address comments by ai

Author: jrhee17

it/xds-client/src/test/java/com/linecorp/armeria/xds/it/DataSourceTest.java

@@ -20,9 +20,9 @@
 import static org.awaitility.Awaitility.await;
 
 import java.io.File;
-import java.time.Duration;
 import java.nio.file.Files;
 import java.nio.file.StandardCopyOption;
+import java.time.Duration;
 import java.util.Base64;
 import java.util.concurrent.atomic.AtomicLong;
 import java.util.concurrent.atomic.AtomicReference;

it/xds-client/src/test/java/com/linecorp/armeria/xds/it/DynamicSecretTest.java

@@ -419,8 +419,7 @@ void sdsTlsCertificateOnly() throws Exception {
             assertThat(certSnapshot).isNotNull();
             assertThat(certSnapshot.tlsKeyPair()).isEqualTo(certificate1.tlsKeyPair());
             final CertificateValidationContextSnapshot validationContext = tlsSnapshot.validationContext();
-            assertThat(validationContext).isNotNull();
-            assertThat(validationContext.trustedCa()).isNull();
+            assertThat(validationContext).isNull();
         }
     }
 
@@ -521,8 +520,7 @@ void sdsValidationContextOnly() throws Exception {
                     tlsSnapshot = listenerSnapshot.routeSnapshot().virtualHostSnapshots().get(0)
                                                   .routeEntries().get(0).clusterSnapshot().transportSocket();
             final TlsCertificateSnapshot certSnapshot = tlsSnapshot.tlsCertificate();
-            assertThat(certSnapshot).isNotNull();
-            assertThat(certSnapshot.tlsKeyPair()).isNull();
+            assertThat(certSnapshot).isNull();
             final CertificateValidationContextSnapshot validationContext = tlsSnapshot.validationContext();
             assertThat(validationContext).isNotNull();
             assertThat(validationContext.trustedCa()).containsExactly(certificate2.certificate());

it/xds-client/src/test/java/com/linecorp/armeria/xds/it/XdsResourceReader.java

@@ -69,6 +69,7 @@ public static <T extends GeneratedMessage> T fromYaml(String yaml, Class<T> claz
                                                             .addEscape('\\', "\\\\")
                                                             .addEscape('"', "\\\"")
                                                             .addEscape('\n', "\\n")
+                                                            .addEscape('\r', "\\r")
                                                             .build();
 
     static String escapeMultiLine(String str) {

xds/src/main/java/com/linecorp/armeria/xds/DataSourceStream.java

@@ -57,11 +57,13 @@ protected Subscription onStart(SnapshotWatcher<Optional<ByteString>> watcher) {
         }
         if (dataSource.hasInlineBytes()) {
             final byte[] bytes = dataSource.getInlineBytes().toByteArray();
-            watcher.onUpdate(Optional.of(ByteString.copyFrom(bytes)), null);
-        } else if (dataSource.hasInlineString()) {
+            return SnapshotStream.just(Optional.of(ByteString.copyFrom(bytes))).subscribe(watcher);
+        }
+        if (dataSource.hasInlineString()) {
             final byte[] bytes = dataSource.getInlineString().getBytes(StandardCharsets.UTF_8);
-            watcher.onUpdate(Optional.of(ByteString.copyFrom(bytes)), null);
-        } else if (dataSource.hasEnvironmentVariable()) {
+            return SnapshotStream.just(Optional.of(ByteString.copyFrom(bytes))).subscribe(watcher);
+        }
+        if (dataSource.hasEnvironmentVariable()) {
             final String envVar = dataSource.getEnvironmentVariable();
             final String envVarValue = System.getenv(envVar);
             if (envVarValue == null) {
@@ -70,8 +72,9 @@ protected Subscription onStart(SnapshotWatcher<Optional<ByteString>> watcher) {
                 return SnapshotStream.<Optional<ByteString>>error(e).subscribe(watcher);
             }
             final byte[] bytes = envVarValue.getBytes(StandardCharsets.UTF_8);
-            watcher.onUpdate(Optional.of(ByteString.copyFrom(bytes)), null);
-        } else if (dataSource.hasFilename()) {
+            return SnapshotStream.just(Optional.of(ByteString.copyFrom(bytes))).subscribe(watcher);
+        }
+        if (dataSource.hasFilename()) {
             final String filename = dataSource.getFilename();
             final Path filePath = Paths.get(filename).toAbsolutePath();
             Path dirPath = filePath.getParent();
@@ -99,11 +102,9 @@ protected Subscription onStart(SnapshotWatcher<Optional<ByteString>> watcher) {
                     }
                 });
             };
-        } else {
-            final IllegalArgumentException e = new IllegalArgumentException(
-                    String.format("Unexpected data source type '%s'", dataSource.getSpecifierCase()));
-            return SnapshotStream.<Optional<ByteString>>error(e).subscribe(watcher);
         }
-        return SnapshotStream.<ByteString>empty().subscribe(watcher);
+        final IllegalArgumentException e = new IllegalArgumentException(
+                String.format("Unexpected data source type '%s'", dataSource.getSpecifierCase()));
+        return SnapshotStream.<Optional<ByteString>>error(e).subscribe(watcher);
     }
 }

xds/src/main/java/com/linecorp/armeria/xds/TransportSocketSnapshot.java

@@ -16,6 +16,8 @@
 
 package com.linecorp.armeria.xds;
 
+import java.util.Optional;
+
 import com.linecorp.armeria.common.annotation.Nullable;
 import com.linecorp.armeria.common.annotation.UnstableApi;
 
