diff --git a/mobile/envoy_build_config/BUILD b/mobile/envoy_build_config/BUILD index 08f786040f6e..2b4fe508b43f 100644 --- a/mobile/envoy_build_config/BUILD +++ b/mobile/envoy_build_config/BUILD @@ -43,7 +43,7 @@ envoy_cc_library( "@envoy//source/extensions/request_id/uuid:config", "@envoy//source/extensions/transport_sockets/http_11_proxy:upstream_config", "@envoy//source/extensions/transport_sockets/raw_buffer:config", - "@envoy//source/extensions/transport_sockets/tls:config", + "@envoy//source/extensions/transport_sockets/tls:upstream_config", "@envoy//source/extensions/upstreams/http/generic:config", "@envoy_mobile//library/common/extensions/cert_validator/platform_bridge:config", "@envoy_mobile//library/common/extensions/filters/http/local_error:config", diff --git a/mobile/envoy_build_config/extension_registry.cc b/mobile/envoy_build_config/extension_registry.cc index 47acf91734da..5a3da36cb196 100644 --- a/mobile/envoy_build_config/extension_registry.cc +++ b/mobile/envoy_build_config/extension_registry.cc @@ -28,7 +28,7 @@ #include "source/extensions/request_id/uuid/config.h" #include "source/extensions/transport_sockets/http_11_proxy/config.h" #include "source/extensions/transport_sockets/raw_buffer/config.h" -#include "source/extensions/transport_sockets/tls/config.h" +#include "source/extensions/transport_sockets/tls/upstream_config.h" #include "source/extensions/upstreams/http/generic/config.h" #ifdef ENVOY_MOBILE_ENABLE_LISTENER diff --git a/mobile/envoy_build_config/extensions_build_config.bzl b/mobile/envoy_build_config/extensions_build_config.bzl index a1135c44c941..00d3a08d0440 100644 --- a/mobile/envoy_build_config/extensions_build_config.bzl +++ b/mobile/envoy_build_config/extensions_build_config.bzl @@ -24,7 +24,7 @@ EXTENSIONS = { "envoy.retry.options.network_configuration": "@envoy_mobile//library/common/extensions/retry/options/network_configuration:config", "envoy.transport_sockets.http_11_proxy": "//source/extensions/transport_sockets/http_11_proxy:upstream_config", "envoy.transport_sockets.raw_buffer": "//source/extensions/transport_sockets/raw_buffer:config", - "envoy.transport_sockets.tls": "//source/extensions/transport_sockets/tls:config", + "envoy.transport_sockets.tls": "//source/extensions/transport_sockets/tls:upstream_config", "envoy.http.stateful_header_formatters.preserve_case": "//source/extensions/http/header_formatters/preserve_case:config", "envoy_mobile.cert_validator.platform_bridge_cert_validator": "@envoy_mobile//library/common/extensions/cert_validator/platform_bridge:config", "envoy.listener_manager_impl.api": "@envoy_mobile//library/common/extensions/listener_managers/api_listener_manager:api_listener_manager_lib", diff --git a/mobile/test/performance/files_em_does_not_use b/mobile/test/performance/files_em_does_not_use index e4c823572497..844705fa6bb5 100644 --- a/mobile/test/performance/files_em_does_not_use +++ b/mobile/test/performance/files_em_does_not_use @@ -10,3 +10,4 @@ source/server/options_impl.cc source/extensions/access_loggers/common/file_access_log_impl.h source/common/router/scoped_rds.h source/extensions/load_balancing_policies/subset/subset_lb.h +source/extensions/transport_sockets/tls/upstream_config.h diff --git a/source/exe/BUILD b/source/exe/BUILD index 76dfa429a524..a0a42b9d0f7d 100644 --- a/source/exe/BUILD +++ b/source/exe/BUILD @@ -158,6 +158,7 @@ envoy_cc_library( ":main_common_with_all_extensions_lib", # These are compiled as extensions so Envoy Mobile doesn't have to link them in. # Envoy requires them. + "//source/extensions/transport_sockets/tls:config", "//source/common/listener_manager:listener_manager_lib", "//source/extensions/listener_managers/validation_listener_manager:validation_listener_manager_lib", "//source/common/version:version_linkstamp", diff --git a/source/extensions/all_extensions.bzl b/source/extensions/all_extensions.bzl index f239a04b9537..475cf1b855ea 100644 --- a/source/extensions/all_extensions.bzl +++ b/source/extensions/all_extensions.bzl @@ -6,7 +6,6 @@ load("@envoy_build_config//:extensions_build_config.bzl", "EXTENSIONS") _required_extensions = { "envoy.http.original_ip_detection.xff": "//source/extensions/http/original_ip_detection/xff:config", "envoy.request_id.uuid": "//source/extensions/request_id/uuid:config", - "envoy.transport_sockets.tls": "//source/extensions/transport_sockets/tls:config", # To provide default round robin load balancer. "envoy.load_balancing_policies.round_robin": "//source/extensions/load_balancing_policies/round_robin:config", } diff --git a/source/extensions/transport_sockets/tls/BUILD