Save changes.

Author: kannanjgithub

xds/src/test/java/io/grpc/xds/CdsLoadBalancer2Test.java

@@ -107,7 +107,7 @@ public class CdsLoadBalancer2Test {
       .node(BOOTSTRAP_NODE)
       .build();
   private final UpstreamTlsContext upstreamTlsContext =
-      CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true);
+      CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true, null, false);
   private final OutlierDetection outlierDetection = OutlierDetection.create(
       null, null, null, null, SuccessRateEjection.create(null, null, null, null), null);
 

xds/src/test/java/io/grpc/xds/ClusterImplLoadBalancerTest.java

@@ -881,7 +881,7 @@ public void endpointAddressesAttachedWithClusterName() {
   @Test
   public void endpointAddressesAttachedWithTlsConfig_securityEnabledByDefault() {
     UpstreamTlsContext upstreamTlsContext =
-        CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true);
+        CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true, null, false);
     LoadBalancerProvider weightedTargetProvider = new WeightedTargetLoadBalancerProvider();
     WeightedTargetConfig weightedTargetConfig =
         buildWeightedTargetConfig(ImmutableMap.of(locality, 10));
@@ -926,7 +926,7 @@ public void endpointAddressesAttachedWithTlsConfig_securityEnabledByDefault() {
 
     // Config with a new UpstreamTlsContext.
     upstreamTlsContext =
-        CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe1", true);
+        CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe1", true, null, false);
     config = new ClusterImplConfig(CLUSTER, EDS_SERVICE_NAME, LRS_SERVER_INFO,
         null, Collections.<DropOverload>emptyList(),
         GracefulSwitchLoadBalancer.createLoadBalancingPolicyConfig(

xds/src/test/java/io/grpc/xds/ClusterResolverLoadBalancerTest.java

@@ -134,7 +134,7 @@ public class ClusterResolverLoadBalancerTest {
   private final Locality locality3 =
       Locality.create("test-region-3", "test-zone-3", "test-subzone-3");
   private final UpstreamTlsContext tlsContext =
-      CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true);
+      CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true, null, false);
   private final OutlierDetection outlierDetection = OutlierDetection.create(
       100L, 100L, 100L, 100, SuccessRateEjection.create(100, 100, 100, 100),
       FailurePercentageEjection.create(100, 100, 100, 100));

xds/src/test/java/io/grpc/xds/XdsSecurityClientServerTest.java

@@ -546,7 +546,7 @@ private UpstreamTlsContext setBootstrapInfoAndBuildUpstreamTlsContext(String cli
         .buildBootstrapInfo("google_cloud_private_spiffe-client", clientKeyFile, clientPemFile,
             CA_PEM_FILE, null, null, null, null, spiffeFile);
     return CommonTlsContextTestsUtil
-        .buildUpstreamTlsContext("google_cloud_private_spiffe-client", hasIdentityCert);
+        .buildUpstreamTlsContext("google_cloud_private_spiffe-client", hasIdentityCert, null, false);
   }
 
   private UpstreamTlsContext setBootstrapInfoAndBuildUpstreamTlsContextForUsingSystemRootCerts(
@@ -563,7 +563,7 @@ private UpstreamTlsContext setBootstrapInfoAndBuildUpstreamTlsContextForUsingSys
           CertificateValidationContext.newBuilder()
               .setSystemRootCerts(
                   CertificateValidationContext.SystemRootCerts.newBuilder().build())
-              .build());
+              .build(), null, false);
     }
     return CommonTlsContextTestsUtil.buildNewUpstreamTlsContextForCertProviderInstance(
         "google_cloud_private_spiffe-client", "ROOT", null,

xds/src/test/java/io/grpc/xds/internal/security/ClientSslContextProviderFactoryTest.java

