diff --git a/mobile/library/cc/engine_builder.cc b/mobile/library/cc/engine_builder.cc index 2c2e4cc4ddf0..fcb8d7a3c298 100644 --- a/mobile/library/cc/engine_builder.cc +++ b/mobile/library/cc/engine_builder.cc @@ -26,6 +26,7 @@ #endif #include "source/common/http/matching/inputs.h" +#include "envoy/config/core/v3/base.pb.h" #include "source/extensions/clusters/dynamic_forward_proxy/cluster.h" #include "absl/strings/str_join.h" @@ -46,9 +47,11 @@ namespace Platform { XdsBuilder::XdsBuilder(std::string xds_server_address, const int xds_server_port) : xds_server_address_(std::move(xds_server_address)), xds_server_port_(xds_server_port) {} -XdsBuilder& XdsBuilder::setAuthenticationToken(std::string token_header, std::string token) { - authentication_token_header_ = std::move(token_header); - authentication_token_ = std::move(token); +XdsBuilder& XdsBuilder::addInitialStreamHeader(std::string header, std::string value) { + envoy::config::core::v3::HeaderValue header_value; + header_value.set_key(std::move(header)); + header_value.set_value(std::move(value)); + xds_initial_grpc_metadata_.emplace_back(std::move(header_value)); return *this; } @@ -94,11 +97,11 @@ void XdsBuilder::build(envoy::config::bootstrap::v3::Bootstrap* bootstrap) const ->set_inline_string(ssl_root_certs_); } - if (!authentication_token_header_.empty() && !authentication_token_.empty()) { - auto* auth_token_metadata = grpc_service.add_initial_metadata(); - auth_token_metadata->set_key(authentication_token_header_); - auth_token_metadata->set_value(authentication_token_); + if (!xds_initial_grpc_metadata_.empty()) { + grpc_service.mutable_initial_metadata()->Assign(xds_initial_grpc_metadata_.begin(), + xds_initial_grpc_metadata_.end()); } + if (!sni_.empty()) { auto& channel_args = *grpc_service.mutable_google_grpc()->mutable_channel_args()->mutable_args(); diff --git a/mobile/library/cc/engine_builder.h b/mobile/library/cc/engine_builder.h index f3e5d5037817..3ecc4da3b8cf 100644 --- a/mobile/library/cc/engine_builder.h +++ b/mobile/library/cc/engine_builder.h @@ -6,6 +6,7 @@ #include #include "envoy/config/bootstrap/v3/bootstrap.pb.h" +#include "envoy/config/core/v3/base.pb.h" #include "source/common/protobuf/protobuf.h" @@ -50,16 +51,17 @@ class XdsBuilder final { // requests. XdsBuilder(std::string xds_server_address, const int xds_server_port); - // Sets the authentication token in the gRPC headers used to authenticate to the xDS management + // Adds a header to the initial HTTP metadata headers sent on the gRPC stream. + // + // A common use for the initial metadata headers is for authentication to the xDS management // server. // // For example, if using API keys to authenticate to Traffic Director on GCP (see // https://cloud.google.com/docs/authentication/api-keys for details), invoke: - // builder.setAuthenticationToken("x-goog-api-key", api_key_token) - // - // `token_header`: the header name for which the the `token` will be set as a value. - // `token`: the authentication token. - XdsBuilder& setAuthenticationToken(std::string token_header, std::string token); + // builder.addInitialStreamHeader("x-goog-api-key", api_key_token) + // .addInitialStreamHeader("X-Android-Package", app_package_name) + // .addInitialStreamHeader("X-Android-Cert", sha1_key_fingerprint); + XdsBuilder& addInitialStreamHeader(std::string header, std::string value); // Sets the PEM-encoded server root certificates used to negotiate the TLS handshake for the gRPC // connection. If no root certs are specified, the operating system defaults are used. @@ -110,8 +112,7 @@ class XdsBuilder