envoyproxy · alyssawilk · Mar 7, 2024 · Mar 11, 2024 · ggreenway · Mar 13, 2024
diff --git a/contrib/ssl_context_manager_no_boringssl/BUILD b/contrib/ssl_context_manager_no_boringssl/BUILD
@@ -0,0 +1,18 @@
+load(
+    "//bazel:envoy_build_system.bzl",
+    "envoy_cc_library",
+    "envoy_contrib_package",
+)
+
+licenses(["notice"])  # Apache 2
+
+envoy_contrib_package()
+
+envoy_cc_library(
+    name = "ssl_context_manager_lib",
+    srcs = ["ssl_context_manager.cc"],
+    deps = [
+        "//envoy/registry",
+        "//envoy/ssl:context_manager_interface",
+    ],
+)
diff --git a/source/server/ssl_context_manager.cc → ...nager_no_boringssl/ssl_context_manager.cc b/source/server/ssl_context_manager.cc → ...nager_no_boringssl/ssl_context_manager.cc
@@ -1,12 +1,11 @@
-#include "source/server/ssl_context_manager.h"
-
 #include <cstddef>
 
 #include "envoy/common/exception.h"
 #include "envoy/registry/registry.h"
+#include "envoy/ssl/context_manager.h"
 
 namespace Envoy {
-namespace Server {
+namespace Contrib {
 
 /**
  * A stub that provides a SSL context manager capable of reporting on
@@ -49,16 +48,15 @@ class SslContextManagerNoTlsStub final : public Envoy::Ssl::ContextManager {
   }
 };
 
-Ssl::ContextManagerPtr createContextManager(const std::string& factory_name,
-                                            TimeSource& time_source) {
-  Ssl::ContextManagerFactory* factory =
-      Registry::FactoryRegistry<Ssl::ContextManagerFactory>::getFactory(factory_name);
-  if (factory != nullptr) {
-    return factory->createContextManager(time_source);
+class SslContextManagerFactoryNoTls : public Ssl::ContextManagerFactory {
+  Ssl::ContextManagerPtr createContextManager(TimeSource&) override {
+    return std::make_unique<SslContextManagerNoTlsStub>();
   }
+};
 
-  return std::make_unique<SslContextManagerNoTlsStub>();
-}
+static Envoy::Registry::RegisterInternalFactory<SslContextManagerFactoryNoTls,
+                                                Ssl::ContextManagerFactory>
+    ssl_manager_registered;
 
-} // namespace Server
+} // namespace Contrib
 } // namespace Envoy
diff --git a/source/extensions/all_extensions.bzl b/source/extensions/all_extensions.bzl
@@ -36,6 +36,9 @@ _core_extensions = [
     "envoy.network.dns_resolver.cares",
     "envoy.network.dns_resolver.apple",
     "envoy.load_balancing_policies.round_robin",
+    "envoy.http.original_ip_detection.xff",
+    "envoy.request_id.uuid",
+    "envoy.transport_sockets.tls",
 ]
 
 # Return all core extensions to be compiled into Envoy.

diff --git a/source/extensions/extensions_build_config.bzl b/source/extensions/extensions_build_config.bzl
@@ -297,6 +297,7 @@ EXTENSIONS = {
     "envoy.transport_sockets.tap":                      "//source/extensions/transport_sockets/tap:config",
     "envoy.transport_sockets.starttls":                 "//source/extensions/transport_sockets/starttls:config",
     "envoy.transport_sockets.tcp_stats":                "//source/extensions/transport_sockets/tcp_stats:config",
+    "envoy.transport_sockets.tls":                      "//source/extensions/transport_sockets/tls:config",
     "envoy.transport_sockets.internal_upstream":        "//source/extensions/transport_sockets/internal_upstream:config",
 
     #

diff --git a/source/server/BUILD b/source/server/BUILD
@@ -417,7 +417,6 @@ envoy_cc_library(
         ":listener_hooks_lib",
         ":listener_manager_factory_lib",
         ":regex_engine_lib",
-        ":ssl_context_manager_lib",
         ":utils_lib",
         ":worker_lib",
         "//envoy/event:dispatcher_interface",
@@ -483,16 +482,6 @@ envoy_cc_library(
     ],
 )
 
-envoy_cc_library(
-    name = "ssl_context_manager_lib",
-    srcs = ["ssl_context_manager.cc"],
-    hdrs = ["ssl_context_manager.h"],
-    deps = [
-        "//envoy/registry",
-        "//envoy/ssl:context_manager_interface",
-    ],
-)
-
 envoy_cc_library(
     name = "listener_hooks_lib",
     hdrs = ["listener_hooks.h"],

diff --git a/source/server/config_validation/BUILD b/source/server/config_validation/BUILD
@@ -50,7 +50,6 @@ envoy_cc_library(
     hdrs = [
         "connection.h",
         "dispatcher.h",
-        "dns.h",
     ],
     deps = [
         "//envoy/event:dispatcher_interface",
@@ -60,16 +59,6 @@ envoy_cc_library(
     ],
 )
 
-envoy_cc_library(
-    name = "dns_lib",
-    srcs = ["dns.cc"],
-    hdrs = ["dns.h"],
-    deps = [
-        "//envoy/event:dispatcher_interface",
-        "//envoy/network:dns_interface",
-    ],
-)
-
 envoy_cc_library(
     name = "server_lib",
     srcs = ["server.cc"],
@@ -79,7 +68,6 @@ envoy_cc_library(
         ":admin_lib",
         ":api_lib",
         ":cluster_manager_lib",
-        ":dns_lib",
         "//envoy/server:drain_manager_interface",
         "//envoy/server:instance_interface",
         "//envoy/ssl:context_manager_interface",

diff --git a/source/server/config_validation/dispatcher.h b/source/server/config_validation/dispatcher.h
@@ -3,7 +3,6 @@
 #include "envoy/event/dispatcher.h"
 