@@ -30,7 +30,6 @@
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.TlsCertificate;
 import io.envoyproxy.envoy.type.matcher.v3.StringMatcher;
-import io.grpc.xds.EnvoyServerProtoData;
 import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext;
 import io.grpc.xds.client.Bootstrapper;
 import io.grpc.xds.client.CommonBootstrapperTestUtils;
@@ -80,7 +79,7 @@ public void createCertProviderClientSslContextProvider() throws XdsInitializatio
             "gcp_id",
             "root-default",
             /* alpnProtocols= */ null,
-            /* staticCertValidationContext= */ null);
+            /* staticCertValidationContext= */ null, null, false);
 
     Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
     clientSslContextProviderFactory =
@@ -139,7 +138,7 @@ public void createCertProviderClientSslContextProvider_onlyRootCert()
                     "gcp_id",
                     "root-default",
                     /* alpnProtocols= */ null,
-                    /* staticCertValidationContext= */ null);
+                    /* staticCertValidationContext= */ null, null, false);
 
     Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
     clientSslContextProviderFactory =
@@ -173,7 +172,7 @@ public void createCertProviderClientSslContextProvider_withStaticContext()
                     "gcp_id",
                     "root-default",
                     /* alpnProtocols= */ null,
-                    staticCertValidationContext);
+                    staticCertValidationContext, null, false);
 
     Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
     clientSslContextProviderFactory =
@@ -203,7 +202,7 @@ public void createCertProviderClientSslContextProvider_2providers()
             "file_provider",
             "root-default",
             /* alpnProtocols= */ null,
-            /* staticCertValidationContext= */ null);
+            /* staticCertValidationContext= */ null, null, false);
 
     Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
     clientSslContextProviderFactory =

xds/src/test/java/io/grpc/xds/internal/security/CommonTlsContextTestsUtil.java

@@ -149,23 +149,28 @@ public static String getTempFileNameForResourcesFile(String resFile) throws IOEx
    * Helper method to build UpstreamTlsContext for above tests. Called from other classes as well.
    */
   static EnvoyServerProtoData.UpstreamTlsContext buildUpstreamTlsContext(
-      CommonTlsContext commonTlsContext) {
-    UpstreamTlsContext upstreamTlsContext =
-        UpstreamTlsContext.newBuilder().setCommonTlsContext(commonTlsContext).build();
+      CommonTlsContext commonTlsContext, String sni, boolean autoHostSni) {
+    UpstreamTlsContext.Builder upstreamTlsContext =
+        UpstreamTlsContext.newBuilder().setCommonTlsContext(commonTlsContext).setAutoHostSni(autoHostSni);
+    if (sni != null) {
+      upstreamTlsContext.setSni(sni);
+    }
     return EnvoyServerProtoData.UpstreamTlsContext.fromEnvoyProtoUpstreamTlsContext(
-        upstreamTlsContext);
+        upstreamTlsContext.build());
   }
 
   /** Helper method to build UpstreamTlsContext for multiple test classes. */
   public static EnvoyServerProtoData.UpstreamTlsContext buildUpstreamTlsContext(
-      String commonInstanceName, boolean hasIdentityCert) {
+      String commonInstanceName, boolean hasIdentityCert, String sni, boolean autoHostSni) {
     return buildUpstreamTlsContextForCertProviderInstance(
         hasIdentityCert ? commonInstanceName : null,
         hasIdentityCert ? "default" : null,
         commonInstanceName,
         "ROOT",
         null,
-        null);
+        null,
+        sni,
+        autoHostSni);
   }
 
   /** Gets a cert from contents of a resource. */
@@ -271,20 +276,21 @@ private static CommonTlsContext.Builder addNewCertificateValidationContext(
   /** Helper method to build UpstreamTlsContext for CertProvider tests. */
   public static EnvoyServerProtoData.UpstreamTlsContext
       buildUpstreamTlsContextForCertProviderInstance(
-          @Nullable String certInstanceName,
-          @Nullable String certName,
-          @Nullable String rootInstanceName,
-          @Nullable String rootCertName,
-          Iterable<String> alpnProtocols,
-          CertificateValidationContext staticCertValidationContext) {
+      @Nullable String certInstanceName,
+      @Nullable String certName,
+      @Nullable String rootInstanceName,
+      @Nullable String rootCertName,
+      Iterable<String> alpnProtocols,
+      CertificateValidationContext staticCertValidationContext, String sni, boolean autoHostSni) {
     return buildUpstreamTlsContext(
         buildCommonTlsContextForCertProviderInstance(
             certInstanceName,
             certName,
             rootInstanceName,
             rootCertName,
             alpnProtocols,
-            staticCertValidationContext));
+            staticCertValidationContext),
+        sni, autoHostSni);
   }
 
