Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sds api split #4231

Merged
merged 5 commits into from
Aug 24, 2018
Merged

Sds api split #4231

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
cf68bc6
Add Sds api and dummy socket.
JimmyCYJ Aug 22, 2018
b3d0680
Add more files.
JimmyCYJ Aug 22, 2018
0766ff5
Revise per comments.
JimmyCYJ Aug 23, 2018
550287f
Add Cleanup into SdsApi.
JimmyCYJ Aug 23, 2018
1ec1701
Add CallbackManager into SdsApi.
JimmyCYJ Aug 23, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions include/envoy/secret/BUILD
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,16 @@ load(

envoy_package()

envoy_cc_library(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for splitting this PR out, this is very helpful.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Glad that it helps. Will keep PR in good size.

name = "secret_callbacks_interface",
hdrs = ["secret_callbacks.h"],
)

envoy_cc_library(
name = "secret_provider_interface",
hdrs = ["secret_provider.h"],
deps = [
":secret_callbacks_interface",
"//include/envoy/ssl:tls_certificate_config_interface",
],
)
Expand Down
18 changes: 18 additions & 0 deletions include/envoy/secret/secret_callbacks.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#pragma once

#include "envoy/common/pure.h"

namespace Envoy {
namespace Secret {

/**
* Callbacks invoked by a dynamic secret provider.
*/
class SecretCallbacks {
public:
virtual ~SecretCallbacks() {}
virtual void onAddOrUpdateSecret() PURE;
};

} // namespace Secret
} // namespace Envoy
15 changes: 14 additions & 1 deletion include/envoy/secret/secret_provider.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
#pragma once

#include "envoy/common/pure.h"
#include "envoy/secret/secret_callbacks.h"
#include "envoy/ssl/tls_certificate_config.h"

namespace Envoy {
Expand All @@ -18,7 +19,19 @@ template <class SecretType> class SecretProvider {
*/
virtual const SecretType* secret() const PURE;

// TODO(lizan): Add more methods for dynamic secret provider.
/**
* Add secret callback into secret provider.
* It is safe to call this method by main thread and is safe to be invoked
* on main thread.
* @param callback callback that is executed by secret provider.
*/
virtual void addUpdateCallback(SecretCallbacks& callback) PURE;

/**
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: blank line between declaration and comment belonging to next block.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added blank line.

* Remove secret callback from secret provider.
* @param callback callback that is executed by secret provider.
*/
virtual void removeUpdateCallback(SecretCallbacks& callback) PURE;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A general pattern in Envoy is to use RAII for managing removal of callbacks; it's a robust design pattern. We actually have a callback manager that models this today, see https://github.com/envoyproxy/envoy/blob/master/source/common/common/callback_impl.h

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you looking at this one as well?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I am working on this one. I will push my update as soon I finish it. Thanks for asking.

Copy link
Member Author

@JimmyCYJ JimmyCYJ Aug 23, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have added CallbackManager into SdsApi and removed removeUpdateCallback().

In PR #4176, I am going to add Common::CallbackHandle* secret_update_callback_handle_ into ContextConfigImpl as a private member, and modify ContextConfigImpl::setSecretUpdateCallback() like this.

void setSecretUpdateCallback(std::function<()> callback) override {
	if (secret_update_callback_handle_) {
  		secret_update_callback_handle_->remove();
	}
	secret_update_callback_handle_ = tls_certficate_provider_->addUpdateCallback(callback);
}

I will also modify ~ContextConfigImpl() like this.

ContextConfigImpl::~ContextConfigImpl() {
  if (secret_update_callback_handle_) {
	secret_update_callback_handle_->remove();
  }
}