 #include "source/common/event/dispatcher_impl.h"
-#include "source/server/config_validation/dns.h"
 
 namespace Envoy {
 namespace Event {

diff --git a/source/server/config_validation/dns.cc b/source/server/config_validation/dns.cc
diff --git a/source/server/config_validation/dns.h b/source/server/config_validation/dns.h
diff --git a/source/server/config_validation/server.cc b/source/server/config_validation/server.cc
@@ -18,7 +18,6 @@
 #include "source/server/listener_manager_factory.h"
 #include "source/server/overload_manager_impl.h"
 #include "source/server/regex_engine.h"
-#include "source/server/ssl_context_manager.h"
 #include "source/server/utils.h"
 
 namespace Envoy {
@@ -132,7 +131,13 @@ void ValidationInstance::initialize(const Options& options,
             "Component factory should not return nullptr from createDrainManager()");
 
   secret_manager_ = std::make_unique<Secret::SecretManagerImpl>(admin()->getConfigTracker());
-  ssl_context_manager_ = createContextManager("ssl_context_manager", api_->timeSource());
+  Ssl::ContextManagerFactory* ssl_factory =
+      Registry::FactoryRegistry<Ssl::ContextManagerFactory>::getFactory("ssl_context_manager");
+  if (!ssl_factory) {
+    throw EnvoyException("No SSL factory compiled");
+  }
+  ssl_context_manager_ = ssl_factory->createContextManager(api_->timeSource());
+
   cluster_manager_factory_ = std::make_unique<Upstream::ValidationClusterManagerFactory>(
       server_contexts_, stats(), threadLocal(), http_context_,
       [this]() -> Network::DnsResolverSharedPtr { return this->dnsResolver(); },

diff --git a/source/server/config_validation/server.h b/source/server/config_validation/server.h
@@ -27,7 +27,6 @@
 #include "source/server/config_validation/admin.h"
 #include "source/server/config_validation/api.h"
 #include "source/server/config_validation/cluster_manager.h"
-#include "source/server/config_validation/dns.h"
 #include "source/server/hot_restart_nop_impl.h"
 #include "source/server/server.h"
 

diff --git a/source/server/server.cc b/source/server/server.cc
@@ -56,7 +56,6 @@
 #include "source/server/listener_hooks.h"
 #include "source/server/listener_manager_factory.h"
 #include "source/server/regex_engine.h"
-#include "source/server/ssl_context_manager.h"
 #include "source/server/utils.h"
 
 namespace Envoy {
@@ -749,7 +748,12 @@ absl::Status InstanceBase::initializeOrThrow(Network::Address::InstanceConstShar
   }
 
   // Once we have runtime we can initialize the SSL context manager.
-  ssl_context_manager_ = createContextManager("ssl_context_manager", time_source_);
+  Ssl::ContextManagerFactory* ssl_factory =
+      Registry::FactoryRegistry<Ssl::ContextManagerFactory>::getFactory("ssl_context_manager");
+  if (!ssl_factory) {
+    throwEnvoyExceptionOrPanic("No SSL factory compiled");
+  }
+  ssl_context_manager_ = ssl_factory->createContextManager(time_source_);
 
   cluster_manager_factory_ = std::make_unique<Upstream::ProdClusterManagerFactory>(
       serverFactoryContext(), stats_store_, thread_local_, http_context_,

diff --git a/source/server/ssl_context_manager.h b/source/server/ssl_context_manager.h
diff --git a/test/integration/BUILD b/test/integration/BUILD
@@ -373,6 +373,7 @@ envoy_cc_test_binary(
         "//source/exe:process_wide_lib",
         "//source/exe:stripped_main_base_lib",
         "//source/extensions/listener_managers/validation_listener_manager:validation_listener_manager_lib",
+        "//source/extensions/transport_sockets/tls:config",
     ],
 )
 

diff --git a/test/server/BUILD b/test/server/BUILD
@@ -363,18 +363,6 @@ envoy_cc_test(
     ],
 )
 
-envoy_cc_test(
-    name = "ssl_context_manager_test",
-    srcs = ["ssl_context_manager_test.cc"],
-    deps = [
-        "//source/server:ssl_context_manager_lib",
-        "//test/mocks/ssl:ssl_mocks",
-        "//test/mocks/stats:stats_mocks",
-        "//test/test_common:simulated_time_system_lib",
-        "//test/test_common:utility_lib",
-    ],
-)
-
 envoy_cc_test_library(
     name = "utility_lib",
     hdrs = ["utility.h"],

diff --git a/test/server/config_validation/BUILD b/test/server/config_validation/BUILD
@@ -17,7 +17,6 @@ envoy_cc_test(
         "//source/common/stats:stats_lib",
         "//source/common/tls:context_lib",
         "//source/server/config_validation:cluster_manager_lib",
-        "//source/server/config_validation:dns_lib",
         "//test/mocks/access_log:access_log_mocks",
         "//test/mocks/event:event_mocks",
         "//test/mocks/http:http_mocks",
@@ -77,7 +76,6 @@ envoy_cc_test(
         "//source/common/event:libevent_lib",
         "//source/common/stats:isolated_store_lib",
         "//source/server/config_validation:api_lib",
-        "//source/server/config_validation:dns_lib",
         "//test/test_common:environment_lib",
         "//test/test_common:network_utility_lib",
         "//test/test_common:test_time_lib",

diff --git a/test/server/ssl_context_manager_test.cc b/test/server/ssl_context_manager_test.cc