final { std::string xds_server_address_; int xds_server_port_; - std::string authentication_token_header_; - std::string authentication_token_; + std::vector xds_initial_grpc_metadata_; std::string ssl_root_certs_; std::string sni_; std::string rtds_resource_name_; diff --git a/mobile/library/common/jni/jni_interface.cc b/mobile/library/common/jni/jni_interface.cc index 0ef69faba19d..fe0432705bbf 100644 --- a/mobile/library/common/jni/jni_interface.cc +++ b/mobile/library/common/jni/jni_interface.cc @@ -1163,7 +1163,7 @@ std::string javaByteArrayToString(JNIEnv* env, jbyteArray j_data) { return ret; } -// Converts a java object array to C++ vector of of strings. +// Converts a java object array to C++ vector of strings. std::vector javaObjectArrayToStringVector(JNIEnv* env, jobjectArray entries) { std::vector ret; // Note that headers is a flattened array of key/value pairs. @@ -1321,7 +1321,7 @@ extern "C" JNIEXPORT jlong JNICALL Java_io_envoyproxy_envoymobile_engine_JniLibr jboolean trust_chain_verification, jobjectArray filter_chain, jobjectArray stat_sinks, jboolean enable_platform_certificates_validation, jobjectArray runtime_guards, jstring rtds_resource_name, jlong rtds_timeout_seconds, jstring xds_address, jlong xds_port, - jstring xds_auth_header, jstring xds_auth_token, jstring xds_root_certs, jstring xds_sni, + jobjectArray xds_grpc_initial_metadata, jstring xds_root_certs, jstring xds_sni, jstring node_id, jstring node_region, jstring node_zone, jstring node_sub_zone, jbyteArray serialized_node_metadata, jstring cds_resources_locator, jlong cds_timeout_seconds, jboolean enable_cds) { @@ -1345,10 +1345,9 @@ extern "C" JNIEXPORT jlong JNICALL Java_io_envoyproxy_envoymobile_engine_JniLibr if (!native_xds_address.empty()) { #ifdef ENVOY_GOOGLE_GRPC Envoy::Platform::XdsBuilder xds_builder(std::move(native_xds_address), xds_port); - std::string native_xds_auth_header = getCppString(env, xds_auth_header); - if (!native_xds_auth_header.empty()) { - xds_builder.setAuthenticationToken(std::move(native_xds_auth_header), - getCppString(env, xds_auth_token)); + auto initial_metadata = javaObjectArrayToStringPairVector(env, xds_grpc_initial_metadata); + for (const std::pair& entry : initial_metadata) { + xds_builder.addInitialStreamHeader(entry.first, entry.second); } std::string native_root_certs = getCppString(env, xds_root_certs); if (!native_root_certs.empty()) { diff --git a/mobile/library/java/io/envoyproxy/envoymobile/engine/EnvoyConfiguration.java b/mobile/library/java/io/envoyproxy/envoymobile/engine/EnvoyConfiguration.java index d43d666df579..473e1ed13983 100644 --- a/mobile/library/java/io/envoyproxy/envoymobile/engine/EnvoyConfiguration.java +++ b/mobile/library/java/io/envoyproxy/envoymobile/engine/EnvoyConfiguration.java @@ -65,8 +65,7 @@ public enum TrustChainVerification { public final Integer rtdsTimeoutSeconds; public final String xdsAddress; public final Integer xdsPort; - public final String xdsAuthHeader; - public final String xdsAuthToken; + public final Map xdsGrpcInitialMetadata; public final String xdsRootCerts; public final String xdsSni; public final String nodeId; @@ -143,11 +142,9 @@ public enum TrustChainVerification { * @param rtdsTimeoutSeconds the timeout for RTDS fetches. * @param xdsAddress the address for the xDS management server. * @param xdsPort the port for the xDS server. - * @param xdsAuthHeader the HTTP header to use for sending the - * authentication token to the xDS server. - * @param xdsAuthToken the token to send as the authentication - * header value to authenticate with the - * xDS server. + * @param xdsGrpcInitialMetadata The Headers (as key/value pairs) that must + * be included in the xDs gRPC stream's + * initial metadata (as HTTP headers). * @param xdsRootCerts the root certificates to use for the TLS * handshake during connection establishment * with the xDS management server. @@ -182,7 +179,7 @@ public EnvoyConfiguration( Map keyValueStores, List statSinks, Map runtimeGuards, boolean enablePlatformCertificatesValidation, String rtdsResourceName, Integer rtdsTimeoutSeconds, String xdsAddress, Integer xdsPort, - String xdsAuthHeader, String xdsAuthToken, String xdsRootCerts, String xdsSni, String nodeId, + Map xdsGrpcInitialMetadata, String xdsRootCerts, String xdsSni, String nodeId, String nodeRegion, String nodeZone, String nodeSubZone, Struct nodeMetadata, String cdsResourcesLocator, Integer cdsTimeoutSeconds, boolean enableCds) { JniLibrary.load(); @@ -245,8 +242,7 @@ public EnvoyConfiguration( this.rtdsTimeoutSeconds = rtdsTimeoutSeconds; this.xdsAddress = xdsAddress; this.xdsPort = xdsPort; - this.xdsAuthHeader = xdsAuthHeader; - this.xdsAuthToken = xdsAuthToken; + this.xdsGrpcInitialMetadata = new HashMap<>(xdsGrpcInitialMetadata); this.xdsRootCerts = xdsRootCerts; this.xdsSni = xdsSni; this.nodeId = nodeId; @@ -271,6 +267,7 @@ public long createBootstrap() { byte[][] runtimeGuards = JniBridgeUtility.mapToJniBytes(this.runtimeGuards); byte[][] quicHints = JniBridgeUtility.mapToJniBytes(this.quicHints); byte[][] quicSuffixes = JniBridgeUtility.stringsToJniBytes(quicCanonicalSuffixes); + byte[][] xdsGrpcInitialMetadata = JniBridgeUtility.mapToJniBytes(this.xdsGrpcInitialMetadata); return JniLibrary.createBootstrap( grpcStatsDomain, connectTimeoutSeconds, dnsRefreshSeconds, dnsFailureRefreshSecondsBase, @@ -283,7 +280,7 @@ public long createBootstrap() { streamIdleTimeoutSeconds, perTryIdleTimeoutSeconds, appVersion, appId, enforceTrustChainVerification, filterChain, statsSinks, enablePlatformCertificatesValidation, runtimeGuards, rtdsResourceName, rtdsTimeoutSeconds, - xdsAddress, xdsPort, xdsAuthHeader, xdsAuthToken, xdsRootCerts, xdsSni, nodeId, nodeRegion, + xdsAddress, xdsPort, xdsGrpcInitialMetadata, xdsRootCerts, xdsSni, nodeId, nodeRegion, nodeZone, nodeSubZone, nodeMetadata.toByteArray(), cdsResourcesLocator, cdsTimeoutSeconds, enableCds); } diff --git a/mobile/library/java/io/envoyproxy/envoymobile/engine/JniLibrary.java b/mobile/library/java/io/envoyproxy/envoymobile/engine/JniLibrary.java index b5e703725e06..c5df9233de1c 100644 --- a/mobile/library/java/io/envoyproxy/envoymobile/engine/JniLibrary.java +++ b/mobile/library/java/io/envoyproxy/envoymobile/engine/JniLibrary.java @@ -318,8 +318,8 @@ public static native long createBootstrap( long streamIdleTimeoutSeconds, long perTryIdleTimeoutSeconds, String appVersion, String appId, boolean trustChainVerification, byte[][] filterChain, byte[][] statSinks, boolean enablePlatformCertificatesValidation, byte[][] runtimeGuards, String rtdsResourceName, - long rtdsTimeoutSeconds, String xdsAddress, long xdsPort, String xdsAuthenticationHeader, - String xdsAuthenticationToken, String xdsRootCerts, String xdsSni, String nodeId, - String nodeRegion, String nodeZone, String nodeSubZone, byte[] nodeMetadata, - String cdsResourcesLocator, long cdsTimeoutSeconds, boolean enableCds); + long rtdsTimeoutSeconds, String xdsAddress, long xdsPort, byte[][] xdsGrpcInitialMetadata, + String xdsRootCerts, String xdsSni, String nodeId, String nodeRegion, String nodeZone, + String nodeSubZone, byte[] nodeMetadata, String cdsResourcesLocator, long