Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

quic: improve coverage #16569

Merged
merged 3 commits into from
May 20, 2021
Merged

quic: improve coverage #16569

merged 3 commits into from
May 20, 2021

Conversation

alyssawilk
Copy link
Contributor

Arguably I should adjust this up but given recent CI failures I'll leave for now.

Risk Level: n/a (test only)
Testing: yes
Docs Changes: n/a
Release Notes: n/a

@alyssawilk
improve coverage
7468a30 
Signed-off-by: Alyssa Wilk <[email protected]>
@alyssawilk alyssawilk mentioned this pull request May 19, 2021
Merged
danzh2010
danzh2010 approved these changes May 19, 2021
View reviewed changes
test/common/quic/client_connection_factory_impl_test.cc
@@ -0,0 +1,47 @@
#include "common/quic/client_connection_factory_impl.h"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding these tests!

antoniovicente
antoniovicente reviewed May 19, 2021
View reviewed changes
Copy link
Contributor

@antoniovicente antoniovicente left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the test coverage improvements.

Given that we are removing ASSERTs, I think we should add some nullptr checks to avoid crashes in EnvoyQuicProofVerifier::VerifyCertChain

source/common/quic/client_connection_factory_impl.cc
@@ -19,7 +19,6 @@ getContext(Network::TransportSocketFactory& transport_socket_factory) {
auto* quic_socket_factory =
dynamic_cast<QuicClientTransportSocketFactory*>(&transport_socket_factory);
ASSERT(quic_socket_factory != nullptr);
ASSERT(quic_socket_factory->sslCtx() != nullptr);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this ASSERT were to fail the following code would crash. If we remove the ASSERT, we should also fix this code so it doesn't crash.

envoy/source/common/quic/envoy_quic_proof_verifier.cc

Line 35 in 1ea2aa6

bool success = static_cast<Extensions::TransportSockets::Tls::ClientContextImpl*>(context_.get())

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is already removed over here #16462
just hadn't merged it in.
That PR came with tests and error handling for SDS lazy loading of secrets :-)

Copy link
Contributor

@antoniovicente antoniovicente May 20, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Could we add ASSERT(context_ != nullptr) to the EnvoyQuicProofVerifier constructor as a sanity check? I'm fine with it being in this PR or a followup.

https://github.com/envoyproxy/envoy/blob/main/source/common/quic/envoy_quic_proof_verifier.h#L15

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added in #16466 thanks

source/common/quic/quic_filter_manager_connection_impl.h
@@ -77,7 +77,7 @@ class QuicFilterManagerConnectionImpl : public Network::ConnectionImplBase,
absl::optional<Network::Connection::UnixDomainSocketPeerCredentials>
unixSocketPeerCredentials() const override {
// Unix domain socket is not supported.
NOT_REACHED_GCOVR_EXCL_LINE;
return absl::nullopt;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm having trouble finding non-test uses of unixSocketPeerCredentials().

What am I missing? Who depends on this API?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure. I'd be happy to remove as a follow-up if we think it's doable.
I wonder if it's used internally by whoever @snowp worked for at the time?

source/common/quic/client_connection_factory_impl.cc Show resolved Hide resolved
@alyssawilk alyssawilk merged commit 75aecf2 into envoyproxy:main May 20, 2021
@wrowe
Copy link
Contributor

wrowe commented May 20, 2021

This has broken four CI pipelines... better to revert for now?

@alyssawilk alyssawilk mentioned this pull request May 20, 2021
Merged
@alyssawilk
Copy link
Contributor Author

#16597 should fix

leyao-daily pushed a commit to leyao-daily/envoy that referenced this pull request Sep 30, 2021
@alyssawilk
quic: improve coverage (envoyproxy#16569)
5eb8e88 
Risk Level: n/a (test only)
Testing: yes
Docs Changes: n/a
Release Notes: n/a

Signed-off-by: Alyssa Wilk <[email protected]>
@alyssawilk alyssawilk deleted the quic_coverage branch February 28, 2022 21:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antoniovicente antoniovicente antoniovicente approved these changes

@danzh2010 danzh2010 danzh2010 approved these changes

Assignees

@antoniovicente antoniovicente

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alyssawilk @wrowe @danzh2010 @antoniovicente