address comments and add test for failure cases

Author: shivaspeaks

xds/src/main/java/io/grpc/xds/GcpAuthenticationFilter.java

@@ -22,6 +22,7 @@
 
 import com.google.auth.oauth2.ComputeEngineCredentials;
 import com.google.auth.oauth2.IdTokenCredentials;
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.primitives.UnsignedLongs;
 import com.google.protobuf.Any;
 import com.google.protobuf.InvalidProtocolBufferException;
@@ -164,11 +165,7 @@ public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
         }
 
         if (!xdsCluster.hasValue()) {
-          return new FailingClientCall<>(
-              xdsCluster.getStatus().withDescription(
-                  String.format(
-                      "GCP Authn for %s with %s - xds cluster does not contain cluster resource",
-                      filterInstanceName, clusterName)));
+          return new FailingClientCall<>(xdsCluster.getStatus());
         }
 
         Object audienceObj =
@@ -241,9 +238,11 @@ public String typeUrl() {
   }
 
   /** An implementation of {@link ClientCall} that fails when started. */
-  private static final class FailingClientCall<ReqT, RespT> extends ClientCall<ReqT, RespT> {
+  @VisibleForTesting
+  static final class FailingClientCall<ReqT, RespT> extends ClientCall<ReqT, RespT> {
 
-    private final Status error;
+    @VisibleForTesting
+    final Status error;
 
     public FailingClientCall(Status error) {
       this.error = error;

xds/src/test/java/io/grpc/xds/GcpAuthenticationFilterTest.java

@@ -19,6 +19,13 @@
 import static com.google.common.truth.Truth.assertThat;
 import static io.grpc.xds.XdsNameResolver.CLUSTER_SELECTION_KEY;
 import static io.grpc.xds.XdsNameResolver.XDS_CONFIG_CALL_OPTION_KEY;
+import static io.grpc.xds.XdsTestUtils.CLUSTER_NAME;
+import static io.grpc.xds.XdsTestUtils.EDS_NAME;
+import static io.grpc.xds.XdsTestUtils.ENDPOINT_HOSTNAME;
+import static io.grpc.xds.XdsTestUtils.ENDPOINT_PORT;
+import static io.grpc.xds.XdsTestUtils.RDS_NAME;
+import static io.grpc.xds.XdsTestUtils.buildRouteConfiguration;
+import static io.grpc.xds.XdsTestUtils.getWrrLbConfigAsMap;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
@@ -27,19 +34,37 @@
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
 
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
 import com.google.protobuf.Any;
 import com.google.protobuf.Empty;
 import com.google.protobuf.Message;
 import com.google.protobuf.UInt64Value;
+import io.envoyproxy.envoy.config.route.v3.RouteConfiguration;
 import io.envoyproxy.envoy.extensions.filters.http.gcp_authn.v3.GcpAuthnFilterConfig;
 import io.envoyproxy.envoy.extensions.filters.http.gcp_authn.v3.TokenCacheConfig;
 import io.grpc.CallOptions;
 import io.grpc.Channel;
+import io.grpc.ClientCall;
 import io.grpc.ClientInterceptor;
 import io.grpc.MethodDescriptor;
+import io.grpc.Status;
+import io.grpc.StatusOr;
 import io.grpc.inprocess.InProcessServerBuilder;
 import io.grpc.testing.TestMethodDescriptors;
+import io.grpc.xds.Endpoints.LbEndpoint;
+import io.grpc.xds.Endpoints.LocalityLbEndpoints;
+import io.grpc.xds.GcpAuthenticationFilter.AudienceMetadataParser.AudienceWrapper;
+import io.grpc.xds.GcpAuthenticationFilter.FailingClientCall;
 import io.grpc.xds.GcpAuthenticationFilter.GcpAuthenticationConfig;
+import io.grpc.xds.XdsClusterResource.CdsUpdate;
+import io.grpc.xds.XdsConfig.XdsClusterConfig;
+import io.grpc.xds.XdsConfig.XdsClusterConfig.EndpointConfig;
+import io.grpc.xds.client.Locality;
+import io.grpc.xds.client.XdsResourceType;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -96,9 +121,52 @@ public void testParseFilterConfig_withInvalidMessageType() {
   }
 
