-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xds: validations for security config, as specified in A29 #4762
Conversation
// - allow_expired_certificate | ||
// - trust_chain_verification | ||
switch { | ||
case len(validationCtx.GetVerifyCertificateSpki()) != 0: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How are those unsupported fields picked?
Are they "the remaining fields other than those we support"?
Or they are manually picked?
Will there be new fields that we don't support, and want to NACK?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The decision on which fields to support and which to ignore was made during the gRFC review. The rationale behind the decision was this:
An unsupported field is normally ignored. However if ignoring a field compromises security,
or if the unsupported field affects how we interpret other fields, we NACK the update when
the field is present.
Usually, in other messages, we only care about the fields which we support. But in the security configuration, we had to clearly make that distinction as to which of the unsupported fields to ignore and which of those to NACK.
xds/internal/xdsclient/xds.go
Outdated
@@ -883,6 +896,9 @@ func securityConfigFromCommonTLSContextWithDeprecatedFields(common *v3tlspb.Comm | |||
matchers = append(matchers, matcher) | |||
} | |||
} | |||
if server && len(matchers) != 0 { | |||
return nil, fmt.Errorf("match_subject_alt_names field in validation context is not on the server: %v", common) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is not supported(?) on the server
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
xds/internal/xdsclient/xds.go
Outdated
@@ -970,6 +1013,9 @@ func securityConfigFromCommonTLSContextUsingNewFields(common *v3tlspb.CommonTlsC | |||
} | |||
matchers = append(matchers, matcher) | |||
} | |||
if server && len(matchers) != 0 { | |||
return nil, fmt.Errorf("match_subject_alt_names field in validation context is not on the server: %v", common) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is not supported(?) on the server
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
The retry tests (and only the retry tests?) are failing. |
commit 2fe71180762478c66b0027f780b95c40fc563a55 Author: Menghan Li <[email protected]> Date: Mon Oct 11 15:42:10 2021 -0700 xds/e2e: move flag check to each test, and call t.Skip() (#4861) commit ea41fbfa10817592c85b4ada15d3d1ba3d6fdae7 Author: Easwar Swaminathan <[email protected]> Date: Mon Oct 11 14:55:45 2021 -0700 examples: unix abstract socket (#4848) commit 6c56e211a0691f83bb59c5100e79f25d04cd4bb0 Author: Easwar Swaminathan <[email protected]> Date: Mon Oct 11 14:55:12 2021 -0700 grpclb: add `target_field` to service config (#4847) commit 49f638878973e2ccc20859209a73e1c3a02de015 Author: Menghan Li <[email protected]> Date: Mon Oct 11 11:06:15 2021 -0700 grpclog: support formatting output as JSON (#4854) commit b99d1040b71caf9b22be570edb68d85dcb6c515c Author: Ashitha Santhosh <[email protected]> Date: Fri Oct 8 17:09:55 2021 -0700 authz: create file watcher interceptor for gRPC SDK API (#4760) * authz: create file watcher interceptor for gRPC SDK API commit 03ca7b7d00cada2ff8a3ea7348fe6c3a2b2ee4fb Author: Zach Reyes <[email protected]> Date: Thu Oct 7 22:46:49 2021 -0400 Added logs to rbac (#4853) Added logs to rbac commit 524d10cbce3e1c597c48589341c01332f71c3d93 Author: Terry Wilson <[email protected]> Date: Thu Oct 7 11:58:49 2021 -0700 kokoro: source test driver install script from core repo (#4825) commit b9d7c74e01f89a52880332f584776ccfe0c27756 Author: Menghan Li <[email protected]> Date: Thu Oct 7 11:47:53 2021 -0700 xds: local interop tests (#4823) commit 404d8fd5139bfb7be9b4bf675e76eed53207dd8c Author: Zach Reyes <[email protected]> Date: Wed Oct 6 19:26:43 2021 -0400 Added imports for HTTP Filters (#4850) Added imports for HTTP Filters commit d16cfedb5f31caad933f6bb4f3aa3a85177fb989 Author: Zach Reyes <[email protected]> Date: Wed Oct 6 19:26:22 2021 -0400 Rename env var (#4849) Rename env var commit 4bd99953513f3d9de6a75075cfb51bc2224429e0 Author: Easwar Swaminathan <[email protected]> Date: Tue Oct 5 16:55:25 2021 -0700 xds: suppress redundant resource updates using proto.Equal (#4831) commit ee479e630f859849f23d70ebf2fa3021f5ad2658 Author: Menghan Li <[email protected]> Date: Tue Oct 5 14:49:15 2021 -0700 creds/google: replace NewComputeEngineCredsWithOptions with NewDefaultCredentialsWithOptions (#4830) commit 02da625150e8ee126d4b84dfed27d2453f2617f4 Author: Doug Fawley <[email protected]> Date: Mon Oct 4 14:01:09 2021 -0700 github: increase timeout for codeql and disable for PRs (#4841) commit f2974e7778b189c094a2d5fe087d680f7a72050e Author: Menghan Li <[email protected]> Date: Mon Oct 4 11:54:27 2021 -0700 kokoro: remove expired letsencrypt.org cert and update (#4840) commit f068a13ef05d63510828ed59e7cf3651a02c7118 Author: Doug Fawley <[email protected]> Date: Mon Oct 4 11:22:00 2021 -0700 server: add missing conn.Close if the connection dies before reading the HTTP/2 preface (#4837) commit 09970207abb5f88aeb1b31fd1190a0934e302e0f Author: Easwar Swaminathan <[email protected]> Date: Fri Oct 1 15:27:28 2021 -0700 xds: remove race in TestUnmarshalCluster_WithUpdateValidatorFunc (#4836) commit b9f62538f003011893c70991c36bdb5b680eed8e Author: Easwar Swaminathan <[email protected]> Date: Fri Oct 1 11:09:26 2021 -0700 rls: pull proto changes made in grpc-proto/pull/98 (#4832) commit 69e1b54deb77c76b6832f36e4b31d4316a34f17d Author: Doug Fawley <[email protected]> Date: Fri Oct 1 11:09:12 2021 -0700 test: fix stayConnected to call Connect after state reports IDLE (#4821) commit 127c052c701b81daa5970c695438f6ef08c76040 Author: Mohan Li <[email protected]> Date: Thu Sep 30 13:06:50 2021 -0700 credentials/google: introduce a new API `NewComputeEngineCredsWithOptions` (#4767) commit 2ae5ac1637d68d584d20815d965538481a3c11c7 Author: Easwar Swaminathan <[email protected]> Date: Thu Sep 30 10:04:19 2021 -0700 xds: nack if certprovider instance name is missing in bootstrap config (#4799) commit adb21c46100568b95ab41e97e3b267923a0a92a0 Author: Easwar Swaminathan <[email protected]> Date: Wed Sep 29 16:58:46 2021 -0700 rls: improve config parsing (#4819) commit e6d0d2818a7380920b806ae629320500e739bd5c Author: Menghan Li <[email protected]> Date: Tue Sep 28 13:55:29 2021 -0700 internal: log SubConn type if it's not the expected type (#4813) commit 34df1b42aecf459d913a1b6aaf835e1d4eea22d3 Author: Zach Reyes <[email protected]> Date: Tue Sep 28 15:27:00 2021 -0400 xds: Small RBAC Changes defined in A41 (#4818) * xds: Small RBAC Changes defined in A41 commit 75f1d4b986342c24fab707fc6be37c51f9f8ee50 Author: Doug Fawley <[email protected]> Date: Tue Sep 28 12:20:57 2021 -0700 transport: call stats handler for trailers before closeStream (#4816) commit 08927214a41e3a2d937658689167363942c06426 Author: Menghan Li <[email protected]> Date: Tue Sep 28 10:11:52 2021 -0700 xds/rds: NACK unknown route action cluster specifier (#4788) commit 710419d32bfd469509bae5b73274f5825ad13554 Author: ZhenLian <[email protected]> Date: Mon Sep 27 16:42:32 2021 -0700 advancedtls: add revocation support to client/server options (#4781) commit 4555155af248cab3368e5c5e650bd216366c8bb5 Author: Zach Reyes <[email protected]> Date: Mon Sep 27 17:36:16 2021 -0400 xds: Small changes at xDS RBAC Layer (#4815) * xds: Small changes at xDS RBAC Layer commit 689f7b154ee8a3f3ab6a6107ff7ad78189baae06 Author: Zach Reyes <[email protected]> Date: Mon Sep 27 16:55:46 2021 -0400 transport: logic specified in A41 to support RBAC xDS HTTP Filter (#4803) * transport: logic specified in A41 to support RBAC xDS HTTP Filter commit 11437f66f20f3473e09fcf3fb5c23d4388af936f Author: Doug Fawley <[email protected]> Date: Fri Sep 24 15:29:25 2021 -0700 test: add option to make httpServer wait for END_STREAM; fix RetryStats race (#4811) commit 6ff68b489ecba2884aff152835d745389598935a Author: Doug Fawley <[email protected]> Date: Thu Sep 23 14:40:18 2021 -0700 channelz: recommend using admin.Register