};

typedef SecretProvider<Ssl::TlsCertificateConfig> TlsCertificateConfigProvider;
Expand Down
20 changes: 20 additions & 0 deletions source/common/secret/BUILD
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,23 @@ envoy_cc_library(
"@envoy_api//envoy/api/v2/auth:cert_cc",
],
)

envoy_cc_library(
name = "sds_api_lib",
srcs = ["sds_api.cc"],
hdrs = ["sds_api.h"],
deps = [
"//include/envoy/config:subscription_interface",
"//include/envoy/event:dispatcher_interface",
"//include/envoy/init:init_interface",
"//include/envoy/local_info:local_info_interface",
"//include/envoy/runtime:runtime_interface",
"//include/envoy/secret:secret_provider_interface",
"//include/envoy/stats:stats_interface",
"//source/common/common:cleanup_lib",
"//source/common/config:resources_lib",
"//source/common/config:subscription_factory_lib",
"//source/common/protobuf:utility_lib",
"//source/common/ssl:tls_certificate_config_impl_lib",
],
)
87 changes: 87 additions & 0 deletions source/common/secret/sds_api.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
#include "common/secret/sds_api.h"

#include <unordered_map>

#include "envoy/api/v2/auth/cert.pb.validate.h"

#include "common/config/resources.h"
#include "common/config/subscription_factory.h"
#include "common/protobuf/utility.h"
#include "common/ssl/tls_certificate_config_impl.h"

namespace Envoy {
namespace Secret {

SdsApi::SdsApi(const LocalInfo::LocalInfo& local_info, Event::Dispatcher& dispatcher,
Runtime::RandomGenerator& random, Stats::Store& stats,
Upstream::ClusterManager& cluster_manager, Init::Manager& init_manager,
const envoy::api::v2::core::ConfigSource& sds_config, std::string sds_config_name,
std::function<void()> destructor_cb)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is better than before, thanks. I still think it can be cleaner if instead of having SdsApi owning the destructor CB, we have the owner of SdsApi own that object. It's pretty weird threading a destructor CB into an object when the lifetime issues are really those of the owning object.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for pointing this out. My concern is that SdsApi is held by a shared_ptr (ContextConfigImpland::tls_certficate_provider_) and could be owned by multiple objects (e.g. multiple listeners or clusters). The last owner needs to destroy SdsApi and ~SdsApi() invokes this cleanup function. I am not clear if there is a better place to own the Cleanup object other than SdsApi.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@htuch SdsApi is a shared pointer that could be owned by multiple objects as @JimmyCYJ pointed out, the structure here is similar to what we have in RDS (RdsRouteConfigSubscription). With the destructor_cb it doesn't need to be a friend class between SecretManagerImpl and SdsApi.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, OK, I still think you could wrap SdsApi in a SdsApiWithManagedLifetime object to get the same effect and separate concerns here, but I guess we have precedent for doing it this way.

: local_info_(local_info), dispatcher_(dispatcher), random_(random), stats_(stats),
cluster_manager_(cluster_manager), sds_config_(sds_config), sds_config_name_(sds_config_name),
secret_hash_(0), clean_up_(destructor_cb) {
// TODO(JimmyCYJ): Implement chained_init_manager, so that multiple init_manager
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once this is resolved, do we still need NotReadySslSocket?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We still need NotReadySslSocket. Chained init manager guarantees that If two listeners point to the same secret, both listeners would wait for secrets and then listen on port. A better explanation is here. NotReadySslSocket is to solve the issue that if a listener gets secret and listens on a port, but the secret is bad, we should not use the secret to handle connection, and close the connection right away.

// can be chained together to behave as one init_manager. In that way, we let
// two listeners which share same SdsApi to register at separate init managers, and
// each init manager has a chance to initialize its targets.
init_manager.registerTarget(*this);
}

void SdsApi::initialize(std::function<void()> callback) {
initialize_callback_ = callback;

subscription_ = Envoy::Config::SubscriptionFactory::subscriptionFromConfigSource<
envoy::api::v2::auth::Secret>(
sds_config_, local_info_, dispatcher_, cluster_manager_, random_, stats_,
/* rest_legacy_constructor */ nullptr,
"envoy.service.discovery.v2.SecretDiscoveryService.FetchSecrets",
"envoy.service.discovery.v2.SecretDiscoveryService.StreamSecrets");
Config::Utility::checkLocalInfo("sds", local_info_);

