Skip to content

Commit

Permalink
xds: disable rbac by default (#8541)
Browse files Browse the repository at this point in the history
  • Loading branch information
@YifeiZhuang
YifeiZhuang committed Sep 21, 2021
1 parent 733ab98 commit 6951048
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 17 deletions.
6 changes: 3 additions & 3 deletions xds/src/main/java/io/grpc/xds/ClientXdsClient.java
View file
Expand Up @@ -138,8 +138,8 @@ final class ClientXdsClient extends AbstractXdsClient {
|| Boolean.parseBoolean(System.getenv("GRPC_XDS_EXPERIMENTAL_ENABLE_RETRY"));
@VisibleForTesting
static boolean enableRbac =
Strings.isNullOrEmpty(System.getenv("GRPC_XDS_EXPERIMENTAL_RBAC"))
|| Boolean.parseBoolean(System.getenv("GRPC_XDS_EXPERIMENTAL_RBAC"));
!Strings.isNullOrEmpty(System.getenv("GRPC_XDS_EXPERIMENTAL_RBAC"))
&& Boolean.parseBoolean(System.getenv("GRPC_XDS_EXPERIMENTAL_RBAC"));

private static final String TYPE_URL_HTTP_CONNECTION_MANAGER_V2 =
"type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2"
Expand Down Expand Up @@ -222,7 +222,7 @@ protected void handleLdsResponse(String versionInfo, List<Any> resources, String
listener, retainedRdsResources, enableFaultInjection && isResourceV3);
} else {
ldsUpdate = processServerSideListener(
listener, retainedRdsResources, enableRbac);
listener, retainedRdsResources, enableRbac && isResourceV3);
}
} catch (ResourceInvalidException e) {
errors.add(
Expand Down
28 changes: 15 additions & 13 deletions xds/src/main/java/io/grpc/xds/XdsServerWrapper.java
View file
Expand Up @@ -515,20 +515,22 @@ private ImmutableMap<Route, ServerInterceptor> generatePerRouteInterceptors(
Map<String, FilterConfig> selectedOverrideConfigs =
new HashMap<>(virtualHost.filterConfigOverrides());
selectedOverrideConfigs.putAll(route.filterConfigOverrides());
for (NamedFilterConfig namedFilterConfig : namedFilterConfigs) {
FilterConfig filterConfig = namedFilterConfig.filterConfig;
Filter filter = filterRegistry.get(filterConfig.typeUrl());
if (filter instanceof ServerInterceptorBuilder) {
ServerInterceptor interceptor =
((ServerInterceptorBuilder) filter).buildServerInterceptor(
filterConfig, selectedOverrideConfigs.get(namedFilterConfig.name));
if (interceptor != null) {
filterInterceptors.add(interceptor);
if (namedFilterConfigs != null) {
for (NamedFilterConfig namedFilterConfig : namedFilterConfigs) {
FilterConfig filterConfig = namedFilterConfig.filterConfig;
Filter filter = filterRegistry.get(filterConfig.typeUrl());
if (filter instanceof ServerInterceptorBuilder) {
ServerInterceptor interceptor =
((ServerInterceptorBuilder) filter).buildServerInterceptor(
filterConfig, selectedOverrideConfigs.get(namedFilterConfig.name));
if (interceptor != null) {
filterInterceptors.add(interceptor);
}
} else {
logger.log(Level.WARNING, "HttpFilterConfig(type URL: "
+ filterConfig.typeUrl() + ") is not supported on server-side. "
+ "Probably a bug at ClientXdsClient verification.");
}
} else {
logger.log(Level.WARNING, "HttpFilterConfig(type URL: "
+ filterConfig.typeUrl() + ") is not supported on server-side. "
+ "Probably a bug at ClientXdsClient verification.");
}
}
ServerInterceptor interceptor = combineInterceptors(filterInterceptors);
Expand Down
3 changes: 2 additions & 1 deletion xds/src/test/java/io/grpc/xds/ClientXdsClientDataTest.java
View file
Expand Up @@ -138,7 +138,8 @@ public void setUp() {
originalEnableRetry = ClientXdsClient.enableRetry;
assertThat(originalEnableRetry).isTrue();
originalEnableRbac = ClientXdsClient.enableRbac;
assertThat(originalEnableRbac).isTrue();
assertThat(originalEnableRbac).isFalse();
ClientXdsClient.enableRbac = true;
}

@After
Expand Down
5 changes: 5 additions & 0 deletions xds/src/test/java/io/grpc/xds/ClientXdsClientTestBase.java
View file
Expand Up @@ -246,6 +246,7 @@ public long currentTimeNanos() {
private ManagedChannel channel;
private ClientXdsClient xdsClient;
private boolean originalEnableFaultInjection;
private boolean originalEnableRbac;

@Before
public void setUp() throws IOException {
Expand All @@ -258,6 +259,9 @@ public void setUp() throws IOException {
// Start the server and the client.
originalEnableFaultInjection = ClientXdsClient.enableFaultInjection;
ClientXdsClient.enableFaultInjection = true;
originalEnableRbac = ClientXdsClient.enableRbac;
assertThat(originalEnableRbac).isFalse();
ClientXdsClient.enableRbac = true;
final String serverName = InProcessServerBuilder.generateName();
cleanupRule.register(
InProcessServerBuilder
Expand Down Expand Up @@ -297,6 +301,7 @@ public void setUp() throws IOException {
@After
public void tearDown() {
ClientXdsClient.enableFaultInjection = originalEnableFaultInjection;
ClientXdsClient.enableRbac = originalEnableRbac;
xdsClient.shutdown();
channel.shutdown(); // channel not owned by XdsClient
assertThat(adsEnded.get()).isTrue();
Expand Down

0 comments on commit 6951048

Please sign in to comment.