instead (#4797) commit 78d3aa8b3ed1b59bf84db4242ac7c316e8943797 Author: Easwar Swaminathan <[email protected]> Date: Thu Sep 23 07:43:14 2021 -0700 grpc: cleanup parse target and authority tests (#4787) commit 83a3461520f69c1896990dfae724101c1ed6a1d2 Author: Easwar Swaminathan <[email protected]> Date: Wed Sep 22 17:43:36 2021 -0700 xds: have separate tests for RBAC on and off (#4807) commit d7208f02ca7721bef504d100b61c1ef8cd569390 Author: Doug Fawley <[email protected]> Date: Wed Sep 22 16:35:39 2021 -0700 github: set a shorter timeout on testing jobs (#4806) commit 32cd3d617642c49c435ab2a435e716efd4a5e949 Author: apolcyn <[email protected]> Date: Wed Sep 22 16:08:17 2021 -0700 interop: don't use WithBlock dial option in the client (#4805) commit d623accd30f0f13047e6e2b7147aee41691054c3 Author: Menghan Li <[email protected]> Date: Wed Sep 22 16:01:18 2021 -0700 xds: fix parent balancers to handle Idle children (#4801) commit e6246c22eb0440d525ce1c226b0c9f1ea9ea693a Author: Evan Jones <[email protected]> Date: Wed Sep 22 16:30:27 2021 -0400 server: optimize chain interceptors (-1 allocation, -10% time/call) (#4746) commit 458ea7640a92039aad37edc67b63e6d040a93320 Author: Zach Reyes <[email protected]> Date: Wed Sep 22 15:08:44 2021 -0400 xds: Added validations for HCM to support xDS RBAC Filter (#4786) * xds: Added validations for HCM to support xDS RBAC Filter commit 1f12bf44284e6ba4be72cd028a2a1eb01c2d18bb Author: Yury Frolov <[email protected]> Date: Wed Sep 22 23:04:45 2021 +0500 transport: fix a typo in http2_server.go (#4745) commit 606403ded29c7b922a66b4c5a449a1643269bc96 Author: Zach Reyes <[email protected]> Date: Tue Sep 21 19:33:18 2021 -0400 transport: fix log spam from Server Authentication Handshake errors (#4798) * transport: fix log spam from Server Authentication Handshake errors commit 616977cc7974d6cbec50399297db7026d791c9dd Author: Doug Fawley <[email protected]> Date: Tue Sep 21 11:32:51 2021 -0700 Change version to 1.42.0-dev (#4793) commit 4ddf8ceaa7b5de2170b082bfc7162c4887ddaeb5 Author: Doug Fawley <[email protected]> Date: Tue Sep 21 10:55:00 2021 -0700 Revert "transport/server: add :method POST to incoming metadata (#4770)" (#4790) This reverts commit c84a5de06496bf8416cebf9d0058f481e37c165e. commit d53469981f2356f7c270d4b3beaafc6d1a653817 Author: Doug Fawley <[email protected]> Date: Tue Sep 21 10:39:59 2021 -0700 transport: fix transparent retries when per-RPC credentials are in use (#4785) commit 5417cf809116a5e3e8ca06b15cb48cbffb946204 Author: Menghan Li <[email protected]> Date: Mon Sep 20 13:27:27 2021 -0700 xds/test: delete use of removed types (#4784) They were deprecated, and removed later. commit 1109452fd118ec20164e859f71c0bb59fd209d21 Author: Lidi Zheng <[email protected]> Date: Fri Sep 17 15:19:26 2021 -0700 [Backport grpc#27373] add testing_version flag (#4783) commit e469f0d5f5bcc1324dc3940c584e0969e2ea1f90 Author: Zach Reyes <[email protected]> Date: Fri Sep 17 01:01:07 2021 -0400 xds: Add env var protection for RBAC HTTP Filter (#4765) * xds: Add env var protection for RBAC HTTP Filter commit 567da6b86340a83d509467638c91e68168bc1921 Author: Menghan Li <[email protected]> Date: Thu Sep 16 13:38:35 2021 -0700 tlogger: print log type (#4774) Error logs cause tests to fail. This makes it easier (possible) to find the error log commit 03b2ebe5080c2b521c742cf6e06bd0824b75fc52 Author: Menghan Li <[email protected]> Date: Thu Sep 16 11:07:04 2021 -0700 xds: enable ringhash and retry by default (#4776) commit b186ee8975f3c69bc36333a99fc82d1388977012 Author: Ed Warnicke <[email protected]> Date: Thu Sep 16 09:59:36 2021 -0500 test/bufconn: add Listener.DialContext(context.Context) (#4763) commit 7cf9689be2d2b1e7f00dfc15d2516b7635c65c45 Author: Easwar Swaminathan <[email protected]> Date: Wed Sep 15 15:38:01 2021 -0700 xds: validations for security config, as specified in A29 (#4762) * xds: validations for security config, as specified in A29 * make vet happy * fix error log * fix error msg in test commit 4f093b9a5afa5f3c8f29774dbdce8c02ce516d70 Author: Menghan Li <[email protected]> Date: Wed Sep 15 14:47:18 2021 -0700 ringhash: the balancer (#4741) commit 4c5f7fb0eecd984708e0c1eeea7d426f275b22d3 Author: Easwar Swaminathan <[email protected]> Date: Wed Sep 15 14:05:59 2021 -0700 xds: de-experimentalize xDS apis required for psm security (#4753) commit c84a5de06496bf8416cebf9d0058f481e37c165e Author: Zach Reyes <[email protected]> Date: Wed Sep 15 17:02:08 2021 -0400 transport/server: add :method POST to incoming metadata (#4770) * transport/server: add :method POST to incoming metadata commit 98ccf472da9a7e01d53bd27e5ad537d46c1b5ca9 Author: Menghan Li <[email protected]> Date: Wed Sep 15 13:35:51 2021 -0700 priority: handle Idle children the same way as Ready (#4769) commit 2d4e44a0cd75808908c9fb98aac764af6558ff6e Author: Menghan Li <[email protected]> Date: Tue Sep 14 16:11:03 2021 -0700 xds/affinity: fix bugs in clusterresolver and xds-resolver (#4744) commit d41f21ca050b1721093702ede81c21b7e3bdaa63 Author: Doug Fawley <[email protected]> Date: Tue Sep 14 15:11:42 2021 -0700 stats: support stats for all retry attempts; support transparent retry (#4749) commit 5d8e5aad40bedb696205b96b786f1d0e1326b3f8 Author: Kobi <[email protected]> Date: Tue Sep 14 17:15:02 2021 +0300 Create NOTICE.txt (#4739) commit 5bfc05fb0cf08fd2a8257d2bca8dba552263ba7e Author: Easwar Swaminathan <[email protected]> Date: Mon Sep 13 11:50:52 2021 -0700 grpc: clarify the use of transport.ErrConnClosing from createTransport() (#4757) commit 77ffb2ef318a2b8442b9fb10f80724013b2e65eb Author: Zach Reyes <[email protected]> Date: Mon Sep 13 14:09:57 2021 -0400 xds: RBAC HTTP Filter (#4748) * xds: RBAC HTTP Filter commit 03268c8ed29e801944a2265a82f240f7c0e1b1c3 Author: Doug Fawley <[email protected]> Date: Fri Sep 10 16:25:09 2021 -0700 balancer: fix aggregated state to not report idle with zero subconns (#4756) commit d25e31e741ddfb45f4126cd20e357185751e42c2 Author: Doug Fawley <[email protected]> Date: Fri Sep 10 14:12:13 2021 -0700 client: fix case where GOAWAY would leak connections and memory (#4755) commit 7f560ef4c5224efb8a86f2877315c381c30fa126 Author: Easwar Swaminathan <[email protected]> Date: Fri Sep 10 14:08:26 2021 -0700 grpc: close underlying transport when subConn is closed when in connecting state (#4751) commit 4e07a14b4e66e90ebf54ccc361012cb2b10724fd Author: Cesar Ghali <[email protected]> Date: Fri Sep 10 13:58:12 2021 -0700 credentials/ALTS: Ensure ALTS record protocol names are consistent (#4754) commit 16cf65612e633d1cc0be8c65ee7a49fbe2b27825 Author: Menghan Li <[email protected]> Date: Fri Sep 10 11:24:25 2021 -0700 xds: update xdsclient NACK to keep valid resources (#4743) commit 43e8fd4f69b65fd51d72578df4afa5c0519ca2b5 Author: Easwar Swaminathan <[email protected]> Date: Fri Sep 10 10:59:25 2021 -0700 xds: don't remove env var protection for security on the client yet (#4752) Set the value to true by default, and remove it one release later. commit 0a99ae2d035feeb87506e767bd88d3b7364d1059 Author: Easwar Swaminathan <[email protected]> Date: Fri Sep 10 09:04:59 2021 -0700 xds: support new fields to fetch security configuration (#4747) commit 2608e38e6386be7400720fecf2ece176c4cbc1b2 Author: Zach Reyes <[email protected]> Date: Thu Sep 9 13:35:41 2021 -0400 xds: Added server side routing (#4726) * Added server side routing commit 1fe5adbbf82f15781a0ce3f704012dc44e6b8e63 Author: apolcyn <[email protected]> Date: Wed Sep 8 17:31:51 2021 -0700 interop-testing: add soak test cases to interop client (#4677) commit a6a63177ae6094f9baa83b046bb4f20426ba5b82 Author: Doug Fawley <[email protected]> Date: Wed Sep 8 10:00:44 2021 -0700 xds: add retry support (#4738) commit 2f3355d2244eb436564a93dfbe2b0ba907adeb98 Author: Easwar Swaminathan <[email protected]> Date: Tue Sep 7 11:11:16 2021 -0700 xds: update go-control-plane to latest (#4737) commit 973e7cb9a17d398b9ddff102e19701f9e7a7a096 Author: Menghan Li <[email protected]> Date: Tue Sep 7 10:41:26 2021 -0700 ringhash: the