From 293bbbc0e20196d28872ad9a06da55d8a4c27d6b Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Wed, 20 Oct 2021 15:07:56 -0700 Subject: [PATCH 1/2] [google_creds_cfe] creds/google: fix CFE cluster name check It should check for a prefix "google_cfe_" --- credentials/google/google_test.go | 2 +- credentials/google/xds.go | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/credentials/google/google_test.go b/credentials/google/google_test.go index 6a6e492ee77d..8c08712087df 100644 --- a/credentials/google/google_test.go +++ b/credentials/google/google_test.go @@ -101,7 +101,7 @@ func TestClientHandshakeBasedOnClusterName(t *testing.T) { { name: "with CFE cluster name", ctx: icredentials.NewClientHandshakeInfoContext(context.Background(), credentials.ClientHandshakeInfo{ - Attributes: internal.SetXDSHandshakeClusterName(resolver.Address{}, cfeClusterName).Attributes, + Attributes: internal.SetXDSHandshakeClusterName(resolver.Address{}, "google_cfe_bigtable.googleapis.com").Attributes, }), // CFE should use tls. wantTyp: "tls", diff --git a/credentials/google/xds.go b/credentials/google/xds.go index 588c685e2592..56707f40dce4 100644 --- a/credentials/google/xds.go +++ b/credentials/google/xds.go @@ -21,12 +21,13 @@ package google import ( "context" "net" + "strings" "google.golang.org/grpc/credentials" "google.golang.org/grpc/internal" ) -const cfeClusterName = "google-cfe" +const cfeClusterNamePrefix = "google_cfe_" // clusterTransportCreds is a combo of TLS + ALTS. // @@ -55,7 +56,7 @@ func (c *clusterTransportCreds) ClientHandshake(ctx context.Context, authority s return c.tls.ClientHandshake(ctx, authority, rawConn) } cn, ok := internal.GetXDSHandshakeClusterName(chi.Attributes) - if !ok || cn == cfeClusterName { + if !ok || strings.HasPrefix(cn, cfeClusterNamePrefix) { return c.tls.ClientHandshake(ctx, authority, rawConn) } // If attributes have cluster name, and cluster name is not cfe, it's a From adacd7a035850cdb7ad063b8b24ad13a1f9848bb Mon Sep 17 00:00:00 2001 From: Menghan Li Date: Mon, 25 Oct 2021 11:51:13 -0700 Subject: [PATCH 2/2] [google_creds_cfe] c1 --- credentials/google/xds.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/credentials/google/xds.go b/credentials/google/xds.go index 56707f40dce4..b8c2e8f9204c 100644 --- a/credentials/google/xds.go +++ b/credentials/google/xds.go @@ -33,7 +33,7 @@ const cfeClusterNamePrefix = "google_cfe_" // // On the client, ClientHandshake picks TLS or ALTS based on address attributes. // - if attributes has cluster name -// - if cluster name is "google_cfe", use TLS +// - if cluster name has prefix "google_cfe_", use TLS // - otherwise, use ALTS // - else, do TLS //