cdsTimeoutSeconds, + boolean enableCds); } diff --git a/mobile/library/java/org/chromium/net/impl/NativeCronvoyEngineBuilderImpl.java b/mobile/library/java/org/chromium/net/impl/NativeCronvoyEngineBuilderImpl.java index be2a5cc64d3f..ecd8d90f05c3 100644 --- a/mobile/library/java/org/chromium/net/impl/NativeCronvoyEngineBuilderImpl.java +++ b/mobile/library/java/org/chromium/net/impl/NativeCronvoyEngineBuilderImpl.java @@ -135,7 +135,7 @@ mEnableGzipDecompression, brotliEnabled(), mEnableSocketTag, mEnableInterfaceBin platformFilterChain, stringAccessors, keyValueStores, statSinks, runtimeGuards, mEnablePlatformCertificatesValidation, /*rtdsResourceName=*/"", /*rtdsTimeoutSeconds=*/0, /*xdsAddress=*/"", - /*xdsPort=*/0, /*xdsAuthenticationHeader=*/"", /*xdsAuthenticationToken=*/"", + /*xdsPort=*/0, /*xdsGrpcInitialMetadata=*/Collections.emptyMap(), /*xdsSslRootCerts=*/"", /*xdsSni=*/"", mNodeId, mNodeRegion, mNodeZone, mNodeSubZone, Struct.getDefaultInstance(), /*cdsResourcesLocator=*/"", diff --git a/mobile/library/kotlin/io/envoyproxy/envoymobile/EngineBuilder.kt b/mobile/library/kotlin/io/envoyproxy/envoymobile/EngineBuilder.kt index 1359814b436c..c65d7ebf49e4 100644 --- a/mobile/library/kotlin/io/envoyproxy/envoymobile/EngineBuilder.kt +++ b/mobile/library/kotlin/io/envoyproxy/envoymobile/EngineBuilder.kt @@ -36,8 +36,7 @@ open class XdsBuilder(internal val xdsServerAddress: String, internal val xdsSer private const val DEFAULT_XDS_TIMEOUT_IN_SECONDS: Int = 5 } - internal var authHeader: String? = null - internal var authToken: String? = null + internal var grpcInitialMetadata = mutableMapOf() internal var sslRootCerts: String? = null internal var sni: String? = null internal var rtdsResourceName: String? = null @@ -47,16 +46,23 @@ open class XdsBuilder(internal val xdsServerAddress: String, internal val xdsSer internal var cdsTimeoutInSeconds: Int = DEFAULT_XDS_TIMEOUT_IN_SECONDS /** - * Sets the authentication HTTP header and token value for authenticating with the xDS management + * Adds a header to the initial HTTP metadata headers sent on the gRPC stream. + * + * A common use for the initial metadata headers is for authentication to the xDS management * server. * - * @param header The HTTP authentication header. - * @param token The authentication token to be sent in the header. + * For example, if using API keys to authenticate to Traffic Director on GCP (see + * https://cloud.google.com/docs/authentication/api-keys for details), invoke: + * builder.addInitialStreamHeader("x-goog-api-key", apiKeyToken) + * .addInitialStreamHeader("X-Android-Package", appPackageName) + * .addInitialStreamHeader("X-Android-Cert", sha1KeyFingerprint) + * + * @param header The HTTP header name to add to the initial gRPC stream's metadata. + * @param value The HTTP header value to add to the initial gRPC stream's metadata. * @return this builder. */ - fun setAuthenticationToken(header: String, token: String): XdsBuilder { - this.authHeader = header - this.authToken = token + fun addInitialStreamHeader(header: String, value: String): XdsBuilder { + this.grpcInitialMetadata.put(header, value) return this } @@ -723,8 +729,7 @@ open class EngineBuilder(private val configuration: BaseConfiguration = Standard xdsBuilder?.rtdsTimeoutInSeconds ?: 0, xdsBuilder?.xdsServerAddress, xdsBuilder?.xdsServerPort ?: 0, - xdsBuilder?.authHeader, - xdsBuilder?.authToken, + xdsBuilder?.grpcInitialMetadata ?: mapOf(), xdsBuilder?.sslRootCerts, xdsBuilder?.sni, nodeId, diff --git a/mobile/library/objective-c/EnvoyConfiguration.h b/mobile/library/objective-c/EnvoyConfiguration.h