   /** Helper method to build UpstreamTlsContext for CertProvider tests. */
@@ -303,7 +309,7 @@ private static CommonTlsContext.Builder addNewCertificateValidationContext(
             rootInstanceName,
             rootCertName,
             alpnProtocols,
-            staticCertValidationContext));
+            staticCertValidationContext), null, false);
   }
 
   /** Helper method to build DownstreamTlsContext for CertProvider tests. */

xds/src/test/java/io/grpc/xds/internal/security/SecurityProtocolNegotiatorsTest.java

@@ -124,7 +124,7 @@ public void clientSecurityProtocolNegotiatorNewHandler_noFallback_expectExceptio
   @Test
   public void clientSecurityProtocolNegotiatorNewHandler_withTlsContextAttribute() {
     UpstreamTlsContext upstreamTlsContext =
-        CommonTlsContextTestsUtil.buildUpstreamTlsContext(CommonTlsContext.newBuilder().build());
+        CommonTlsContextTestsUtil.buildUpstreamTlsContext(CommonTlsContext.newBuilder().build(), null, false);
     ClientSecurityProtocolNegotiator pn =
         new ClientSecurityProtocolNegotiator(InternalProtocolNegotiators.plaintext());
     GrpcHttp2ConnectionHandler mockHandler = mock(GrpcHttp2ConnectionHandler.class);
@@ -153,7 +153,7 @@ public void clientSecurityHandler_addLast()
             CA_PEM_FILE, null, null, null, null, null);
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil
-            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
+            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true, null, false);
 
     SslContextProviderSupplier sslContextProviderSupplier =
         new SslContextProviderSupplier(upstreamTlsContext,
@@ -365,7 +365,7 @@ public void clientSecurityProtocolNegotiatorNewHandler_fireProtocolNegotiationEv
             CA_PEM_FILE, null, null, null, null, null);
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil
-            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
+            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true, null, false);
 
     SslContextProviderSupplier sslContextProviderSupplier =
         new SslContextProviderSupplier(upstreamTlsContext,
@@ -416,7 +416,7 @@ public void clientSecurityProtocolNegotiatorNewHandler_handleHandlerRemoved() {
             CA_PEM_FILE, null, null, null, null, null);
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil
-            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
+            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true, null, false);
 
     SslContextProviderSupplier sslContextProviderSupplier =
         new SslContextProviderSupplier(upstreamTlsContext,

xds/src/test/java/io/grpc/xds/internal/security/SslContextProviderSupplierTest.java

@@ -57,18 +57,14 @@ public class SslContextProviderSupplierTest {
 
   private void prepareSupplier(boolean autoHostSni) {
     upstreamTlsContext =
-            CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true);
+            CommonTlsContextTestsUtil.buildUpstreamTlsContext("google_cloud_private_spiffe", true, null, autoHostSni);
     mockSslContextProvider = mock(SslContextProvider.class);
     doReturn(mockSslContextProvider)
             .when(mockTlsContextManager)
             .findOrCreateClientSslContextProvider(eq(upstreamTlsContext), eq(HOSTNAME));
     supplier = new SslContextProviderSupplier(upstreamTlsContext, mockTlsContextManager);
   }
 
-  private EnvoyServerProtoData.UpstreamTlsContext getUpstreamTlsContext(boolean autoHostSni) {
-
-  }
-
   private void callUpdateSslContext() {
     mockCallback = mock(SslContextProvider.Callback.class);
     when(mockCallback.getHostname()).thenReturn(HOSTNAME);
@@ -79,7 +75,7 @@ private void callUpdateSslContext() {
 
