TODO(yashykt): Remove this once it's no longer needed.
1897
2095
  auto* validation_context_certificate_provider_instance =
1898
2096
  envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_CombinedCertificateValidationContext_validation_context_certificate_provider_instance(
1899
2097
  combined_validation_context);
1900
- if (validation_context_certificate_provider_instance != nullptr) {
1901
- common_tls_context->combined_validation_context
1902
- .validation_context_certificate_provider_instance =
1903
- CertificateProviderInstanceParse(
1904
- validation_context_certificate_provider_instance);
2098
+ if (common_tls_context->certificate_validation_context
2099
+ .ca_certificate_provider_instance.Empty() &&
2100
+ validation_context_certificate_provider_instance != nullptr) {
2101
+ grpc_error_handle error = CertificateProviderInstanceParse(
2102
+ context, validation_context_certificate_provider_instance,
2103
+ &common_tls_context->certificate_validation_context
2104
+ .ca_certificate_provider_instance);
2105
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
1905
2106
  }
1906
- }
1907
- auto* tls_certificate_certificate_provider_instance =
1908
- envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_tls_certificate_certificate_provider_instance(
2107
+ } else {
2108
+ auto* validation_context =
2109
+ envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_validation_context(
2110
+ common_tls_context_proto);
2111
+ if (validation_context != nullptr) {
2112
+ grpc_error_handle error = CertificateValidationContextParse(
2113
+ context, validation_context,
2114
+ &common_tls_context->certificate_validation_context);
2115
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
2116
+ } else if (
2117
+ envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_validation_context_sds_secret_config(
2118
+ common_tls_context_proto)) {
2119
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2120
+ "validation_context_sds_secret_config unsupported"));
2121
+ }
2122
+ }
2123
+ auto* tls_certificate_provider_instance =
2124
+ envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_tls_certificate_provider_instance(
1909
2125
  common_tls_context_proto);
1910
- if (tls_certificate_certificate_provider_instance != nullptr) {
1911
- common_tls_context->tls_certificate_certificate_provider_instance =
1912
- CertificateProviderInstanceParse(
1913
- tls_certificate_certificate_provider_instance);
2126
+ if (tls_certificate_provider_instance != nullptr) {
2127
+ grpc_error_handle error = CertificateProviderPluginInstanceParse(
2128
+ context, tls_certificate_provider_instance,
2129
+ &common_tls_context->tls_certificate_provider_instance);
2130
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
2131
+ } else {
2132
+ // Fall back onto 'tls_certificate_certificate_provider_instance'. Note that
2133
+ // this way of fetching identity certificates is deprecated and will be
2134
+ // removed in the future.
2135
+ // TODO(yashykt): Remove this once it's no longer needed.
2136
+ auto* tls_certificate_certificate_provider_instance =
2137
+ envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_tls_certificate_certificate_provider_instance(
2138
+ common_tls_context_proto);
2139
+ if (tls_certificate_certificate_provider_instance != nullptr) {
2140
+ grpc_error_handle error = CertificateProviderInstanceParse(
2141
+ context, tls_certificate_certificate_provider_instance,
2142
+ &common_tls_context->tls_certificate_provider_instance);
2143
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
2144
+ } else {
2145
+ if (envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_tls_certificates(
2146
+ common_tls_context_proto)) {
2147
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2148
+ "tls_certificates unsupported"));
2149
+ }
2150
+ if (envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_tls_certificate_sds_secret_configs(
2151
+ common_tls_context_proto)) {
2152
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2153
+ "tls_certificate_sds_secret_configs unsupported"));
2154
+ }
2155
+ }
1914
2156
  }
1915
- return GRPC_ERROR_NONE;
2157
+ if (envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_tls_params(
2158
+ common_tls_context_proto)) {
2159
+ errors.push_back(
2160
+ GRPC_ERROR_CREATE_FROM_STATIC_STRING("tls_params unsupported"));
2161
+ }
2162
+ if (envoy_extensions_transport_sockets_tls_v3_CommonTlsContext_has_custom_handshaker(
2163
+ common_tls_context_proto)) {
2164
+ errors.push_back(
2165
+ GRPC_ERROR_CREATE_FROM_STATIC_STRING("custom_handshaker unsupported"));
2166
+ }
2167
+ return GRPC_ERROR_CREATE_FROM_VECTOR("Error parsing CommonTlsContext",
2168
+ &errors);
1916
2169
  }
1917
2170
 
1918
2171
  grpc_error_handle HttpConnectionManagerParse(
@@ -1930,10 +2183,8 @@ grpc_error_handle HttpConnectionManagerParse(
1930
2183
  const google_protobuf_Duration* duration =
1931
2184
  envoy_config_core_v3_HttpProtocolOptions_max_stream_duration(options);
1932
2185
  if (duration != nullptr) {
1933
- http_connection_manager->http_max_stream_duration.seconds =
1934
- google_protobuf_Duration_seconds(duration);
1935
- http_connection_manager->http_max_stream_duration.nanos =
1936
- google_protobuf_Duration_nanos(duration);
2186
+ http_connection_manager->http_max_stream_duration =
2187
+ DurationParse(duration);
1937
2188
  }
1938
2189
  }
1939
2190
  // Parse filters.
@@ -1949,12 +2200,12 @@ grpc_error_handle HttpConnectionManagerParse(
1949
2200
  envoy_extensions_filters_network_http_connection_manager_v3_HttpFilter_name(
1950
2201
  http_filter));
1951
2202
  if (name.empty()) {
1952
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
1953
- absl::StrCat("empty filter name at index ", i).c_str());
2203
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
2204
+ absl::StrCat("empty filter name at index ", i));
1954
2205
  }
1955
2206
  if (names_seen.find(name) != names_seen.end()) {
1956
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
1957
- absl::StrCat("duplicate HTTP filter name: ", name).c_str());
2207
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
2208
+ absl::StrCat("duplicate HTTP filter name: ", name));
1958
2209
  }
1959
2210
  names_seen.insert(name);
1960
2211
  const bool is_optional =
@@ -1965,9 +2216,8 @@ grpc_error_handle HttpConnectionManagerParse(
1965
2216
  http_filter);
1966
2217
  if (any == nullptr) {
1967
2218
  if (is_optional) continue;
1968
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
1969
- absl::StrCat("no filter config specified for filter name ", name)
1970
- .c_str());
2219
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
2220
+ absl::StrCat("no filter config specified for filter name ", name));
1971
2221
  }
1972
2222
  absl::string_view filter_type;
1973
2223
  grpc_error_handle error =
@@ -1977,27 +2227,38 @@ grpc_error_handle HttpConnectionManagerParse(
1977
2227
  XdsHttpFilterRegistry::GetFilterForType(filter_type);
1978
2228
  if (filter_impl == nullptr) {
1979
2229
  if (is_optional) continue;
1980
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
1981
- absl::StrCat("no filter registered for config type ", filter_type)
1982
- .c_str());
2230
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
2231
+ absl::StrCat("no filter registered for config type ", filter_type));
1983
2232
  }
1984
2233
  if ((is_client && !filter_impl->IsSupportedOnClients()) ||
1985
2234
  (!is_client && !filter_impl->IsSupportedOnServers())) {
1986
2235
  if (is_optional) continue;
1987
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2236
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
1988
2237
  absl::StrFormat("Filter %s is not supported on %s", filter_type,
1989
- is_client ? "clients" : "servers")
1990
- .c_str());
2238
+ is_client ? "clients" : "servers"));
2239
+ }
2240
+ if (i < num_filters - 1) {
2241
+ // Filters before the last filter must not be terminal.
2242
+ if (filter_impl->IsTerminalFilter()) {
2243
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
2244
+ absl::StrCat("terminal filter for config type ", filter_type,
2245
+ " must be the last filter in the chain"));
2246
+ }
2247
+ } else {
2248
+ // The last filter must be terminal.
