secret: add secret provider interface and use it for TlsCertificates #4086
Conversation
Signed-off-by: Lizan Zhou <zlizan@google.com>
Signed-off-by: Lizan Zhou <zlizan@google.com>
| @@ -60,6 +60,7 @@ class ContextConfig { | |||
| */ | |||
| virtual const std::string& certificateRevocationListPath() const PURE; | |||
|
|
|||
| // TODO(lizan): consider refactor 4 methods below to Ssl::TlsCertificateConfig | |||
There was a problem hiding this comment.
FWIW: lizan/envoy@static_secret_provider...tls_certificate_config , I prefer to have this change in a follow up PRs, but if reviewers prefer in same PR, I will add a commit.
|
@ggreenway and/or @mattklein123, PTAL. For a non-Google review. |
|
Yes I will look. Please assign me as a reviewer on all SDS PRs. |
There was a problem hiding this comment.
I'm probably missing something, but what's the reason for having TlsCertificateConfigProvider, which is effectively a wrapper around TlsCertificateConfig?
I do agree that we need to move all certificate-specific fields, regardless of whether they were read from file, inlined or fetched via SDS, into a common object, which is why I proposed TlsCertificateConfig a few SDS PRs ago, but I don't see the reason for another layer of misdirection?
| * @param tls_certificate the protobuf config of the TLS certificate. | ||
| * @return a TlsCertificateConfigProviderSharedPtr created from tls_certificate. | ||
| */ | ||
| virtual TlsCertificateConfigProviderSharedPtr createInlineTlsCertificateProvider( |
There was a problem hiding this comment.
Why do we need this? And couldn't this be static? It doesn't seem to be modifying or requiring SecretManager at all.
There was a problem hiding this comment.
It could be static with current implementation since I wanted to keep this PR as a refactor. Though secret_manager might do more in future, (e.g. returning same provider if config is exactly same), and/or track all secrets for dump config like rds does.
There was a problem hiding this comment.
Sorry what is the different between an inline secret and a static secret? I'm confused.
There was a problem hiding this comment.
inline secret is the secret directly embedded in the config. static secrets are specified in the static_resources, the config only has a name to point to it.
There was a problem hiding this comment.
OK then I guess I have the same question as @PiotrSikora. Why isn't this static?
There was a problem hiding this comment.
My understanding is: inline is the legacy way of configuring ssl cert. statis secrets are only added when SDS works started to share secrets used in many places. By removing inline, it may break existing users.
There was a problem hiding this comment.
I'm not saying to remove inline, I think that will always be there. My question is why isn't inline just a static secret?
There was a problem hiding this comment.
@mattklein123 IIUC @PiotrSikora asks why not making the C++ method static, your question is to merge inline secret and static secret.
Static secrets can be only registered via static_resources in bootstrap.proto, looked up by name, owned by secret manager. Inline secrets are in each tls_context, have no name, in future, secret manager may track more than current implementation. They have different lifecycles.
It is to extract the callbacks for dynamic secret, which will swap the holding TlsCertificateConfigPtr, like this: https://github.com/envoyproxy/envoy/pull/3700/files#diff-93a68bfee9eaf7ed295925ab50201db8R16 |
| namespace Secret { | ||
|
|
||
| /** | ||
| * A secret provider for each kind of secrets. |
source/common/config/datasource.h
Outdated
| @@ -19,7 +21,7 @@ std::string read(const envoy::api::v2::core::DataSource& source, bool allow_empt | |||
| * @param source data source. | |||
| * @return std::string path to DataSource if a filename, otherwise an empty string. | |||
| * @param tls_certificate the protobuf config of the TLS certificate. | ||
| * @return a TlsCertificateConfigProviderSharedPtr created from tls_certificate. | ||
| */ | ||
| virtual TlsCertificateConfigProviderSharedPtr createInlineTlsCertificateProvider( |
There was a problem hiding this comment.
Sorry what is the different between an inline secret and a static secret? I'm confused.
Signed-off-by: Lizan Zhou <zlizan@google.com>
* origin/master: (38 commits) test: add tests for corner-cases around sending requests before run() starts or after run() ends. (envoyproxy#4114) perf: reduce the memory usage of LC Trie construction (envoyproxy#4117) test: moving redundant code in websocket_integration_test to utilities (envoyproxy#4127) test: make YamlLoadFromStringFail less picky about error msg. (envoyproxy#4141) rbac: add rbac network filter. (envoyproxy#4083) fuzz: route lookup and header finalization fuzzer. (envoyproxy#4116) Set content-type and content-length (envoyproxy#4113) fault: use FractionalPercent for percent (envoyproxy#3978) test: Fix inverted exact match logic in IntegrationTcpClient::waitForData() (envoyproxy#4134) Added cluster_name to load assignment config for static cluster (envoyproxy#4123) ssl: refactor ContextConfig to use TlsCertificateConfig (envoyproxy#4115) syscall: refactor OsSysCalls for deeper errno latching (envoyproxy#4111) thrift_proxy: fix oneway bugs (envoyproxy#4025) Do not crash when converting YAML to JSON fails (envoyproxy#4110) config: allow unknown fields flag (take 2) (envoyproxy#4096) Use a jittered backoff strategy for handling HdsDelegate stream/connection failures (envoyproxy#4108) bazel: use GCS remote cache (envoyproxy#4050) Add thread local cache of overload action states (envoyproxy#4090) Added TCP healthcheck capabilities to the HdsDelegate (envoyproxy#4079) secret: add secret provider interface and use it for TlsCertificates (envoyproxy#4086) ... Signed-off-by: Snow Pettersen <snowp@squareup.com>
Signed-off-by: Lizan Zhou zlizan@google.com
Description:
Add secret provider interface which is part of DynamicTlsCertificateProvider interface proposed in #3700. Make static and inline TlsCertificate utilize it.
Risk Level: Low
Testing: unit test, integration test
Docs Changes: N/A
Release Notes: N/A