picker (#4730) commit 00a7dc8901e6f74713b131601d76cfc8fb62f8b0 Author: Easwar Swaminathan <[email protected]> Date: Tue Sep 7 10:28:56 2021 -0700 xds: remove env var protection for security on client (#4735) commit c99a9c19b08500bd4259e95e3529ff483a0ae405 Author: Menghan Li <[email protected]> Date: Tue Sep 7 10:10:36 2021 -0700 priority: forward the first IDLE state and picker (#4731) commit 0ca7dca97726252050774a4bff20d92ca5772331 Author: yihuaz <[email protected]> Date: Tue Sep 7 09:12:01 2021 -0700 oauth: Allow access to Google API regional endpoints via Google Default Credentials (#4713) commit b2ba77a36ff809ab344b98368d9ecc3e12f943d6 Author: Easwar Swaminathan <[email protected]> Date: Fri Sep 3 10:59:33 2021 -0700 xds: use separate update channels for listeners in test (#4712) commit c93e472777b9d2963eff865ff4ee9f0895876b43 Author: Zach Reyes <[email protected]> Date: Thu Sep 2 14:43:26 2021 -0400 Fixed race in Filter Chain (#4728) commit b189f5e1bc9a495447332355df8a9648e65a2e44 Author: Ashitha Santhosh <[email protected]> Date: Thu Sep 2 11:22:07 2021 -0700 authz: create interceptors for gRPC security policy API (#4664) * Static Authorization Interceptor commit d6a5f5f4f3621542ec98cfed52c0620beab9fbd5 Author: Menghan Li <[email protected]> Date: Thu Sep 2 10:49:35 2021 -0700 ringhash: the ring (#4701) commit 51003aa81e09b20c1a74ec88c961a68902349143 Author: Easwar Swaminathan <[email protected]> Date: Wed Sep 1 13:49:44 2021 -0700 xds: start a management server per test (#4720) commit ed501aa1fd1d368d77e17de619046e2e1ebb82a9 Author: Tobias Klauser <[email protected]> Date: Wed Sep 1 20:08:00 2021 +0200 xds/internal/resolver: update github.com/cespare/xxhash to v2 (#4671) github.com/cespare/xxhash/v2 supports Go ≥ 1.11 and this package states 1.11 in its go.mod file. The only symbol used from the xxhash package is the Sum64String func which still exists and works the same in v2. This gets rid of two indirect dependencies. commit f7d66b5846f00b6ab0b41a675aef9764176830fa Author: Lidi Zheng <[email protected]> Date: Tue Aug 31 13:42:43 2021 -0700 Change to a non-workload-identity GKE cluster (#4723) commit 198d951db5082bddddd36e53efa8e9cbc924a228 Author: Zach Reyes <[email protected]> Date: Tue Aug 31 09:27:06 2021 -0400 xds: Instantiated HTTP Filters on Server Side (#4669) * Instantiated HTTP Filters on Server Side commit ef66d13abb84ad6c6d99c8cbf3697607b7891f32 Author: Zach Reyes <[email protected]> Date: Mon Aug 30 16:49:46 2021 -0400 xds: Required Router Filter for both Client and Server side (#4676) * Added isTerminal() to FilterAPI and required router filter on Client and Server side commit 85b9a1a0fa3fc7ce6677ac19267b380ef0cf59a7 Author: Easwar Swaminathan <[email protected]> Date: Fri Aug 27 08:18:29 2021 -0700 xds: pass empty balancer.BuildOptions in clusterresolver_test (#4711) commit 43b19ef0e473c675b0ec7666a9856bf5edd7439e Author: Doug Fawley <[email protected]> Date: Thu Aug 26 13:29:59 2021 -0700 grpctest: extend use of mutex to guard more things (#4710) commit d074cae66bc68d4ec5ccf427de2fce700223f4c7 Author: Doug Fawley <[email protected]> Date: Thu Aug 26 11:21:36 2021 -0700 github: fold security tests into 'tests'; update testing to 1.17-1.15 (#4708) commit 0b372df5f45ee5e81aaae18ae9e5ad60eab60586 Author: Menghan Li <[email protected]> Date: Thu Aug 26 10:21:09 2021 -0700 xds/client: NACK ringhash lb policy if env var is not set (#4707) commit 712e8d4f57fd4a4fbb83406148f9c71eb3e7714e Author: Easwar Swaminathan <[email protected]> Date: Wed Aug 25 14:51:41 2021 -0700 Remove support for Go 1.13 and older (cont) (#4706) commit 498743c19e864d45b6761fd0b8c6cf7ad72eb271 Author: apolcyn <[email protected]> Date: Wed Aug 25 14:03:53 2021 -0700 xds/c2p: update default XDS server name in C2P resolver (#4705) commit 6bd8e8cf30e25b6cde3ec16389ff470680c107b1 Author: Easwar Swaminathan <[email protected]> Date: Tue Aug 24 14:24:34 2021 -0700 multiple: remove support for Go 1.11 (#4700) commit 5f4bc66745e1af8406741bb329a7bb7119631e02 Author: Doug Fawley <[email protected]> Date: Tue Aug 24 13:52:18 2021 -0700 grpc: fix stayConnected function to connect upon entry (#4699) If stayConnected was called while the ClientConn was in IDLE already, it would never call Connect, and stay stuck in that state. This change ensures cc.Connect is always called at least once. commit 46ab723bb20867a29022047224194fefd311cb37 Author: Easwar Swaminathan <[email protected]> Date: Tue Aug 24 12:30:13 2021 -0700 multiple: remove appengine specific build constraints and code (#4685) commit bfd964bba69658b989ff619c40383e59d13770f1 Author: Easwar Swaminathan <[email protected]> Date: Tue Aug 24 11:19:04 2021 -0700 xds: use the defaultTestTimeout instead of the short one (#4684) commit dc3afb202f85e5540ece8743b114c7287a5f37a4 Author: Easwar Swaminathan <[email protected]> Date: Tue Aug 24 11:04:25 2021 -0700 xds: deflake Test/ServerSideXDS_ServingModeChanges (#4689) commit 45a623cbefb83b4708e549616fde9c6d613710ad Author: Easwar Swaminathan <[email protected]> Date: Tue Aug 24 10:02:55 2021 -0700 test: use non blocking dials in end2end_test (#4687) commit c361e9ea1646283baf7b23a5d060c45fce9a1dea Author: Zach Reyes <[email protected]> Date: Mon Aug 23 19:39:14 2021 -0400 Move Server Credentials Handshake to transport (#4692) * Move Server Credentials Handshake to transport commit 8ab16ef276a33df4cdb106446eeff40ff56a6928 Author: Doug Fawley <[email protected]> Date: Wed Aug 18 15:04:35 2021 -0700 balancer: add ExitIdle optional interface (#4673) commit 52cea2453436fbb4b962d3cb2da34da7ef6f10c7 Author: 吴亲库里 <[email protected]> Date: Thu Aug 19 04:31:22 2021 +0800 server: fix net.conn closed twice (#4663) commit a42567fe92f005c47e60146bdbb0d5f7fc232219 Author: Menghan Li <[email protected]> Date: Thu Aug 12 11:12:02 2021 -0700 xds: support picking ringhash in xds client and cds policy (#4657) commit ad87ad009856d3423e067fc49b990d05e16d706c Author: Zach Reyes <[email protected]> Date: Wed Aug 11 18:48:24 2021 -0400 xds: Add support for Dynamic RDS in listener wrapper (#4655) * Add support for Dynamic RDS in listener wrapper commit 88dc96b463fb9a695e6181750e78524df1903601 Author: Lidi Zheng <[email protected]> Date: Wed Aug 11 14:33:44 2021 -0700 Copy the tag_and_push_docker_image method to grpc-go (#4667) commit 9c668aeab86903a70e291eb47a04f48d84e67006 Author: Aliaksandr Mianzhynski <[email protected]> Date: Wed Aug 11 19:17:59 2021 +0300 all: preallocate slices where possible (#4609) commit c7c1e9e0ec7aed0a530cde1e7d2fc7382a6816a2 Author: Lidi Zheng <[email protected]> Date: Tue Aug 10 20:31:26 2021 -0700 Update xDS client/server image per-branch tag after build (#4661) commit 997ce619eb555b6a481e741afa6390ad3cd80d5c Author: Doug Fawley <[email protected]> Date: Tue Aug 10 13:22:34 2021 -0700 clientconn: do not automatically reconnect addrConns; go idle instead (#4613) commit 01bababd83492b6eb1c7046ab4c3a4b1bcc5e9d6 Author: Zach Reyes <[email protected]> Date: Mon Aug 9 23:15:57 2021 -0400 Added connection to transport context (#4649) * Added connection to transport context commit 574137db7de3c10e010d5023626169f13540cef1 Author: Easwar Swaminathan <[email protected]> Date: Fri Aug 6 10:56:44 2021 -0700 xds: fix flaky test (TestPickerUpdateAfterClose) (#4658) commit fc30d5b571f5981b71e8391a04e23c5f98eab4c3 Author: Menghan Li <[email protected]> Date: Thu Aug 5 14:30:04 2021 -0700 xds/cluster_resolver: support RING_HASH as a child of cluster_resolver balancer (#4621) 1. merge endpoint picking and localility picking policy to one field in cluster_resolver's balancer config - This field only supports ROUND_ROBIN or RING_HASH. - This is to support RING_HASH policy, which is responsible both endpoint picking and locality picking. - If policy is RING_HASH, endpoints in localities will be flattened to a list of endpoints, and passed to the policy. 