2249
+ if (!filter_impl->IsTerminalFilter()) {
2250
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
2251
+ absl::StrCat("non-terminal filter for config type ", filter_type,
2252
+ " is the last filter in the chain"));
2253
+ }
1991
2254
  }
1992
2255
  absl::StatusOr<XdsHttpFilterImpl::FilterConfig> filter_config =
1993
2256
  filter_impl->GenerateFilterConfig(google_protobuf_Any_value(any),
1994
2257
  context.arena);
1995
2258
  if (!filter_config.ok()) {
1996
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
1997
- absl::StrCat(
1998
- "filter config for type ", filter_type,
1999
- " failed to parse: ", filter_config.status().ToString())
2000
- .c_str());
2259
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrCat(
2260
+ "filter config for type ", filter_type,
2261
+ " failed to parse: ", filter_config.status().ToString()));
2001
2262
  }
2002
2263
  http_connection_manager->http_filters.emplace_back(
2003
2264
  XdsApi::LdsUpdate::HttpConnectionManager::HttpFilter{
@@ -2021,7 +2282,7 @@ grpc_error_handle HttpConnectionManagerParse(
2021
2282
  http_connection_manager_proto);
2022
2283
  XdsApi::RdsUpdate rds_update;
2023
2284
  grpc_error_handle error =
2024
- RouteConfigParse(context, route_config, &rds_update);
2285
+ RouteConfigParse(context, route_config, is_v2, &rds_update);
2025
2286
  if (error != GRPC_ERROR_NONE) return error;
2026
2287
  http_connection_manager->rds_update = std::move(rds_update);
2027
2288
  return GRPC_ERROR_NONE;
@@ -2054,7 +2315,7 @@ grpc_error_handle HttpConnectionManagerParse(
2054
2315
  return GRPC_ERROR_NONE;
2055
2316
  }
2056
2317
 
2057
- grpc_error_handle LdsResponseParseClient(
2318
+ grpc_error_handle LdsResourceParseClient(
2058
2319
  const EncodingContext& context,
2059
2320
  const envoy_config_listener_v3_ApiListener* api_listener, bool is_v2,
2060
2321
  XdsApi::LdsUpdate* lds_update) {
@@ -2079,45 +2340,75 @@ grpc_error_handle DownstreamTlsContextParse(
2079
2340
  XdsApi::DownstreamTlsContext* downstream_tls_context) {
2080
2341
  absl::string_view name = UpbStringToAbsl(
2081
2342
  envoy_config_core_v3_TransportSocket_name(transport_socket));
2082
- if (name == "envoy.transport_sockets.tls") {
2083
- auto* typed_config =
2084
- envoy_config_core_v3_TransportSocket_typed_config(transport_socket);
2085
- if (typed_config != nullptr) {
2086
- const upb_strview encoded_downstream_tls_context =
2087
- google_protobuf_Any_value(typed_config);
2088
- auto* downstream_tls_context_proto =
2089
- envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_parse(
2090
- encoded_downstream_tls_context.data,
2091
- encoded_downstream_tls_context.size, context.arena);
2092
- if (downstream_tls_context_proto == nullptr) {
2093
- return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2094
- "Can't decode downstream tls context.");
2095
- }
2096
- auto* common_tls_context =
2097
- envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_common_tls_context(
2098
- downstream_tls_context_proto);
2099
- if (common_tls_context != nullptr) {
2100
- grpc_error_handle error = CommonTlsContextParse(
2101
- common_tls_context, &downstream_tls_context->common_tls_context);
2102
- if (error != GRPC_ERROR_NONE) return error;
2103
- }
2104
- auto* require_client_certificate =
2105
- envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_require_client_certificate(
2106
- downstream_tls_context_proto);
2107
- if (require_client_certificate != nullptr) {
2108
- downstream_tls_context->require_client_certificate =
2109
- google_protobuf_BoolValue_value(require_client_certificate);
2110
- }
2111
- }
2112
- if (downstream_tls_context->common_tls_context
2113
- .tls_certificate_certificate_provider_instance.instance_name
2114
- .empty()) {
2343
+ if (name != "envoy.transport_sockets.tls") {
2344
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
2345
+ absl::StrCat("Unrecognized transport socket: ", name));
2346
+ }
2347
+ auto* typed_config =
2348
+ envoy_config_core_v3_TransportSocket_typed_config(transport_socket);
2349
+ std::vector<grpc_error_handle> errors;
2350
+ if (typed_config != nullptr) {
2351
+ const upb_strview encoded_downstream_tls_context =
2352
+ google_protobuf_Any_value(typed_config);
2353
+ auto* downstream_tls_context_proto =
2354
+ envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_parse(
2355
+ encoded_downstream_tls_context.data,
2356
+ encoded_downstream_tls_context.size, context.arena);
2357
+ if (downstream_tls_context_proto == nullptr) {
2115
2358
  return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2116
- "TLS configuration provided but no "
2117
- "tls_certificate_certificate_provider_instance found.");
2359
+ "Can't decode downstream tls context.");
2118
2360
  }
2119
- }
2120
- return GRPC_ERROR_NONE;
2361
+ auto* common_tls_context =
2362
+ envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_common_tls_context(
2363
+ downstream_tls_context_proto);
2364
+ if (common_tls_context != nullptr) {
2365
+ grpc_error_handle error =
2366
+ CommonTlsContextParse(context, common_tls_context,
2367
+ &downstream_tls_context->common_tls_context);
2368
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
2369
+ }
2370
+ auto* require_client_certificate =
2371
+ envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_require_client_certificate(
2372
+ downstream_tls_context_proto);
2373
+ if (require_client_certificate != nullptr) {
2374
+ downstream_tls_context->require_client_certificate =
2375
+ google_protobuf_BoolValue_value(require_client_certificate);
2376
+ }
2377
+ auto* require_sni =
2378
+ envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_require_sni(
2379
+ downstream_tls_context_proto);
2380
+ if (require_sni != nullptr &&
2381
+ google_protobuf_BoolValue_value(require_sni)) {
2382
+ errors.push_back(
2383
+ GRPC_ERROR_CREATE_FROM_STATIC_STRING("require_sni: unsupported"));
2384
+ }
2385
+ if (envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_ocsp_staple_policy(
2386
+ downstream_tls_context_proto) !=
2387
+ envoy_extensions_transport_sockets_tls_v3_DownstreamTlsContext_LENIENT_STAPLING) {
2388
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2389
+ "ocsp_staple_policy: Only LENIENT_STAPLING supported"));
2390
+ }
2391
+ }
2392
+ if (downstream_tls_context->common_tls_context
2393
+ .tls_certificate_provider_instance.instance_name.empty()) {
2394
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2395
+ "TLS configuration provided but no "
2396
+ "tls_certificate_provider_instance found."));
2397
+ }
2398
+ if (downstream_tls_context->require_client_certificate &&
2399
+ downstream_tls_context->common_tls_context.certificate_validation_context
2400
+ .ca_certificate_provider_instance.instance_name.empty()) {
2401
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2402
+ "TLS configuration requires client certificates but no certificate "
2403
+ "provider instance specified for validation."));
2404
+ }
2405
+ if (!downstream_tls_context->common_tls_context.certificate_validation_context
2406
+ .match_subject_alt_names.empty()) {
2407
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2408
+ "match_subject_alt_names not supported on servers"));
2409
+ }
2410
+ return GRPC_ERROR_CREATE_FROM_VECTOR("Error parsing DownstreamTlsContext",
2411
+ &errors);
2121
2412
  }
2122
2413
 
2123
2414
  grpc_error_handle CidrRangeParse(
@@ -2208,67 +2499,69 @@ grpc_error_handle FilterChainParse(
2208
2499
  const EncodingContext& context,
2209
2500
  const envoy_config_listener_v3_FilterChain* filter_chain_proto, bool is_v2,
2210
2501
  FilterChain* filter_chain) {
2211
- grpc_error_handle error = GRPC_ERROR_NONE;
2502
+ std::vector<grpc_error_handle> errors;
2212
2503
  auto* filter_chain_match =
2213
2504
  envoy_config_listener_v3_FilterChain_filter_chain_match(
2214
2505
  filter_chain_proto);
2215
2506
  if (filter_chain_match != nullptr) {
2216
- error = FilterChainMatchParse(filter_chain_match,
2217
- &filter_chain->filter_chain_match);
2218
- if (error != GRPC_ERROR_NONE) return error;
2507
+ grpc_error_handle error = FilterChainMatchParse(
2508
+ filter_chain_match, &filter_chain->filter_chain_match);
2509
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
2219
2510
  }
2220
2511
  // Parse the filters list. Currently we only support HttpConnectionManager.
2221
2512
  size_t size = 0;
2222
2513
  auto* filters =
2223
2514
  envoy_config_listener_v3_FilterChain_filters(filter_chain_proto, &size);
2224
2515
  if (size != 1) {
2225
- return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2516
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2226
2517
  "FilterChain should have exactly one filter: HttpConnectionManager; no "
2227
- "other filter is supported at the moment");
2228
- }
2229
- auto* typed_config = envoy_config_listener_v3_Filter_typed_config(filters[0]);
2230
- if (typed_config == nullptr) {
2231
- return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2232
- "No typed_config found in filter.");
2233
- }
2234
- absl::string_view type_url =
2235
- UpbStringToAbsl(google_protobuf_Any_type_url(typed_config));
2236
- if (type_url !=
2237
- "type.googleapis.com/"
2238
- "envoy.extensions.filters.network.http_connection_manager.v3."
2239
- "HttpConnectionManager") {
2240
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2241
- absl::StrCat("Unsupported filter type ", type_url).c_str());
2242
- }
2243
- const upb_strview encoded_http_connection_manager =
2244
- google_protobuf_Any_value(typed_config);
2245
- const auto* http_connection_manager =
2246
- envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_parse(
2247
- encoded_http_connection_manager.data,
2248
- encoded_http_connection_manager.size, context.arena);
2249
- if (http_connection_manager == nullptr) {
2250
- return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2251
- "Could not parse HttpConnectionManager config from filter "
2252
- "typed_config");
2253
- }
2254
- filter_chain->filter_chain_data =
2255
- std::make_shared<XdsApi::LdsUpdate::FilterChainData>();
2256
- error = HttpConnectionManagerParse(
2257
- false /* is_client */, context, http_connection_manager, is_v2,
2258
- &filter_chain->filter_chain_data->http_connection_manager);
2259
- if (error != GRPC_ERROR_NONE) return error;
2260
- // Get the DownstreamTlsContext for the filter chain
2261
- if (XdsSecurityEnabled()) {
2262
- auto* transport_socket =
2263
- envoy_config_listener_v3_FilterChain_transport_socket(
2264
- filter_chain_proto);
2265
- if (transport_socket != nullptr) {
2266
- error = DownstreamTlsContextParse(
2267
- context, transport_socket,
2268
- &filter_chain->filter_chain_data->downstream_tls_context);
2518
+ "other filter is supported at the moment"));
2519
+ } else {
2520
+ auto* typed_config =
2521
+ envoy_config_listener_v3_Filter_typed_config(filters[0]);
2522
+ if (typed_config == nullptr) {
2523
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2524
+ "No typed_config found in filter."));
2525
+ } else {
2526
+ absl::string_view type_url =
2527
+ UpbStringToAbsl(google_protobuf_Any_type_url(typed_config));
2528
+ if (type_url !=
2529
+ "type.googleapis.com/"
2530
+ "envoy.extensions.filters.network.http_connection_manager.v3."
2531
+ "HttpConnectionManager") {
2532
+ errors.push_back(GRPC_ERROR_CREATE_FROM_CPP_STRING(
2533
+ absl::StrCat("Unsupported filter type ", type_url)));
2534
+ } else {
2535
+ const upb_strview encoded_http_connection_manager =
2536
+ google_protobuf_Any_value(typed_config);
2537
+ const auto* http_connection_manager =
2538
+ envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_parse(
2539
+ encoded_http_connection_manager.data,
2540
+ encoded_http_connection_manager.size, context.arena);
2541
+ if (http_connection_manager == nullptr) {
2542
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2543
+ "Could not parse HttpConnectionManager config from filter "
2544
+ "typed_config"));
2545
+ } else {
2546
+ filter_chain->filter_chain_data =
2547
+ std::make_shared<XdsApi::LdsUpdate::FilterChainData>();
2548
+ grpc_error_handle error = HttpConnectionManagerParse(
2549
+ false /* is_client */, context, http_connection_manager, is_v2,
2550
+ &filter_chain->filter_chain_data->http_connection_manager);
2551
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
2552
+ }
2553
+ }
2269
2554
  }
2270
2555
  }
2271
- return error;
2556
+ auto* transport_socket =
2557
+ envoy_config_listener_v3_FilterChain_transport_socket(filter_chain_proto);
2558
+ if (transport_socket != nullptr) {
2559
+ grpc_error_handle error = DownstreamTlsContextParse(
2560
+ context, transport_socket,
2561
+ &filter_chain->filter_chain_data->downstream_tls_context);
2562
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
2563
+ }
2564
+ return GRPC_ERROR_CREATE_FROM_VECTOR("Error parsing FilterChain", &errors);
2272
2565
  }
2273
2566
 
2274
2567
  grpc_error_handle AddressParse(
@@ -2276,7 +2569,7 @@ grpc_error_handle AddressParse(
2276
2569
  const auto* socket_address =
2277
2570
  envoy_config_core_v3_Address_socket_address(address_proto);
2278
2571
  if (socket_address == nullptr) {
2279
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2572
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2280
2573
  "Address does not have socket_address");
2281
2574
  }
2282
2575
  if (envoy_config_core_v3_SocketAddress_protocol(socket_address) !=
@@ -2319,11 +2612,9 @@ grpc_error_handle AddFilterChainDataForSourcePort(
2319
2612
  port, XdsApi::LdsUpdate::FilterChainMap::FilterChainDataSharedPtr{
2320
2613
  filter_chain.filter_chain_data});
2321
2614
  if (!insert_result.second) {
2322
- return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2323
- absl::StrCat(
2324
- "Duplicate matching rules detected when adding filter chain: ",
2325
- filter_chain.filter_chain_match.ToString())
2326
- .c_str());
2615
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrCat(
2616
+ "Duplicate matching rules detected when adding filter chain: ",
2617
+ filter_chain.filter_chain_match.ToString()));
2327
2618
  }
2328
2619
  return GRPC_ERROR_NONE;
2329
2620
  }
@@ -2488,7 +2779,7 @@ grpc_error_handle BuildFilterChainMap(
2488
2779
  return GRPC_ERROR_NONE;
2489
2780
  }
2490
2781
 
2491
- grpc_error_handle LdsResponseParseServer(
2782
+ grpc_error_handle LdsResourceParseServer(
2492
2783
  const EncodingContext& context,
2493
2784
  const envoy_config_listener_v3_Listener* listener, bool is_v2,
2494
2785
  XdsApi::LdsUpdate* lds_update) {
@@ -2537,582 +2828,327 @@ grpc_error_handle LdsResponseParseServer(
2537
2828
  return GRPC_ERROR_NONE;
2538
2829
  }
2539
2830
 
2540
- grpc_error_handle LdsResponseParse(
2831
+ grpc_error_handle LdsResourceParse(
2541
2832
  const EncodingContext& context,
2542
- const envoy_service_discovery_v3_DiscoveryResponse* response,
2543
- const std::set<absl::string_view>& expected_listener_names,
2544
- XdsApi::LdsUpdateMap* lds_update_map,
2545
- std::set<std::string>* resource_names_failed) {
2546
- std::vector<grpc_error_handle> errors;
2547
- // Get the resources from the response.
