Skip to content

Commit b1cb61d

Browse files
kralickykralicky
authored
Merge pull request #146 from pomerium/kralicky/fix-eds-resource-removal
eds: handle resource removal by clearing endpoints
2 parents b634c32 + fc6c99e commit b1cb61d

File tree

2 files changed

+29
-3
lines changed

2 files changed

+29
-3
lines changed

source/extensions/filters/network/ssh/reverse_tunnel.cc

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1308,9 +1308,15 @@ absl::Status SshReverseTunnelCluster::onConfigUpdate(const std::vector<Config::D
13081308
}
13091309

13101310
absl::Status SshReverseTunnelCluster::onConfigUpdate(const std::vector<Config::DecodedResourceRef>& added_resources,
1311-
const Protobuf::RepeatedPtrField<std::string>&,
1311+
const Protobuf::RepeatedPtrField<std::string>& removed_resources,
13121312
const std::string&) {
1313-
// On a delta xds update, rebuild using only the added resource. Same logic as the EDS cluster
1313+
1314+
if (added_resources.empty() && removed_resources.size() == 1) {
1315+
ASSERT(removed_resources[0] == edsServiceName());
1316+
envoy::config::endpoint::v3::ClusterLoadAssignment empty;
1317+
empty.set_cluster_name(removed_resources[0]);
1318+
return update(empty);
1319+
}
13141320
return onConfigUpdate(added_resources, "");
13151321
}
13161322

test/extensions/filters/network/ssh/reverse_tunnel_test.cc

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1569,11 +1569,31 @@ TEST_F(SshReverseTunnelClusterUnitTest, DeltaXdsConfigUpdate) {
15691569
auto* resource = resources.Add();
15701570
envoy::config::endpoint::v3::ClusterLoadAssignment cluster_load_assignment;
15711571
cluster_load_assignment.set_cluster_name("test_cluster");
1572+
1573+
auto* endpoint = cluster_load_assignment.add_endpoints()->add_lb_endpoints();
1574+
pomerium::extensions::ssh::EndpointMetadata endpointMetadata;
1575+
endpointMetadata.mutable_matched_permission()->set_requested_host("example");
1576+
endpointMetadata.mutable_matched_permission()->set_requested_port(443);
1577+
endpointMetadata.mutable_server_port()->set_value(443);
1578+
(*endpoint
1579+
->mutable_metadata()
1580+
->mutable_typed_filter_metadata())["com.pomerium.ssh.endpoint"]
1581+
.PackFrom(endpointMetadata);
1582+
endpoint->set_health_status(envoy::config::core::v3::HealthStatus::HEALTHY);
1583+
auto* socketAddress = endpoint->mutable_endpoint()->mutable_address()->mutable_socket_address();
1584+
socketAddress->set_address("ssh:123456");
1585+
socketAddress->set_port_value(12345);
1586+
15721587
resource->mutable_resource()->PackFrom(cluster_load_assignment);
15731588
const auto decoded_resources =
15741589
TestUtility::decodeResources<envoy::config::endpoint::v3::ClusterLoadAssignment>(
15751590
resources, "cluster_name");
1576-
ASSERT_OK(reverseTunnelCluster->onConfigUpdate(decoded_resources.refvec_, {}, "v1"));
1591+
ASSERT_OK(reverseTunnelCluster->onConfigUpdate(decoded_resources.refvec_, {}, ""));
1592+
ASSERT_EQ(1, reverseTunnelCluster->prioritySet().crossPriorityHostMap()->size());
1593+
Protobuf::RepeatedPtrField<std::string> removed;
1594+
removed.Add("test_cluster");
1595+
ASSERT_OK(reverseTunnelCluster->onConfigUpdate({}, removed, ""));
1596+
ASSERT_EQ(0, reverseTunnelCluster->prioritySet().crossPriorityHostMap()->size());
15771597
}
15781598

15791599
} // namespace test

0 commit comments

Comments
 (0)