Merge branch 'main' into dns_details

Signed-off-by: Fredy Wijaya <[email protected]>
fredyw · Oct 1, 2024 · c67838a · c67838a
2 parents ab5502d + 907c370
commit c67838a
Show file tree

Hide file tree

Showing 32 changed files with 921 additions and 135 deletions.
diff --git a/.github/workflows/_check_coverage.yml b/.github/workflows/_check_coverage.yml
@@ -42,6 +42,12 @@ jobs:
         lower than limit
       rbe: true
       request: ${{ inputs.request }}
+      steps-post: |
+        - run: ci/run_envoy_docker.sh 'ci/do_ci.sh ${{ matrix.target }}-upload'
+          shell: bash
+          env:
+            GCS_ARTIFACT_BUCKET: ${{ inputs.trusted && 'envoy-postsubmit' || 'envoy-pr' }}
+
       target: ${{ matrix.target }}
       timeout-minutes: 180
       trusted: ${{ inputs.trusted }}

diff --git a/.github/workflows/_precheck_publish.yml b/.github/workflows/_precheck_publish.yml
@@ -5,6 +5,9 @@ permissions:
 
 on:
   workflow_call:
+    secrets:
+      gcp-key:
+        required: true
     inputs:
       request:
         type: string
@@ -20,6 +23,8 @@ concurrency:
 
 jobs:
   publish:
+    secrets:
+      gcp-key: ${{ secrets.gcp-key }}
     permissions:
       contents: read
       packages: read
@@ -30,6 +35,7 @@ jobs:
       cache-build-image: ${{ fromJSON(inputs.request).request.build-image.default }}
       cache-build-image-key-suffix: ${{ matrix.arch == 'arm64' && '-arm64' || '' }}
       concurrency-suffix: -${{ matrix.target }}${{ matrix.arch && format('-{0}', matrix.arch) || '' }}
+      gcs-only: "true"
       rbe: ${{ matrix.rbe }}
       request: ${{ inputs.request }}
       runs-on: ${{ matrix.runs-on || 'ubuntu-24.04' }}
@@ -38,6 +44,7 @@ jobs:
         ERROR
         error:
         Error:
+      steps-post: ${{ matrix.steps-post }}
       target: ${{ matrix.target }}
       target-suffix: ${{ matrix.target-suffix }}
       trusted: ${{ inputs.trusted }}
@@ -67,3 +74,8 @@ jobs:
             --config=remote-envoy-engflow
             --config=docs-ci
           rbe: true
+          steps-post: |
+            - run: ci/run_envoy_docker.sh 'ci/do_ci.sh docs-upload'
+              shell: bash
+              env:
+                GCS_ARTIFACT_BUCKET: ${{ inputs.trusted && 'envoy-postsubmit' || 'envoy-pr' }}
diff --git a/.github/workflows/_run.yml b/.github/workflows/_run.yml
@@ -69,6 +69,8 @@ on:
           Error:
       fail-match:
         type: string
+      gcs-only:
+        type: string
       import-gpg:
         type: boolean
         default: false
@@ -277,9 +279,12 @@ jobs:
         GCP_SERVICE_ACCOUNT_KEY_PATH=$(mktemp -p "${{ runner.temp }}" -t gcp_service_account.XXXXXX.json)
         echo "${{ secrets.gcp-key }}" | base64 --decode > "${GCP_SERVICE_ACCOUNT_KEY_PATH}"
         GCP_SERVICE_ACCOUNT_KEY_FILE="$(basename "${GCP_SERVICE_ACCOUNT_KEY_PATH}")"
+        echo "GCP_SERVICE_ACCOUNT_KEY_PATH=/build/${GCP_SERVICE_ACCOUNT_KEY_FILE}" >> "$GITHUB_ENV"
+        if [[ "${{ inputs.gcs-only }}" != "" ]]; then
+            exit 0
+        fi
         BAZEL_BUILD_EXTRA_OPTIONS="--google_credentials=/build/${GCP_SERVICE_ACCOUNT_KEY_FILE} --config=remote-ci --config=rbe-google"
         echo "BAZEL_BUILD_EXTRA_OPTIONS=${BAZEL_BUILD_EXTRA_OPTIONS}" >> "$GITHUB_ENV"
-        echo "GCP_SERVICE_ACCOUNT_KEY_PATH=${GCP_SERVICE_ACCOUNT_KEY_PATH}" >> "$GITHUB_ENV"
 