2548
- size_t size;
2549
- const google_protobuf_Any* const* resources =
2550
- envoy_service_discovery_v3_DiscoveryResponse_resources(response, &size);
2551
- for (size_t i = 0; i < size; ++i) {
2552
- // Check the type_url of the resource.
2553
- absl::string_view type_url =
2554
- UpbStringToAbsl(google_protobuf_Any_type_url(resources[i]));
2555
- bool is_v2 = false;
2556
- if (!IsLds(type_url, &is_v2)) {
2557
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2558
- absl::StrCat("resource index ", i, ": Resource is not LDS.")
2559
- .c_str()));
2560
- continue;
2561
- }
2562
- // Decode the listener.
2563
- const upb_strview encoded_listener =
2564
- google_protobuf_Any_value(resources[i]);
2565
- const envoy_config_listener_v3_Listener* listener =
2566
- envoy_config_listener_v3_Listener_parse(
2567
- encoded_listener.data, encoded_listener.size, context.arena);
2568
- if (listener == nullptr) {
2569
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2570
- absl::StrCat("resource index ", i, ": Can't decode listener.")
2571
- .c_str()));
2572
- continue;
2573
- }
2574
- // Check listener name. Ignore unexpected listeners.
2575
- std::string listener_name =
2576
- UpbStringToStdString(envoy_config_listener_v3_Listener_name(listener));
2577
- if (expected_listener_names.find(listener_name) ==
2578
- expected_listener_names.end()) {
2579
- continue;
2580
- }
2581
- // Fail if listener name is duplicated.
2582
- if (lds_update_map->find(listener_name) != lds_update_map->end()) {
2583
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2584
- absl::StrCat("duplicate listener name \"", listener_name, "\"")
2585
- .c_str()));
2586
- resource_names_failed->insert(listener_name);
2587
- continue;
2588
- }
2589
- // Serialize into JSON and store it in the LdsUpdateMap
2590
- XdsApi::LdsResourceData& lds_resource_data =
2591
- (*lds_update_map)[listener_name];
2592
- XdsApi::LdsUpdate& lds_update = lds_resource_data.resource;
2593
- lds_resource_data.serialized_proto = UpbStringToStdString(encoded_listener);
2594
- // Check whether it's a client or server listener.
2595
- const envoy_config_listener_v3_ApiListener* api_listener =
2596
- envoy_config_listener_v3_Listener_api_listener(listener);
2597
- const envoy_config_core_v3_Address* address =
2598
- envoy_config_listener_v3_Listener_address(listener);
2599
- if (api_listener != nullptr && address != nullptr) {
2600
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2601
- absl::StrCat(listener_name,
2602
- ": Listener has both address and ApiListener")
2603
- .c_str()));
2604
- resource_names_failed->insert(listener_name);
2605
- continue;
2606
- }
2607
- if (api_listener == nullptr && address == nullptr) {
2608
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2609
- absl::StrCat(listener_name,
2610
- ": Listener has neither address nor ApiListener")
2611
- .c_str()));
2612
- resource_names_failed->insert(listener_name);
2613
- continue;
2614
- }
2615
- grpc_error_handle error = GRPC_ERROR_NONE;
2616
- if (api_listener != nullptr) {
2617
- error = LdsResponseParseClient(context, api_listener, is_v2, &lds_update);
2618
- } else {
2619
- error = LdsResponseParseServer(context, listener, is_v2, &lds_update);
2620
- }
2621
- if (error != GRPC_ERROR_NONE) {
2622
- errors.push_back(grpc_error_add_child(
2623
- GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2624
- absl::StrCat(listener_name, ": validation error").c_str()),
2625
- error));
2626
- resource_names_failed->insert(listener_name);
2627
- }
2833
+ const envoy_config_listener_v3_Listener* listener, bool is_v2,
2834
+ XdsApi::LdsUpdate* lds_update) {
2835
+ // Check whether it's a client or server listener.
2836
+ const envoy_config_listener_v3_ApiListener* api_listener =
2837
+ envoy_config_listener_v3_Listener_api_listener(listener);
2838
+ const envoy_config_core_v3_Address* address =
2839
+ envoy_config_listener_v3_Listener_address(listener);
2840
+ if (api_listener != nullptr && address != nullptr) {
2841
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2842
+ "Listener has both address and ApiListener");
2628
2843
  }
2629
- return GRPC_ERROR_CREATE_FROM_VECTOR("errors parsing LDS response", &errors);
2844
+ if (api_listener == nullptr && address == nullptr) {
2845
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2846
+ "Listener has neither address nor ApiListener");
2847
+ }
2848
+ // Validate Listener fields.
2849
+ grpc_error_handle error = GRPC_ERROR_NONE;
2850
+ if (api_listener != nullptr) {
2851
+ error = LdsResourceParseClient(context, api_listener, is_v2, lds_update);
2852
+ } else {
2853
+ error = LdsResourceParseServer(context, listener, is_v2, lds_update);
2854
+ }
2855
+ return error;
2630
2856
  }
2631
2857
 
2632
- grpc_error_handle RdsResponseParse(
2858
+ grpc_error_handle UpstreamTlsContextParse(
2633
2859
  const EncodingContext& context,
2634
- const envoy_service_discovery_v3_DiscoveryResponse* response,
2635
- const std::set<absl::string_view>& expected_route_configuration_names,
2636
- XdsApi::RdsUpdateMap* rds_update_map,
2637
- std::set<std::string>* resource_names_failed) {
2638
- std::vector<grpc_error_handle> errors;
2639
- // Get the resources from the response.
2640
- size_t size;
2641
- const google_protobuf_Any* const* resources =
2642
- envoy_service_discovery_v3_DiscoveryResponse_resources(response, &size);
2643
- for (size_t i = 0; i < size; ++i) {
2644
- // Check the type_url of the resource.
2645
- absl::string_view type_url =
2646
- UpbStringToAbsl(google_protobuf_Any_type_url(resources[i]));
2647
- if (!IsRds(type_url)) {
2648
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2649
- absl::StrCat("resource index ", i, ": Resource is not RDS.")
2650
- .c_str()));
2651
- continue;
2652
- }
2653
- // Decode the route_config.
2654
- const upb_strview encoded_route_config =
2655
- google_protobuf_Any_value(resources[i]);
2656
- const envoy_config_route_v3_RouteConfiguration* route_config =
2657
- envoy_config_route_v3_RouteConfiguration_parse(
2658
- encoded_route_config.data, encoded_route_config.size,
2659
- context.arena);
2660
- if (route_config == nullptr) {
2661
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2662
- absl::StrCat("resource index ", i, ": Can't decode route_config.")
2663
- .c_str()));
2664
- continue;
2665
- }
2666
- // Check route_config_name. Ignore unexpected route_config.
2667
- std::string route_config_name = UpbStringToStdString(
2668
- envoy_config_route_v3_RouteConfiguration_name(route_config));
2669
- if (expected_route_configuration_names.find(route_config_name) ==
2670
- expected_route_configuration_names.end()) {
2671
- continue;
2672
- }
2673
- // Fail if route config name is duplicated.
2674
- if (rds_update_map->find(route_config_name) != rds_update_map->end()) {
2675
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2676
- absl::StrCat("duplicate route config name \"", route_config_name,
2677
- "\"")
2678
- .c_str()));
2679
- resource_names_failed->insert(route_config_name);
2680
- continue;
2681
- }
2682
- // Serialize into JSON and store it in the RdsUpdateMap
2683
- XdsApi::RdsResourceData& rds_resource_data =
2684
- (*rds_update_map)[route_config_name];
2685
- XdsApi::RdsUpdate& rds_update = rds_resource_data.resource;
2686
- rds_resource_data.serialized_proto =
2687
- UpbStringToStdString(encoded_route_config);
2688
- // Parse the route_config.
