envoyproxy · lizan · Oct 13, 2020 · Oct 11, 2020 · Oct 11, 2020 · Oct 11, 2020
diff --git a/source/common/network/resolver_impl.cc b/source/common/network/resolver_impl.cc
@@ -48,7 +48,7 @@ InstanceConstSharedPtr resolveProtoAddress(const envoy::config::core::v3::Addres
   case envoy::config::core::v3::Address::AddressCase::kSocketAddress:
     return resolveProtoSocketAddress(address.socket_address());
   case envoy::config::core::v3::Address::AddressCase::kPipe:
-    return std::make_shared<PipeInstance>(address.pipe().path());
+    return std::make_shared<PipeInstance>(address.pipe().path(), address.pipe().mode());
   case envoy::config::core::v3::Address::AddressCase::kEnvoyInternalAddress:
     switch (address.envoy_internal_address().address_name_specifier_case()) {
     case envoy::config::core::v3::EnvoyInternalAddress::AddressNameSpecifierCase::

diff --git a/test/common/network/address_impl_test.cc b/test/common/network/address_impl_test.cc
@@ -335,6 +335,8 @@ TEST(InteralInstanceTest, Basic) {
   EXPECT_EQ(static_cast<decltype(address.sockAddrLen())>(0), address.sockAddrLen());
 }
 
+// Excluding Windows; chmod(2) against Windows AF_UNIX socket files succeeds,
+// but stat(2) against those returns ENOENT.
 #ifndef WIN32
 TEST(PipeInstanceTest, BasicPermission) {
   std::string path = TestEnvironment::unixDomainSocketPath("foo.sock");

diff --git a/test/integration/uds_integration_test.cc b/test/integration/uds_integration_test.cc
@@ -2,6 +2,7 @@
 
 #include "envoy/config/bootstrap/v3/bootstrap.pb.h"
 
+#include "common/api/os_sys_calls_impl.h"
 #include "common/event/dispatcher_impl.h"
 #include "common/network/utility.h"
 
@@ -47,14 +48,20 @@ TEST_P(UdsUpstreamIntegrationTest, RouterDownstreamDisconnectBeforeResponseCompl
 INSTANTIATE_TEST_SUITE_P(
     TestParameters, UdsListenerIntegrationTest,
     testing::Combine(testing::ValuesIn(TestEnvironment::getIpVersionsForTest()),
-                     testing::Values(false, true)));
+                     testing::Values(false, true), testing::Values(0)));
 #else
 INSTANTIATE_TEST_SUITE_P(
     TestParameters, UdsListenerIntegrationTest,
     testing::Combine(testing::ValuesIn(TestEnvironment::getIpVersionsForTest()),
-                     testing::Values(false)));
+                     testing::Values(false), testing::Values(0)));
 #endif
 
+// Test the mode parameter, excluding abstract namespace enabled
+INSTANTIATE_TEST_SUITE_P(
+    TestModeParameter, UdsListenerIntegrationTest,
+    testing::Combine(testing::ValuesIn(TestEnvironment::getIpVersionsForTest()),
+                     testing::Values(false), testing::Values(0662)));
+
 void UdsListenerIntegrationTest::initialize() {
   config_helper_.addConfigModifier([&](envoy::config::bootstrap::v3::Bootstrap& bootstrap) -> void {
     auto* admin_addr = bootstrap.mutable_admin()->mutable_address();
@@ -68,6 +75,7 @@ void UdsListenerIntegrationTest::initialize() {
     auto* listener = listeners->Add();
     listener->set_name("listener_0");
     listener->mutable_address()->mutable_pipe()->set_path(getListenerSocketName());
+    listener->mutable_address()->mutable_pipe()->set_mode(getMode());
     *(listener->mutable_filter_chains()) = filter_chains;
   });
   HttpIntegrationTest::initialize();
@@ -84,6 +92,28 @@ HttpIntegrationTest::ConnectionCreationFunction UdsListenerIntegrationTest::crea
   };
 }
 
+// Excluding Windows; chmod(2) against Windows AF_UNIX socket files succeeds,
+// but stat(2) against those returns ENOENT.
+#ifndef WIN32
+TEST_P(UdsListenerIntegrationTest, TestSocketMode) {
+  if (abstract_namespace_) {
+    // stat(2) against sockets in abstract namespace is not possible
+    GTEST_SKIP();
+  }
+
+  initialize();
+
+  Api::OsSysCalls& os_sys_calls = Api::OsSysCallsSingleton::get();
+  struct stat listener_stat;
+  EXPECT_EQ(os_sys_calls.stat(getListenerSocketName().c_str(), &listener_stat).rc_, 0);
+  if (mode_ == 0) {
+    EXPECT_NE(listener_stat.st_mode & 0777, 0);
+  } else {
+    EXPECT_EQ(listener_stat.st_mode & mode_, mode_);
+  }
+}
+#endif
+
 TEST_P(UdsListenerIntegrationTest, TestPeerCredentials) {
   fake_upstreams_count_ = 1;
   initialize();

diff --git a/test/integration/uds_integration_test.h b/test/integration/uds_integration_test.h
@@ -54,12 +54,12 @@ class UdsUpstreamIntegrationTest
 };
 
 class UdsListenerIntegrationTest
-    : public testing::TestWithParam<std::tuple<Network::Address::IpVersion, bool>>,
+    : public testing::TestWithParam<std::tuple<Network::Address::IpVersion, bool, mode_t>>,
       public HttpIntegrationTest {
 public:
   UdsListenerIntegrationTest()
       : HttpIntegrationTest(Http::CodecClient::Type::HTTP1, std::get<0>(GetParam())),
-        abstract_namespace_(std::get<1>(GetParam())) {}
+        abstract_namespace_(std::get<1>(GetParam())), mode_(std::get<2>(GetParam())) {}
 
   void initialize() override;
 
@@ -71,10 +71,13 @@ class UdsListenerIntegrationTest
     return TestEnvironment::unixDomainSocketPath("listener_0.sock", abstract_namespace_);
   }
 
+  mode_t getMode() { return mode_; }
+
 protected:
   HttpIntegrationTest::ConnectionCreationFunction createConnectionFn();
 
   const bool abstract_namespace_;
+  const mode_t mode_;
 };
 
 } // namespace Envoy
diff --git a/tools/spelling/spelling_dictionary.txt b/tools/spelling/spelling_dictionary.txt
@@ -95,6 +95,7 @@ EINPROGRESS
 EINVAL
 ELB
 EMSGSIZE
+ENOENT
 ENOTFOUND
 ENOTSUP
 ENV