     - uses: envoyproxy/toolshed/gh-actions/github/[email protected]
       name: Run CI ${{ inputs.command }} ${{ inputs.target }}

diff --git a/.github/workflows/envoy-checks.yml b/.github/workflows/envoy-checks.yml
@@ -59,7 +59,7 @@ jobs:
 
   coverage:
     secrets:
-      gcp-key: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }}
+      gcp-key: ${{ fromJSON(needs.load.outputs.trusted) && secrets.GCP_SERVICE_ACCOUNT_KEY_TRUSTED || secrets.GCP_SERVICE_ACCOUNT_KEY }}
     permissions:
       actions: read
       contents: read

diff --git a/.github/workflows/envoy-prechecks.yml b/.github/workflows/envoy-prechecks.yml
@@ -67,6 +67,8 @@ jobs:
       trusted: ${{ fromJSON(needs.load.outputs.trusted) }}
 
   publish:
+    secrets:
+      gcp-key: ${{ fromJSON(needs.load.outputs.trusted) && secrets.GCP_SERVICE_ACCOUNT_KEY_TRUSTED || secrets.GCP_SERVICE_ACCOUNT_KEY }}
     permissions:
       actions: read
       contents: read

diff --git a/envoy/config/grpc_mux.h b/envoy/config/grpc_mux.h
@@ -2,10 +2,13 @@
 
 #include <memory>
 
+#include "envoy/common/backoff_strategy.h"
 #include "envoy/common/exception.h"
 #include "envoy/common/pure.h"
+#include "envoy/config/custom_config_validators.h"
 #include "envoy/config/eds_resources_cache.h"
 #include "envoy/config/subscription.h"
+#include "envoy/grpc/async_client.h"
 #include "envoy/stats/stats_macros.h"
 
 #include "source/common/common/cleanup.h"
@@ -112,6 +115,16 @@ class GrpcMux {
    * @return EdsResourcesCacheOptRef optional eds resources cache for the gRPC-mux.
    */
   virtual EdsResourcesCacheOptRef edsResourcesCache() PURE;
+
+  /**
+   * Updates the current gRPC-Mux object to use a new gRPC client, and config.
+   */
+  virtual absl::Status
+  updateMuxSource(Grpc::RawAsyncClientPtr&& primary_async_client,
+                  Grpc::RawAsyncClientPtr&& failover_async_client,
+                  CustomConfigValidatorsPtr&& custom_config_validators, Stats::Scope& scope,
+                  BackOffStrategyPtr&& backoff_strategy,
+                  const envoy::config::core::v3::ApiConfigSource& ads_config_source) PURE;
 };
 
 using GrpcMuxPtr = std::unique_ptr<GrpcMux>;

diff --git a/mobile/library/cc/engine_builder.cc b/mobile/library/cc/engine_builder.cc
@@ -267,6 +267,12 @@ EngineBuilder& EngineBuilder::setUpstreamTlsSni(std::string sni) {
   return *this;
 }
 
+EngineBuilder&
+EngineBuilder::setQuicConnectionIdleTimeoutSeconds(int quic_connection_idle_timeout_seconds) {
+  quic_connection_idle_timeout_seconds_ = quic_connection_idle_timeout_seconds;
+  return *this;
+}
+
 EngineBuilder&
 EngineBuilder::enablePlatformCertificatesValidation(bool platform_certificates_validation_on) {
   platform_certificates_validation_on_ = platform_certificates_validation_on;
@@ -739,7 +745,7 @@ std::unique_ptr<envoy::config::bootstrap::v3::Bootstrap> EngineBuilder::generate
         ->mutable_http3_protocol_options()
         ->mutable_quic_protocol_options()
         ->mutable_idle_network_timeout()
-        ->set_seconds(30);
+        ->set_seconds(quic_connection_idle_timeout_seconds_);
 
     base_cluster->mutable_transport_socket()->mutable_typed_config()->PackFrom(h3_proxy_socket);
     (*base_cluster->mutable_typed_extension_protocol_options())

diff --git a/mobile/library/cc/engine_builder.h b/mobile/library/cc/engine_builder.h
@@ -104,6 +104,9 @@ class EngineBuilder {
   // outside of this range will be ignored.
   EngineBuilder& setNetworkThreadPriority(int thread_priority);
 