2689
- grpc_error_handle error =
2690
- RouteConfigParse(context, route_config, &rds_update);
2691
- if (error != GRPC_ERROR_NONE) {
2692
- errors.push_back(grpc_error_add_child(
2693
- GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2694
- absl::StrCat(route_config_name, ": validation error").c_str()),
2695
- error));
2696
- resource_names_failed->insert(route_config_name);
2860
+ const envoy_config_core_v3_TransportSocket* transport_socket,
2861
+ XdsApi::CommonTlsContext* common_tls_context) {
2862
+ // Record Upstream tls context
2863
+ absl::string_view name = UpbStringToAbsl(
2864
+ envoy_config_core_v3_TransportSocket_name(transport_socket));
2865
+ if (name != "envoy.transport_sockets.tls") {
2866
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
2867
+ absl::StrCat("Unrecognized transport socket: ", name));
2868
+ }
2869
+ auto* typed_config =
2870
+ envoy_config_core_v3_TransportSocket_typed_config(transport_socket);
2871
+ if (typed_config != nullptr) {
2872
+ const upb_strview encoded_upstream_tls_context =
2873
+ google_protobuf_Any_value(typed_config);
2874
+ auto* upstream_tls_context =
2875
+ envoy_extensions_transport_sockets_tls_v3_UpstreamTlsContext_parse(
2876
+ encoded_upstream_tls_context.data,
2877
+ encoded_upstream_tls_context.size, context.arena);
2878
+ if (upstream_tls_context == nullptr) {
2879
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2880
+ "Can't decode upstream tls context.");
2881
+ }
2882
+ auto* common_tls_context_proto =
2883
+ envoy_extensions_transport_sockets_tls_v3_UpstreamTlsContext_common_tls_context(
2884
+ upstream_tls_context);
2885
+ if (common_tls_context_proto != nullptr) {
2886
+ grpc_error_handle error = CommonTlsContextParse(
2887
+ context, common_tls_context_proto, common_tls_context);
2888
+ if (error != GRPC_ERROR_NONE) {
2889
+ return grpc_error_add_child(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2890
+ "Error parsing UpstreamTlsContext"),
2891
+ error);
2892
+ }
2697
2893
  }
2698
2894
  }
2699
- return GRPC_ERROR_CREATE_FROM_VECTOR("errors parsing RDS response", &errors);
2895
+ if (common_tls_context->certificate_validation_context
2896
+ .ca_certificate_provider_instance.instance_name.empty()) {
2897
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2898
+ "UpstreamTlsContext: TLS configuration provided but no "
2899
+ "ca_certificate_provider_instance found.");
2900
+ }
2901
+ return GRPC_ERROR_NONE;
2700
2902
  }
2701
2903
 
2702
- grpc_error_handle CdsResponseParse(
2904
+ grpc_error_handle CdsLogicalDnsParse(
2905
+ const envoy_config_cluster_v3_Cluster* cluster,
2906
+ XdsApi::CdsUpdate* cds_update) {
2907
+ const auto* load_assignment =
2908
+ envoy_config_cluster_v3_Cluster_load_assignment(cluster);
2909
+ if (load_assignment == nullptr) {
2910
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2911
+ "load_assignment not present for LOGICAL_DNS cluster");
2912
+ }
2913
+ size_t num_localities;
2914
+ const auto* const* localities =
2915
+ envoy_config_endpoint_v3_ClusterLoadAssignment_endpoints(load_assignment,
2916
+ &num_localities);
2917
+ if (num_localities != 1) {
2918
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
2919
+ absl::StrCat("load_assignment for LOGICAL_DNS cluster must have "
2920
+ "exactly one locality, found ",
2921
+ num_localities));
2922
+ }
2923
+ size_t num_endpoints;
2924
+ const auto* const* endpoints =
2925
+ envoy_config_endpoint_v3_LocalityLbEndpoints_lb_endpoints(localities[0],
2926
+ &num_endpoints);
2927
+ if (num_endpoints != 1) {
2928
+ return GRPC_ERROR_CREATE_FROM_CPP_STRING(
2929
+ absl::StrCat("locality for LOGICAL_DNS cluster must have "
2930
+ "exactly one endpoint, found ",
2931
+ num_endpoints));
2932
+ }
2933
+ const auto* endpoint =
2934
+ envoy_config_endpoint_v3_LbEndpoint_endpoint(endpoints[0]);
2935
+ if (endpoint == nullptr) {
2936
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2937
+ "LbEndpoint endpoint field not set");
2938
+ }
2939
+ const auto* address = envoy_config_endpoint_v3_Endpoint_address(endpoint);
2940
+ if (address == nullptr) {
2941
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2942
+ "Endpoint address field not set");
2943
+ }
2944
+ const auto* socket_address =
2945
+ envoy_config_core_v3_Address_socket_address(address);
2946
+ if (socket_address == nullptr) {
2947
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2948
+ "Address socket_address field not set");
2949
+ }
2950
+ if (envoy_config_core_v3_SocketAddress_resolver_name(socket_address).size !=
2951
+ 0) {
2952
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2953
+ "LOGICAL_DNS clusters must NOT have a custom resolver name set");
2954
+ }
2955
+ absl::string_view address_str = UpbStringToAbsl(
2956
+ envoy_config_core_v3_SocketAddress_address(socket_address));
2957
+ if (address_str.empty()) {
2958
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2959
+ "SocketAddress address field not set");
2960
+ }
2961
+ if (!envoy_config_core_v3_SocketAddress_has_port_value(socket_address)) {
2962
+ return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
2963
+ "SocketAddress port_value field not set");
2964
+ }
2965
+ cds_update->dns_hostname = JoinHostPort(
2966
+ address_str,
2967
+ envoy_config_core_v3_SocketAddress_port_value(socket_address));
2968
+ return GRPC_ERROR_NONE;
2969
+ }
2970
+
2971
+ grpc_error_handle CdsResourceParse(
2703
2972
  const EncodingContext& context,
2704
- const envoy_service_discovery_v3_DiscoveryResponse* response,
2705
- const std::set<absl::string_view>& expected_cluster_names,
2706
- XdsApi::CdsUpdateMap* cds_update_map,
2707
- std::set<std::string>* resource_names_failed) {
2973
+ const envoy_config_cluster_v3_Cluster* cluster, bool /*is_v2*/,
2974
+ XdsApi::CdsUpdate* cds_update) {
2708
2975
  std::vector<grpc_error_handle> errors;
2709
- // Get the resources from the response.
2710
- size_t size;
2711
- const google_protobuf_Any* const* resources =
2712
- envoy_service_discovery_v3_DiscoveryResponse_resources(response, &size);
2713
- // Parse all the resources in the CDS response.
2714
- for (size_t i = 0; i < size; ++i) {
2715
- // Check the type_url of the resource.
2716
- absl::string_view type_url =
2717
- UpbStringToAbsl(google_protobuf_Any_type_url(resources[i]));
2718
- if (!IsCds(type_url)) {
2719
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2720
- absl::StrCat("resource index ", i, ": Resource is not CDS.")
2721
- .c_str()));
2722
- continue;
2723
- }
2724
- // Decode the cluster.
2725
- const upb_strview encoded_cluster = google_protobuf_Any_value(resources[i]);
2726
- const envoy_config_cluster_v3_Cluster* cluster =
2727
- envoy_config_cluster_v3_Cluster_parse(
2728
- encoded_cluster.data, encoded_cluster.size, context.arena);
2729
- if (cluster == nullptr) {
2730
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2731
- absl::StrCat("resource index ", i, ": Can't decode cluster.")
2732
- .c_str()));
2733
- continue;
2734
- }
2735
- MaybeLogCluster(context, cluster);
2736
- // Ignore unexpected cluster names.
2737
- std::string cluster_name =
2738
- UpbStringToStdString(envoy_config_cluster_v3_Cluster_name(cluster));
2739
- if (expected_cluster_names.find(cluster_name) ==
2740
- expected_cluster_names.end()) {
2741
- continue;
2742
- }
2743
- // Fail on duplicate resources.
2744
- if (cds_update_map->find(cluster_name) != cds_update_map->end()) {
2745
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2746
- absl::StrCat("duplicate resource name \"", cluster_name, "\"")
2747
- .c_str()));
2748
- resource_names_failed->insert(cluster_name);
2749
- continue;
2750
- }
2751
- // Add the cluster to cds_update_map.
2752
- XdsApi::CdsResourceData& cds_resource_data =
2753
- (*cds_update_map)[cluster_name];
2754
- XdsApi::CdsUpdate& cds_update = cds_resource_data.resource;
2755
- // Store serialized proto.
2756
- cds_resource_data.serialized_proto = UpbStringToStdString(encoded_cluster);
2757
- // Check the cluster_discovery_type.
2758
- if (!envoy_config_cluster_v3_Cluster_has_type(cluster) &&
2759
- !envoy_config_cluster_v3_Cluster_has_cluster_type(cluster)) {
2760
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2761
- absl::StrCat(cluster_name, ": DiscoveryType not found.").c_str()));
2762
- resource_names_failed->insert(cluster_name);
2763
- continue;
2764
- }
2765
- if (envoy_config_cluster_v3_Cluster_type(cluster) ==
2766
- envoy_config_cluster_v3_Cluster_EDS) {
2767
- cds_update.cluster_type = XdsApi::CdsUpdate::ClusterType::EDS;
2768
- // Check the EDS config source.
2769
- const envoy_config_cluster_v3_Cluster_EdsClusterConfig*
2770
- eds_cluster_config =
2771
- envoy_config_cluster_v3_Cluster_eds_cluster_config(cluster);
2772
- const envoy_config_core_v3_ConfigSource* eds_config =
2773
- envoy_config_cluster_v3_Cluster_EdsClusterConfig_eds_config(
2774
- eds_cluster_config);
2775
- if (!envoy_config_core_v3_ConfigSource_has_ads(eds_config)) {
2776
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2777
- absl::StrCat(cluster_name, ": EDS ConfigSource is not ADS.")
2778
- .c_str()));
2779
- resource_names_failed->insert(cluster_name);
2780
- continue;
2781
- }
2782
- // Record EDS service_name (if any).
2783
- upb_strview service_name =
2784
- envoy_config_cluster_v3_Cluster_EdsClusterConfig_service_name(
2785
- eds_cluster_config);
2786
- if (service_name.size != 0) {
2787
- cds_update.eds_service_name = UpbStringToStdString(service_name);
2788
- }
2789
- } else if (!XdsAggregateAndLogicalDnsClusterEnabled()) {
2790
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2791
- absl::StrCat(cluster_name, ": DiscoveryType is not valid.").c_str()));
2792
- resource_names_failed->insert(cluster_name);
2793
- continue;
2794
- } else if (envoy_config_cluster_v3_Cluster_type(cluster) ==
2795
- envoy_config_cluster_v3_Cluster_LOGICAL_DNS) {
2796
- cds_update.cluster_type = XdsApi::CdsUpdate::ClusterType::LOGICAL_DNS;
2797
- const auto* load_assignment =
2798
- envoy_config_cluster_v3_Cluster_load_assignment(cluster);
2799
- if (load_assignment == nullptr) {
2800
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2801
- absl::StrCat(
2802
- cluster_name,
2803
- ": load_assignment not present for LOGICAL_DNS cluster")
2804
- .c_str()));
2805
- resource_names_failed->insert(cluster_name);
2806
- continue;
2807
- }
2808
- size_t num_localities;
2809
- const auto* const* localities =
2810
- envoy_config_endpoint_v3_ClusterLoadAssignment_endpoints(
2811
- load_assignment, &num_localities);
2812
- if (num_localities != 1) {
2813
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2814
- absl::StrCat(cluster_name,
2815
- ": load_assignment for LOGICAL_DNS cluster must have "
2816
- "exactly one locality, found ",
2817
- num_localities)
2818
- .c_str()));
2819
- resource_names_failed->insert(cluster_name);
2820
- continue;
2821
- }
2822
- size_t num_endpoints;
2823
- const auto* const* endpoints =
2824
- envoy_config_endpoint_v3_LocalityLbEndpoints_lb_endpoints(
2825
- localities[0], &num_endpoints);
2826
- if (num_endpoints != 1) {
2827
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2828
- absl::StrCat(cluster_name,
2829
- ": locality for LOGICAL_DNS cluster must have "
2830
- "exactly one endpoint, found ",
2831
- num_endpoints)
2832
- .c_str()));
2833
- resource_names_failed->insert(cluster_name);
2834
- continue;
2835
- }
2836
- const auto* endpoint =
2837
- envoy_config_endpoint_v3_LbEndpoint_endpoint(endpoints[0]);
2838
- if (endpoint == nullptr) {
2839
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2840
- absl::StrCat(cluster_name, ": LbEndpoint endpoint field not set")
2841
- .c_str()));
2842
- resource_names_failed->insert(cluster_name);
2843
- continue;
2844
- }
2845
- const auto* address = envoy_config_endpoint_v3_Endpoint_address(endpoint);
2846
- if (address == nullptr) {
2847
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2848
- absl::StrCat(cluster_name, ": Endpoint address field not set")
2849
- .c_str()));
2850
- resource_names_failed->insert(cluster_name);
2851
- continue;
2852
- }
2853
- const auto* socket_address =
2854
- envoy_config_core_v3_Address_socket_address(address);
2855
- if (socket_address == nullptr) {
2856
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2857
- absl::StrCat(cluster_name, ": Address socket_address field not set")
2858
- .c_str()));
2859
- resource_names_failed->insert(cluster_name);
2860
- continue;
2861
- }
2862
- if (envoy_config_core_v3_SocketAddress_resolver_name(socket_address)
2863
- .size != 0) {
2864
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2865
- absl::StrCat(
2866
- cluster_name,
2867
- ": LOGICAL_DNS clusters must NOT have a custom resolver "
2868
- "name set")
2869
- .c_str()));
2870
- resource_names_failed->insert(cluster_name);
2871
- continue;
2872
- }
2873
- absl::string_view address_str = UpbStringToAbsl(
2874
- envoy_config_core_v3_SocketAddress_address(socket_address));
2875
- if (address_str.empty()) {
2876
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2877
- absl::StrCat(cluster_name, ": SocketAddress address field not set")
2878
- .c_str()));
2879
- resource_names_failed->insert(cluster_name);
2880
- continue;
2881
- }
2882
- if (!envoy_config_core_v3_SocketAddress_has_port_value(socket_address)) {
2883
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2884
- absl::StrCat(cluster_name,
2885
- ": SocketAddress port_value field not set")
2886
- .c_str()));
2887
- resource_names_failed->insert(cluster_name);
2888
- continue;
2889
- }
2890
- cds_update.dns_hostname = JoinHostPort(
2891
- address_str,
2892
- envoy_config_core_v3_SocketAddress_port_value(socket_address));
2976
+ // Check the cluster_discovery_type.