   @Test
-  public void testClientInterceptor_createsAndReusesCachedCredentials() throws Exception {
+  public void testClientInterceptor() throws Exception {
     String serverName = InProcessServerBuilder.generateName();
-    XdsConfig defaultXdsConfig = XdsTestUtils.getDefaultXdsConfigWithCdsUpdate(serverName);
+    XdsConfig.XdsConfigBuilder builder = new XdsConfig.XdsConfigBuilder();
+
+    Filter.NamedFilterConfig routerFilterConfig = new Filter.NamedFilterConfig(
+        serverName, RouterFilter.ROUTER_CONFIG);
+
+    HttpConnectionManager httpConnectionManager = HttpConnectionManager.forRdsName(
+        0L, RDS_NAME, Collections.singletonList(routerFilterConfig));
+    XdsListenerResource.LdsUpdate ldsUpdate =
+        XdsListenerResource.LdsUpdate.forApiListener(httpConnectionManager);
+
+    RouteConfiguration routeConfiguration =
+        buildRouteConfiguration(serverName, RDS_NAME, CLUSTER_NAME);
+    XdsResourceType.Args args = new XdsResourceType.Args(null, "0", "0", null, null, null);
+    XdsRouteConfigureResource.RdsUpdate rdsUpdate =
+        XdsRouteConfigureResource.getInstance().doParse(args, routeConfiguration);
+
+    // Take advantage of knowing that there is only 1 virtual host in the route configuration
+    assertThat(rdsUpdate.virtualHosts).hasSize(1);
+    VirtualHost virtualHost = rdsUpdate.virtualHosts.get(0);
+
+    // Need to create endpoints to create locality endpoints map to create edsUpdate
+    Map<Locality, LocalityLbEndpoints> lbEndpointsMap = new HashMap<>();
+    LbEndpoint lbEndpoint = LbEndpoint.create(
+        serverName, ENDPOINT_PORT, 0, true, ENDPOINT_HOSTNAME, ImmutableMap.of());
+    lbEndpointsMap.put(
+        Locality.create("", "", ""),
+        LocalityLbEndpoints.create(ImmutableList.of(lbEndpoint), 10, 0, ImmutableMap.of()));
+
+    // Need to create EdsUpdate to create CdsUpdate to create XdsClusterConfig for builder
+    XdsEndpointResource.EdsUpdate edsUpdate = new XdsEndpointResource.EdsUpdate(
+        EDS_NAME, lbEndpointsMap, Collections.emptyList());
+
+    // Use ImmutableMap.Builder to construct the map
+    ImmutableMap.Builder<String, Object> parsedMetadata = ImmutableMap.builder();
+    parsedMetadata.put("FILTER_INSTANCE_NAME", new AudienceWrapper("TEST_AUDIENCE"));
+
+    CdsUpdate.Builder cdsUpdate = CdsUpdate.forEds(
+            CLUSTER_NAME, EDS_NAME, null, null, null, null, false)
+        .lbPolicyConfig(getWrrLbConfigAsMap());
+    cdsUpdate.parsedMetadata(parsedMetadata.build());
+    XdsConfig.XdsClusterConfig clusterConfig = new XdsConfig.XdsClusterConfig(
+        CLUSTER_NAME,
+        cdsUpdate.build(),
+        new EndpointConfig(StatusOr.fromValue(edsUpdate)));
 
     GcpAuthenticationConfig config = new GcpAuthenticationConfig(10);
     GcpAuthenticationFilter filter = new GcpAuthenticationFilter("FILTER_INSTANCE_NAME");
@@ -109,17 +177,80 @@ public void testClientInterceptor_createsAndReusesCachedCredentials() throws Exc
 
     // Mock channel and capture CallOptions
     Channel mockChannel = mock(Channel.class);
-    ArgumentCaptor<CallOptions> callOptionsCaptor = ArgumentCaptor.forClass(CallOptions.class);
 