index 87dec257ef59..5e211d983e30 100644 --- a/mobile/library/objective-c/EnvoyConfiguration.h +++ b/mobile/library/objective-c/EnvoyConfiguration.h @@ -53,8 +53,7 @@ NS_ASSUME_NONNULL_BEGIN @property (nonatomic, strong, nullable) NSString *nodeSubZone; @property (nonatomic, strong, nullable) NSString *xdsServerAddress; @property (nonatomic, assign) UInt32 xdsServerPort; -@property (nonatomic, strong, nullable) NSString *xdsAuthHeader; -@property (nonatomic, strong, nullable) NSString *xdsAuthToken; +@property (nonatomic, strong) NSDictionary *xdsGrpcInitialMetadata; @property (nonatomic, strong, nullable) NSString *xdsSslRootCerts; @property (nonatomic, strong, nullable) NSString *xdsSni; @property (nonatomic, strong, nullable) NSString *rtdsResourceName; @@ -115,8 +114,8 @@ NS_ASSUME_NONNULL_BEGIN nodeSubZone:(nullable NSString *)nodeSubZone xdsServerAddress:(nullable NSString *)xdsServerAddress xdsServerPort:(UInt32)xdsServerPort - xdsAuthHeader:(nullable NSString *)xdsAuthHeader - xdsAuthToken:(nullable NSString *)xdsAuthToken + xdsGrpcInitialMetadata: + (NSDictionary *)xdsGrpcInitialMetadata xdsSslRootCerts:(nullable NSString *)xdsSslRootCerts xdsSni:(nullable NSString *)xdsSni rtdsResourceName:(nullable NSString *)rtdsResourceName diff --git a/mobile/library/objective-c/EnvoyConfiguration.mm b/mobile/library/objective-c/EnvoyConfiguration.mm index 0719a75faac4..f40f54a4c477 100644 --- a/mobile/library/objective-c/EnvoyConfiguration.mm +++ b/mobile/library/objective-c/EnvoyConfiguration.mm @@ -115,8 +115,8 @@ - (instancetype)initWithGrpcStatsDomain:(nullable NSString *)grpcStatsDomain nodeSubZone:(nullable NSString *)nodeSubZone xdsServerAddress:(nullable NSString *)xdsServerAddress xdsServerPort:(UInt32)xdsServerPort - xdsAuthHeader:(nullable NSString *)xdsAuthHeader - xdsAuthToken:(nullable NSString *)xdsAuthToken + xdsGrpcInitialMetadata: + (NSDictionary *)xdsGrpcInitialMetadata xdsSslRootCerts:(nullable NSString *)xdsSslRootCerts xdsSni:(nullable NSString *)xdsSni rtdsResourceName:(nullable NSString *)rtdsResourceName @@ -170,8 +170,7 @@ - (instancetype)initWithGrpcStatsDomain:(nullable NSString *)grpcStatsDomain self.nodeSubZone = nodeSubZone; self.xdsServerAddress = xdsServerAddress; self.xdsServerPort = xdsServerPort; - self.xdsAuthHeader = xdsAuthHeader; - self.xdsAuthToken = xdsAuthToken; + self.xdsGrpcInitialMetadata = xdsGrpcInitialMetadata; self.xdsSslRootCerts = xdsSslRootCerts; self.xdsSni = xdsSni; self.rtdsResourceName = rtdsResourceName; @@ -272,9 +271,9 @@ - (instancetype)initWithGrpcStatsDomain:(nullable NSString *)grpcStatsDomain #ifdef ENVOY_GOOGLE_GRPC if (self.xdsServerAddress != nil) { Envoy::Platform::XdsBuilder xdsBuilder([self.xdsServerAddress toCXXString], self.xdsServerPort); - if (self.xdsAuthHeader != nil) { - xdsBuilder.setAuthenticationToken([self.xdsAuthHeader toCXXString], - [self.xdsAuthToken toCXXString]); + for (NSString *header in self.xdsGrpcInitialMetadata) { + xdsBuilder.addInitialStreamHeader( + [header toCXXString], [[self.xdsGrpcInitialMetadata objectForKey:header] toCXXString]); } if (self.xdsSslRootCerts != nil) { xdsBuilder.setSslRootCerts([self.xdsSslRootCerts toCXXString]); diff --git a/mobile/library/swift/EngineBuilder.swift b/mobile/library/swift/EngineBuilder.swift index cdcc49f183fe..e1050eba9dee 100644 --- a/mobile/library/swift/EngineBuilder.swift +++ b/mobile/library/swift/EngineBuilder.swift @@ -18,8 +18,7 @@ open class XdsBuilder: NSObject { let xdsServerAddress: String let xdsServerPort: UInt32 - var authHeader: String? - var authToken: String? + var