1. support building policy config with RING_HASH as a child - The config tree has one less layer comparing with ROUND_ROBIN - This also need to define RING_HASH's balancer config config 1. Deleted test `TestEDS_UpdateSubBalancerName` because now the balancer doesn't support updating child to a custom policy. commit 74370577fa163f6022fb88a5926192a7c26a3933 Author: Zach Reyes <[email protected]> Date: Thu Aug 5 17:28:06 2021 -0400 xds: Add route to filterchain (#4610) * Added RDS Information from LDS in filter chain commit 6ba56c814be74c95e35a000582e074a380e545b0 Author: Menghan Li <[email protected]> Date: Tue Aug 3 15:12:56 2021 -0700 transport: fix race accessing s.recvCompress (#4645) This is a backport of #4641 commit 0d6854ab5ecc205b0f7437919b7988f67144eba9 Author: Menghan Li <[email protected]> Date: Tue Aug 3 14:17:02 2021 -0700 transport: fix race accessing s.recvCompress (#4641) commit edb9b3bc226676eba6fe1cddec44d082b5a30e4f Author: Doug Fawley <[email protected]> Date: Mon Aug 2 15:56:58 2021 -0700 github: update stale bot to v4 (#4636) commit c052940bcd91bba85050ac193aeeca6e1c588e8a Author: Menghan Li <[email protected]> Date: Mon Aug 2 13:05:02 2021 -0700 server: fix leaked net.Conn (#4633) This happens when NewServerTransport() returns nil, nil. The rawConn is closed when the transport is closed, which will never happen in this case (since the returned transport is nil). commit 8ed8dd26555f396d81f497415086ec73103e5825 Author: ZhenLian <[email protected]> Date: Mon Aug 2 13:03:54 2021 -0700 advancedtls: fix a typo in crl.go (#4634) commit ea9b7a0a7651baaf43c5403cb83349fffb5162df Author: Easwar Swaminathan <[email protected]> Date: Thu Jul 29 17:23:32 2021 -0700 xds: fix a typo (#4631) commit ad0a2a847cdfb3204c30d1423436fdeec8ff17bf Author: April Kyle Nassi <[email protected]> Date: Wed Jul 28 14:46:46 2021 -0700 Update MAINTAINERS.md (#4628) moved 2 to emeritus list commit 61c704607b40236f021f3120e5a4b1c237ed8ade Author: raymonder jin <[email protected]> Date: Thu Jul 29 02:02:38 2021 +0800 fix typo (#4616) commit 245ad25715e019716d10f5b24d761f85ff158c15 Author: Zach Reyes <[email protected]> Date: Tue Jul 27 15:13:18 2021 -0400 Change version to 1.41.0-dev (#4625) commit 00edd8c13a7a27bc25c8de2a68cf6de35f88bd7e Author: Lidi Zheng <[email protected]> Date: Mon Jul 26 13:02:56 2021 -0700 Add xDS k8s url-map test Kokoro job (#4614) commit 1ddab338690a578975747239ad4ecd2ae63b1965 Author: Doug Fawley <[email protected]> Date: Fri Jul 23 10:37:18 2021 -0700 client: fix detection of whether IO was performed in NewStream (#4611) For transparent retry. Also allow non-WFR RPCs to retry indefinitely on errors that resulted in no I/O; the spec used to forbid it at one point during development, but it no longer does. commit 582ef458c6d8174087877ee83bb514abc16650a5 Author: Menghan Li <[email protected]> Date: Thu Jul 22 16:12:30 2021 -0700 cluster_resolver: move balancer config types into cluster_resolver package and unexport (#4607) commit c513103bee39e1ebc3793e7128941794667779de Author: Zach Reyes <[email protected]> Date: Wed Jul 21 22:42:38 2021 -0400 Add extra layer on top of RBAC Engine (#4576) * Add extra layer in RBAC commit a0bed723f1c00c8b07c6ceaf1f6ac2cb42ec0b35 Author: Zach Reyes <[email protected]> Date: Wed Jul 21 21:58:19 2021 -0400 xds: add http filters to FilterChain matching (#4595) * Add HTTP Filters to FilterChain commit 0a8c63739a87bee6ff6097d272b63727659f4503 Author: apolcyn <[email protected]> Date: Wed Jul 21 10:50:37 2021 -0700 grpclb: propagate the most recent connection error when grpclb enters transient failure (#4605) commit 8332d5b997af9e1554418167860351696d35e628 Author: lzhfromustc <[email protected]> Date: Wed Jul 21 13:40:04 2021 -0400 test: fix possible goroutine leaks in unit tests (#4570) commit 0300770df1c0b742f4eef4cce47ca315379ad4d1 Author: Menghan Li <[email protected]> Date: Wed Jul 21 10:22:02 2021 -0700 xds: support cluster fallback in cluster_resolver (#4594) commit 65cabd74d8e18d7347fecd414fa8d83a00035f5f Author: Jille Timmermans <[email protected]> Date: Tue Jul 20 19:58:14 2021 +0200 internal/binarylog: Fix data race when calling Write() and Close() in parallel (#4604) They both touched bufferedSink.writeTicker commit ce7bdf50abb1f7c7a5ba1a54890e6dac46eb87f7 Author: Matt Jones <[email protected]> Date: Thu Jul 15 09:53:31 2021 -0700 advancedtls: CRL checking for golang gRPC (#4489) * Code for CRL checking for golang gRPC. commit 0103ea2d6c98f59ddd6ff09aa93f963936157213 Author: John Howard <[email protected]> Date: Wed Jul 14 13:59:50 2021 -0700 client: improve GOAWAY debug messages (#4587) commit b586e9215896c69206b29af00f30bc34d483b6fc Author: Menghan Li <[email protected]> Date: Wed Jul 14 13:10:19 2021 -0700 xds/client: notify the resource watchers of xDS errors (#4564) commit bfe1d0dc23ac33e7c8ebf125753e5fb0698a4bde Author: Jille Timmermans <[email protected]> Date: Wed Jul 14 20:34:40 2021 +0200 binarylog: Use a simple boolean rather than a sync.Once (#4581) commit ba41bbac225e6e1a9b822fe636c40c3b7d977894 Author: James Protzman <[email protected]> Date: Wed Jul 14 13:54:58 2021 -0400 transport: validate http 200 status for responses (#4474) commit ebfe3be62a82434bc83fd7b36410141a603a96be Author: Menghan Li <[email protected]> Date: Mon Jul 12 16:42:02 2021 -0700 cluster_resolver: implement resource resolver to resolve EDS and DNS (#4531) commit 30dfb4b933a50fd366d7ed36ed4f71dbba2d382e Author: Jille Timmermans <[email protected]> Date: Thu Jul 8 19:06:55 2021 +0200 binarylog: Don't continue after failing to marshal the proto (#4582) commit 51e780ce00959f0a2ba16ca7c65f3b99a91c3c61 Author: Jille Timmermans <[email protected]> Date: Thu Jul 8 19:06:11 2021 +0200 internal/binarylog: Use defer to unlock mutexes (#4590) commit afad37618961fd1123d6582661895c6c533852ea Author: Easwar Swaminathan <[email protected]> Date: Thu Jul 8 09:20:15 2021 -0700 Fix bootstrap format in comment (#4586) commit 91e0aeb192456225adf27966d04ada4cf8599915 Author: Jille Timmermans <[email protected]> Date: Thu Jul 8 01:37:57 2021 +0200 binarylog: Don't leak the flusher goroutine when closing a Sink (#4583) time.Ticker.Stop() doesn't close the ticker channel, so we need to signal the goroutine to die some other way commit dd589923e1a17f5cc7c667359ae12d56bc1d3113 Author: Doug Fawley <[email protected]> Date: Fri Jul 2 16:21:46 2021 -0700 clientconn: stop automatically connecting to idle subchannels returned by picker (#4579) commit 52546c5d89b7e362064f2a21c9d10803b44af15f Author: Ashitha Santhosh <[email protected]> Date: Wed Jun 30 11:14:57 2021 -0700 authorization: translate SDK policy to Envoy RBAC proto (#4523) * Translates SDK authorization policy to Envoy RBAC proto. commit b3f274c2babaeab7802d98e21a66209846437ff5 Author: Menghan Li <[email protected]> Date: Tue Jun 29 11:45:16 2021 -0700 xds/cluster_impl: fix cluster_impl not correctly starting LoadReport stream (#4566) commit 83f9def5feb388c4fd7e6586bd55cf6bf6d46a01 Author: Vicent Martí <[email protected]> Date: Mon Jun 28 18:51:21 2021 +0200 internal/transport: do not mask ConnectionError (#4561) commit 9b2fa9f8d3caed4aae28242f6ac7cd27c790806c Author: Aliaksandr Mianzhynski <[email protected]> Date: Fri Jun 25 08:11:47 2021 +0300 server: improve chained interceptors performance (#4524) commit e24ede593630782a7718aeb27f116446e0284f90 Author: Menghan Li <[email protected]> Date: Thu Jun 24 16:20:11 2021 -0700 xds: delete LRS policy and move the functionality to xds_cluster_impl (#4528) - (cluster_resolver) attach locality ID to addresses - (cluster_impl) wrap SubConn - (lrs) delete commit d9eb12feed7a0f45d4acbf478e83171f4c00210a Author: Doug Fawley <[email protected]> Date: Wed Jun 23 14:15:56 2021 -0700 xdsclient: move tests out of tests directory (#4535) commit b9270c3a7f163541823e37485aae70fcf043d406 Author: Zach Reyes <[email protected]> Date: Wed Jun 23 16:36:24 2021 -0400 client: add deadline for TransportCredentials handshaker (#4559) * Add deadline on connection for TransportCredentials handshake commit 4440c3b8306d28f4af5833bdf12ac54866dc1423 Author: Menghan Li <[email protected]> Date: Tue Jun 22 14:57:05 2021 -0700 cluster_resolver: fix DiscoveryMechanismType marshal JSON (#4532) commit 