diff --git a/envoy/ssl/context_manager.h b/envoy/ssl/context_manager.h index 1cd6f4054472..3c0b243a47c6 100644 --- a/envoy/ssl/context_manager.h +++ b/envoy/ssl/context_manager.h @@ -77,16 +77,5 @@ class ContextManager { using ContextManagerPtr = std::unique_ptr; -class ContextManagerFactory : public Config::UntypedFactory { -public: - ~ContextManagerFactory() override = default; - virtual ContextManagerPtr - createContextManager(Server::Configuration::CommonFactoryContext& factory_context) PURE; - - // There could be only one factory thus the name is static. - std::string name() const override { return "ssl_context_manager"; } - std::string category() const override { return "envoy.ssl_context_manager"; } -}; - } // namespace Ssl } // namespace Envoy diff --git a/source/extensions/all_extensions.bzl b/source/extensions/all_extensions.bzl index 8cbdeb844d81..f239a04b9537 100644 --- a/source/extensions/all_extensions.bzl +++ b/source/extensions/all_extensions.bzl @@ -36,6 +36,7 @@ _core_extensions = [ "envoy.network.dns_resolver.cares", "envoy.network.dns_resolver.apple", "envoy.load_balancing_policies.round_robin", + "envoy.transport_sockets.tls", ] # Return all core extensions to be compiled into Envoy. diff --git a/source/extensions/extensions_build_config.bzl b/source/extensions/extensions_build_config.bzl index 1425006ffaf4..66191fd96be8 100644 --- a/source/extensions/extensions_build_config.bzl +++ b/source/extensions/extensions_build_config.bzl @@ -297,6 +297,7 @@ EXTENSIONS = { "envoy.transport_sockets.tap": "//source/extensions/transport_sockets/tap:config", "envoy.transport_sockets.starttls": "//source/extensions/transport_sockets/starttls:config", "envoy.transport_sockets.tcp_stats": "//source/extensions/transport_sockets/tcp_stats:config", + "envoy.transport_sockets.tls": "//source/extensions/transport_sockets/tls:config", "envoy.transport_sockets.internal_upstream": "//source/extensions/transport_sockets/internal_upstream:config", # diff --git a/source/extensions/transport_sockets/tls/config.cc b/source/extensions/transport_sockets/tls/config.cc index 1d652c0d1545..d89789c6e2ad 100644 --- a/source/extensions/transport_sockets/tls/config.cc +++ b/source/extensions/transport_sockets/tls/config.cc @@ -51,15 +51,6 @@ ProtobufTypes::MessagePtr DownstreamSslSocketFactory::createEmptyConfigProto() { LEGACY_REGISTER_FACTORY(DownstreamSslSocketFactory, Server::Configuration::DownstreamTransportSocketConfigFactory, "tls"); -Ssl::ContextManagerPtr SslContextManagerFactory::createContextManager( - Server::Configuration::CommonFactoryContext& factory_context) { - return std::make_unique(factory_context); -} - -static Envoy::Registry::RegisterInternalFactory - ssl_manager_registered; - } // namespace Tls } // namespace TransportSockets } // namespace Extensions diff --git a/source/extensions/transport_sockets/tls/config.h b/source/extensions/transport_sockets/tls/config.h index d55bbb67e73b..3e39adc38bfb 100644 --- a/source/extensions/transport_sockets/tls/config.h +++ b/source/extensions/transport_sockets/tls/config.h @@ -42,14 +42,6 @@ class DownstreamSslSocketFactory DECLARE_FACTORY(DownstreamSslSocketFactory); -class SslContextManagerFactory : public Ssl::ContextManagerFactory { -public: - Ssl::ContextManagerPtr - createContextManager(Server::Configuration::CommonFactoryContext& factory_context) override; -}; - -DECLARE_FACTORY(SslContextManagerFactory); - } // namespace Tls } // namespace TransportSockets } // namespace Extensions diff --git a/source/server/BUILD b/source/server/BUILD index bca0cd626d7e..6fa2605b1efd 100644 --- a/source/server/BUILD +++ b/source/server/BUILD @@ -418,7 +418,6 @@ envoy_cc_library( ":listener_hooks_lib", ":listener_manager_factory_lib", ":regex_engine_lib", - ":ssl_context_manager_lib", ":utils_lib", ":worker_lib", "//envoy/event:dispatcher_interface", @@ -463,6 +462,7 @@ envoy_cc_library( "//source/common/signal:fatal_error_handler_lib", "//source/common/singleton:manager_impl_lib", "//source/common/stats:thread_local_store_lib", + "//source/common/tls:context_lib", "//source/common/upstream:cluster_manager_lib", "//source/common/upstream:health_discovery_service_lib", "//source/common/version:version_lib", @@ -484,16 +484,6 @@ envoy_cc_library( ], ) -envoy_cc_library( - name = "ssl_context_manager_lib", - srcs = ["ssl_context_manager.cc"], - hdrs = ["ssl_context_manager.h"], - deps = [ - "//envoy/registry", - "//envoy/ssl:context_manager_interface", - ], -) - envoy_cc_library( name = "listener_hooks_lib", hdrs = ["listener_hooks.h"], diff --git a/source/server/config_validation/BUILD b/source/server/config_validation/BUILD index eba39b9bc6d2..f917244c0268 100644 --- a/source/server/config_validation/BUILD +++ b/source/server/config_validation/BUILD @@ -50,7 +50,6 @@ envoy_cc_library( hdrs = [ "connection.h", "dispatcher.h", - "dns.h", ], deps = [ "//envoy/event:dispatcher_interface", @@ -60,16 +59,6 @@ envoy_cc_library( ], ) -envoy_cc_library( - name = "dns_lib", - srcs = ["dns.cc"], - hdrs = ["dns.h"], - deps = [ - "//envoy/event:dispatcher_interface", - "//envoy/network:dns_interface", - ], -) - envoy_cc_library( name = "server_lib", srcs = ["server.cc"], @@ -79,7 +68,6 @@ envoy_cc_library( ":admin_lib", ":api_lib", ":cluster_manager_lib", - ":dns_lib", "//envoy/server:drain_manager_interface", "//envoy/server:instance_interface", "//envoy/ssl:context_manager_interface", @@ -100,6 +88,7 @@ envoy_cc_library( "//source/common/stats:stats_lib", "//source/common/thread_local:thread_local_lib", "//source/common/version:version_lib", + "//source/extensions/transport_sockets/tls:config", "//source/server:configuration_lib", "//source/server:hot_restart_nop_lib", "//source/server:overload_manager_lib", diff --git a/source/server/config_validation/dispatcher.h b/source/server/config_validation/dispatcher.h index 33d3c39ed200..bd2cd87f38d2 100644 --- a/source/server/config_validation/dispatcher.h +++ b/source/server/config_validation/dispatcher.h @@ -3,7 +3,6 @@ #include "envoy/event/dispatcher.h" #include "source/common/event/dispatcher_impl.h" -#include "source/server/config_validation/dns.h" namespace Envoy { namespace Event { diff --git a/source/server/config_validation/dns.cc b/source/server/config_validation/dns.cc deleted file mode 100644 index c590bf181133..000000000000 --- a/source/server/config_validation/dns.cc +++ /dev/null @@ -1,13 +0,0 @@ -#include "source/server/config_validation/dns.h" - -namespace Envoy { -namespace Network { - -ActiveDnsQuery* ValidationDnsResolver::resolve(const std::string&, DnsLookupFamily, - ResolveCb callback) { - callback(DnsResolver::ResolutionStatus::Success, {}); - return nullptr; -} - -} // namespace Network -} // namespace Envoy diff --git a/source/server/config_validation/dns.h b/source/server/config_validation/dns.h deleted file mode 100644 index 3777256579b0..000000000000 --- a/source/server/config_validation/dns.h +++ /dev/null @@ -1,23 +0,0 @@ -#pragma once - -#include "envoy/event/dispatcher.h" -#include "envoy/network/dns.h" - -namespace Envoy { -namespace Network { - -/** - * DnsResolver to be used in config validation runs. Every DNS query immediately fails to resolve, - * since we never need DNS information to validate a config. (If a config contains an unresolvable - * name, it still passes validation -- for example, we might be running validation in a test - * environment, while the name resolves fine in prod.) - */ -class ValidationDnsResolver : public DnsResolver { -public: - // Network::DnsResolver - ActiveDnsQuery* resolve(const std::string& dns_name, DnsLookupFamily dns_lookup_family, - ResolveCb callback) override; -}; - -} // namespace Network -} // namespace Envoy diff --git a/source/server/config_validation/server.cc b/source/server/config_validation/server.cc index a2d915b5e66d..3ad1568e78fe 100644 --- a/source/server/config_validation/server.cc +++ b/source/server/config_validation/server.cc @@ -13,12 +13,12 @@ #include "source/common/local_info/local_info_impl.h" #include "source/common/protobuf/utility.h" #include "source/common/singleton/manager_impl.h" +#include "source/common/tls/context_manager_impl.h" #include "source/common/version/version.h" #include "source/server/admin/admin_factory_context.h" #include "source/server/listener_manager_factory.h" #include "source/server/overload_manager_impl.h" #include "source/server/regex_engine.h" -#include "source/server/ssl_context_manager.h" #include "source/server/utils.h" namespace Envoy { @@ -132,7 +132,9 @@ void ValidationInstance::initialize(const Options& options, "Component factory should not return nullptr from createDrainManager()"); secret_manager_ = std::make_unique(admin()->getConfigTracker()); - ssl_context_manager_ = createContextManager("ssl_context_manager", server_contexts_); + ssl_context_manager_ = + std::make_unique(server_contexts_); + cluster_manager_factory_ = std::make_unique( server_contexts_, stats(), threadLocal(), http_context_, [this]() -> Network::DnsResolverSharedPtr { return this->dnsResolver(); }, diff --git a/source/server/config_validation/server.h b/source/server/config_validation/server.h index 9f1bb41c031d..777b5a1ff6d2 100644 --- a/source/server/config_validation/server.h +++ b/source/server/config_validation/server.h @@ -27,7 +27,6 @@ #include "source/server/config_validation/admin.h" #include "source/server/config_validation/api.h" #include "source/server/config_validation/cluster_manager.h" -#include "source/server/config_validation/dns.h" #include "source/server/hot_restart_nop_impl.h" #include "source/server/server.h" diff --git a/source/server/server.cc b/source/server/server.cc index fc3a50beeed8..50ab8ab9dde6 100644 --- a/source/server/server.cc +++ b/source/server/server.cc @@ -50,13 +50,13 @@ #include "source/common/stats/stats_matcher_impl.h" #include "source/common/stats/thread_local_store.h" #include "source/common/stats/timespan_impl.h" +#include "source/common/tls/context_manager_impl.h" #include "source/common/upstream/cluster_manager_impl.h" #include "source/common/version/version.h" #include "source/server/configuration_impl.h" #include "source/server/listener_hooks.h" #include "source/server/listener_manager_factory.h" #include "source/server/regex_engine.h" -#include "source/server/ssl_context_manager.h" #include "source/server/utils.h" namespace Envoy { @@ -749,7 +749,8 @@ absl::Status InstanceBase::initializeOrThrow(Network::Address::InstanceConstShar } // Once we have runtime we can initialize the SSL context manager. - ssl_context_manager_ = createContextManager("ssl_context_manager", server_contexts_); + ssl_context_manager_ = + std::make_unique(server_contexts_); cluster_manager_factory_ = std::make_unique( serverFactoryContext(), stats_store_, thread_local_, http_context_, diff --git a/source/server/ssl_context_manager.cc b/source/server/ssl_context_manager.cc deleted file mode 100644 index fadc32283163..000000000000 --- a/source/server/ssl_context_manager.cc +++ /dev/null @@ -1,65 +0,0 @@ -#include "source/server/ssl_context_manager.h" - -#include - -#include "envoy/common/exception.h" -#include "envoy/registry/registry.h" - -namespace Envoy { -namespace Server { - -/** - * A stub that provides a SSL context manager capable of reporting on - * certificates' data in case there's no TLS implementation built - * into Envoy. - */ -class SslContextManagerNoTlsStub final : public Envoy::Ssl::ContextManager { - Ssl::ClientContextSharedPtr - createSslClientContext(Stats::Scope& /* scope */, - const Envoy::Ssl::ClientContextConfig& /* config */) override { - throwException(); - } - - Ssl::ServerContextSharedPtr createSslServerContext( - Stats::Scope& /* scope */, const Envoy::Ssl::ServerContextConfig& /* config */, - const std::vector& /* server_names */, Ssl::ContextAdditionalInitFunc) override { - throwException(); - } - - absl::optional daysUntilFirstCertExpires() const override { - return absl::make_optional(std::numeric_limits::max()); - } - absl::optional secondsUntilFirstOcspResponseExpires() const override { - return absl::nullopt; - } - - void iterateContexts(std::function /* callback */) override{}; - - Ssl::PrivateKeyMethodManager& privateKeyMethodManager() override { throwException(); } - - void removeContext(const Envoy::Ssl::ContextSharedPtr& old_context) override { - if (old_context) { - throwEnvoyExceptionOrPanic("SSL is not supported in this configuration"); - } - } - -private: - [[noreturn]] void throwException() { - throwEnvoyExceptionOrPanic("SSL is not supported in this configuration"); - } -}; - -Ssl::ContextManagerPtr -createContextManager(const std::string& factory_name, - Server::Configuration::CommonFactoryContext& factory_context) { - Ssl::ContextManagerFactory* factory = - Registry::FactoryRegistry::getFactory(factory_name); - if (factory != nullptr) { - return factory->createContextManager(factory_context); - } - - return std::make_unique(); -} - -} // namespace Server -} // namespace Envoy diff --git a/source/server/ssl_context_manager.h b/source/server/ssl_context_manager.h deleted file mode 100644 index c296955703fe..000000000000 --- a/source/server/ssl_context_manager.h +++ /dev/null @@ -1,14 +0,0 @@ -#pragma once - -#include "envoy/common/time.h" -#include "envoy/ssl/context_manager.h" - -namespace Envoy { -namespace Server { - -Ssl::ContextManagerPtr -createContextManager(const std::string& factory_name, - Server::Configuration::CommonFactoryContext& factory_context); - -} // namespace Server -} // namespace Envoy diff --git a/test/integration/BUILD b/test/integration/BUILD index 06afa7651b01..9db08519afbb 100644 --- a/test/integration/BUILD +++ b/test/integration/BUILD @@ -373,6 +373,7 @@ envoy_cc_test_binary( "//source/exe:process_wide_lib", "//source/exe:stripped_main_base_lib", "//source/extensions/listener_managers/validation_listener_manager:validation_listener_manager_lib", + "//source/extensions/transport_sockets/tls:config", ], ) diff --git a/test/server/BUILD b/test/server/BUILD index 2938f1dd3429..eb3641017ec0 100644 --- a/test/server/BUILD +++ b/test/server/BUILD @@ -363,19 +363,6 @@ envoy_cc_test( ], ) -envoy_cc_test( - name = "ssl_context_manager_test", - srcs = ["ssl_context_manager_test.cc"], - deps = [ - "//source/server:ssl_context_manager_lib", - "//test/mocks/server:server_factory_context_mocks", - "//test/mocks/ssl:ssl_mocks", - "//test/mocks/stats:stats_mocks", - "//test/test_common:simulated_time_system_lib", - "//test/test_common:utility_lib", - ], -) - envoy_cc_test_library( name = "utility_lib", hdrs = ["utility.h"], diff --git a/test/server/config_validation/BUILD b/test/server/config_validation/BUILD index ed55171c3d66..7d03991b9d65 100644 --- a/test/server/config_validation/BUILD +++ b/test/server/config_validation/BUILD @@ -17,7 +17,6 @@ envoy_cc_test( "//source/common/stats:stats_lib", "//source/common/tls:context_lib", "//source/server/config_validation:cluster_manager_lib", - "//source/server/config_validation:dns_lib", "//test/mocks/access_log:access_log_mocks", "//test/mocks/event:event_mocks", "//test/mocks/http:http_mocks", @@ -78,7 +77,6 @@ envoy_cc_test( "//source/common/event:libevent_lib", "//source/common/stats:isolated_store_lib", "//source/server/config_validation:api_lib", - "//source/server/config_validation:dns_lib", "//test/test_common:environment_lib", "//test/test_common:network_utility_lib", "//test/test_common:test_time_lib", diff --git a/test/server/ssl_context_manager_test.cc b/test/server/ssl_context_manager_test.cc deleted file mode 100644 index 4a651e61dc31..000000000000 --- a/test/server/ssl_context_manager_test.cc +++ /dev/null @@ -1,40 +0,0 @@ -#include - -#include "source/server/ssl_context_manager.h" - -#include "test/mocks/server/server_factory_context.h" -#include "test/mocks/ssl/mocks.h" -#include "test/mocks/stats/mocks.h" -#include "test/test_common/utility.h" - -#include "gtest/gtest.h" - -namespace Envoy { -namespace Server { -namespace { - -TEST(SslContextManager, createStub) { - Stats::MockStore store; - Stats::Scope& scope(*store.rootScope()); - Ssl::MockClientContextConfig client_config; - Ssl::MockServerContextConfig server_config; - std::vector server_names; - NiceMock server_factory_context; - - Ssl::ContextManagerPtr manager = - createContextManager("fake_factory_name", server_factory_context); - - // Check we've created a stub, not real manager. - EXPECT_EQ(manager->daysUntilFirstCertExpires().value(), std::numeric_limits::max()); - EXPECT_EQ(manager->secondsUntilFirstOcspResponseExpires(), absl::nullopt); - EXPECT_THROW_WITH_MESSAGE(manager->createSslClientContext(scope, client_config), EnvoyException, - "SSL is not supported in this configuration"); - EXPECT_THROW_WITH_MESSAGE( - manager->createSslServerContext(scope, server_config, server_names, nullptr), EnvoyException, - "SSL is not supported in this configuration"); - EXPECT_NO_THROW(manager->iterateContexts([](const Envoy::Ssl::Context&) -> void {})); -} - -} // namespace -} // namespace Server -} // namespace Envoy