2977
+ if (!envoy_config_cluster_v3_Cluster_has_type(cluster) &&
2978
+ !envoy_config_cluster_v3_Cluster_has_cluster_type(cluster)) {
2979
+ errors.push_back(
2980
+ GRPC_ERROR_CREATE_FROM_STATIC_STRING("DiscoveryType not found."));
2981
+ } else if (envoy_config_cluster_v3_Cluster_type(cluster) ==
2982
+ envoy_config_cluster_v3_Cluster_EDS) {
2983
+ cds_update->cluster_type = XdsApi::CdsUpdate::ClusterType::EDS;
2984
+ // Check the EDS config source.
2985
+ const envoy_config_cluster_v3_Cluster_EdsClusterConfig* eds_cluster_config =
2986
+ envoy_config_cluster_v3_Cluster_eds_cluster_config(cluster);
2987
+ const envoy_config_core_v3_ConfigSource* eds_config =
2988
+ envoy_config_cluster_v3_Cluster_EdsClusterConfig_eds_config(
2989
+ eds_cluster_config);
2990
+ if (!envoy_config_core_v3_ConfigSource_has_ads(eds_config)) {
2991
+ errors.push_back(
2992
+ GRPC_ERROR_CREATE_FROM_STATIC_STRING("EDS ConfigSource is not ADS."));
2993
+ }
2994
+ // Record EDS service_name (if any).
2995
+ upb_strview service_name =
2996
+ envoy_config_cluster_v3_Cluster_EdsClusterConfig_service_name(
2997
+ eds_cluster_config);
2998
+ if (service_name.size != 0) {
2999
+ cds_update->eds_service_name = UpbStringToStdString(service_name);
3000
+ }
3001
+ } else if (!XdsAggregateAndLogicalDnsClusterEnabled()) {
3002
+ errors.push_back(
3003
+ GRPC_ERROR_CREATE_FROM_STATIC_STRING("DiscoveryType is not valid."));
3004
+ } else if (envoy_config_cluster_v3_Cluster_type(cluster) ==
3005
+ envoy_config_cluster_v3_Cluster_LOGICAL_DNS) {
3006
+ cds_update->cluster_type = XdsApi::CdsUpdate::ClusterType::LOGICAL_DNS;
3007
+ grpc_error_handle error = CdsLogicalDnsParse(cluster, cds_update);
3008
+ if (error != GRPC_ERROR_NONE) errors.push_back(error);
3009
+ } else {
3010
+ if (!envoy_config_cluster_v3_Cluster_has_cluster_type(cluster)) {
3011
+ errors.push_back(
3012
+ GRPC_ERROR_CREATE_FROM_STATIC_STRING("DiscoveryType is not valid."));
2893
3013
  } else {
2894
- if (envoy_config_cluster_v3_Cluster_has_cluster_type(cluster)) {
2895
- const envoy_config_cluster_v3_Cluster_CustomClusterType*
2896
- custom_cluster_type =
2897
- envoy_config_cluster_v3_Cluster_cluster_type(cluster);
2898
- upb_strview type_name =
2899
- envoy_config_cluster_v3_Cluster_CustomClusterType_name(
3014
+ const envoy_config_cluster_v3_Cluster_CustomClusterType*
3015
+ custom_cluster_type =
3016
+ envoy_config_cluster_v3_Cluster_cluster_type(cluster);
3017
+ upb_strview type_name =
3018
+ envoy_config_cluster_v3_Cluster_CustomClusterType_name(
3019
+ custom_cluster_type);
3020
+ if (UpbStringToAbsl(type_name) != "envoy.clusters.aggregate") {
3021
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
3022
+ "DiscoveryType is not valid."));
3023
+ } else {
3024
+ cds_update->cluster_type = XdsApi::CdsUpdate::ClusterType::AGGREGATE;
3025
+ // Retrieve aggregate clusters.
3026
+ const google_protobuf_Any* typed_config =
3027
+ envoy_config_cluster_v3_Cluster_CustomClusterType_typed_config(
2900
3028
  custom_cluster_type);
2901
- if (UpbStringToAbsl(type_name) == "envoy.clusters.aggregate") {
2902
- cds_update.cluster_type = XdsApi::CdsUpdate::ClusterType::AGGREGATE;
2903
- // Retrieve aggregate clusters.
2904
- const google_protobuf_Any* typed_config =
2905
- envoy_config_cluster_v3_Cluster_CustomClusterType_typed_config(
2906
- custom_cluster_type);
2907
- const upb_strview aggregate_cluster_config_upb_strview =
2908
- google_protobuf_Any_value(typed_config);
2909
- const envoy_extensions_clusters_aggregate_v3_ClusterConfig*
2910
- aggregate_cluster_config =
2911
- envoy_extensions_clusters_aggregate_v3_ClusterConfig_parse(
2912
- aggregate_cluster_config_upb_strview.data,
2913
- aggregate_cluster_config_upb_strview.size, context.arena);
2914
- if (aggregate_cluster_config == nullptr) {
2915
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2916
- absl::StrCat(cluster_name, ": Can't parse aggregate cluster.")
2917
- .c_str()));
2918
- resource_names_failed->insert(cluster_name);
2919
- continue;
2920
- }
3029
+ const upb_strview aggregate_cluster_config_upb_strview =
3030
+ google_protobuf_Any_value(typed_config);
3031
+ const envoy_extensions_clusters_aggregate_v3_ClusterConfig*
3032
+ aggregate_cluster_config =
3033
+ envoy_extensions_clusters_aggregate_v3_ClusterConfig_parse(
3034
+ aggregate_cluster_config_upb_strview.data,
3035
+ aggregate_cluster_config_upb_strview.size, context.arena);
3036
+ if (aggregate_cluster_config == nullptr) {
3037
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
3038
+ "Can't parse aggregate cluster."));
3039
+ } else {
2921
3040
  size_t size;
2922
3041
  const upb_strview* clusters =
2923
3042
  envoy_extensions_clusters_aggregate_v3_ClusterConfig_clusters(
2924
3043
  aggregate_cluster_config, &size);
2925
3044
  for (size_t i = 0; i < size; ++i) {
2926
3045
  const upb_strview cluster = clusters[i];
2927
- cds_update.prioritized_cluster_names.emplace_back(
3046
+ cds_update->prioritized_cluster_names.emplace_back(
2928
3047
  UpbStringToStdString(cluster));
2929
3048
  }
2930
- } else {
2931
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2932
- absl::StrCat(cluster_name, ": DiscoveryType is not valid.")
2933
- .c_str()));
2934
- resource_names_failed->insert(cluster_name);
2935
- continue;
2936
3049
  }
2937
- } else {
2938
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2939
- absl::StrCat(cluster_name, ": DiscoveryType is not valid.")
2940
- .c_str()));
2941
- resource_names_failed->insert(cluster_name);
2942
- continue;
2943
3050
  }
2944
3051
  }
2945
- // Check the LB policy.
2946
- if (envoy_config_cluster_v3_Cluster_lb_policy(cluster) ==
2947
- envoy_config_cluster_v3_Cluster_ROUND_ROBIN) {
2948
- cds_update.lb_policy = "ROUND_ROBIN";
2949
- } else if (XdsRingHashEnabled() &&
2950
- envoy_config_cluster_v3_Cluster_lb_policy(cluster) ==
2951
- envoy_config_cluster_v3_Cluster_RING_HASH) {
2952
- cds_update.lb_policy = "RING_HASH";
2953
- // Record ring hash lb config
2954
- auto* ring_hash_config =
2955
- envoy_config_cluster_v3_Cluster_ring_hash_lb_config(cluster);
2956
- if (ring_hash_config != nullptr) {
2957
- const google_protobuf_UInt64Value* max_ring_size =
2958
- envoy_config_cluster_v3_Cluster_RingHashLbConfig_maximum_ring_size(
2959
- ring_hash_config);
2960
- if (max_ring_size != nullptr) {
2961
- cds_update.max_ring_size =
2962
- google_protobuf_UInt64Value_value(max_ring_size);
2963
- if (cds_update.max_ring_size > 8388608 ||
2964
- cds_update.max_ring_size == 0) {
2965
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2966
- absl::StrCat(
2967
- cluster_name,
2968
- ": max_ring_size is not in the range of 1 to 8388608.")
2969
- .c_str()));
2970
- resource_names_failed->insert(cluster_name);
2971
- continue;
2972
- }
3052
+ }
3053
+ // Check the LB policy.
