xds: change clusterimpl to add SNI to handshake info#9016
Merged
Conversation
eshitachandwani
added
Type: Feature
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #9016 +/- ##
==========================================
+ Coverage 83.01% 83.05% +0.03%
==========================================
Files 413 413
Lines 33054 33269 +215
==========================================
+ Hits 27441 27630 +189
- Misses 4205 4219 +14
- Partials 1408 1420 +12
🚀 New features to boost your workflow:
|
eshitachandwani
requested review from
Pranjali-2501 and
easwars
and removed request for
easwars
Contributor
|
The release note seems to be too long. How about:
|
easwars
reviewed
Mar 27, 2026
Member
Author
Changed. |
easwars
approved these changes
Apr 7, 2026
Contributor
easwars
left a comment
easwars
left a comment
There was a problem hiding this comment.
LGTM, modulo minor comments and nits
| // ClientSideTLSConfig constructs a tls.Config to be used in a client-side | ||
| // handshake based on the contents of the HandshakeInfo. | ||
| func (hi *HandshakeInfo) ClientSideTLSConfig(ctx context.Context) (*tls.Config, error) { | ||
| func (hi *HandshakeInfo) ClientSideTLSConfig(ctx context.Context, hostname string) (*tls.Config, error) { |
Contributor
There was a problem hiding this comment.
Please comment on why hostname is passed as a parameter here instead of it being part of the HandshakeInfo.
|
|
||
| } | ||
|
|
||
| type mockProvider struct { |
Contributor
There was a problem hiding this comment.
There is no mocking happening here.
Member
Author
There was a problem hiding this comment.
Changed the name to testProviderWithRoots
| } | ||
| // Store hostname in the address attributes, so that it can be used in | ||
| // the client handshake. | ||
| newAddrs[i] = xds.SetEndpointHostname(newAddrs[i], hostname) |
Contributor
There was a problem hiding this comment.
This function name is and can be quite confusing, because it takes a resolver.Address, but contains the term Endpoint in it. Can you think of a better name?
Member
Author
There was a problem hiding this comment.
changed it to SetAddressHostname
Comment on lines
+67
to
+69
| // Create test backends for two clusters | ||
| // backend1 configured with TLS creds, represents cluster1 (valid SNI) | ||
| // backend2 configured with TLS creds, represents cluster2 (invalid SNI) |
Contributor
There was a problem hiding this comment.
Nit:
Suggested change
| // Create test backends for two clusters | |
| // backend1 configured with TLS creds, represents cluster1 (valid SNI) | |
| // backend2 configured with TLS creds, represents cluster2 (invalid SNI) | |
| // Create test backends for two clusters: | |
| // - backend1 configured with TLS creds, represents cluster1 (valid SNI) | |
| // - backend2 configured with TLS creds, represents cluster2 (invalid SNI) |
Comment on lines
+310
to
+316
| // Create test backends | ||
| serverCreds := testutils.CreateServerTLSCredentials(t, tls.RequireAndVerifyClientCert) | ||
| server1 := stubserver.StartTestService(t, nil, grpc.Creds(serverCreds)) | ||
| defer server1.Stop() | ||
|
|
||
| server2 := stubserver.StartTestService(t, nil, grpc.Creds(serverCreds)) | ||
| defer server2.Stop() |
Contributor
There was a problem hiding this comment.
Nit: here and elsewhere
Suggested change
| // Create test backends | |
| serverCreds := testutils.CreateServerTLSCredentials(t, tls.RequireAndVerifyClientCert) | |
| server1 := stubserver.StartTestService(t, nil, grpc.Creds(serverCreds)) | |
| defer server1.Stop() | |
| server2 := stubserver.StartTestService(t, nil, grpc.Creds(serverCreds)) | |
| defer server2.Stop() | |
| // Create test backends. | |
| serverCreds := testutils.CreateServerTLSCredentials(t, tls.RequireAndVerifyClientCert) | |
| server1 := stubserver.StartTestService(t, nil, grpc.Creds(serverCreds)) | |
| defer server1.Stop() | |
| server2 := stubserver.StartTestService(t, nil, grpc.Creds(serverCreds)) | |
| defer server2.Stop() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is the final PR for implementation of gRFC A101
This PR does the following :
AutoHostSniis set , or the SNI received from control plane. This is done because each endpoint can have a different hostname. It is not a config that can be used across all endpoints of the cluster , so it cannot be set in handshake info.AutoHostSnifiled to the handshake info.Note: We will turn the environment variable to true only after inter-op tests pass.
RELEASE NOTES: