diff --git a/balancer/rls/balancer_test.go b/balancer/rls/balancer_test.go index 8c77e3428950..6d13ccca68ba 100644 --- a/balancer/rls/balancer_test.go +++ b/balancer/rls/balancer_test.go @@ -333,11 +333,12 @@ func (s) TestConfigUpdate_ChildPolicyConfigs(t *testing.T) { // Register a manual resolver and push the RLS service config through it. r := startManualResolverWithConfig(t, rlsConfig) - cc, err := grpc.Dial(r.Scheme()+":///", grpc.WithResolvers(r), grpc.WithTransportCredentials(insecure.NewCredentials())) + cc, err := grpc.NewClient(r.Scheme()+":///", grpc.WithResolvers(r), grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { - t.Fatalf("grpc.Dial() failed: %v", err) + t.Fatalf("grpc.NewClient() failed: %v", err) } defer cc.Close() + cc.Connect() // At this point, the RLS LB policy should have received its config, and // should have created a child policy for the default target. @@ -448,11 +449,12 @@ func (s) TestConfigUpdate_ChildPolicyChange(t *testing.T) { // Register a manual resolver and push the RLS service config through it. r := startManualResolverWithConfig(t, rlsConfig) - cc, err := grpc.Dial(r.Scheme()+":///", grpc.WithResolvers(r), grpc.WithTransportCredentials(insecure.NewCredentials())) + cc, err := grpc.NewClient(r.Scheme()+":///", grpc.WithResolvers(r), grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { - t.Fatalf("grpc.Dial() failed: %v", err) + t.Fatalf("grpc.NewClient() failed: %v", err) } defer cc.Close() + cc.Connect() // At this point, the RLS LB policy should have received its config, and // should have created a child policy for the default target. @@ -603,11 +605,12 @@ func (s) TestConfigUpdate_DataCacheSizeDecrease(t *testing.T) { // Register a manual resolver and push the RLS service config through it. r := startManualResolverWithConfig(t, rlsConfig) - cc, err := grpc.Dial(r.Scheme()+":///", grpc.WithResolvers(r), grpc.WithTransportCredentials(insecure.NewCredentials())) + cc, err := grpc.NewClient(r.Scheme()+":///", grpc.WithResolvers(r), grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { - t.Fatalf("grpc.Dial() failed: %v", err) + t.Fatalf("grpc.NewClient() failed: %v", err) } defer cc.Close() + cc.Connect() <-clientConnUpdateDone @@ -769,11 +772,12 @@ func (s) TestPickerUpdateOnDataCacheSizeDecrease(t *testing.T) { sc := internal.ParseServiceConfig.(func(string) *serviceconfig.ParseResult)(scJSON) r.InitialState(resolver.State{ServiceConfig: sc}) - cc, err := grpc.Dial(r.Scheme()+":///", grpc.WithResolvers(r), grpc.WithTransportCredentials(insecure.NewCredentials())) + cc, err := grpc.NewClient(r.Scheme()+":///", grpc.WithResolvers(r), grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { - t.Fatalf("create grpc.Dial() failed: %v", err) + t.Fatalf("create grpc.NewClient() failed: %v", err) } defer cc.Close() + cc.Connect() <-clientConnUpdateDone @@ -1151,11 +1155,12 @@ func (s) TestUpdateStatePauses(t *testing.T) { sc := internal.ParseServiceConfig.(func(string) *serviceconfig.ParseResult)(scJSON) r.InitialState(resolver.State{ServiceConfig: sc}) - cc, err := grpc.Dial(r.Scheme()+":///", grpc.WithResolvers(r), grpc.WithTransportCredentials(insecure.NewCredentials())) + cc, err := grpc.NewClient(r.Scheme()+":///", grpc.WithResolvers(r), grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { - t.Fatalf("grpc.Dial() failed: %v", err) + t.Fatalf("grpc.NewClient() failed: %v", err) } defer cc.Close() + cc.Connect() // Wait for the clientconn update to be processed by the RLS LB policy. ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout) diff --git a/examples/features/csm_observability/client/main.go b/examples/features/csm_observability/client/main.go index cf33e6cb641d..c5b81ff0beb7 100644 --- a/examples/features/csm_observability/client/main.go +++ b/examples/features/csm_observability/client/main.go @@ -30,7 +30,7 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" xdscreds "google.golang.org/grpc/credentials/xds" - "google.golang.org/grpc/examples/features/proto/echo" + pb "google.golang.org/grpc/examples/helloworld/helloworld" "google.golang.org/grpc/stats/opentelemetry" "google.golang.org/grpc/stats/opentelemetry/csm" _ "google.golang.org/grpc/xds" // To install the xds resolvers and balancers. @@ -40,9 +40,12 @@ import ( "go.opentelemetry.io/otel/sdk/metric" ) +const defaultName = "world" + var ( target = flag.String("target", "xds:///helloworld:50051", "the server address to connect to") prometheusEndpoint = flag.String("prometheus_endpoint", ":9464", "the Prometheus exporter endpoint") + name = flag.String("name", defaultName, "Name to greet") ) func main() { @@ -68,15 +71,15 @@ func main() { log.Fatalf("Failed to start NewClient: %v", err) } defer cc.Close() - c := echo.NewEchoClient(cc) + c := pb.NewGreeterClient(cc) // Make an RPC every second. This should trigger telemetry to be emitted from // the client and the server. for { ctx, cancel := context.WithTimeout(context.Background(), time.Second*5) - r, err := c.UnaryEcho(ctx, &echo.EchoRequest{Message: "this is examples/opentelemetry"}) + r, err := c.SayHello(ctx, &pb.HelloRequest{Name: *name}) if err != nil { - log.Printf("UnaryEcho failed: %v", err) + log.Fatalf("Could not greet: %v", err) } fmt.Println(r) time.Sleep(time.Second) diff --git a/examples/features/csm_observability/server/main.go b/examples/features/csm_observability/server/main.go index 7a87517cbde6..3c4c7a328e0c 100644 --- a/examples/features/csm_observability/server/main.go +++ b/examples/features/csm_observability/server/main.go @@ -22,7 +22,6 @@ package main import ( "context" "flag" - "fmt" "log" "net" "net/http" @@ -30,7 +29,7 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" xdscreds "google.golang.org/grpc/credentials/xds" - pb "google.golang.org/grpc/examples/features/proto/echo" + pb "google.golang.org/grpc/examples/helloworld/helloworld" "google.golang.org/grpc/stats/opentelemetry" "google.golang.org/grpc/stats/opentelemetry/csm" "google.golang.org/grpc/xds" @@ -45,13 +44,15 @@ var ( prometheusEndpoint = flag.String("prometheus_endpoint", ":9464", "the Prometheus exporter endpoint") ) -type echoServer struct { - pb.UnimplementedEchoServer +// server is used to implement helloworld.GreeterServer. +type server struct { + pb.UnimplementedGreeterServer addr string } -func (s *echoServer) UnaryEcho(_ context.Context, req *pb.EchoRequest) (*pb.EchoResponse, error) { - return &pb.EchoResponse{Message: fmt.Sprintf("%s (from %s)", req.Message, s.addr)}, nil +// SayHello implements helloworld.GreeterServer +func (s *server) SayHello(_ context.Context, in *pb.HelloRequest) (*pb.HelloReply, error) { + return &pb.HelloReply{Message: "Hello " + in.GetName()}, nil } func main() { @@ -80,7 +81,7 @@ func main() { if err != nil { log.Fatalf("Failed to start xDS Server: %v", err) } - pb.RegisterEchoServer(s, &echoServer{addr: ":" + *port}) + pb.RegisterGreeterServer(s, &server{addr: ":" + *port}) log.Printf("Serving on %s\n", *port) diff --git a/internal/idle/idle_e2e_test.go b/internal/idle/idle_e2e_test.go index 26f4f4c7017b..b9e06fb609b6 100644 --- a/internal/idle/idle_e2e_test.go +++ b/internal/idle/idle_e2e_test.go @@ -131,11 +131,12 @@ func (s) TestChannelIdleness_Disabled_NoActivity(t *testing.T) { grpc.WithIdleTimeout(0), // Disable idleness. grpc.WithDefaultServiceConfig(`{"loadBalancingConfig": [{"round_robin":{}}]}`), } - cc, err := grpc.Dial(r.Scheme()+":///test.server", dopts...) + cc, err := grpc.NewClient(r.Scheme()+":///test.server", dopts...) if err != nil { - t.Fatalf("grpc.Dial() failed: %v", err) + t.Fatalf("grpc.NewClient() failed: %v", err) } defer cc.Close() + cc.Connect() // Start a test backend and push an address update via the resolver. backend := stubserver.StartTestService(t, nil) @@ -177,12 +178,13 @@ func (s) TestChannelIdleness_Enabled_NoActivity(t *testing.T) { grpc.WithIdleTimeout(defaultTestShortIdleTimeout), grpc.WithDefaultServiceConfig(`{"loadBalancingConfig": [{"round_robin":{}}]}`), } - cc, err := grpc.Dial(r.Scheme()+":///test.server", dopts...) + cc, err := grpc.NewClient(r.Scheme()+":///test.server", dopts...) if err != nil { - t.Fatalf("grpc.Dial() failed: %v", err) + t.Fatalf("grpc.NewClient() failed: %v", err) } defer cc.Close() + cc.Connect() // Start a test backend and push an address update via the resolver. lis := testutils.NewListenerWrapper(t, nil) backend := stubserver.StartTestService(t, &stubserver.StubServer{Listener: lis}) @@ -265,12 +267,12 @@ func (s) TestChannelIdleness_Enabled_OngoingCall(t *testing.T) { grpc.WithIdleTimeout(defaultTestShortIdleTimeout), grpc.WithDefaultServiceConfig(`{"loadBalancingConfig": [{"round_robin":{}}]}`), } - cc, err := grpc.Dial(r.Scheme()+":///test.server", dopts...) + cc, err := grpc.NewClient(r.Scheme()+":///test.server", dopts...) if err != nil { - t.Fatalf("grpc.Dial() failed: %v", err) + t.Fatalf("grpc.NewClient() failed: %v", err) } defer cc.Close() - + cc.Connect() // Start a test backend that keeps the RPC call active by blocking // on a channel that is closed by the test later on. blockCh := make(chan struct{}) @@ -354,12 +356,12 @@ func (s) TestChannelIdleness_Enabled_ActiveSinceLastCheck(t *testing.T) { grpc.WithIdleTimeout(defaultTestShortIdleTimeout), grpc.WithDefaultServiceConfig(`{"loadBalancingConfig": [{"round_robin":{}}]}`), } - cc, err := grpc.Dial(r.Scheme()+":///test.server", dopts...) + cc, err := grpc.NewClient(r.Scheme()+":///test.server", dopts...) if err != nil { - t.Fatalf("grpc.Dial() failed: %v", err) + t.Fatalf("grpc.NewClient() failed: %v", err) } defer cc.Close() - + cc.Connect() // Start a test backend and push an address update via the resolver. backend := stubserver.StartTestService(t, nil) defer backend.Stop() @@ -423,12 +425,12 @@ func (s) TestChannelIdleness_Enabled_ExitIdleOnRPC(t *testing.T) { grpc.WithIdleTimeout(defaultTestShortIdleTimeout), grpc.WithDefaultServiceConfig(`{"loadBalancingConfig": [{"round_robin":{}}]}`), } - cc, err := grpc.Dial(r.Scheme()+":///test.server", dopts...) + cc, err := grpc.NewClient(r.Scheme()+":///test.server", dopts...) if err != nil { - t.Fatalf("grpc.Dial() failed: %v", err) + t.Fatalf("grpc.NewClient() failed: %v", err) } defer cc.Close() - + cc.Connect() // Verify that the ClientConn moves to READY. ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout) defer cancel() diff --git a/internal/testutils/blocking_context_dialer_test.go b/internal/testutils/blocking_context_dialer_test.go index eb5d418d4baf..b826c5a91be5 100644 --- a/internal/testutils/blocking_context_dialer_test.go +++ b/internal/testutils/blocking_context_dialer_test.go @@ -125,7 +125,7 @@ func (s) TestBlockingDialer_HoldWaitFail(t *testing.T) { }() if !h.Wait(ctx) { - t.Fatalf("Timeout while waiting for a connection attempt to " + h.addr) + t.Fatal("Timeout while waiting for a connection attempt to " + h.addr) } select { case err = <-dialError: diff --git a/internal/transport/handler_server.go b/internal/transport/handler_server.go index d9305a65d88f..3dea23573518 100644 --- a/internal/transport/handler_server.go +++ b/internal/transport/handler_server.go @@ -498,5 +498,5 @@ func mapRecvMsgError(err error) error { if strings.Contains(err.Error(), "body closed by handler") { return status.Error(codes.Canceled, err.Error()) } - return connectionErrorf(true, err, err.Error()) + return connectionErrorf(true, err, "%s", err.Error()) } diff --git a/internal/xds/rbac/rbac_engine.go b/internal/xds/rbac/rbac_engine.go index 344052cb04fd..8f376c400333 