@@ -36,15 +38,17 @@ public final class TransportSocketSnapshot implements Snapshot<TransportSocket>
     private final CertificateValidationContextSnapshot validationContext;
 
     TransportSocketSnapshot(TransportSocket transportSocket) {
-        this(transportSocket, null, null);
+        this.transportSocket = transportSocket;
+        tlsCertificate = null;
+        validationContext = null;
     }
 
     TransportSocketSnapshot(TransportSocket transportSocket,
-                            @Nullable TlsCertificateSnapshot tlsCertificate,
-                            @Nullable CertificateValidationContextSnapshot validationContext) {
+                            Optional<TlsCertificateSnapshot> tlsCertificate,
+                            Optional<CertificateValidationContextSnapshot> validationContext) {
         this.transportSocket = transportSocket;
-        this.tlsCertificate = tlsCertificate;
-        this.validationContext = validationContext;
+        this.tlsCertificate = tlsCertificate.orElse(null);
+        this.validationContext = validationContext.orElse(null);
     }
 
     @Override

xds/src/main/java/com/linecorp/armeria/xds/TransportSocketStream.java

@@ -16,11 +16,12 @@
 
 package com.linecorp.armeria.xds;
 
+import java.util.Optional;
+
 import com.linecorp.armeria.common.annotation.Nullable;
 
 import io.envoyproxy.envoy.config.core.v3.ConfigSource;
 import io.envoyproxy.envoy.config.core.v3.TransportSocket;
-import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CombinedCertificateValidationContext;
 import io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig;
@@ -52,47 +53,50 @@ protected Subscription onStart(SnapshotWatcher<TransportSocketSnapshot> watcher)
                                                                                UpstreamTlsContext.class);
         final CommonTlsContext commonTlsContext = tlsContext.getCommonTlsContext();
 
-        final SnapshotStream<CertificateValidationContextSnapshot> validationStream;
+        final SnapshotStream<Optional<CertificateValidationContextSnapshot>> validationStream;
 
         if (commonTlsContext.hasValidationContext()) {
             final Secret secret = Secret.newBuilder()
                                         .setValidationContext(commonTlsContext.getValidationContext())
                                         .build();
             final SecretStream secretStream = new SecretStream(secret, context);
-            validationStream = secretStream.switchMap(
-                    resource -> new CertificateValidationContextStream(context, resource));
+            validationStream = secretStream
+                    .switchMap(resource -> new CertificateValidationContextStream(context, resource))
+                    .map(Optional::of);
         } else if (commonTlsContext.hasValidationContextSdsSecretConfig()) {
             final SdsSecretConfig sdsConfig = commonTlsContext.getValidationContextSdsSecretConfig();
             final SecretStream secretStream = new SecretStream(sdsConfig, configSource, context);
-            validationStream = secretStream.switchMap(
-                    resource -> new CertificateValidationContextStream(context, resource));
+            validationStream = secretStream
+                    .switchMap(resource -> new CertificateValidationContextStream(context, resource))
+                    .map(Optional::of);
         } else if (commonTlsContext.hasCombinedValidationContext()) {
             final CombinedCertificateValidationContext combined =
                     commonTlsContext.getCombinedValidationContext();
             final SdsSecretConfig sdsConfig = combined.getValidationContextSdsSecretConfig();
             final SecretStream secretStream = new SecretStream(sdsConfig, configSource, context);
             validationStream = secretStream.switchMap(resource -> new CertificateValidationContextStream(
-                    context, resource, combined.getDefaultValidationContext()));
+                                                   context, resource, combined.getDefaultValidationContext()))
+                                           .map(Optional::of);
         } else {
-            validationStream = SnapshotStream.just(new CertificateValidationContextSnapshot(
-                    CertificateValidationContext.getDefaultInstance()));
+            validationStream = SnapshotStream.empty();
         }
 
-        final SnapshotStream<TlsCertificateSnapshot> tlsCertStream;
+        final SnapshotStream<Optional<TlsCertificateSnapshot>> tlsCertStream;
         if (!commonTlsContext.getTlsCertificatesList().isEmpty()) {
             final TlsCertificate tlsCertificate = commonTlsContext.getTlsCertificatesList().get(0);
             final Secret secret = Secret.newBuilder().setTlsCertificate(tlsCertificate).build();
             final SecretStream secretStream = new SecretStream(secret, context);
-            tlsCertStream = secretStream.switchMap(resource -> new TlsCertificateStream(context, resource));
+            tlsCertStream = secretStream.switchMap(resource -> new TlsCertificateStream(context, resource))
+                                        .map(Optional::of);
         } else if (!commonTlsContext.getTlsCertificateSdsSecretConfigsList().isEmpty()) {
             final SdsSecretConfig sdsConfig =
                     commonTlsContext.getTlsCertificateSdsSecretConfigsList().get(0);
             final SecretStream secretStream = new SecretStream(sdsConfig, configSource, context);
-            tlsCertStream = secretStream.switchMap(resource -> new TlsCertificateStream(context, resource));
+            tlsCertStream = secretStream.switchMap(resource -> new TlsCertificateStream(context, resource))
+                                        .map(Optional::of);
         } else {
             // static
-            tlsCertStream = SnapshotStream.just(
-                    new TlsCertificateSnapshot(TlsCertificate.getDefaultInstance(), null));
+            tlsCertStream = SnapshotStream.empty();
         }
 
         final SnapshotStream<TransportSocketSnapshot> stream =