   @Test
   public void get_updateSecret() {
-    prepareSupplier();
+    prepareSupplier(false);
     callUpdateSslContext();
     verify(mockTlsContextManager, times(2))
         .findOrCreateClientSslContextProvider(eq(upstreamTlsContext), eq(HOSTNAME));
@@ -103,7 +99,7 @@ public void get_updateSecret() {
 
   @Test
   public void get_onException() {
-    prepareSupplier();
+    prepareSupplier(false);
     callUpdateSslContext();
     ArgumentCaptor<SslContextProvider.Callback> callbackCaptor =
         ArgumentCaptor.forClass(SslContextProvider.Callback.class);
@@ -119,7 +115,7 @@ public void get_onException() {
 
   @Test
   public void testClose() {
-    prepareSupplier();
+    prepareSupplier(false);
     callUpdateSslContext();
     supplier.close();
     verify(mockTlsContextManager, times(1))
@@ -133,7 +129,7 @@ public void testClose() {
 
   @Test
   public void testClose_nullSslContextProvider() {
-    prepareSupplier();
+    prepareSupplier(false);
     doThrow(new NullPointerException()).when(mockTlsContextManager)
         .releaseClientSslContextProvider(null, HOSTNAME);
     supplier.close();

xds/src/test/java/io/grpc/xds/internal/security/TlsContextManagerTest.java

@@ -82,7 +82,7 @@ public void createClientSslContextProvider() {
             CA_PEM_FILE, null, null, null, null, null);
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil
-            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", false);
+            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", false, null, false);
 
     TlsContextManagerImpl tlsContextManagerImpl = new TlsContextManagerImpl(bootstrapInfoForClient);
     SslContextProvider clientSecretProvider =
@@ -126,15 +126,15 @@ public void createClientSslContextProvider_differentInstance() {
             CA_PEM_FILE, "cert-instance-2", CLIENT_KEY_FILE, CLIENT_PEM_FILE, CA_PEM_FILE, null);
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil
-            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", false);
+            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", false, null, false);
 
     TlsContextManagerImpl tlsContextManagerImpl = new TlsContextManagerImpl(bootstrapInfoForClient);
     SslContextProvider clientSecretProvider =
         tlsContextManagerImpl.findOrCreateClientSslContextProvider(upstreamTlsContext, SNI);
     assertThat(clientSecretProvider).isNotNull();
 
     UpstreamTlsContext upstreamTlsContext1 =
-        CommonTlsContextTestsUtil.buildUpstreamTlsContext("cert-instance-2", true);
+        CommonTlsContextTestsUtil.buildUpstreamTlsContext("cert-instance-2", true, null, false);
 
     SslContextProvider clientSecretProvider1 =
         tlsContextManagerImpl.findOrCreateClientSslContextProvider(upstreamTlsContext1, SNI);
@@ -164,7 +164,7 @@ public void createServerSslContextProvider_releaseInstance() {
   public void createClientSslContextProvider_releaseInstance() {
     UpstreamTlsContext upstreamTlsContext =
         CommonTlsContextTestsUtil
-            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true);
+            .buildUpstreamTlsContext("google_cloud_private_spiffe-client", true, null, false);
 
     TlsContextManagerImpl tlsContextManagerImpl =
         new TlsContextManagerImpl(mockClientFactory, mockServerFactory);

xds/src/test/java/io/grpc/xds/internal/security/certprovider/CertProviderClientSslContextProviderTest.java

@@ -81,7 +81,7 @@ private CertProviderClientSslContextProvider getSslContextProvider(
             rootInstanceName,
             "root-default",
             alpnProtocols,
-            staticCertValidationContext);
+            staticCertValidationContext, null, false);
     return (CertProviderClientSslContextProvider)
         certProviderClientSslContextProviderFactory.getProvider(
             upstreamTlsContext,