Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Service config parse failures should be UNAVAILABLE (1.48.x backport) #9350

Commits on Jul 8, 2022

  1. Service config parse failures should be UNAVAILABLE

    INVALID_ARGUMENT is propagated to the data plane if no previous config
    is available. INVALID_ARGUMENT is reserved for application use; LBs
    should pretty much use UNAVAILABLE exclusively.
    
    While most of the changes are in xds, there do not appear to be likely
    xds code paths that would propagate a bad status to the data plane.
    Internal policies either don't use parseLoadBalancingPolicyConfig() and
    instead have their configuration objects constructed directly or are
    constructed transitively through the cluster manager which uses INTERNAL
    if there's a child failure. There was a worrisome hole before this
    commit for StatusRuntimeExceptions received by the cluster manager, but
    the audit didn't find any locations throwing such an exception.
    User-selected policies produce a NACK and are protected from the
    existing xds client watcher paths. The worst that appears could happen
    is the channel could panic (which uses INTERNAL) if a bug let a bad
    configuration through.
    ejona86 committed Jul 8, 2022
    Configuration menu
    Copy the full SHA
    229624e View commit details
    Browse the repository at this point in the history