b/source/extensions/transport_sockets/tls/BUILD index 3ce74ef46a9a..2d6b04895f38 100644 --- a/source/extensions/transport_sockets/tls/BUILD +++ b/source/extensions/transport_sockets/tls/BUILD @@ -1,6 +1,7 @@ load( "//bazel:envoy_build_system.bzl", "envoy_cc_extension", + "envoy_cc_library", "envoy_extension_package", ) @@ -10,17 +11,52 @@ licenses(["notice"]) # Apache 2 envoy_extension_package() -envoy_cc_extension( - name = "config", - srcs = ["config.cc"], +envoy_cc_library( + name = "base_config", hdrs = ["config.h"], - # TLS is core functionality. - visibility = ["//visibility:public"], deps = [ "//envoy/network:transport_socket_interface", "//envoy/registry", "//envoy/server:transport_socket_config_interface", "//source/common/tls:ssl_socket_lib", + ], +) + +envoy_cc_library( + name = "downstream_config", + srcs = ["downstream_config.cc"], + hdrs = ["downstream_config.h"], + deps = [ + ":base_config", + "//envoy/network:transport_socket_interface", + "//envoy/registry", + "//envoy/server:transport_socket_config_interface", + "//source/common/tls:ssl_socket_lib", "@envoy_api//envoy/extensions/transport_sockets/tls/v3:pkg_cc_proto", ], + alwayslink = True, +) + +envoy_cc_library( + name = "upstream_config", + srcs = ["upstream_config.cc"], + hdrs = ["upstream_config.h"], + deps = [ + ":base_config", + "//envoy/network:transport_socket_interface", + "//envoy/registry", + "//envoy/server:transport_socket_config_interface", + "//source/common/tls:ssl_socket_lib", + "@envoy_api//envoy/extensions/transport_sockets/tls/v3:pkg_cc_proto", + ], + alwayslink = True, +) + +envoy_cc_extension( + name = "config", + visibility = ["//visibility:public"], + deps = [ + ":downstream_config", + ":upstream_config", + ], ) diff --git a/source/extensions/transport_sockets/tls/config.h b/source/extensions/transport_sockets/tls/config.h index 3e39adc38bfb..e332ea8cf1cf 100644 --- a/source/extensions/transport_sockets/tls/config.h +++ b/source/extensions/transport_sockets/tls/config.h @@ -18,30 +18,6 @@ class SslSocketConfigFactory : public virtual Server::Configuration::TransportSo std::string name() const override { return "envoy.transport_sockets.tls"; } }; -class UpstreamSslSocketFactory : public Server::Configuration::UpstreamTransportSocketConfigFactory, - public SslSocketConfigFactory { -public: - Network::UpstreamTransportSocketFactoryPtr createTransportSocketFactory( - const Protobuf::Message& config, - Server::Configuration::TransportSocketFactoryContext& context) override; - ProtobufTypes::MessagePtr createEmptyConfigProto() override; -}; - -DECLARE_FACTORY(UpstreamSslSocketFactory); - -class DownstreamSslSocketFactory - : public Server::Configuration::DownstreamTransportSocketConfigFactory, - public SslSocketConfigFactory { -public: - Network::DownstreamTransportSocketFactoryPtr - createTransportSocketFactory(const Protobuf::Message& config, - Server::Configuration::TransportSocketFactoryContext& context, - const std::vector& server_names) override; - ProtobufTypes::MessagePtr createEmptyConfigProto() override; -}; - -DECLARE_FACTORY(DownstreamSslSocketFactory); - } // namespace Tls } // namespace TransportSockets } // namespace Extensions diff --git a/source/extensions/transport_sockets/tls/config.cc b/source/extensions/transport_sockets/tls/downstream_config.cc similarity index 59% rename from source/extensions/transport_sockets/tls/config.cc rename to source/extensions/transport_sockets/tls/downstream_config.cc index d89789c6e2ad..9997c1043305 100644 --- a/source/extensions/transport_sockets/tls/config.cc +++ b/source/extensions/transport_sockets/tls/downstream_config.cc @@ -1,4 +1,4 @@ -#include "source/extensions/transport_sockets/tls/config.h" +#include "source/extensions/transport_sockets/tls/downstream_config.h" #include "envoy/extensions/transport_sockets/tls/v3/cert.pb.h" #include "envoy/extensions/transport_sockets/tls/v3/tls.pb.validate.h" @@ -12,25 +12,6 @@ namespace Extensions { namespace TransportSockets { namespace Tls { -Network::UpstreamTransportSocketFactoryPtr UpstreamSslSocketFactory::createTransportSocketFactory( - const Protobuf::Message& message, - Server::Configuration::TransportSocketFactoryContext& context) { - auto client_config = std::make_unique( - MessageUtil::downcastAndValidate< - const envoy::extensions::transport_sockets::tls::v3::UpstreamTlsContext&>( - message, context.messageValidationVisitor()), - context); - return std::make_unique( - std::move(client_config), context.sslContextManager(), context.statsScope()); -} - -ProtobufTypes::MessagePtr UpstreamSslSocketFactory::createEmptyConfigProto() { - return