3054
+ if (envoy_config_cluster_v3_Cluster_lb_policy(cluster) ==
3055
+ envoy_config_cluster_v3_Cluster_ROUND_ROBIN) {
3056
+ cds_update->lb_policy = "ROUND_ROBIN";
3057
+ } else if (envoy_config_cluster_v3_Cluster_lb_policy(cluster) ==
3058
+ envoy_config_cluster_v3_Cluster_RING_HASH) {
3059
+ cds_update->lb_policy = "RING_HASH";
3060
+ // Record ring hash lb config
3061
+ auto* ring_hash_config =
3062
+ envoy_config_cluster_v3_Cluster_ring_hash_lb_config(cluster);
3063
+ if (ring_hash_config != nullptr) {
3064
+ const google_protobuf_UInt64Value* max_ring_size =
3065
+ envoy_config_cluster_v3_Cluster_RingHashLbConfig_maximum_ring_size(
3066
+ ring_hash_config);
3067
+ if (max_ring_size != nullptr) {
3068
+ cds_update->max_ring_size =
3069
+ google_protobuf_UInt64Value_value(max_ring_size);
3070
+ if (cds_update->max_ring_size > 8388608 ||
3071
+ cds_update->max_ring_size == 0) {
3072
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
3073
+ "max_ring_size is not in the range of 1 to 8388608."));
2973
3074
  }
2974
- const google_protobuf_UInt64Value* min_ring_size =
2975
- envoy_config_cluster_v3_Cluster_RingHashLbConfig_minimum_ring_size(
2976
- ring_hash_config);
2977
- if (min_ring_size != nullptr) {
2978
- cds_update.min_ring_size =
2979
- google_protobuf_UInt64Value_value(min_ring_size);
2980
- if (cds_update.min_ring_size > 8388608 ||
2981
- cds_update.min_ring_size == 0) {
2982
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2983
- absl::StrCat(
2984
- cluster_name,
2985
- ": min_ring_size is not in the range of 1 to 8388608.")
2986
- .c_str()));
2987
- resource_names_failed->insert(cluster_name);
2988
- continue;
2989
- }
2990
- if (cds_update.min_ring_size > cds_update.max_ring_size) {
2991
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
2992
- absl::StrCat(
2993
- cluster_name,
2994
- ": min_ring_size cannot be greater than max_ring_size.")
2995
- .c_str()));
2996
- resource_names_failed->insert(cluster_name);
2997
- continue;
2998
- }
3075
+ }
3076
+ const google_protobuf_UInt64Value* min_ring_size =
3077
+ envoy_config_cluster_v3_Cluster_RingHashLbConfig_minimum_ring_size(
3078
+ ring_hash_config);
3079
+ if (min_ring_size != nullptr) {
3080
+ cds_update->min_ring_size =
3081
+ google_protobuf_UInt64Value_value(min_ring_size);
3082
+ if (cds_update->min_ring_size > 8388608 ||
3083
+ cds_update->min_ring_size == 0) {
3084
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
3085
+ "min_ring_size is not in the range of 1 to 8388608."));
2999
3086
  }
3000
- if (envoy_config_cluster_v3_Cluster_RingHashLbConfig_hash_function(
3001
- ring_hash_config) !=
3002
- envoy_config_cluster_v3_Cluster_RingHashLbConfig_XX_HASH) {
3003
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
3004
- absl::StrCat(cluster_name,
3005
- ": ring hash lb config has invalid hash function.")
3006
- .c_str()));
3007
- resource_names_failed->insert(cluster_name);
3008
- continue;
3087
+ if (cds_update->min_ring_size > cds_update->max_ring_size) {
3088
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
3089
+ "min_ring_size cannot be greater than max_ring_size."));
3009
3090
  }
3010
3091
  }
3011
- } else {
3012
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
3013
- absl::StrCat(cluster_name, ": LB policy is not supported.").c_str()));
3014
- resource_names_failed->insert(cluster_name);
3015
- continue;
3016
- }
3017
- if (XdsSecurityEnabled()) {
3018
- // Record Upstream tls context
3019
- auto* transport_socket =
3020
- envoy_config_cluster_v3_Cluster_transport_socket(cluster);
3021
- if (transport_socket != nullptr) {
3022
- absl::string_view name = UpbStringToAbsl(
3023
- envoy_config_core_v3_TransportSocket_name(transport_socket));
3024
- if (name == "envoy.transport_sockets.tls") {
3025
- auto* typed_config =
3026
- envoy_config_core_v3_TransportSocket_typed_config(
3027
- transport_socket);
3028
- if (typed_config != nullptr) {
3029
- const upb_strview encoded_upstream_tls_context =
3030
- google_protobuf_Any_value(typed_config);
3031
- auto* upstream_tls_context =
3032
- envoy_extensions_transport_sockets_tls_v3_UpstreamTlsContext_parse(
3033
- encoded_upstream_tls_context.data,
3034
- encoded_upstream_tls_context.size, context.arena);
3035
- if (upstream_tls_context == nullptr) {
3036
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
3037
- absl::StrCat(cluster_name,
3038
- ": Can't decode upstream tls context.")
3039
- .c_str()));
3040
- resource_names_failed->insert(cluster_name);
3041
- continue;
3042
- }
3043
- auto* common_tls_context =
3044
- envoy_extensions_transport_sockets_tls_v3_UpstreamTlsContext_common_tls_context(
3045
- upstream_tls_context);
3046
- if (common_tls_context != nullptr) {
3047
- grpc_error_handle error = CommonTlsContextParse(
3048
- common_tls_context, &cds_update.common_tls_context);
3049
- if (error != GRPC_ERROR_NONE) {
3050
- errors.push_back(grpc_error_add_child(
3051
- GRPC_ERROR_CREATE_FROM_COPIED_STRING(
3052
- absl::StrCat(cluster_name, ": error in TLS context")
3053
- .c_str()),
3054
- error));
3055
- resource_names_failed->insert(cluster_name);
3056
- continue;
3057
- }
3058
- }
3059
- }
3060
- if (cds_update.common_tls_context.combined_validation_context
3061
- .validation_context_certificate_provider_instance
3062
- .instance_name.empty()) {
3063
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
3064
- absl::StrCat(cluster_name,
3065
- "TLS configuration provided but no "
3066
- "validation_context_certificate_provider_instance "
3067
- "found.")
3068
- .c_str()));
3069
- resource_names_failed->insert(cluster_name);
3070
- continue;
3071
- }
3072
- }
3092
+ if (envoy_config_cluster_v3_Cluster_RingHashLbConfig_hash_function(
3093
+ ring_hash_config) !=
3094
+ envoy_config_cluster_v3_Cluster_RingHashLbConfig_XX_HASH) {
3095
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
3096
+ "ring hash lb config has invalid hash function."));
3073
3097
  }
3074
3098
  }
3075
- // Record LRS server name (if any).
3076
- const envoy_config_core_v3_ConfigSource* lrs_server =
3077
- envoy_config_cluster_v3_Cluster_lrs_server(cluster);
3078
- if (lrs_server != nullptr) {
3079
- if (!envoy_config_core_v3_ConfigSource_has_self(lrs_server)) {
3080
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
3081
- absl::StrCat(cluster_name, ": LRS ConfigSource is not self.")
3082
- .c_str()));
3083
- resource_names_failed->insert(cluster_name);
3084
- continue;
3085
- }
3086
- cds_update.lrs_load_reporting_server_name.emplace("");
3087
- }
3088
- // The Cluster resource encodes the circuit breaking parameters in a list of
3089
- // Thresholds messages, where each message specifies the parameters for a
3090
- // particular RoutingPriority. we will look only at the first entry in the
3091
- // list for priority DEFAULT and default to 1024 if not found.
3092
- if (envoy_config_cluster_v3_Cluster_has_circuit_breakers(cluster)) {
3093
- const envoy_config_cluster_v3_CircuitBreakers* circuit_breakers =
3094
- envoy_config_cluster_v3_Cluster_circuit_breakers(cluster);
3095
- size_t num_thresholds;
3096
- const envoy_config_cluster_v3_CircuitBreakers_Thresholds* const*
3097
- thresholds = envoy_config_cluster_v3_CircuitBreakers_thresholds(
3098
- circuit_breakers, &num_thresholds);
3099
- for (size_t i = 0; i < num_thresholds; ++i) {
3100
- const auto* threshold = thresholds[i];
3101
- if (envoy_config_cluster_v3_CircuitBreakers_Thresholds_priority(
3102
- threshold) == envoy_config_core_v3_DEFAULT) {
3103
- const google_protobuf_UInt32Value* max_requests =
3104
- envoy_config_cluster_v3_CircuitBreakers_Thresholds_max_requests(
3105
- threshold);
3106
- if (max_requests != nullptr) {
3107
- cds_update.max_concurrent_requests =
3108
- google_protobuf_UInt32Value_value(max_requests);
3109
- }
3110
- break;
3099
+ } else {
3100
+ errors.push_back(
3101
+ GRPC_ERROR_CREATE_FROM_STATIC_STRING("LB policy is not supported."));
3102
+ }
3103
+ auto* transport_socket =
3104
+ envoy_config_cluster_v3_Cluster_transport_socket(cluster);
3105
+ if (transport_socket != nullptr) {
3106
+ grpc_error_handle error = UpstreamTlsContextParse(
3107
+ context, transport_socket, &cds_update->common_tls_context);
3108
+ if (error != GRPC_ERROR_NONE) {
3109
+ errors.push_back(
3110
+ grpc_error_add_child(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
3111
+ "Error parsing security configuration"),
3112
+ error));
3113
+ }
3114
+ }
3115
+ // Record LRS server name (if any).
3116
+ const envoy_config_core_v3_ConfigSource* lrs_server =
3117
+ envoy_config_cluster_v3_Cluster_lrs_server(cluster);
3118
+ if (lrs_server != nullptr) {
3119
+ if (!envoy_config_core_v3_ConfigSource_has_self(lrs_server)) {
3120
+ errors.push_back(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
3121
+ ": LRS ConfigSource is not self."));
3122
+ }
3123
+ cds_update->lrs_load_reporting_server_name.emplace("");
3124
+ }
3125
+ // The Cluster resource encodes the circuit breaking parameters in a list of
3126
+ // Thresholds messages, where each message specifies the parameters for a
3127
+ // particular RoutingPriority. we will look only at the first entry in the
3128
+ // list for priority DEFAULT and default to 1024 if not found.
3129
+ if (envoy_config_cluster_v3_Cluster_has_circuit_breakers(cluster)) {
3130
+ const envoy_config_cluster_v3_CircuitBreakers* circuit_breakers =
3131
+ envoy_config_cluster_v3_Cluster_circuit_breakers(cluster);
3132
+ size_t num_thresholds;
3133
+ const envoy_config_cluster_v3_CircuitBreakers_Thresholds* const*
3134
+ thresholds = envoy_config_cluster_v3_CircuitBreakers_thresholds(
3135
+ circuit_breakers, &num_thresholds);
3136
+ for (size_t i = 0; i < num_thresholds; ++i) {
3137
+ const auto* threshold = thresholds[i];
3138
+ if (envoy_config_cluster_v3_CircuitBreakers_Thresholds_priority(
3139
+ threshold) == envoy_config_core_v3_DEFAULT) {
3140
+ const google_protobuf_UInt32Value* max_requests =
3141
+ envoy_config_cluster_v3_CircuitBreakers_Thresholds_max_requests(
3142
+ threshold);
3143
+ if (max_requests != nullptr) {
3144
+ cds_update->max_concurrent_requests =
3145
+ google_protobuf_UInt32Value_value(max_requests);
3111
3146
  }
3147
+ break;
3112
3148
  }
3113
3149
  }
3114
3150
  }
3115
- return GRPC_ERROR_CREATE_FROM_VECTOR("errors parsing CDS response", &errors);
3151
+ return GRPC_ERROR_CREATE_FROM_VECTOR("errors parsing CDS resource", &errors);
3116
3152
  }
3117
3153
 
3118
3154
  grpc_error_handle ServerAddressParseAndAppend(
@@ -3246,12 +3282,79 @@ grpc_error_handle DropParseAndAppend(
3246
3282
  return GRPC_ERROR_NONE;
3247
3283
  }
3248
3284
 
3249
- grpc_error_handle EdsResponseParse(
3250
- const EncodingContext& context,
3285
+ grpc_error_handle EdsResourceParse(
3286
+ const EncodingContext& /*context*/,
3287
+ const envoy_config_endpoint_v3_ClusterLoadAssignment*
3288
+ cluster_load_assignment,
3289
+ bool /*is_v2*/, XdsApi::EdsUpdate* eds_update) {
3290
+ std::vector<grpc_error_handle> errors;
3291
+ // Get the endpoints.
3292
+ size_t locality_size;
3293
+ const envoy_config_endpoint_v3_LocalityLbEndpoints* const* endpoints =
3294
+ envoy_config_endpoint_v3_ClusterLoadAssignment_endpoints(
3295
+ cluster_load_assignment, &locality_size);
3296
+ for (size_t j = 0; j < locality_size; ++j) {
3297
+ size_t priority;
3298
+ XdsApi::EdsUpdate::Priority::Locality locality;
3299
+ grpc_error_handle error = LocalityParse(endpoints[j], &locality, &priority);
3300
+ if (error != GRPC_ERROR_NONE) {
3301
+ errors.push_back(error);
3302
+ continue;
3303
+ }
3304
+ // Filter out locality with weight 0.
3305
+ if (locality.lb_weight == 0) continue;
3306
+ // Make sure prorities is big enough. Note that they might not
3307
+ // arrive in priority order.
3308
+ while (eds_update->priorities.size() < priority + 1) {
3309
+ eds_update->priorities.emplace_back();
3310
+ }
3311
+ eds_update->priorities[priority].localities.emplace(locality.name.get(),
3312
+ std::move(locality));
3313
+ }
3314
+ for (const auto& priority : eds_update->priorities) {
3315
+ if (priority.localities.empty()) {
3316
+ errors.push_back(
3317
+ GRPC_ERROR_CREATE_FROM_STATIC_STRING("sparse priority list"));
3318
+ }
3319
+ }
3320
+ // Get the drop config.
3321
+ eds_update->drop_config = MakeRefCounted<XdsApi::EdsUpdate::DropConfig>();
3322
+ const envoy_config_endpoint_v3_ClusterLoadAssignment_Policy* policy =
3323
+ envoy_config_endpoint_v3_ClusterLoadAssignment_policy(
3324
+ cluster_load_assignment);
3325
+ if (policy != nullptr) {
3326
+ size_t drop_size;
3327
+ const envoy_config_endpoint_v3_ClusterLoadAssignment_Policy_DropOverload* const*
3328
+ drop_overload =
3329
+ envoy_config_endpoint_v3_ClusterLoadAssignment_Policy_drop_overloads(
3330
+ policy, &drop_size);
3331
+ for (size_t j = 0; j < drop_size; ++j) {
3332
+ grpc_error_handle error =
3333
+ DropParseAndAppend(drop_overload[j], eds_update->drop_config.get());
3334
+ if (error != GRPC_ERROR_NONE) {
3335
+ errors.push_back(
3336
+ grpc_error_add_child(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
3337
+ "drop config validation error"),
3338
+ error));
3339
+ }
3340
+ }
3341
+ }
3342
+ return GRPC_ERROR_CREATE_FROM_VECTOR("errors parsing EDS resource", &errors);
3343
+ }
3344
+
3345
+ template <typename ProtoParseFunction, typename ProtoResourceNameFunction,
3346
+ typename ResourceTypeSelectorFunction, typename ProtoLogFunction,
3347
+ typename ResourceParseFunction, typename UpdateMap>
3348
+ grpc_error_handle AdsResponseParse(
3349
+ const EncodingContext& context, ProtoParseFunction proto_parse_function,
3350
+ ProtoResourceNameFunction proto_resource_name_function,
3351
+ ResourceTypeSelectorFunction resource_type_selector_function,
3352
+ ProtoLogFunction proto_log_function,
3353
+ ResourceParseFunction resource_parse_function,
3251
3354
  const envoy_service_discovery_v3_DiscoveryResponse* response,
3252
- const std::set<absl::string_view>& expected_eds_service_names,
3253
- XdsApi::EdsUpdateMap* eds_update_map,
3254
- std::set<std::string>* resource_names_failed) {
3355
+ const char* resource_type_string,
3356
+ const std::set<absl::string_view>& expected_resource_names,
3357
+ UpdateMap* update_map, std::set<std::string>* resource_names_failed) {
3255
3358
  std::vector<grpc_error_handle> errors;
3256
3359
  // Get the resources from the response.
3257
3360
  size_t size;
@@ -3261,115 +3364,57 @@ grpc_error_handle EdsResponseParse(
3261
3364
  // Check the type_url of the resource.
3262
3365
  absl::string_view type_url =
3263
3366
  UpbStringToAbsl(google_protobuf_Any_type_url(resources[i]));
3264
- if (!IsEds(type_url)) {
3265
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
3266
- absl::StrCat("resource index ", i, ": Resource is not EDS.")
3267
- .c_str()));
3367
+ bool is_v2 = false;
3368
+ if (!resource_type_selector_function(type_url, &is_v2)) {
3369
+ errors.push_back(GRPC_ERROR_CREATE_FROM_CPP_STRING(
3370
+ absl::StrCat("resource index ", i, ": Resource is not ",
3371
+ resource_type_string, ".")));
3268
3372
  continue;
3269
3373
  }
3270
- // Get the cluster_load_assignment.
3271
- upb_strview encoded_cluster_load_assignment =
3272
- google_protobuf_Any_value(resources[i]);
3273
- envoy_config_endpoint_v3_ClusterLoadAssignment* cluster_load_assignment =
3274
- envoy_config_endpoint_v3_ClusterLoadAssignment_parse(
3275
- encoded_cluster_load_assignment.data,
3276
- encoded_cluster_load_assignment.size, context.arena);
3277
- if (cluster_load_assignment == nullptr) {
3278
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
3279
- absl::StrCat("resource index ", i,
3280
- ": Can't parse cluster_load_assignment.")
3281
- .c_str()));
3374
+ // Parse the resource.
3375
+ upb_strview serialized_resource = google_protobuf_Any_value(resources[i]);
3376
+ auto* resource = proto_parse_function(
3377
+ serialized_resource.data, serialized_resource.size, context.arena);
3378
+ if (resource == nullptr) {
3379
+ errors.push_back(GRPC_ERROR_CREATE_FROM_CPP_STRING(
3380
+ absl::StrCat("resource index ", i, ": Can't parse ",
3381
+ resource_type_string, " resource.")));
3282
3382
  continue;
3283
3383
  }
3284
- MaybeLogClusterLoadAssignment(context, cluster_load_assignment);
3285
- // Check the EDS service name. Ignore unexpected names.
3286
- std::string eds_service_name = UpbStringToStdString(
3287
- envoy_config_endpoint_v3_ClusterLoadAssignment_cluster_name(
3288
- cluster_load_assignment));
3289
- if (expected_eds_service_names.find(eds_service_name) ==
3290
- expected_eds_service_names.end()) {
3384
+ proto_log_function(context, resource);
3385
+ // Check the resource name. Ignore unexpected names.
3386
+ std::string resource_name =
3387
+ UpbStringToStdString(proto_resource_name_function(resource));
3388
+ if (expected_resource_names.find(resource_name) ==
3389
+ expected_resource_names.end()) {
3291
3390
  continue;
3292
3391
  }
3293
3392
  // Fail on duplicate resources.
3294
- if (eds_update_map->find(eds_service_name) != eds_update_map->end()) {
3295
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
3296
- absl::StrCat("duplicate resource name \"", eds_service_name, "\"")
3297
- .c_str()));
3298
- resource_names_failed->insert(eds_service_name);
3393
+ if (update_map->find(resource_name) != update_map->end()) {
3394
+ errors.push_back(GRPC_ERROR_CREATE_FROM_CPP_STRING(
3395
+ absl::StrCat("duplicate resource name \"", resource_name, "\"")));
3396
+ resource_names_failed->insert(resource_name);
3299
3397
  continue;
3300
3398
  }
3301
- // Serialize into JSON and store it in the EdsUpdateMap
3302
- XdsApi::EdsResourceData& eds_resource_data =
3303
- (*eds_update_map)[eds_service_name];
3304
- XdsApi::EdsUpdate& eds_update = eds_resource_data.resource;
3305
- eds_resource_data.serialized_proto =
3306
- UpbStringToStdString(encoded_cluster_load_assignment);
3307
- // Get the endpoints.
3308
- size_t locality_size;
3309
- const envoy_config_endpoint_v3_LocalityLbEndpoints* const* endpoints =
3310
- envoy_config_endpoint_v3_ClusterLoadAssignment_endpoints(
3311
- cluster_load_assignment, &locality_size);
3312
- grpc_error_handle error = GRPC_ERROR_NONE;
3313
- for (size_t j = 0; j < locality_size; ++j) {
3314
- size_t priority;
3315
- XdsApi::EdsUpdate::Priority::Locality locality;
3316
- error = LocalityParse(endpoints[j], &locality, &priority);
3317
- if (error != GRPC_ERROR_NONE) break;
3318
- // Filter out locality with weight 0.
3319
- if (locality.lb_weight == 0) continue;
3320
- // Make sure prorities is big enough. Note that they might not
3321
- // arrive in priority order.
3322
- while (eds_update.priorities.size() < priority + 1) {
3323
- eds_update.priorities.emplace_back();
3324
- }
3325
- eds_update.priorities[priority].localities.emplace(locality.name.get(),
3326
- std::move(locality));
3327
- }
3399
+ // Validate resource.
3400
+ decltype(UpdateMap::mapped_type::resource) update;
3401
+ grpc_error_handle error =
3402
+ resource_parse_function(context, resource, is_v2, &update);
3328
3403
  if (error != GRPC_ERROR_NONE) {
3329
- errors.push_back(grpc_error_add_child(
3330
- GRPC_ERROR_CREATE_FROM_COPIED_STRING(
3331
- absl::StrCat(eds_service_name, ": locality validation error")
3332
- .c_str()),
3333
- error));
3334
- resource_names_failed->insert(eds_service_name);
3335
- continue;
3336
- }
3337
- for (const auto& priority : eds_update.priorities) {
3338
- if (priority.localities.empty()) {
3339
- errors.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
3340
- absl::StrCat(eds_service_name, ": sparse priority list").c_str()));
3341
- resource_names_failed->insert(eds_service_name);
3342
- continue;
3343
- }
3344
- }
3345
- // Get the drop config.