subscription_->start({sds_config_name_}, *this);
}

void SdsApi::onConfigUpdate(const ResourceVector& resources, const std::string&) {
if (resources.empty()) {
throw EnvoyException(
fmt::format("Missing SDS resources for {} in onConfigUpdate()", sds_config_name_));
}
if (resources.size() != 1) {
throw EnvoyException(fmt::format("Unexpected SDS secrets length: {}", resources.size()));
}
const auto& secret = resources[0];
MessageUtil::validate(secret);
if (secret.name() != sds_config_name_) {
throw EnvoyException(
fmt::format("Unexpected SDS secret (expecting {}): {}", sds_config_name_, secret.name()));
}

const uint64_t new_hash = MessageUtil::hash(secret);
if (new_hash != secret_hash_ &&
secret.type_case() == envoy::api::v2::auth::Secret::TypeCase::kTlsCertificate) {
secret_hash_ = new_hash;
tls_certificate_secrets_ =
std::make_unique<Ssl::TlsCertificateConfigImpl>(secret.tls_certificate());

for (auto cb : update_callbacks_) {
cb->onAddOrUpdateSecret();
}
}

runInitializeCallbackIfAny();
}

void SdsApi::onConfigUpdateFailed(const EnvoyException*) {
// We need to allow server startup to continue, even if we have a bad config.
runInitializeCallbackIfAny();
}

void SdsApi::runInitializeCallbackIfAny() {
if (initialize_callback_) {
initialize_callback_();
initialize_callback_ = nullptr;
}
}

} // namespace Secret
} // namespace Envoy
80 changes: 80 additions & 0 deletions source/common/secret/sds_api.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
#pragma once

#include <functional>

#include "envoy/api/v2/auth/cert.pb.h"
#include "envoy/api/v2/core/config_source.pb.h"
#include "envoy/config/subscription.h"
#include "envoy/event/dispatcher.h"
#include "envoy/init/init.h"
#include "envoy/local_info/local_info.h"
#include "envoy/runtime/runtime.h"
#include "envoy/secret/secret_callbacks.h"
#include "envoy/secret/secret_provider.h"
#include "envoy/stats/stats.h"
#include "envoy/upstream/cluster_manager.h"

#include "common/common/cleanup.h"

namespace Envoy {
namespace Secret {

/**
* SDS API implementation that fetches secrets from SDS server via Subscription.
*/
class SdsApi : public Init::Target,
public TlsCertificateConfigProvider,
public Config::SubscriptionCallbacks<envoy::api::v2::auth::Secret> {
public:
SdsApi(const LocalInfo::LocalInfo& local_info, Event::Dispatcher& dispatcher,
Runtime::RandomGenerator& random, Stats::Store& stats,
Upstream::ClusterManager& cluster_manager, Init::Manager& init_manager,
const envoy::api::v2::core::ConfigSource& sds_config, std::string sds_config_name,
std::function<void()> destructor_cb);

// Init::Target
void initialize(std::function<void()> callback) override;

// Config::SubscriptionCallbacks
void onConfigUpdate(const ResourceVector& resources, const std::string& version_info) override;
void onConfigUpdateFailed(const EnvoyException* e) override;
std::string resourceName(const ProtobufWkt::Any& resource) override {
return MessageUtil::anyConvert<envoy::api::v2::auth::Secret>(resource).name();
}

// SecretProvider
const Ssl::TlsCertificateConfig* secret() const override {
return tls_certificate_secrets_.get();
}

void addUpdateCallback(SecretCallbacks& callback) override {
update_callbacks_.push_back(&callback);
}
void removeUpdateCallback(SecretCallbacks& callback) override {
update_callbacks_.remove(&callback);
}

private:
void runInitializeCallbackIfAny();

const LocalInfo::LocalInfo& local_info_;
Event::Dispatcher& dispatcher_;
Runtime::RandomGenerator& random_;
Stats::Store& stats_;
Upstream::ClusterManager& cluster_manager_;

const envoy::api::v2::core::ConfigSource sds_config_;
std::unique_ptr<Config::Subscription<envoy::api::v2::auth::Secret>> subscription_;
std::function<void()> initialize_callback_;
const std::string sds_config_name_;

uint64_t secret_hash_;
Cleanup clean_up_;
Ssl::TlsCertificateConfigPtr tls_certificate_secrets_;
std::list<SecretCallbacks*> update_callbacks_;
};

typedef std::unique_ptr<SdsApi> SdsApiPtr;