std::make_unique(); -} - -LEGACY_REGISTER_FACTORY(UpstreamSslSocketFactory, - Server::Configuration::UpstreamTransportSocketConfigFactory, "tls"); - Network::DownstreamTransportSocketFactoryPtr DownstreamSslSocketFactory::createTransportSocketFactory( const Protobuf::Message& message, Server::Configuration::TransportSocketFactoryContext& context, diff --git a/source/extensions/transport_sockets/tls/downstream_config.h b/source/extensions/transport_sockets/tls/downstream_config.h new file mode 100644 index 000000000000..8a9d5db5c433 --- /dev/null +++ b/source/extensions/transport_sockets/tls/downstream_config.h @@ -0,0 +1,29 @@ +#pragma once + +#include "envoy/registry/registry.h" +#include "envoy/server/transport_socket_config.h" + +#include "source/extensions/transport_sockets/tls/config.h" + +namespace Envoy { +namespace Extensions { +namespace TransportSockets { +namespace Tls { + +class DownstreamSslSocketFactory + : public Server::Configuration::DownstreamTransportSocketConfigFactory, + public SslSocketConfigFactory { +public: + Network::DownstreamTransportSocketFactoryPtr + createTransportSocketFactory(const Protobuf::Message& config, + Server::Configuration::TransportSocketFactoryContext& context, + const std::vector& server_names) override; + ProtobufTypes::MessagePtr createEmptyConfigProto() override; +}; + +DECLARE_FACTORY(DownstreamSslSocketFactory); + +} // namespace Tls +} // namespace TransportSockets +} // namespace Extensions +} // namespace Envoy diff --git a/source/extensions/transport_sockets/tls/upstream_config.cc b/source/extensions/transport_sockets/tls/upstream_config.cc new file mode 100644 index 000000000000..715953e7e9b4 --- /dev/null +++ b/source/extensions/transport_sockets/tls/upstream_config.cc @@ -0,0 +1,37 @@ +#include "source/extensions/transport_sockets/tls/upstream_config.h" + +#include "envoy/extensions/transport_sockets/tls/v3/cert.pb.h" +#include "envoy/extensions/transport_sockets/tls/v3/tls.pb.validate.h" + +#include "source/common/protobuf/utility.h" +#include "source/common/tls/context_config_impl.h" +#include "source/common/tls/ssl_socket.h" + +namespace Envoy { +namespace Extensions { +namespace TransportSockets { +namespace Tls { + +Network::UpstreamTransportSocketFactoryPtr UpstreamSslSocketFactory::createTransportSocketFactory( + const Protobuf::Message& message, + Server::Configuration::TransportSocketFactoryContext& context) { + auto client_config = std::make_unique( + MessageUtil::downcastAndValidate< + const envoy::extensions::transport_sockets::tls::v3::UpstreamTlsContext&>( + message, context.messageValidationVisitor()), + context); + return std::make_unique( + std::move(client_config), context.sslContextManager(), context.statsScope()); +} + +ProtobufTypes::MessagePtr UpstreamSslSocketFactory::createEmptyConfigProto() { + return std::make_unique(); +} + +LEGACY_REGISTER_FACTORY(UpstreamSslSocketFactory, + Server::Configuration::UpstreamTransportSocketConfigFactory, "tls"); + +} // namespace Tls +} // namespace TransportSockets +} // namespace Extensions +} // namespace Envoy diff --git a/source/extensions/transport_sockets/tls/upstream_config.h b/source/extensions/transport_sockets/tls/upstream_config.h new file mode 100644 index 000000000000..a053faf35b62 --- /dev/null +++ b/source/extensions/transport_sockets/tls/upstream_config.h @@ -0,0 +1,27 @@ +#pragma once + +#include "envoy/registry/registry.h" +#include "envoy/server/transport_socket_config.h" + +#include "source/extensions/transport_sockets/tls/config.h" + +namespace Envoy { +namespace Extensions { +namespace TransportSockets { +namespace Tls { + +class UpstreamSslSocketFactory : public Server::Configuration::UpstreamTransportSocketConfigFactory, + public SslSocketConfigFactory { +public: + Network::UpstreamTransportSocketFactoryPtr createTransportSocketFactory( + const Protobuf::Message& config, + Server::Configuration::TransportSocketFactoryContext& context) override; + ProtobufTypes::MessagePtr createEmptyConfigProto() override; +}; + +DECLARE_FACTORY(UpstreamSslSocketFactory); + +} // namespace Tls +} // namespace TransportSockets +} // namespace Extensions +} // namespace Envoy diff --git a/tools/code_format/config.yaml b/tools/code_format/config.yaml index 66f8bed3f7fa..9d64d2bcf6ed 100644 --- a/tools/code_format/config.yaml +++ b/tools/code_format/config.yaml @@ -414,3 +414,4 @@ visibility_excludes: - source/extensions/load_balancing_policies/random/ - source/extensions/load_balancing_policies/cluster_provided/ - source/extensions/filters/http/match_delegate/ +- source/extensions/transport_sockets/tls/