100644 --- a/internal/xds/rbac/rbac_engine.go +++ b/internal/xds/rbac/rbac_engine.go @@ -219,6 +219,9 @@ func newRPCData(ctx context.Context) (*rpcData, error) { if !ok { return nil, errors.New("missing method in incoming context") } + // gRPC-Go strips :path from the headers given to the application, but RBAC should be + // able to match against it. + md[":path"] = []string{mn} // The connection is needed in order to find the destination address and // port of the incoming RPC Call. diff --git a/orca/producer_test.go b/orca/producer_test.go index 9df18bf574c9..adf030cc145b 100644 --- a/orca/producer_test.go +++ b/orca/producer_test.go @@ -153,12 +153,17 @@ func (s) TestProducer(t *testing.T) { li := &listenerInfo{scChan: make(chan balancer.SubConn, 1), listener: oobLis, opts: lisOpts} addr := setListenerInfo(resolver.Address{Addr: lis.Addr().String()}, li) r.InitialState(resolver.State{Addresses: []resolver.Address{addr}}) - cc, err := grpc.Dial("whatever:///whatever", grpc.WithDefaultServiceConfig(`{"loadBalancingConfig": [{"customLB":{}}]}`), grpc.WithResolvers(r), grpc.WithTransportCredentials(insecure.NewCredentials())) + dopts := []grpc.DialOption{ + grpc.WithDefaultServiceConfig(`{"loadBalancingConfig": [{"customLB":{}}]}`), + grpc.WithResolvers(r), + grpc.WithTransportCredentials(insecure.NewCredentials()), + } + cc, err := grpc.NewClient("whatever:///whatever", dopts...) if err != nil { - t.Fatalf("grpc.Dial failed: %v", err) + t.Fatalf("grpc.NewClient() failed: %v", err) } defer cc.Close() - + cc.Connect() // Set a few metrics and wait for them on the client side. smr.SetCPUUtilization(10) smr.SetMemoryUtilization(0.1) @@ -319,10 +324,16 @@ func (s) TestProducerBackoff(t *testing.T) { lisOpts := orca.OOBListenerOptions{ReportInterval: reportInterval} li := &listenerInfo{scChan: make(chan balancer.SubConn, 1), listener: oobLis, opts: lisOpts} r.InitialState(resolver.State{Addresses: []resolver.Address{setListenerInfo(resolver.Address{Addr: lis.Addr().String()}, li)}}) - cc, err := grpc.Dial("whatever:///whatever", grpc.WithDefaultServiceConfig(`{"loadBalancingConfig": [{"customLB":{}}]}`), grpc.WithResolvers(r), grpc.WithTransportCredentials(insecure.NewCredentials())) + dopts := []grpc.DialOption{ + grpc.WithDefaultServiceConfig(`{"loadBalancingConfig": [{"customLB":{}}]}`), + grpc.WithResolvers(r), + grpc.WithTransportCredentials(insecure.NewCredentials()), + } + cc, err := grpc.NewClient("whatever:///whatever", dopts...) if err != nil { - t.Fatalf("grpc.Dial failed: %v", err) + t.Fatalf("grpc.NewClient failed: %v", err) } + cc.Connect() defer cc.Close() // Define a load report to send and expect the client to see. @@ -431,10 +442,11 @@ func (s) TestProducerMultipleListeners(t *testing.T) { lisOpts1 := orca.OOBListenerOptions{ReportInterval: reportInterval1} li := &listenerInfo{scChan: make(chan balancer.SubConn, 1), listener: oobLis1, opts: lisOpts1} r.InitialState(resolver.State{Addresses: []resolver.Address{setListenerInfo(resolver.Address{Addr: lis.Addr().String()}, li)}}) - cc, err := grpc.Dial("whatever:///whatever", grpc.WithDefaultServiceConfig(`{"loadBalancingConfig": [{"customLB":{}}]}`), grpc.WithResolvers(r), grpc.WithTransportCredentials(insecure.NewCredentials())) + cc, err := grpc.NewClient("whatever:///whatever", grpc.WithDefaultServiceConfig(`{"loadBalancingConfig": [{"customLB":{}}]}`), grpc.WithResolvers(r), grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { - t.Fatalf("grpc.Dial failed: %v", err) + t.Fatalf("grpc.NewClient() failed: %v", err) } + cc.Connect() defer cc.Close() // Ensure the OOB listener is stopped before the client is closed to avoid diff --git a/resolver/manual/manual_test.go b/resolver/manual/manual_test.go index 3c118134b870..2d089268b778 100644 --- a/resolver/manual/manual_test.go +++ b/resolver/manual/manual_test.go @@ -59,12 +59,14 @@ func TestResolver(t *testing.T) { }) t.Run("happy_path", func(t *testing.T) { - _, err := grpc.Dial("whatever://localhost", + cc, err := grpc.NewClient("whatever://localhost", grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithResolvers(r)) if err != nil { - t.Errorf("dial setup error: %v", err) + t.Errorf("grpc.NewClient() failed: %v", err) } + defer cc.Close() + cc.Connect() r.UpdateState(resolver.State{Addresses: []resolver.Address{ {Addr: "ok"}, }}) diff --git a/stream.go b/stream.go index 17e2267b3320..54adbbced7a6 100644 --- a/stream.go +++ b/stream.go @@ -1766,7 +1766,7 @@ func (ss *serverStream) RecvMsg(m any) (err error) { return err } if err == io.ErrUnexpectedEOF { - err = status.Errorf(codes.Internal, io.ErrUnexpectedEOF.Error()) + err = status.Error(codes.Internal, io.ErrUnexpectedEOF.Error()) } return toRPCErr(err) } diff --git a/test/authority_test.go b/test/authority_test.go index cf9da155a770..3749b59b9644 100644 --- a/test/authority_test.go +++ b/test/authority_test.go @@ -165,7 +165,7 @@ func (s) TestUnixCustomDialer(t *testing.T) { } } -// TestColonPortAuthority does an end to end test with the target for grpc.Dial +// TestColonPortAuthority does an end to end test with the target for grpc.NewClient // being ":[port]". Ensures authority is "localhost:[port]". func (s) TestColonPortAuthority(t *testing.T) { expectedAuthority := "" @@ -189,16 +189,11 @@ func (s) TestColonPortAuthority(t *testing.T) { authorityMu.Lock() expectedAuthority = "localhost:" + port authorityMu.Unlock() - // ss.Start dials, but not the ":[port]" target that is being tested here. - // Dial again, with ":[port]" as the target. - // - // Append "localhost" before calling net.Dial, in case net.Dial on certain - // platforms doesn't work well for address without the IP. - cc, err := grpc.Dial(":"+port, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer(func(ctx context.Context, addr string) (net.Conn, error) { - return (&net.Dialer{}).DialContext(ctx, "tcp", "localhost"+addr) - })) + // ss.Start dials the server, but we explicitly test with ":[port]" + // as the target. + cc, err := grpc.NewClient(":"+port, grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { - t.Fatalf("grpc.Dial(%q) = %v", ss.Target, err) + t.Fatalf("grpc.NewClient(%q) = %v", ss.Target, err) } defer cc.Close() ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout) diff --git a/test/creds_test.go b/test/creds_test.go index fe8b552e719c..bedafa5b7272 100644 --- a/test/creds_test.go +++ b/test/creds_test.go @@ -186,7 +186,7 @@ type methodTestCreds struct{} func (m *methodTestCreds) GetRequestMetadata(ctx context.Context, _ ...string) (map[string]string, error) { ri, _ := credentials.RequestInfoFromContext(ctx) - return nil, status.Errorf(codes.Unknown, ri.Method) + return nil, status.Error(codes.Unknown, ri.Method) } func (m *methodTestCreds) RequireTransportSecurity() bool { return false } diff --git a/test/end2end_test.go b/test/end2end_test.go index 19972ecebe17..548bd68b4e9c 100644 --- a/test/end2end_test.go +++ b/test/end2end_test.go @@ -4692,7 +4692,7 @@ func (s) TestTapTimeout(t *testing.T) { ss := &stubserver.StubServer{ EmptyCallF: func(ctx context.Context, _ *testpb.Empty) (*testpb.Empty, error) { <-ctx.Done() - return nil, status.Errorf(codes.Canceled, ctx.Err().Error()) + return nil, status.Error(codes.Canceled, ctx.Err().Error()) }, } if err := ss.Start(sopts); err != nil { @@ -5104,7 +5104,7 @@ func (s) TestStatusInvalidUTF8Message(t *testing.T) { ss := &stubserver.StubServer{ EmptyCallF: func(context.Context, *testpb.Empty) (*testpb.Empty, error) { - return nil, status.Errorf(codes.Internal, origMsg) + return nil, status.Error(codes.Internal, origMsg) }, } if err := ss.Start(nil); err != nil { diff --git a/test/roundrobin_test.go