     // Set CallOptions with required keys
-    CallOptions callOptionsWithXds = CallOptions.DEFAULT
+    CallOptions callOptionsWithXds = CallOptions.DEFAULT;
+
+    // Execute interception twice to check caching
+    ClientCall<Void, Void> call = interceptor.interceptCall(
+        methodDescriptor, callOptionsWithXds, mockChannel);
+    assertTrue(call instanceof FailingClientCall);
+    FailingClientCall<Void, Void> clientCall = (FailingClientCall<Void, Void>) call;
+    assertThat(clientCall.error.getDescription()).contains("does not contain cluster resource");
+
+    callOptionsWithXds = CallOptions.DEFAULT
+        .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0");
+
+    // Execute interception twice to check caching
+    call = interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
+    assertTrue(call instanceof FailingClientCall);
+    clientCall = (FailingClientCall<Void, Void>) call;
+    assertThat(clientCall.error.getDescription()).contains("does not contain xds configuration");
+
+    XdsConfig defaultXdsConfig = builder
+        .setListener(ldsUpdate)
+        .setRoute(rdsUpdate)
+        .setVirtualHost(virtualHost)
+        .addCluster(CLUSTER_NAME, StatusOr.fromValue(clusterConfig)).build();
+    callOptionsWithXds = CallOptions.DEFAULT
+        .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster")
+        .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
+
+    // Execute interception twice to check caching
+    call = interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
+    assertTrue(call instanceof FailingClientCall);
+    clientCall = (FailingClientCall<Void, Void>) call;
+    assertThat(clientCall.error.getDescription()).contains("does not contain xds cluster");
+
+    StatusOr<XdsClusterConfig> errorCluster =
+        StatusOr.fromStatus(Status.NOT_FOUND.withDescription("Cluster resource not found"));
+    defaultXdsConfig = builder
+        .setListener(ldsUpdate)
+        .setRoute(rdsUpdate)
+        .setVirtualHost(virtualHost)
+        .addCluster(CLUSTER_NAME, errorCluster).build();
+    callOptionsWithXds = CallOptions.DEFAULT
+        .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0")
+        .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
+
+    // Create interceptor
+    interceptor = filter.buildClientInterceptor(config, null, null);
+    methodDescriptor = TestMethodDescriptors.voidMethod();
+
+    // Mock channel and capture CallOptions
+    mockChannel = mock(Channel.class);
+    call = interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
+    assertTrue(call instanceof FailingClientCall);
+    clientCall = (FailingClientCall<Void, Void>) call;
+    assertThat(clientCall.error.getDescription())
+        .contains("Cluster resource not found");
+
+    // Success case
+    defaultXdsConfig = builder
+        .setListener(ldsUpdate)
+        .setRoute(rdsUpdate)
+        .setVirtualHost(virtualHost)
+        .addCluster(CLUSTER_NAME, StatusOr.fromValue(clusterConfig)).build();
+    // Set CallOptions with required keys
+    callOptionsWithXds = CallOptions.DEFAULT
         .withOption(CLUSTER_SELECTION_KEY, "cluster:cluster0")
         .withOption(XDS_CONFIG_CALL_OPTION_KEY, defaultXdsConfig);
 
     // Execute interception twice to check caching
     interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
     interceptor.interceptCall(methodDescriptor, callOptionsWithXds, mockChannel);
 
+    ArgumentCaptor<CallOptions> callOptionsCaptor = ArgumentCaptor.forClass(CallOptions.class);
     // Capture and verify CallOptions for CallCredentials presence
     Mockito.verify(mockChannel, Mockito.times(2))
         .newCall(eq(methodDescriptor), callOptionsCaptor.capture());

xds/src/test/java/io/grpc/xds/XdsTestUtils.java

@@ -56,8 +56,6 @@
 import io.grpc.stub.StreamObserver;
 import io.grpc.xds.Endpoints.LbEndpoint;
 import io.grpc.xds.Endpoints.LocalityLbEndpoints;
-import io.grpc.xds.GcpAuthenticationFilter.AudienceMetadataParser.AudienceWrapper;
-import io.grpc.xds.XdsClusterResource.CdsUpdate;
 import io.grpc.xds.XdsConfig.XdsClusterConfig.EndpointConfig;
 import io.grpc.xds.client.Bootstrapper;
 import io.grpc.xds.client.Locality;
@@ -282,63 +280,6 @@ static XdsConfig getDefaultXdsConfig(String serverHostName)
     return builder.build();
   }
 