3346
- eds_update.drop_config = MakeRefCounted<XdsApi::EdsUpdate::DropConfig>();
3347
- const envoy_config_endpoint_v3_ClusterLoadAssignment_Policy* policy =
3348
- envoy_config_endpoint_v3_ClusterLoadAssignment_policy(
3349
- cluster_load_assignment);
3350
- if (policy != nullptr) {
3351
- size_t drop_size;
3352
- const envoy_config_endpoint_v3_ClusterLoadAssignment_Policy_DropOverload* const*
3353
- drop_overload =
3354
- envoy_config_endpoint_v3_ClusterLoadAssignment_Policy_drop_overloads(
3355
- policy, &drop_size);
3356
- for (size_t j = 0; j < drop_size; ++j) {
3357
- error =
3358
- DropParseAndAppend(drop_overload[j], eds_update.drop_config.get());
3359
- if (error != GRPC_ERROR_NONE) break;
3360
- }
3361
- if (error != GRPC_ERROR_NONE) {
3362
- errors.push_back(grpc_error_add_child(
3363
- GRPC_ERROR_CREATE_FROM_COPIED_STRING(
3364
- absl::StrCat(eds_service_name, ": drop config validation error")
3365
- .c_str()),
3366
- error));
3367
- resource_names_failed->insert(eds_service_name);
3368
- continue;
3369
- }
3404
+ errors.push_back(
3405
+ grpc_error_add_child(GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrCat(
3406
+ resource_name, ": validation error")),
3407
+ error));
3408
+ resource_names_failed->insert(resource_name);
3409
+ } else {
3410
+ // Store result in update map, in both validated and serialized form.
3411
+ auto& resource_data = (*update_map)[resource_name];
3412
+ resource_data.resource = std::move(update);
3413
+ resource_data.serialized_proto =
3414
+ UpbStringToStdString(serialized_resource);
3370
3415
  }
3371
3416
  }
3372
- return GRPC_ERROR_CREATE_FROM_VECTOR("errors parsing EDS response", &errors);
3417
+ return GRPC_ERROR_CREATE_FROM_VECTOR("errors parsing ADS response", &errors);
3373
3418
  }
3374
3419
 
3375
3420
  std::string TypeUrlInternalToExternal(absl::string_view type_url) {
@@ -3385,13 +3430,25 @@ std::string TypeUrlInternalToExternal(absl::string_view type_url) {
3385
3430
  return std::string(type_url);
3386
3431
  }
3387
3432
 
3388
- template <typename UpdateMap>
3389
- void MoveUpdatesToFailedSet(UpdateMap* update_map,
3390
- std::set<std::string>* resource_names_failed) {
3391
- for (const auto& p : *update_map) {
3392
- resource_names_failed->insert(p.first);
3393
- }
3394
- update_map->clear();
3433
+ upb_strview LdsResourceName(
3434
+ const envoy_config_listener_v3_Listener* lds_resource) {
3435
+ return envoy_config_listener_v3_Listener_name(lds_resource);
3436
+ }
3437
+
3438
+ upb_strview RdsResourceName(
3439
+ const envoy_config_route_v3_RouteConfiguration* rds_resource) {
3440
+ return envoy_config_route_v3_RouteConfiguration_name(rds_resource);
3441
+ }
3442
+
3443
+ upb_strview CdsResourceName(
3444
+ const envoy_config_cluster_v3_Cluster* cds_resource) {
3445
+ return envoy_config_cluster_v3_Cluster_name(cds_resource);
3446
+ }
3447
+
3448
+ upb_strview EdsResourceName(
3449
+ const envoy_config_endpoint_v3_ClusterLoadAssignment* eds_resource) {
3450
+ return envoy_config_endpoint_v3_ClusterLoadAssignment_cluster_name(
3451
+ eds_resource);
3395
3452
  }
3396
3453
 
3397
3454
  } // namespace
@@ -3404,8 +3461,12 @@ XdsApi::AdsParseResult XdsApi::ParseAdsResponse(
3404
3461
  const std::set<absl::string_view>& expected_eds_service_names) {
3405
3462
  AdsParseResult result;
3406
3463
  upb::Arena arena;
3407
- const EncodingContext context = {client_, tracer_, symtab_.ptr(), arena.ptr(),
3408
- server.ShouldUseV3()};
3464
+ const EncodingContext context = {client_,
3465
+ tracer_,
3466
+ symtab_.ptr(),
3467
+ arena.ptr(),
3468
+ server.ShouldUseV3(),
3469
+ certificate_provider_definition_map_};
3409
3470
  // Decode the response.
3410
3471
  const envoy_service_discovery_v3_DiscoveryResponse* response =
3411
3472
  envoy_service_discovery_v3_DiscoveryResponse_parse(
@@ -3426,38 +3487,33 @@ XdsApi::AdsParseResult XdsApi::ParseAdsResponse(
3426
3487
  result.nonce = UpbStringToStdString(
3427
3488
  envoy_service_discovery_v3_DiscoveryResponse_nonce(response));
3428
3489
  // Parse the response according to the resource type.
3490
+ // TODO(roth): When we have time, consider defining an interface for the
3491
+ // methods of each resource type, so that we don't have to pass
3492
+ // individual functions into each call to AdsResponseParse().
3429
3493
  if (IsLds(result.type_url)) {
3430
- result.parse_error =
3431
- LdsResponseParse(context, response, expected_listener_names,
3432
- &result.lds_update_map, &result.resource_names_failed);
3433
- if (result.parse_error != GRPC_ERROR_NONE) {
3434
- MoveUpdatesToFailedSet(&result.lds_update_map,
3435
- &result.resource_names_failed);
3436
- }
3494
+ result.parse_error = AdsResponseParse(
3495
+ context, envoy_config_listener_v3_Listener_parse, LdsResourceName,
3496
+ IsLds, MaybeLogListener, LdsResourceParse, response, "LDS",
3497
+ expected_listener_names, &result.lds_update_map,
3498
+ &result.resource_names_failed);
3437
3499
  } else if (IsRds(result.type_url)) {
3438
- result.parse_error =
3439
- RdsResponseParse(context, response, expected_route_configuration_names,
3440
- &result.rds_update_map, &result.resource_names_failed);
3441
- if (result.parse_error != GRPC_ERROR_NONE) {
3442
- MoveUpdatesToFailedSet(&result.rds_update_map,
3443
- &result.resource_names_failed);
3444
- }
3500
+ result.parse_error = AdsResponseParse(
3501
+ context, envoy_config_route_v3_RouteConfiguration_parse,
3502
+ RdsResourceName, IsRds, MaybeLogRouteConfiguration, RouteConfigParse,
3503
+ response, "RDS", expected_route_configuration_names,
3504
+ &result.rds_update_map, &result.resource_names_failed);
3445
3505
  } else if (IsCds(result.type_url)) {
3446
- result.parse_error =
3447
- CdsResponseParse(context, response, expected_cluster_names,
3448
- &result.cds_update_map, &result.resource_names_failed);
3449
- if (result.parse_error != GRPC_ERROR_NONE) {
3450
- MoveUpdatesToFailedSet(&result.cds_update_map,
3451
- &result.resource_names_failed);
3452
- }
3506
+ result.parse_error = AdsResponseParse(
3507
+ context, envoy_config_cluster_v3_Cluster_parse, CdsResourceName, IsCds,
3508
+ MaybeLogCluster, CdsResourceParse, response, "CDS",
3509
+ expected_cluster_names, &result.cds_update_map,
3510
+ &result.resource_names_failed);
3453
3511
  } else if (IsEds(result.type_url)) {
3454
- result.parse_error =
3455
- EdsResponseParse(context, response, expected_eds_service_names,
3456
- &result.eds_update_map, &result.resource_names_failed);
3457
- if (result.parse_error != GRPC_ERROR_NONE) {
3458
- MoveUpdatesToFailedSet(&result.eds_update_map,
3459
- &result.resource_names_failed);
3460
- }
3512
+ result.parse_error = AdsResponseParse(
3513
+ context, envoy_config_endpoint_v3_ClusterLoadAssignment_parse,
3514
+ EdsResourceName, IsEds, MaybeLogClusterLoadAssignment, EdsResourceParse,
3515
+ response, "EDS", expected_eds_service_names, &result.eds_update_map,
3516
+ &result.resource_names_failed);
3461
3517
  }
3462
3518
  return result;
3463
3519
  }
@@ -3492,8 +3548,12 @@ grpc_slice SerializeLrsRequest(
3492
3548
  grpc_slice XdsApi::CreateLrsInitialRequest(
3493
3549
  const XdsBootstrap::XdsServer& server) {
3494
3550
  upb::Arena arena;
3495
- const EncodingContext context = {client_, tracer_, symtab_.ptr(), arena.ptr(),
3496
- server.ShouldUseV3()};
3551
+ const EncodingContext context = {client_,
3552
+ tracer_,
3553
+ symtab_.ptr(),
3554
+ arena.ptr(),
3555
+ server.ShouldUseV3(),
3556
+ certificate_provider_definition_map_};
3497
3557
  // Create a request.
3498
3558
  envoy_service_load_stats_v3_LoadStatsRequest* request =
3499
3559
  envoy_service_load_stats_v3_LoadStatsRequest_new(arena.ptr());
@@ -3563,8 +3623,9 @@ void LocalityStatsPopulate(
3563
3623
  grpc_slice XdsApi::CreateLrsRequest(
3564
3624
  ClusterLoadReportMap cluster_load_report_map) {
3565
3625
  upb::Arena arena;
3566
- const EncodingContext context = {client_, tracer_, symtab_.ptr(), arena.ptr(),
3567
- false};
3626
+ const EncodingContext context = {
3627
+ client_, tracer_, symtab_.ptr(),
3628
+ arena.ptr(), false, certificate_provider_definition_map_};
3568
3629
  // Create a request.
3569
3630
  envoy_service_load_stats_v3_LoadStatsRequest* request =
3570
3631
  envoy_service_load_stats_v3_LoadStatsRequest_new(arena.ptr());
@@ -3897,8 +3958,9 @@ std::string XdsApi::AssembleClientConfig(
3897
3958
  // Fill-in the node information
3898
3959
  auto* node = envoy_service_status_v3_ClientConfig_mutable_node(client_config,
3899
3960
  arena.ptr());
3900
- const EncodingContext context = {client_, tracer_, symtab_.ptr(), arena.ptr(),
3901
- true};
3961
+ const EncodingContext context = {
3962
+ client_, tracer_, symtab_.ptr(),
3963
+ arena.ptr(), true, certificate_provider_definition_map_};
3902
3964
  PopulateNode(context, node_, build_version_, user_agent_name_,
3903
3965
  user_agent_version_, node);
3904
3966
  // Dump each xDS-type config into PerXdsConfig