14c7ed60ad7655f522345032f0c0c7ae05303816 Author: Menghan Li <[email protected]> Date: Tue Jun 22 11:03:12 2021 -0700 xds/circuit_breaking: counters should be keyed by {cluster, EDS service name} pair (#4560) commit 50328cf800a44d78199311c2d93f5856e4b699c1 Author: Sergii Tkachenko <[email protected]> Date: Mon Jun 21 15:11:57 2021 -0400 buildscripts: add option to use xds-k8s test driver from a fork (#4548) commit 4faa31f0a5809a5064ee128c9d855c0bedc1c783 Author: Iskandarov Lev <[email protected]> Date: Fri Jun 18 23:21:07 2021 +0300 stats: add stream info inside stats.Begin (#4533) commit 74fe073e9acce820ff3815b78e49aadd10439d59 Author: Doug Fawley <[email protected]> Date: Thu Jun 17 16:53:52 2021 -0700 Revert "xds: require router filter when filters are empty" (#4556) This reverts commit 00ae0c57cc0a418f5208906d4f68c4b682dc662c. commit 1c1e3f88d343d53aa7be5712e21d42d46892bc32 Author: Menghan Li <[email protected]> Date: Thu Jun 17 11:29:17 2021 -0700 xds: fix test race in cluster_resolver (#4555) There's a race between update sub-balancer and the first EDS resp. If sub-balancer is updated after the first EDS resp, the old balancers (round_robin) will create two lingering SubConns that are not handled, which will mess up the following SubConn state updates. commit 151c8b770a05e77528859076e2869405ac403d1a Author: Menghan Li <[email protected]> Date: Thu Jun 17 11:14:00 2021 -0700 xds/clusterimpl: fix race between picker update and ClientConn state update (#4551) commit 00ae0c57cc0a418f5208906d4f68c4b682dc662c Author: Aliaksandr Mianzhynski <[email protected]> Date: Thu Jun 17 20:23:18 2021 +0300 xds: require router filter when filters are empty (#4553) commit 633fbe4dfee2289937bafe9c08ccb46d045c0310 Author: Zach Reyes <[email protected]> Date: Thu Jun 17 09:00:05 2021 -0400 xds: generate per-request hash config selector (#4525) * xds: generate per-request hash in config selector commit 7e3535650101d07525dbbfe398caf82f4ea1a6c8 Author: Konrad Reiche <[email protected]> Date: Wed Jun 16 16:56:04 2021 -0700 metadata: add Delete method to MD (#4549) commit 4c651eda23d0bc60edc6c932ce60f1246a2a2034 Author: Menghan Li <[email protected]> Date: Wed Jun 16 11:04:33 2021 -0700 xds: move eds package to cluster_resolver (#4545) commit 549c53a90c2a61a4bbe4e067b21f709ead03e2de Author: Menghan Li <[email protected]> Date: Tue Jun 15 14:03:10 2021 -0700 xds/eds: rewrite EDS policy using child policies (#4457) commit cd9f53ac49fe8d2ae979dd94cb0eb2a5e5b9660c Author: Menghan Li <[email protected]> Date: Tue Jun 15 11:09:10 2021 -0700 xds/cds: update CDS balancer to partially handle aggregated cluster (#4539) commit f06e0060c6567a63a687be461f905268b9cc193d Author: Doug Fawley <[email protected]> Date: Tue Jun 15 10:49:54 2021 -0700 Change version to 1.40.0-dev (#4543) commit 22c535818725b54cc34ccbc4b953318f19bc13a6 Author: Zach Reyes <[email protected]> Date: Mon Jun 14 15:02:50 2021 -0400 xds: add HashPolicy fields to RDS update (#4521) * Add HashPolicy fields to RDS update commit 45549242f79aacb850de77336a76777bef8bbe01 Author: Menghan Li <[email protected]> Date: Fri Jun 11 13:14:09 2021 -0700 internal: fix deadlock during switch_balancer and NewSubConn() (#4536) commit 2d3b1f900edcb0f08915526e01adb17d1c829180 Author: Dustin Ward <[email protected]> Date: Fri Jun 11 12:48:03 2021 -0400 grpc: prevent deadlock in Test/ClientUpdatesParamsAfterGoAway on failure (#4534) commit 6351a55c3895e5658b2c59769c81109d962d0e04 Author: Doug Fawley <[email protected]> Date: Thu Jun 10 09:33:06 2021 -0700 xds: remove env var protetion of advanced routing features (#4529) commit 95e48a892d6c51e95d2aa77742da72c2df14dc28 Author: Aliaksandr Mianzhynski <[email protected]> Date: Wed Jun 9 21:05:17 2021 +0300 Add GetServiceInfo to xds.GRPCServer (#4507) commit aa1169ab7c3b34a8ed665b16ce9cfc5343306807 Author: Doug Fawley <[email protected]> Date: Wed Jun 9 10:01:40 2021 -0700 vet: remove support for non-module-aware Go versions (#4530) commit b1418a6e74bc6bed7dad82588b6d817b5417b20b Author: Menghan Li <[email protected]> Date: Tue Jun 8 16:05:50 2021 -0700 xds: export XDSClient interface and use it in balancer tests (#4510) - xdsclient.New returns the interface now - xdsclient.SetClient and xdsclient.FromResolverState take and return the interface now - cleanup xds balancer tests to pass xds_client in resolver state commit 7301a311748ce82f30d8bd8076fad23ec4c7c1df Author: Menghan Li <[email protected]> Date: Mon Jun 7 21:57:17 2021 -0700 c2p: add random number to xDS node ID in google-c2p resolver (#4519) commit d30e2c91a0545bd393774c3775cd9f9c5f5a5673 Author: Doug Fawley <[email protected]> Date: Mon Jun 7 17:13:48 2021 -0700 xds/resolver: test xds client closed by resolver Close (#4509) commit 656cad9ae5cf6ac93dc06669f308d29be7118481 Author: Doug Fawley <[email protected]> Date: Fri Jun 4 12:00:13 2021 -0700 xds: standardize xds client field name (xdsClient) (#4518) commit 7f9eeeae36417349a8d33f515a2cac04afceb30e Author: Doug Fawley <[email protected]> Date: Fri Jun 4 11:40:23 2021 -0700 xds: standardize builder type names (bb) and balancer receiver names (b) (#4517) commit 7beddeea913bd74a9d3b4e7ec49f0265a0ac7b88 Author: Doug Fawley <[email protected]> Date: Fri Jun 4 08:58:26 2021 -0700 cleanup: remove "Interface" as suffix of (almost all) interface names (#4512) commit 5c164e2b8f227a29f4aa6b2de3afb2afa38880ba Author: Doug Fawley <[email protected]> Date: Thu Jun 3 16:10:21 2021 -0700 xds: rename xds/internal/client package to xdsclient (#4511) commit 32d5490aee8dd29a6fbfe75dc8caade5b6aa5d87 Author: Menghan Li <[email protected]> Date: Thu Jun 3 15:23:46 2021 -0700 metadata: convert keys to lowercase in FromContext() (#4416) commit c67c056bee6a3a40a36a8d42f91fe997442a2d07 Author: Jerry Y. Chen <[email protected]> Date: Fri Jun 4 05:28:32 2021 +0800 doc: fix typo in package networktype (#4508) commit a3715292f8de67482ffe707076b000a15747815e Author: Menghan Li <[email protected]> Date: Thu Jun 3 13:59:37 2021 -0700 csds: return empty response if xds client is not set (#4505) commit 0956b12520b5d76fe9d43f7eda8ad51765c44ce1 Author: Menghan Li <[email protected]> Date: Wed Jun 2 21:22:13 2021 -0700 client: handle RemoveSubConn in goroutine to avoid deadlock (#4504) commit 174b1c28afaa3c1ca3518c251deb53f014603bbd Author: Easwar Swaminathan <[email protected]> Date: Wed Jun 2 16:47:35 2021 -0700 internal/transport: skip log on EOF when reading client preface (#4458) commit e7b12ef3b15f6c46da7c5c3c71f4ca06ba410c1c Author: Menghan Li <[email protected]> Date: Wed Jun 2 15:58:39 2021 -0700 cluster_resolver: add functions to build child balancer config (#4429) commit 3508452162f48011bf36f303f901f4efc50087ec Author: Doug Fawley <[email protected]> Date: Wed Jun 2 10:48:18 2021 -0700 xds: add test-only injection of xds config to client and server (#4476) commit e5cad3dcff812a49f39c8105ffb5cc4881230e60 Author: laststem <[email protected]> Date: Wed Jun 2 08:50:35 2021 +0900 doc: fix broken benchmark dashboard link in README.md (#4503) commit 8bdcb4c9ab8de15f6a60ebce93b6f4c8d86622ef Author: Evan Jones <[email protected]> Date: Tue Jun 1 11:54:43 2021 -0400 client: Clarify that WaitForReady will block for CONNECTING channels (#4477) commit 2de42fcbbce31dcdf14ee24836a713b65fc06dae Author: Easwar Swaminathan <[email protected]> Date: Wed May 26 15:35:27 2021 -0700 kokoro: Specify the correct path to the build config (#4495) commit 34bd6fbb8e3b570fdbda35e5537e389f7942b406 Author: Zach Reyes <[email protected]> Date: Wed May 26 14:20:25 2021 -0400 xds: add RBAC Engine (#4471) * Added RBAC Engine commit 194dcc921a94aa12fc04e2b3262ac3e4f69142b1 Author: dkkb <[email protected]> Date: Thu May 27 02:17:27 2021 +0800 example: improve hello world server with starting msg (#4468) commit 4bae49e05b281411fd01180f7893894e39941337 Author: Doug Fawley <[email protected]> Date: Tue May 25 16:06:58 2021 -0700 mergeable: update relnotes regex (#4488) commit bbb542c3d9c07f587e0025c9bdf0768e9624951b Author: Easwar Swaminathan <[email protected]> Date: Tue May 25 15:46:02 2021 -0700 Kokoro build configs for PSM security interop tests (#4481) commit e26e756f13345dd19470073c5c2920b65a24ac3c Author: Easwar Swaminathan <[email protected]> Date: Tue May 25 15:43:14 2021 -0700 Enable logging in xds interop docker containers (#4482) commit 598e3f6a9dafe9f4da7b874f9ed8c8b3c0ff65ae Author: Doug Fawley <[email protected]> Date: Tue May 25 11:46:30 2021 -0700 github: update lock bot to github actions (#4484) commit 67b720630d6a61ae4fb38d190f16ca7685078a18 Author: Doug Fawley <[email protected]> Date: Tue May 25 11:45:53 2021 -0700 github: increase stale bot ops per run to process everything (#4485) commit 4ecb61bedbdef3fb4c52e4f06247d504b54ace9b Author: Doug Fawley <[email protected]> Date: Tue May 25 11:24:19 2021 -0700 github: limit repo access of testing workflows (#4483) commit 69da917ce95ec0c81e53647b43b6da5b184fdb88 Author: Doug Fawley <[email protected]> Date: Tue May 25 10:25:54 2021 -0700 github: update stale bot to github actions (#4480) commit 280df42a316deb7962dd49d32dedbea720806473 Author: Doug Fawley <[email protected]> Date: Tue May 25 09:16:23 2021 -0700 mergeable: require RELEASE NOTES in PR description, milestone, and Type label (#4475) commit 728364accfb93cd52003fb38a6412c8e4965116b Author: Easwar Swaminathan <[email protected]> Date: Mon May 24 17:30:40 2021 -0700 server: return UNIMPLEMENTED on receipt of malformed method name (#4464) commit c4ed6360a98355b1ca6e772a73bd27ece15de3e9 Author: Easwar Swaminathan <[email protected]> Date: Mon May 24 17:30:29 2021 -0700 transport: remove RequestURI field from requests in transport test (#4465) commit 359fdbb7b310c71882a354675949a4ca95957d75 Author: Doug Fawley <[email protected]> Date: Fri May 21 15:54:45 2021 -0700 Delete .travis.yml file (#4462) commit a8e85e0d5704da1f5bd858a7b47621e77fe5035b Author: Ehsan Afzali <[email protected]> Date: Sat May 22 01:54:24 2021 +0300 server: allow PreparedMsgs to work for server streams (#3480) commit b1f7648a9fc72ce76cbcd42d8e2c60d9d9bed9fc Author: Doug Fawley <[email protected]> Date: Fri May 21 15:15:58 2021 -0700 client: ensure LB policy is closed before closing resolver (#4478) commit 3dd75a6888ce5d1b5195c5cf72241d9e36f68e42 Author: AlphaBaby <[email protected]> Date: Thu May 20 02:18:52 2021 +0800 xds_client/rds: weighted_cluster totalWeight default to 100 (#4439) commit 84d0920b59e5f138ffd4da11f7b2ab51e862b581 Author: Doug Fawley <[email protected]> Date: Wed May 19 11:05:26 2021 -0700 transport: unblock read throttling when controlbuf exits (#4447) commit 86ac0fbc4037c1e748a650002d34a8044fff59e6 Author: Aaron Jheng <[email protected]> Date: Thu May 20 01:57:27 2021 +0800 Documentation: Fix typo (#4445) commit 23a83dd097ec07fc7ddfb4a30c675763e4972ba4 Author: Doug Fawley <[email protected]> Date: Tue May 18 15:26:51 2021 -0700 transport: various simplifications noticed during #4447 (#4455) commit c9c9a7536f5756744347acaba907189e53c38468 Author: Menghan Li <[email protected]> Date: Tue May 18 10:32:05 2021 -0700 internal: fix test unset env var AggregateAndDNSSupportEnv (#4454) commit 74c40c963fefb22798e08e7cf13ef616786b2402 Author: Menghan Li <[email protected]> Date: Tue May 18 10:31:27 2021 -0700 xds/cds: fix LOGICAL_DNS cluster semantics (#4434) commit 584fa418225e60652638b79c38a189be1ff00036 Author: Menghan Li <[email protected]> Date: Tue May 18 10:30:43 2021 -0700 xds/testing: export variables for testing (#4449) The exported variables will be used by tests (to be added in a future PR, in another package) that use these balancers as child balancer. commit 2713b77e85261254c628d9c61d00f582e6a20d08 Author: Easwar Swaminathan <[email protected]> Date: Mon May 17 17:27:58 2021 -0700 use depth logging from the e2e package (#4448) commit 39015b9c5e190f8b687d8c79f1e6353568974104 Author: Easwar Swaminathan <[email protected]> Date: Mon May 17 15:03:59 2021 -0700 interop/xds: support xds security on interop server (#4444) commit 9749a79336273a1957e338d519ac553f4885cee9 Author: James Protzman <[email protected]> Date: Mon May 17 17:49:15 2021 -0400 transport: remove decodeState from server to reduce allocations (#4423) commit 78e8edf34d3649c7459e9cf88855f5bbf4f8e6f9 Author: Easwar Swaminathan <[email protected]> Date: Mon May 17 14:13:32 2021 -0700 interop/xds: dockerfile for the xds interop client (#4443) commit a12250e98f973530f34191d39f840ae435f00a91 Author: Menghan Li <[email protected]> Date: Fri May 14 15:20:45 2021 -0700 xds/cds: add env var for aggregated and DNS cluster (#4440) commit 50c071e9b5431dcb90be089c7159efc63edff4cb Author: Zeke Lu <[email protected]> Date: Sat May 15 05:09:26 2021 +0800 example: correct the default value for server_host_override (#4407) commit b759b408e84fd5e990073fdaa28cd24d8eb2adad Author: Zach Reyes <[email protected]> Date: Fri May 14 17:02:10 2021 -0400 xds: moved shared matchers to internal/xds (#4441) * Moved shared matchers to internal/xds commit 71a1ca6c7f859658e44f0073fb754c4698216202 Author: Easwar Swaminathan <[email protected]> Date: Fri May 14 11:13:26 2021 -0700 interop/xds: support xds credentials in interop client (#4436) commit dc77d7ffe311f78f2e577572d984af3c0a8df82b Author: Easwar Swaminathan <[email protected]> Date: Wed May 12 18:03:52 2021 -0700 xds: revert a workaround made in #4413 (#4428) commit a16b156e990b0fb4100a4694e1c6dda779b08f77 Author: Menghan Li <[email protected]> Date: Wed May 12 17:43:29 2021 -0700 internal: fix flaky test KeepaliveClientStaysHealthyWithResponsiveServer (#4427) Server should allow `NoStream`, otherwise there's a small chance (5/1000) the connection will be closed due to `too many pings`. commit 6fea90d7a884ad070a4f04863521eaf43e6c5d11 Author: Mayank Singhal <[email protected]> Date: Thu May 13 05:45:47 2021 +0530 benchmark: do not allow addition of values lower than the minimum allowed in histogram stats commit a712a738897ceebf3b6690d722006b61013572e0 Author: Menghan Li <[email protected]> Date: Wed May 12 16:25:07 2021 -0700 xds/cds: add separate fields for cluster name and eds service name (#4414) commit 397adad6a0d1d12ddd9b7f0101e902da274c15c8 Author: Easwar Swaminathan <[email protected]> Date: Wed May 12 15:52:15 2021 -0700 update go.mod and go.sum to point to latest go-control-plane (#4425) commit 9cb99a52111e9b67165d498ec2c322774b54a5f1 Author: Menghan Li <[email protected]> Date: Wed May 12 15:48:16 2021 -0700 xds: pretty print xDS updates and service config (#4405) commit 45e60095da54baad1e7ae28391941b64a40477e5 Author: Zach Reyes <[email protected]> Date: Wed May 12 17:28:49 2021 -0400 xds: add support for aggregate clusters (#4332) Add support for aggregate clusters in CDS Balancer commit 8bf65c69b99ed9e1106c07c1f5d2f42f312b7ec5 Author: Easwar Swaminathan <[email protected]> Date: Wed May 12 10:18:50 2021 -0700 xds: use same format while registering and watching resources (#4422) commit aa59641d5da52eaa3728c4624e16a3ac76688c39 Author: Easwar Swaminathan <[email protected]> Date: Wed May 12 10:17:13 2021 -0700 interop: use credentials.NewTLS() when possible (#4390) commit a95a5c3bacecea965def0addd986b3ef709f6e27 Author: James Protzman <[email protected]> Date: Wed May 12 11:49:07 2021 -0400 transport: remove decodeState from client to reduce allocations (#3313) commit 62adda2ece5ec803c824c5009b83cea86de5030d Author: Doug Fawley <[email protected]> Date: Tue May 11 17:05:16 2021 -0700 client: fix ForceCodec to set content-type header appropriately (#4401) commit 81b8cca6a9d92794be3e789b179e798aa1bc3209 Author: Menghan Li <[email protected]> Date: Tue May 11 15:28:46 2021 -0700 Change version to 1.39.0-dev (#4420) commit 5f95ad62331add45bbf5ee167b67cadc72e1d322 Author: Easwar Swaminathan <[email protected]> Date: Tue May 11 10:39:31 2021 -0700 xds: workaround to deflake xds e2e tests (#4413) commit b1940e15f6778067675e2192d8947608e8a20e32 Author: Easwar Swaminathan <[email protected]> Date: Mon May 10 10:11:31 2021 -0700 xds: register resources at the mgmt server before requesting them (#4406) commit 98c895f7e06adc82ad030c4f90bcada672f523a2 Author: Doug Fawley <[email protected]> Date: Mon May 10 09:35:55 2021 -0700 cleanup: use testutils.MarshalAny in more places (#4404) commit 12a377b1e4c9f1960bd25f47b9156d9dbd732ed0 Author: Easwar Swaminathan <[email protected]> Date: Fri May 7 15:42:59 2021 -0700 xds: nack route configuration with regexes that don't compile (#4388) commit c15291b0f5929ab8cf659269a11e8aa79cb71788 Author: Doug Fawley <[email protected]> Date: Fri May 7 15:24:10 2021 -0700 client: initialize safe config selector when creating ClientConn (#4398) commit 328b1d171a65d7e855bcd7bb5cb1f973c7e6f5d2 Author: Doug Fawley <[email protected]> Date: Fri May 7 14:37:52 2021 -0700 transport: allow InTapHandle to return status errors (#4365) commit aff517ba8a8ded7306801c3b95f1f7f480c1268b Author: Easwar Swaminathan <[email protected]> Date: Fri May 7 14:35:48 2021 -0700 xds: make e2e tests use a single management server instance (#4399) commit 0439465fe2b4020767d9aab1bc3055e492c14089 Author: Doug Fawley <[email protected]> Date: Fri May 7 11:57:56 2021 -0700 xds_resolver: fix flaky Test/XDSResolverDelayedOnCommitted (#4393) Before this change, if two xds client updates came too close together, the second one could replace the first one. The fix is to wait for the effects of the first update before sending the second update. I injected a synthetic delay into handling the updates from the channel to reproduce this flake 100%, and confirmed this change fixes it. As part of this change I also noticed that we're actually calling the context cancellation function twice via defers, and never the cancel function from the test setup, so I fixed that, too. commit 0ab423af82154f9466b48cfece8043314e7114d4 Author: Menghan Li <[email protected]> Date: Fri May 7 11:55:48 2021 -0700 test: fix flaky GoAwayThenClose (#4394) In this test, we 1. make a streaming RPC on a connection 1. graceful stop it to send a GOAWAY 1. hard stop it, so the client will create a connection to another server Before this fix, 2 and 3 can happen too soon, so the RPC in 1 would fail and then transparent retry (because the stream is unprocessed by the server in that case). This retry attempt could pick the new connection, and then the RPC would block until timeout. After this streaming RPC fails, we make unary RPCs with the same deadline (note: deadline not timeout) as the streaming RPC and expect them to succeed. But they will also fail due to timeout. The fix is to make a round-trip on the streaming RPC first, to make sure it actually goes on the first connection. commit b6f206b84f739768a1c75c1c83fe50ed75845245 Author: Doug Fawley <[email protected]> Date: Fri May 7 11:17:26 2021 -0700 grpc: improve docs on StreamDesc (#4397) commit c7ea734087dbbcdb22137ab3b7d8b16842b080bf Author: Zach Reyes <[email protected]> Date: Fri May 7 08:28:34 2021 -0400 dns: fix flaky TestRateLimitedResolve (#4387) * Rewrote TestRateLimitedResolve in dns resolver test to get rid of flakiness. commit cb396472c2f78e923dc0b28565c9d704291196f8 Author: Menghan Li <[email protected]> Date: Thu May 6 13:28:27 2021 -0700 Revert "grpc: call balancer.Close() before returning from ccBalancerWrapper.close()" (#4391) This reverts commit 28078834f35b944281662807d8ec071645c37307. commit d2d6bdae07e844b8a3502dcaf00dc7b1b5519a59 Author: Mikhail Mazurskiy <[email protected]> Date: Fri May 7 02:40:54 2021 +1000 server: add ForceServerCodec() to set a custom encoding.Codec on the server (#4205) commit d426aa5f2e5e809639b45d9619416ce22e56319a Author: Lidi Zheng <[email protected]> Date: Wed May 5 13:37:13 2021 -0700 test: extend the xDS interop tests timeout to 360 mins (#4380) commit 40b25c5b2c2d1b06d5f5d750d759294c6037d995 Author: Easwar Swaminathan <[email protected]> Date: Wed May 5 12:34:15 2021 -0700 xds: set correct order of certificate providers in handshake info (#4350) commit 0fc0397d779d96879d7b903c3fa1b9bd53e490e3 Author: Easwar Swaminathan <[email protected]> Date: Tue May 4 16:54:57 2021 -0700 xds: actually close stuff in cds/eds `Close()` (#4381) commit 4f3aa7cfa157c38bd5c2da7f4568614f815ab4ad Author: Doug Fawley <[email protected]> Date: Tue May 4 15:29:58 2021 -0700 xds: optimize fault injection filter with empty config (#4367) commit 79e55d64442716d4082d373540eac78b018e81c4 Author: Easwar Swaminathan <[email protected]> Date: Tue May 4 15:06:43 2021 -0700 xds: use SendContext() to fail in time when the channel is full (#4386) commit 11bd77660dba95e270659c6a5077507ef37a8c41 Author: Doug Fawley <[email protected]> Date: Tue May 4 14:51:32 2021 -0700 xds: work around xdsclient race in fault injection test (#4377) commit 75497df97f8bc9d5ec905d6e6b283a207eb3e9f0 Author: Easwar Swaminathan <[email protected]> Date: Tue May 4 14:38:47 2021 -0700 meshca: remove meshca certificate provider implementation (#4385) commit ebd6aba6754d073a696e5727158cd0c917ce1019 Author: Menghan Li <[email protected]> Date: Mon May 3 15:16:49 2021 -0700 Revert "xds/cds: add separate fields for cluster name and eds service name" (#4382) This reverts PRs #4352 (and two follow up fixes #4372 #4378). Because the xds interop tests were flaky. Revert before the branch cut. commit b418de839e738968aa8f845584efd0d34da4bae8 Author: Menghan Li <[email protected]> Date: Fri Apr 30 11:53:31 2021 -0700 xds/eds: restart EDS watch after previous was canceled (#4378) commit 28078834f35b944281662807d8ec071645c37307 Author: Easwar Swaminathan <[email protected]> Date: Thu Apr 29 21:44:26 2021 -0700 grpc: call balancer.Close() before returning from ccBalancerWrapper.close() (#4364) commit aa3ef8fb8ff6c92134743e780cf659eaa7eeccbc Author: Menghan Li <[email protected]> Date: Thu Apr 29 12:17:56 2021 -0700 internal: regenerate proto (#4373) commit c3b66015bd51d33d3e0a75ea5086defcb9d05e64 Author: Menghan Li <[email protected]> Date: Thu Apr 29 11:56:50 2021 -0700 xds/circuit_breaking: use cluster name as key, not EDS service name (#4372) commit 91d8f0c916d76f2a5aac9e846cd7ffcb838db769 Author: Menghan Li <[email protected]> Date: Wed Apr 28 18:11:45 2021 -0700 serviceconfig: support marshalling BalancerConfig to JSON (#4368) commit b602d17e459c0e4d64e24b6d07875f58d5f40f0e Author: irfan sharif <[email protected]> Date: Wed Apr 28 13:05:50 2021 -0400 metadata: reduce memory footprint in FromOutgoingContext (#4360) When Looking at memory profiles for cockroachdb/cockroach, we observed that the intermediate metadata.MD array constructed to iterate over appended metadata escaped to the heap. Fortunately, this is easily rectifiable. go build -gcflags '-m' google.golang.org/grpc/metadata ... google.golang.org/grpc/metadata/metadata.go:198:13: make([]MD, 0, len(raw.added) + 1) escapes to heap commit 24d03d9f769106b3c96b4145244ce682999d3d88 Author: Menghan Li <[email protected]> Date: Tue Apr 27 15:22:25 2021 -0700 xds/priority: add ignore reresolution boolean to config (#4275) commit 7c5e73795d163c13e616aa53066f9e1d845275dd Author: Menghan Li <[email protected]> Date: Tue Apr 27 13:37:48 2021 -0700 xds/cds: add separate fields for cluster name and eds service name (#4352) commit 145f12a95b19d2a2f926176cd63fe5645b376186 Author: Joshua Humphries <[email protected]> Date: Tue Apr 27 16:15:08 2021 -0400 reflection: accept interface instead of grpc.Server struct in Register() (#4340) commit 52a707c0dafe4ac6c0443c3d83dfdeeb9b828684 Author: Easwar Swaminathan <[email protected]> Date: Mon Apr 26 14:29:06 2021 -0700 xds: serving mode changes outlined in gRFC A36 (#4328) commit 9572fd6faeaee33fe295ce3a79eab729d05bb349 Author: apolcyn <[email protected]> Date: Fri Apr 23 17:26:26 2021 -0700 client: include details about GOAWAYs in status messages (#4316) commit e158e3e82cbac01ba513de4b0982b35b1fcc6183 Author: Menghan Li <[email protected]> Date: Fri Apr 23 13:15:21 2021 -0700 xds/lrs: server name is not required to be non-empty (#4356) commit 74fe6eaa41706a8451df3c03a0b131c70f71773d Author: Doug Fawley <[email protected]> Date: Thu Apr 22 14:59:51 2021 -0700 github: testing action workflow improvements and update to test Go1.16 (#4358) commit f02863c306d287e05bcb796035b38fd956db1576 