xds/google-c2p: validate url for no authorities (grpc#5756)

jronak · Nov 21, 2022 · 83720b6 · 83720b6
1 parent e2c4f64
commit 83720b6
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/xds/googledirectpath/googlec2p.go b/xds/googledirectpath/googlec2p.go
@@ -92,6 +92,10 @@ type c2pResolverBuilder struct {
 }
 
 func (c2pResolverBuilder) Build(t resolver.Target, cc resolver.ClientConn, opts resolver.BuildOptions) (resolver.Resolver, error) {
+	if t.URL.Host != "" {
+		return nil, fmt.Errorf("google-c2p URI scheme does not support authorities")
+	}
+
 	if !runDirectPath() {
 		// If not xDS, fallback to DNS.
 		t.Scheme = dnsName

diff --git a/xds/googledirectpath/googlec2p_test.go b/xds/googledirectpath/googlec2p_test.go
@@ -20,12 +20,14 @@ package googledirectpath
 
 import (
 	"strconv"
+	"strings"
 	"testing"
 	"time"
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/internal/envconfig"
 	"google.golang.org/grpc/resolver"
 	"google.golang.org/grpc/xds/internal/xdsclient"
@@ -251,3 +253,20 @@ func TestBuildXDS(t *testing.T) {
 		})
 	}
 }
+
+// TestDialFailsWhenTargetContainsAuthority attempts to Dial a target URI of
+// google-c2p scheme with a non-empty authority and verifies that it fails with
+// an expected error.
+func TestBuildFailsWhenCalledWithAuthority(t *testing.T) {
+	uri := "google-c2p://an-authority/resource"
+	cc, err := grpc.Dial(uri, grpc.WithTransportCredentials(insecure.NewCredentials()))
+	defer func() {
+		if cc != nil {
+			cc.Close()
+		}
+	}()
+	wantErr := "google-c2p URI scheme does not support authorities"
+	if err == nil || !strings.Contains(err.Error(), wantErr) {
+		t.Fatalf("grpc.Dial(%s) returned error: %v, want: %v", uri, err, wantErr)
+	}
+}