-  static XdsConfig getDefaultXdsConfigWithCdsUpdate(String serverHostName)
-      throws XdsResourceType.ResourceInvalidException, IOException {
-    XdsConfig.XdsConfigBuilder builder = new XdsConfig.XdsConfigBuilder();
-
-    Filter.NamedFilterConfig routerFilterConfig = new Filter.NamedFilterConfig(
-        serverHostName, RouterFilter.ROUTER_CONFIG);
-
-    HttpConnectionManager httpConnectionManager = HttpConnectionManager.forRdsName(
-        0L, RDS_NAME, Collections.singletonList(routerFilterConfig));
-    XdsListenerResource.LdsUpdate ldsUpdate =
-        XdsListenerResource.LdsUpdate.forApiListener(httpConnectionManager);
-
-    RouteConfiguration routeConfiguration =
-        buildRouteConfiguration(serverHostName, RDS_NAME, CLUSTER_NAME);
-    Bootstrapper.ServerInfo serverInfo = null;
-    XdsResourceType.Args args = new XdsResourceType.Args(serverInfo, "0", "0", null, null, null);
-    XdsRouteConfigureResource.RdsUpdate rdsUpdate =
-        XdsRouteConfigureResource.getInstance().doParse(args, routeConfiguration);
-
-    // Take advantage of knowing that there is only 1 virtual host in the route configuration
-    assertThat(rdsUpdate.virtualHosts).hasSize(1);
-    VirtualHost virtualHost = rdsUpdate.virtualHosts.get(0);
-
-    // Need to create endpoints to create locality endpoints map to create edsUpdate
-    Map<Locality, LocalityLbEndpoints> lbEndpointsMap = new HashMap<>();
-    LbEndpoint lbEndpoint = LbEndpoint.create(
-        serverHostName, ENDPOINT_PORT, 0, true, ENDPOINT_HOSTNAME, ImmutableMap.of());
-    lbEndpointsMap.put(
-        Locality.create("", "", ""),
-        LocalityLbEndpoints.create(ImmutableList.of(lbEndpoint), 10, 0, ImmutableMap.of()));
-
-    // Need to create EdsUpdate to create CdsUpdate to create XdsClusterConfig for builder
-    XdsEndpointResource.EdsUpdate edsUpdate = new XdsEndpointResource.EdsUpdate(
-        EDS_NAME, lbEndpointsMap, Collections.emptyList());
-
-    // Use ImmutableMap.Builder to construct the map
-    ImmutableMap.Builder<String, Object> parsedMetadata = ImmutableMap.builder();
-    parsedMetadata.put("FILTER_INSTANCE_NAME", new AudienceWrapper("TEST_AUDIENCE"));
-
-    CdsUpdate.Builder cdsUpdate = CdsUpdate.forEds(
-            CLUSTER_NAME, EDS_NAME, null, null, null, null, false)
-        .lbPolicyConfig(getWrrLbConfigAsMap());
-    cdsUpdate.parsedMetadata(parsedMetadata.build());
-    XdsConfig.XdsClusterConfig clusterConfig = new XdsConfig.XdsClusterConfig(
-        CLUSTER_NAME,
-        cdsUpdate.build(),
-        new EndpointConfig(StatusOr.fromValue(edsUpdate)));
-
-    builder
-        .setListener(ldsUpdate)
-        .setRoute(rdsUpdate)
-        .setVirtualHost(virtualHost)
-        .addCluster(CLUSTER_NAME, StatusOr.fromValue(clusterConfig));
-
-    return builder.build();
-  }
-
   static Map<Locality, LocalityLbEndpoints> createMinimalLbEndpointsMap(String serverHostName) {
     Map<Locality, LocalityLbEndpoints> lbEndpointsMap = new HashMap<>();
     LbEndpoint lbEndpoint = LbEndpoint.create(
@@ -350,7 +291,7 @@ static Map<Locality, LocalityLbEndpoints> createMinimalLbEndpointsMap(String ser
   }
 
   @SuppressWarnings("unchecked")
-  private static ImmutableMap<String, ?> getWrrLbConfigAsMap() throws IOException {
+  static ImmutableMap<String, ?> getWrrLbConfigAsMap() throws IOException {
     String lbConfigStr = "{\"wrr_locality_experimental\" : "
         + "{ \"childPolicy\" : [{\"round_robin\" : {}}]}}";