Author: Easwar Swaminathan <[email protected]> Date: Thu Apr 22 14:58:58 2021 -0700 xds: specify "h2" as the alpn in xds creds (#4361) commit 7276af6dd73483d9edfedbef778c831f044736eb Author: Menghan Li <[email protected]> Date: Thu Apr 22 10:45:24 2021 -0700 client: fix leaked addrConn struct when addresses are updated (#4347) commit f2783f271924fd379910c91fb62aae1dbfad83bd Author: Jan Tattermusch <[email protected]> Date: Thu Apr 22 18:08:53 2021 +0200 Run emulated linux arm64 tests (#4344) commit 6f35bbbfb82de348a1537774af2ffd706cd3bb12 Author: Lidi Zheng <[email protected]> Date: Wed Apr 21 17:27:51 2021 -0700 test: enable xDS CSDS test (#4354) commit 671707bdf3bfa85f176f07810de5100d0109776b Author: Menghan Li <[email protected]> Date: Wed Apr 21 14:06:54 2021 -0700 internal: fix symbol undefined build failure (#4353) Caused by git merge commit 970aa0928304dec8dbf2bc11ee0dd49ad16c8f30 Author: Menghan Li <[email protected]> Date: Wed Apr 21 10:11:28 2021 -0700 xds/balancers: export balancer names and config structs (#4334) commit 1c598a11a4e503e1cfd500999c040e72072dc16b Author: Zach Reyes <[email protected]> Date: Tue Apr 20 13:20:09 2021 -0400 Move exponential backoff to DNS resolver from resolver.ClientConn (#4270) commit 41676e61b1d576484cf2c0315a25fe2c9438c769 Author: lzhfromustc <[email protected]> Date: Mon Apr 19 12:49:37 2021 -0400 Fix goroutine leaks (#4214) commit 1a870aec2ff99bb682d5e200763c9124185eafca Author: Menghan Li <[email protected]> Date: Thu Apr 15 15:08:03 2021 -0700 xds/clusterimpl: trigger re-resolution on subconn transient_failure (#4314) commit 87eb5b7502493f758e76c4d09430c0049a81a557 Author: Doug Fawley <[email protected]> Date: Tue Apr 13 16:19:17 2021 -0700 credentials/google: remove unnecessary dependency on xds protos (#4339) commit 6fafb9193bde04c61d75a2da9de53c4d029748b4 Author: Easwar Swaminathan <[email protected]> Date: Tue Apr 13 15:31:34 2021 -0700 xds: support unspecified and wildcard filter chain prefixes (#4333) commit c229922995e2c1af095282ef4d17abcd7300ecaf Author: apolcyn <[email protected]> Date: Tue Apr 13 13:06:05 2021 -0700 client: propagate connection error causes to RPC statuses (#4311) commit 7a6ab591158c9c43b13b229a5d0a6471abfbeca6 Author: Easwar Swaminathan <[email protected]> Date: Tue Apr 13 11:47:25 2021 -0700 multiple: go mod tidy to make vet happy (#4337) commit 950ddd3c37fc38deaf95f3a27b5883af4776a679 Author: Menghan Li <[email protected]> Date: Mon Apr 12 09:56:37 2021 -0700 xds/google_default_creds: handshake based on cluster name in address attributes (#4310) commit fab5982df20a27885393f866db267ee7b35808d2 Author: Easwar Swaminathan <[email protected]> Date: Fri Apr 9 16:49:25 2021 -0700 xds: server-side listener network filter validation (#4312) commit d6abfb459860721299c6f0bc7ffcbed5f9feebe4 Author: Aliaksandr Mianzhynski <[email protected]> Date: Sat Apr 10 02:30:59 2021 +0300 cmd/protoc-gen-go-grpc: add protoc and protoc-gen-go-grpc versions to top comment (#4313) commit 1d1bbb55b381f39fbe93edbb1d0fd96a6b1ecaef Author: Menghan Li <[email protected]> Date: Thu Apr 8 16:11:44 2021 -0700 weightedtarget: handle updating child policy name (#4309) commit 2df4370b332809e4daf1e2109b2389500e64c1c0 Author: Easwar Swaminathan <[email protected]> Date: Thu Apr 8 16:02:52 2021 -0700 examples: update xds examples for PSM security (#4256) commit 69f6f5a51249d3a9f4b6a9262167ddd984599cdc Author: Easwar Swaminathan <[email protected]> Date: Thu Apr 8 15:52:49 2021 -0700 xds: add support for unsupported filter matchers (#4315) commit c7a203dcb5c97bf4cc7fd79b905b044ab14a5fbc Author: Menghan Li <[email protected]> Date: Thu Apr 8 14:31:20 2021 -0700 xds/interop: move header/path matching to all (#4325) commit 1895da54b012305f2628e3feee697937149aac57 Author: Menghan Li <[email protected]> Date: Thu Apr 8 11:34:02 2021 -0700 xds/resolver: fix panic when two LDS updates are receives without RDS in between (#4327) Also confirmed that the LDS updates shouldn't trigger state update without the RDS. commit 493d388ad24c7a3e957f552a1a15dccdd1c9124b Author: Doug Fawley <[email protected]> Date: Tue Apr 6 15:09:00 2021 -0700 xds/csds: update proto imports to separate grpc from non-grpc symbols (#4326) commit 004ef8ade68b267f285c82e955a2f663c9a591be Author: Menghan Li <[email protected]> Date: Tue Apr 6 13:47:15 2021 -0700 xds/clusterimpl: fix picker update race after balancer is closed (#4318) commit 9a10f357871cf04dbc16b064b993e81e66c660f7 Author: Menghan Li <[email protected]> Date: Tue Apr 6 13:11:49 2021 -0700 balancergroup: fix leak child balancer not closed (#4308) commit 777b228b599fd383aafd29155c35741d617b564c Author: Menghan Li <[email protected]> Date: Tue Apr 6 10:55:19 2021 -0700 xds: fix service request counter flaky test (#4324) commit 8892a7b247c0aef5059175bacee30f2b055aac88 Author: Menghan Li <[email protected]> Date: Mon Apr 5 13:56:00 2021 -0700 [xds_interop_client_admin] xds/interop: register admin services and reflection (#4307) commit 5730f8d113ee31f14709a787572c4a3f3af5d3dd Author: ZhenLian <[email protected]> Date: Fri Apr 2 11:19:22 2021 -0700 Invoke Go Vet Check in Sub-modules (#4302) * Invoke Go Vet Check in Sub-modules commit db816235452978bb98c6d18ac03ce643e9ab13fc Author: Zach Reyes <[email protected]> Date: Thu Apr 1 14:41:47 2021 -0400 xds: Add fields to cluster update (#4277) * Added support for more fields in CDS response commit f6bb3972ed15a0aaf47730344c47e9840bb5dbba Author: Easwar Swaminathan <[email protected]> Date: Wed Mar 31 16:58:24 2021 -0700 xds: filter chain matching logic for server-side (#4281) commit c72e1c8f7528615e2b5b887d279015abb2b6c659 Author: Menghan Li <[email protected]> Date: Wed Mar 31 16:30:10 2021 -0700 xds/resolver: support inline RDS resource from LDS response (#4299) commit 0028242dbbf8efab46fb0e25cef649ef7bea1730 Author: Menghan Li <[email protected]> Date: Wed Mar 31 10:36:16 2021 -0700 Change version to 1.38.0-dev (#4306) commit 4a19753e9dfdf7c54c4b44ae419876e94ef3a0cc Author: apolcyn <[email protected]> Date: Fri Mar 26 10:09:12 2021 -0700 interop: add a flag to clients to statically configure grpclb (#4290) commit 2456c5cff04bb867e220f084bc88034f588c8aa8 Author: apolcyn <[email protected]> Date: Thu Mar 25 20:56:46 2021 -0700 Allow using interop client for making Traffic Director RPCs (#4291) commit 80e380eff4edbfdacb4be1ae7d92c772400b2159 Author: longxboy <[email protected]> Date: Fri Mar 26 04:08:24 2021 +0800 balancer/base: keep address attributes for pickers (#4253) commit 702608ffae4d03a6821b96d3e2311973d34b96dc Author: Doug Fawley <[email protected]> Date: Wed Mar 24 10:20:16 2021 -0700 xds: enable timeout, circuit breaking, and fault injection by default (#4286) commit faf4e1c777f0c306e1632c8efda49f81f8de7646 Author: Doug Fawley <[email protected]> Date: Tue Mar 23 15:19:03 2021 -0700 xds: rename proto import to grpc (#4287) commit 46da49ca604aef87498c628719b3408f27f4c6d7 Author: Doug Fawley <[email protected]> Date: Tue Mar 23 13:26:01 2021 -0700 xds: use different proto import for grpc services (#4285) commit b331a48e06791ab7595f706af46b8bf9244d1f2e…
This PR adds the following validations, as specified in A29:
transport_socket_matches
field inCluster
message is not supportedCommonTlsContext
are not supported:tls_params
custom_handshaker
validation_context_sds_secret_config
field insidevalidation_context_type
is not supportedtls_certificates
ortls_certificate_sds_secret_configs
fields are set andtls_certificate_provider_instance
field is unsetDownstreamTlsContext
are not supported:require_sni
ocsp_staple_policy
field isLENIENT_STAPLING
match_subject_alt_names
is not supported on the serverCertificateValidationContext
are not supported:verify_certificate_spki
verify_certificate_hash
require_signed_certificate_timestamp
crl
custom_validator_config
Only one validation specified in A29 is remaining, which is to make sure that the certificate provider instance name specified in the configuration is available in the bootstrap file. This will be done in a follow-up PR.
RELEASE NOTES: N/A