b/test/roundrobin_test.go index 2241fab7e6c8..815e244946fe 100644 --- a/test/roundrobin_test.go +++ b/test/roundrobin_test.go @@ -266,16 +266,15 @@ func (s) TestRoundRobin_UpdateAddressAttributes(t *testing.T) { grpc.WithResolvers(r), grpc.WithDefaultServiceConfig(rrServiceConfig), } - cc, err := grpc.Dial(r.Scheme()+":///test.server", dopts...) + // Set an initial resolver update with no address attributes. + addr := resolver.Address{Addr: backend.Address} + r.InitialState(resolver.State{Addresses: []resolver.Address{addr}}) + cc, err := grpc.NewClient(r.Scheme()+":///test.server", dopts...) if err != nil { - t.Fatalf("grpc.Dial() failed: %v", err) + t.Fatalf("grpc.NewClient() failed: %v", err) } t.Cleanup(func() { cc.Close() }) - // Send a resolver update with no address attributes. - addr := resolver.Address{Addr: backend.Address} - r.UpdateState(resolver.State{Addresses: []resolver.Address{addr}}) - // Make an RPC and ensure it does not contain the metadata we are looking for. client := testgrpc.NewTestServiceClient(cc) ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout) diff --git a/test/xds/xds_server_rbac_test.go b/test/xds/xds_server_rbac_test.go index 831f2512a96a..f05cd05e5fd9 100644 --- a/test/xds/xds_server_rbac_test.go +++ b/test/xds/xds_server_rbac_test.go @@ -478,6 +478,30 @@ func (s) TestRBACHTTPFilter(t *testing.T) { wantStatusEmptyCall: codes.PermissionDenied, wantStatusUnaryCall: codes.OK, }, + // This test tests an RBAC HTTP Filter which is configured to allow only + // RPC's with certain paths ("UnaryCall") via the ":path" header. Only + // unary calls passing through this RBAC HTTP Filter should proceed as + // normal, and any others should be denied. + { + name: "allow-certain-path-by-header", + rbacCfg: &rpb.RBAC{ + Rules: &v3rbacpb.RBAC{ + Action: v3rbacpb.RBAC_ALLOW, + Policies: map[string]*v3rbacpb.Policy{ + "certain-path": { + Permissions: []*v3rbacpb.Permission{ + {Rule: &v3rbacpb.Permission_Header{Header: &v3routepb.HeaderMatcher{Name: ":path", HeaderMatchSpecifier: &v3routepb.HeaderMatcher_ExactMatch{ExactMatch: "/grpc.testing.TestService/UnaryCall"}}}}, + }, + Principals: []*v3rbacpb.Principal{ + {Identifier: &v3rbacpb.Principal_Any{Any: true}}, + }, + }, + }, + }, + }, + wantStatusEmptyCall: codes.PermissionDenied, + wantStatusUnaryCall: codes.OK, + }, // This test that a RBAC Config with nil rules means that every RPC is // allowed. This maps to the line "If absent, no enforcing RBAC policy // will be applied" from the RBAC Proto documentation for the Rules diff --git a/xds/internal/balancer/clusterimpl/picker.go b/xds/internal/balancer/clusterimpl/picker.go index dd4d39b3d398..cd94182fa717 100644 --- a/xds/internal/balancer/clusterimpl/picker.go +++ b/xds/internal/balancer/clusterimpl/picker.go @@ -129,7 +129,7 @@ func (d *picker) Pick(info balancer.PickInfo) (balancer.PickResult, error) { if d.loadStore != nil { d.loadStore.CallDropped("") } - return balancer.PickResult{}, status.Errorf(codes.Unavailable, err.Error()) + return balancer.PickResult{}, status.Error(codes.Unavailable, err.Error()) } } diff --git a/xds/internal/xdsclient/transport/ads/ads_stream.go b/xds/internal/xdsclient/transport/ads/ads_stream.go index 4c4856a07347..bf7510058c5f 100644 --- a/xds/internal/xdsclient/transport/ads/ads_stream.go +++ b/xds/internal/xdsclient/transport/ads/ads_stream.go @@ -664,7 +664,7 @@ func (s *StreamImpl) onError(err error, msgReceived bool) { // connection hitting its max connection age limit. // (see [gRFC A9](https://github.com/grpc/proposal/blob/master/A9-server-side-conn-mgt.md)). if msgReceived { - err = xdsresource.NewErrorf(xdsresource.ErrTypeStreamFailedAfterRecv, err.Error()) + err = xdsresource.NewErrorf(xdsresource.ErrTypeStreamFailedAfterRecv, "%s", err.Error()) } s.eventHandler.OnADSStreamError(err)