xdsGrpcInitialMetadata: [String: String] = [:] var sslRootCerts: String? var sni: String? var rtdsResourceName: String? @@ -37,19 +36,26 @@ open class XdsBuilder: NSObject { self.xdsServerPort = xdsServerPort } - /// Sets the authentication HTTP header and token value for authentication with the xDS - /// management server. + /// Adds a header to the initial HTTP metadata headers sent on the gRPC stream. /// - /// - parameter header: The HTTP authentication header. - /// - parameter token: The authentication token to be sent in the header. + /// A common use for the initial metadata headers is for authentication to the xDS management + /// server. + /// + /// For example, if using API keys to authenticate to Traffic Director on GCP (see + /// https://cloud.google.com/docs/authentication/api-keys for details), invoke: + /// builder.addInitialStreamHeader("x-goog-api-key", apiKeyToken) + /// .addInitialStreamHeader("X-Android-Package", appPackageName) + /// .addInitialStreamHeader("X-Android-Cert", sha1KeyFingerprint); + /// + /// - parameter header: The HTTP header to add on the gRPC stream's initial metadata. + /// - parameter value: The HTTP header value to add on the gRPC stream's initial metadata. /// /// - returns: This builder. @discardableResult - public func setAuthenticationToken( + public func addInitialStreamHeader( header: String, - token: String) -> Self { - self.authHeader = header - self.authToken = token + value: String) -> Self { + self.xdsGrpcInitialMetadata[header] = value return self } @@ -775,8 +781,7 @@ open class EngineBuilder: NSObject { func makeConfig() -> EnvoyConfiguration { var xdsServerAddress: String? var xdsServerPort: UInt32 = 0 - var xdsAuthHeader: String? - var xdsAuthToken: String? + var xdsGrpcInitialMetadata: [String: String] = [:] var xdsSslRootCerts: String? var xdsSni: String? var rtdsResourceName: String? @@ -788,8 +793,7 @@ open class EngineBuilder: NSObject { #if ENVOY_GOOGLE_GRPC xdsServerAddress = self.xdsBuilder?.xdsServerAddress xdsServerPort = self.xdsBuilder?.xdsServerPort ?? 0 - xdsAuthHeader = self.xdsBuilder?.authHeader - xdsAuthToken = self.xdsBuilder?.authToken + xdsGrpcInitialMetadata = self.xdsBuilder?.xdsGrpcInitialMetadata ?? [:] xdsSslRootCerts = self.xdsBuilder?.sslRootCerts xdsSni = self.xdsBuilder?.sni rtdsResourceName = self.xdsBuilder?.rtdsResourceName @@ -841,8 +845,7 @@ open class EngineBuilder: NSObject { nodeSubZone: self.nodeSubZone, xdsServerAddress: xdsServerAddress, xdsServerPort: xdsServerPort, - xdsAuthHeader: xdsAuthHeader, - xdsAuthToken: xdsAuthToken, + xdsGrpcInitialMetadata: xdsGrpcInitialMetadata, xdsSslRootCerts: xdsSslRootCerts, xdsSni: xdsSni, rtdsResourceName: rtdsResourceName, @@ -948,9 +951,8 @@ private extension EngineBuilder { if let xdsBuilder = self.xdsBuilder { var cxxXdsBuilder = Envoy.Platform.XdsBuilder(xdsBuilder.xdsServerAddress.toCXX(), Int32(xdsBuilder.xdsServerPort)) - if let xdsAuthHeader = xdsBuilder.authHeader { - cxxXdsBuilder.setAuthenticationToken(xdsAuthHeader.toCXX(), - xdsBuilder.authToken?.toCXX() ?? "".toCXX()) + for (header, value) in xdsBuilder.xdsGrpcInitialMetadata { + cxxXdsBuilder.addInitialStreamHeader(header.toCXX(), value.toCXX()) } if let xdsSslRootCerts = xdsBuilder.sslRootCerts { cxxXdsBuilder.setSslRootCerts(xdsSslRootCerts.toCXX()) diff --git a/mobile/test/cc/unit/envoy_config_test.cc b/mobile/test/cc/unit/envoy_config_test.cc index ed1ccd5fd353..0617f5764219 100644 --- a/mobile/test/cc/unit/envoy_config_test.cc +++ b/mobile/test/cc/unit/envoy_config_test.cc @@ -297,29 +297,35 @@ TEST(TestConfig, XdsConfig) { IsEmpty()); EXPECT_THAT(ads_config.grpc_services(0).google_grpc().call_credentials(), SizeIs(0)); - // With authentication credentials. + // With initial gRPC metadata. xds_builder = XdsBuilder(/*xds_server_address=*/"fake-td.googleapis.com", /*xds_server_port=*/12345); - xds_builder.setAuthenticationToken(/*header=*/"x-goog-api-key", /*token=*/"A1B2C3"); + xds_builder.addInitialStreamHeader(/*header=*/"x-goog-api-key", /*value=*/"A1B2C3") + .addInitialStreamHeader(/*header=*/"x-android-package", + /*value=*/"com.google.envoymobile.io.myapp"); xds_builder.setSslRootCerts(/*root_certs=*/"my_root_cert"); xds_builder.setSni(/*sni=*/"fake-td.googleapis.com"); engine_builder.setXds(std::move(xds_builder)); bootstrap = engine_builder.generateBootstrap(); - auto& ads_config_with_tokens = bootstrap->dynamic_resources().ads_config(); - EXPECT_EQ(ads_config_with_tokens.api_type(), envoy::config::core::v3::ApiConfigSource::GRPC); - EXPECT_EQ(ads_config_with_tokens.grpc_services(0).google_grpc().target_uri(), + auto& ads_config_with_metadata = bootstrap->dynamic_resources().ads_config(); + EXPECT_EQ(ads_config_with_metadata.api_type(), envoy::config::core::v3::ApiConfigSource::GRPC); + EXPECT_EQ(ads_config_with_metadata.grpc_services(0).google_grpc().target_uri(), "fake-td.googleapis.com:12345"); - EXPECT_EQ(ads_config_with_tokens.grpc_services(0).google_grpc().stat_prefix(), "ads"); - EXPECT_EQ(ads_config_with_tokens.grpc_services(0) + EXPECT_EQ(ads_config_with_metadata.grpc_services(0).google_grpc().stat_prefix(), "ads"); + EXPECT_EQ(ads_config_with_metadata.grpc_services(0) .google_grpc() .channel_credentials() .ssl_credentials() .root_certs() .inline_string(), "my_root_cert"); - EXPECT_EQ(ads_config_with_tokens.grpc_services(0).initial_metadata(0).key(), "x-goog-api-key"); - EXPECT_EQ(ads_config_with_tokens.grpc_services(0).initial_metadata(0).value(), "A1B2C3"); - EXPECT_EQ(ads_config_with_tokens.grpc_services(0) + EXPECT_EQ(ads_config_with_metadata.grpc_services(0).initial_metadata(0).key(), "x-goog-api-key"); + EXPECT_EQ(ads_config_with_metadata.grpc_services(0).initial_metadata(0).value(), "A1B2C3"); + EXPECT_EQ(ads_config_with_metadata.grpc_services(0).initial_metadata(1).key(), + "x-android-package"); + EXPECT_EQ(ads_config_with_metadata.grpc_services(0).initial_metadata(1).value(), + "com.google.envoymobile.io.myapp"); + EXPECT_EQ(ads_config_with_metadata.grpc_services(0) .google_grpc() .channel_args() .args() diff --git a/mobile/test/java/io/envoyproxy/envoymobile/engine/EnvoyConfigurationTest.kt b/mobile/test/java/io/envoyproxy/envoymobile/engine/EnvoyConfigurationTest.kt index 44c536d51e4e..501be2879ac3 100644 --- a/mobile/test/java/io/envoyproxy/envoymobile/engine/EnvoyConfigurationTest.kt +++ b/mobile/test/java/io/envoyproxy/envoymobile/engine/EnvoyConfigurationTest.kt @@ -104,8 +104,7 @@ class EnvoyConfigurationTest { rtdsTimeoutSeconds: Int = 0, xdsAddress: String = "", xdsPort: Int = 0, - xdsAuthHeader: String = "", - xdsAuthToken: String = "", + xdsGrpcInitialMetadata: Map = emptyMap(), xdsSslRootCerts: String = "", xdsSni: String = "", nodeId: String = "", @@ -159,8 +158,7 @@ class EnvoyConfigurationTest { rtdsTimeoutSeconds, xdsAddress, xdsPort, - xdsAuthHeader, - xdsAuthToken, + xdsGrpcInitialMetadata, xdsSslRootCerts, xdsSni, nodeId, diff --git a/mobile/test/kotlin/io/envoyproxy/envoymobile/EngineBuilderTest.kt b/mobile/test/kotlin/io/envoyproxy/envoymobile/EngineBuilderTest.kt index 2d137602a0c2..8ee213a006de 100644 --- a/mobile/test/kotlin/io/envoyproxy/envoymobile/EngineBuilderTest.kt +++ b/mobile/test/kotlin/io/envoyproxy/envoymobile/EngineBuilderTest.kt @@ -208,7 +208,9 @@ class EngineBuilderTest { @Test fun `specifying xDS works`() { var xdsBuilder = XdsBuilder("fake_test_address", 0) - xdsBuilder.setAuthenticationToken("x-goog-api-key", "A1B2C3") + xdsBuilder + .addInitialStreamHeader("x-goog-api-key", "A1B2C3") + .addInitialStreamHeader("x-android-package", "com.google.myapp") xdsBuilder.setSslRootCerts("my_root_certs") xdsBuilder.setSni("fake_test_address") xdsBuilder.addRuntimeDiscoveryService("some_rtds_resource") @@ -221,8 +223,8 @@ class EngineBuilderTest { val engine = engineBuilder.build() as EngineImpl assertThat(engine.envoyConfiguration.xdsAddress).isEqualTo("fake_test_address") - assertThat(engine.envoyConfiguration.xdsAuthHeader).isEqualTo("x-goog-api-key") - assertThat(engine.envoyConfiguration.xdsAuthToken).isEqualTo("A1B2C3") + assertThat(engine.envoyConfiguration.xdsGrpcInitialMetadata) + .isEqualTo(mapOf("x-goog-api-key" to "A1B2C3", "x-android-package" to "com.google.myapp")) assertThat(engine.envoyConfiguration.xdsRootCerts).isEqualTo("my_root_certs") assertThat(engine.envoyConfiguration.xdsSni).isEqualTo("fake_test_address") assertThat(engine.envoyConfiguration.rtdsResourceName).isEqualTo("some_rtds_resource") diff --git a/mobile/test/non_hermetic/gcp_traffic_director_integration_test.cc b/mobile/test/non_hermetic/gcp_traffic_director_integration_test.cc index 3723a9e70be5..5a992eb9a6ce 100644 --- a/mobile/test/non_hermetic/gcp_traffic_director_integration_test.cc +++ b/mobile/test/non_hermetic/gcp_traffic_director_integration_test.cc @@ -71,9 +71,9 @@ class GcpTrafficDirectorIntegrationTest Platform::XdsBuilder xds_builder(/*xds_server_address=*/std::string(TD_API_ENDPOINT), /*xds_server_port=*/443); - xds_builder.setAuthenticationToken("x-goog-api-key", std::string(api_key)); - xds_builder.setSslRootCerts(std::move(root_certs)); - xds_builder.addClusterDiscoveryService(); + xds_builder.addInitialStreamHeader("x-goog-api-key", std::string(api_key)) + .setSslRootCerts(std::move(root_certs)) + .addClusterDiscoveryService(); builder_.addLogLevel(Platform::LogLevel::trace) .setNodeId(absl::Substitute("projects/$0/networks/default/nodes/111222333444", PROJECT_ID)) .setXds(std::move(xds_builder)); diff --git a/mobile/test/swift/EngineBuilderTests.swift b/mobile/test/swift/EngineBuilderTests.swift index eb275f91d9d8..05460dc10168 100644 --- a/mobile/test/swift/EngineBuilderTests.swift +++ b/mobile/test/swift/EngineBuilderTests.swift @@ -394,7 +394,8 @@ final class EngineBuilderTests: XCTestCase { func testAddingXdsSecurityConfigurationWhenRunningEnvoy() { let xdsBuilder = XdsBuilder(xdsServerAddress: "FAKE_SWIFT_ADDRESS", xdsServerPort: 0) - .setAuthenticationToken(header: "x-goog-api-key", token: "A1B2C3") + .addInitialStreamHeader(header: "x-goog-api-key", value: "A1B2C3") + .addInitialStreamHeader(header: "x-android-package", value: "com.google.myapp") .setSslRootCerts(rootCerts: "fake_ssl_root_certs") .setSni(sni: "fake_sni_address") .addRuntimeDiscoveryService(resourceName: "some_rtds_resource", timeoutInSeconds: 14325) @@ -404,6 +405,8 @@ final class EngineBuilderTests: XCTestCase { .bootstrapDebugDescription() XCTAssertTrue(bootstrapDebugDescription.contains("x-goog-api-key")) XCTAssertTrue(bootstrapDebugDescription.contains("A1B2C3")) + XCTAssertTrue(bootstrapDebugDescription.contains("x-android-package")) + XCTAssertTrue(bootstrapDebugDescription.contains("com.google.myapp")) XCTAssertTrue(bootstrapDebugDescription.contains("fake_ssl_root_certs")) XCTAssertTrue(bootstrapDebugDescription.contains("fake_sni_address")) }