Skip to content

grpc-js-xds: Implement and enable security interop tests #2909

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
murgatroid99 merged 28 commits into from
Feb 27, 2025
Merged

grpc-js-xds: Implement and enable security interop tests #2909

murgatroid99 merged 28 commits into from
Feb 27, 2025

Conversation

@murgatroid99
Copy link
Member

@murgatroid99 murgatroid99 commented Feb 27, 2025
edited
Loading

This change also includes a variety of fixes to make those tests pass:

  • Fix parsing of SAN entries to correctly handle colons in names.

  • Handle unset CommonTlsContext.validation_context_type.

  • Handle unset filter_chain_match.

  • Add Server protected methods experimentalRegisterListenerToChannelz, experimentalUnregisterListenerFromChannelz, and experimentalCreateConnectionInjectorWithChannelzRef.

  • Modify ServerCredentials to separate options that are used once on Http2Server construction from options that can be updated such as by a certificate provider.

  • Make transport and channel credentials connection establishment code handle and report more connection errors.

  • Wait for credentials information to be loaded from certificate providers before starting to connect, to avoid a time gap between creating a TCP connection and starting the TLS handshake.

  • Fix IPv6-mapped IPv4 address parsing in channelz, and represent them as IPv4 addresses.

  • Add error handling and logging for tls.createSecureContext.

  • grpc/node/master/psm-security

@murgatroid99
Add kokoro config for PSM interop security tests
0b6e2a3
@murgatroid99
Make secure_mode parsing case-insensitive
7a25539
@murgatroid99
xds interop server: bind IPv4 in secure mode
a721980
@murgatroid99
Merge branch 'master' into grpc-js-xds_security_tests
e5fa6b7
@murgatroid99
Enable http_filter tracer on server
564e80f
@murgatroid99
Don't require api_listener when validating Listener
eed4d54
@murgatroid99
Call xds library register function in interop server
f6631f5
@murgatroid99
Enable transport and certificate_provider tracers
2979fa7
@murgatroid99
Add more transport trace lines
6e901c1
@murgatroid99
Change connection handler to prependListener, add more trace logging
bb6fff7
@murgatroid99
Handle unauthorized TLS connections correctly
b44b14d
@murgatroid99
Enable heavy-duty TLS tracing in interop client and server
a8f981a
@murgatroid99
Add more trace logging
5f12dc2
@murgatroid99
Fix a bug that caused HTTP2 sessions to be considered connected early
bdd0dc8
@murgatroid99
Use xDS creds in interop client, remove verbose TLS logging
1fe3f74
@murgatroid99
Wait for secure connectors to be usable before TCP connect
e883425
@murgatroid99
Fix Listener resource validation
87f7034
@murgatroid99
Handle missing filter_chain_match differently, plus other fixes
5cf1a87
@murgatroid99
Add SAN matcher trace logging
65f4d76
@murgatroid99
Fix handling of subject alternative names with colons
7d99c4a
@murgatroid99
Register xds listener with channelz
1e28a04
@murgatroid99
Register listener as child properly
a9cfd7a
@murgatroid99
Only register once, add admin service response logging
822af68
@murgatroid99
Represent IPv6-mapped IPv4 addresses as IPv4 in channelz
36c9a4f
@murgatroid99
Handle secure context errors, fix server constructor argument handling
6965250
@murgatroid99
Apparently unset oneof is allowed
510d681
@murgatroid99
Don't unregister the xds server's channelz ref when destroying the co…
0ebb571 
…nnection injector
@murgatroid99
Handle unset validation_config_type at use time
6094ebe
@murgatroid99 murgatroid99 mentioned this pull request Feb 27, 2025
Merged
1 task
@murgatroid99 murgatroid99 merged commit 5eded95 into grpc:master Feb 27, 2025
8 of 10 checks passed
murgatroid99 added a commit to grpc/psm-interop that referenced this pull request Feb 27, 2025
@murgatroid99
Enable security_test for Node (#155)
9a2e7cf 
This requires the test implementation in
grpc/grpc-node#2909 to work. Test run:

- [x]
[grpc/node/master/psm-security](https://source.cloud.google.com/results/invocations/369e192d-9c64-4475-b236-55ae6155410b)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@murgatroid99