} // namespace Secret
} // namespace Envoy
4 changes: 4 additions & 0 deletions source/common/secret/secret_provider_impl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ class TlsCertificateConfigProviderImpl : public TlsCertificateConfigProvider {

const Ssl::TlsCertificateConfig* secret() const override { return tls_certificate_.get(); }

void addUpdateCallback(SecretCallbacks&) override {}

void removeUpdateCallback(SecretCallbacks&) override {}

private:
Ssl::TlsCertificateConfigPtr tls_certificate_;
};
Expand Down
30 changes: 28 additions & 2 deletions source/common/ssl/ssl_socket.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,24 @@ using Envoy::Network::PostIoAction;
namespace Envoy {
namespace Ssl {

namespace {
// This SslSocket will be used when SSL secret is not fetched from SDS server.
class NotReadySslSocket : public Network::TransportSocket {
public:
// Network::TransportSocket
void setTransportSocketCallbacks(Network::TransportSocketCallbacks&) override {}
std::string protocol() const override { return EMPTY_STRING; }
bool canFlushClose() override { return true; }
void closeSocket(Network::ConnectionEvent) override {}
Network::IoResult doRead(Buffer::Instance&) override { return {PostIoAction::Close, 0, false}; }
Network::IoResult doWrite(Buffer::Instance&, bool) override {
return {PostIoAction::Close, 0, false};
}
void onConnected() override {}
const Ssl::Connection* ssl() const override { return nullptr; }
};
} // namespace

SslSocket::SslSocket(ContextSharedPtr ctx, InitialState state)
: ctx_(std::dynamic_pointer_cast<ContextImpl>(ctx)), ssl_(ctx_->newSsl()) {
if (state == InitialState::Client) {
Expand Down Expand Up @@ -391,7 +409,11 @@ ClientSslSocketFactory::ClientSslSocketFactory(ClientContextConfigPtr config,
ssl_ctx_(manager_.createSslClientContext(stats_scope_, *config_)) {}

Network::TransportSocketPtr ClientSslSocketFactory::createTransportSocket() const {
return std::make_unique<Ssl::SslSocket>(ssl_ctx_, Ssl::InitialState::Client);
if (ssl_ctx_) {
return std::make_unique<Ssl::SslSocket>(ssl_ctx_, Ssl::InitialState::Client);
} else {
return std::make_unique<NotReadySslSocket>();
}
}

bool ClientSslSocketFactory::implementsSecureTransport() const { return true; }
Expand All @@ -405,7 +427,11 @@ ServerSslSocketFactory::ServerSslSocketFactory(ServerContextConfigPtr config,
ssl_ctx_(manager_.createSslServerContext(stats_scope_, *config_, server_names_)) {}

Network::TransportSocketPtr ServerSslSocketFactory::createTransportSocket() const {
return std::make_unique<Ssl::SslSocket>(ssl_ctx_, Ssl::InitialState::Server);
if (ssl_ctx_) {
return std::make_unique<Ssl::SslSocket>(ssl_ctx_, Ssl::InitialState::Server);
} else {
return std::make_unique<NotReadySslSocket>();
}
}

bool ServerSslSocketFactory::implementsSecureTransport() const { return true; }
Expand Down
19 changes: 19 additions & 0 deletions test/common/secret/BUILD
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,22 @@ envoy_cc_test(
"//test/test_common:utility_lib",
],
)

envoy_cc_test(
name = "sds_api_test",
srcs = ["sds_api_test.cc"],
data = [
"//test/common/ssl/test_data:certs",
],
deps = [
"//source/common/secret:sds_api_lib",
"//test/mocks/grpc:grpc_mocks",
"//test/mocks/init:init_mocks",
"//test/mocks/secret:secret_mocks",
"//test/mocks/server:server_mocks",
"//test/test_common:environment_lib",
"//test/test_common:registry_lib",
"//test/test_common:utility_lib",
"@envoy_api//envoy/service/discovery/v2:sds_cc",
],
)
Loading