+  // Sets the QUIC connection idle timeout in seconds.
+  EngineBuilder& setQuicConnectionIdleTimeoutSeconds(int quic_connection_idle_timeout_seconds);
+
 #if defined(__APPLE__)
   // Right now, this API is only used by Apple (iOS) to register the Apple proxy resolver API for
   // use in reading and using the system proxy settings.
@@ -201,6 +204,8 @@ class EngineBuilder {
   // https://source.chromium.org/chromium/chromium/src/+/main:net/quic/quic_session_pool.cc;l=790-793;drc=7f04a8e033c23dede6beae129cd212e6d4473d72
   // https://source.chromium.org/chromium/chromium/src/+/main:net/third_party/quiche/src/quiche/quic/core/quic_constants.h;l=43-47;drc=34ad7f3844f882baf3d31a6bc6e300acaa0e3fc8
   int32_t udp_socket_send_buffer_size_ = 1452 * 20;
+
+  int quic_connection_idle_timeout_seconds_ = 30;
 };
 
 using EngineBuilderSharedPtr = std::shared_ptr<EngineBuilder>;

diff --git a/mobile/test/java/org/chromium/net/BUILD b/mobile/test/java/org/chromium/net/BUILD
@@ -305,7 +305,7 @@ envoy_mobile_android_test(
     srcs = [
         "BidirectionalStreamTest.java",
     ],
-    flaky = True,  # TODO(fredyw): Debug the reason for it being flaky.
+    flaky = True,
     native_deps = [
         "//test/jni:libenvoy_jni_with_test_extensions.so",
     ] + select({

diff --git a/mobile/test/java/org/chromium/net/BidirectionalStreamTest.java b/mobile/test/java/org/chromium/net/BidirectionalStreamTest.java
@@ -78,9 +78,6 @@ public void setUp() throws Exception {
   @After
   public void tearDown() throws Exception {
     assertTrue(Http2TestServer.shutdownHttp2TestServer());
-    if (mCronetEngine != null) {
-      mCronetEngine.shutdown();
-    }
   }
 
   private static void checkResponseInfo(UrlResponseInfo responseInfo, String expectedUrl,

diff --git a/source/common/config/null_grpc_mux_impl.h b/source/common/config/null_grpc_mux_impl.h
@@ -27,6 +27,12 @@ class NullGrpcMuxImpl : public GrpcMux,
     ENVOY_BUG(false, "unexpected request for on demand update");
   }
 
+  absl::Status updateMuxSource(Grpc::RawAsyncClientPtr&&, Grpc::RawAsyncClientPtr&&,
+                               CustomConfigValidatorsPtr&&, Stats::Scope&, BackOffStrategyPtr&&,
+                               const envoy::config::core::v3::ApiConfigSource&) override {
+    return absl::UnimplementedError("");
+  }
+
   EdsResourcesCacheOptRef edsResourcesCache() override { return absl::nullopt; }
 
   void onWriteable() override {}

diff --git a/source/common/quic/envoy_quic_client_stream.cc b/source/common/quic/envoy_quic_client_stream.cc
@@ -258,7 +258,8 @@ bool EnvoyQuicClientStream::OnStopSending(quic::QuicResetStreamError error) {
     runResetCallbacks(
         quicRstErrorToEnvoyRemoteResetReason(error.internal_code()),
         Runtime::runtimeFeatureEnabled("envoy.reloadable_features.report_stream_reset_error_code")
-            ? quic::QuicRstStreamErrorCodeToString(error.internal_code())
+            ? absl::StrCat(quic::QuicRstStreamErrorCodeToString(error.internal_code()),
+                           "|FROM_PEER")
             : absl::string_view());
   }
   return true;
@@ -360,7 +361,7 @@ void EnvoyQuicClientStream::OnStreamReset(const quic::QuicRstStreamFrame& frame)
     runResetCallbacks(
         quicRstErrorToEnvoyRemoteResetReason(frame.error_code),
         Runtime::runtimeFeatureEnabled("envoy.reloadable_features.report_stream_reset_error_code")
-            ? quic::QuicRstStreamErrorCodeToString(frame.error_code)
+            ? absl::StrCat(quic::QuicRstStreamErrorCodeToString(frame.error_code), "|FROM_PEER")
             : absl::string_view());
   }
 }
@@ -374,7 +375,7 @@ void EnvoyQuicClientStream::ResetWithError(quic::QuicResetStreamError error) {
   runResetCallbacks(
       quicRstErrorToEnvoyLocalResetReason(error.internal_code()),
       Runtime::runtimeFeatureEnabled("envoy.reloadable_features.report_stream_reset_error_code")
-          ? quic::QuicRstStreamErrorCodeToString(error.internal_code())
+          ? absl::StrCat(quic::QuicRstStreamErrorCodeToString(error.internal_code()), "|FROM_SELF")
           : absl::string_view());
   if (session()->connection()->connected()) {
     quic::QuicSpdyClientStream::ResetWithError(error);

diff --git a/source/common/quic/envoy_quic_server_stream.cc b/source/common/quic/envoy_quic_server_stream.cc
@@ -340,7 +340,8 @@ bool EnvoyQuicServerStream::OnStopSending(quic::QuicResetStreamError error) {
     runResetCallbacks(
         quicRstErrorToEnvoyRemoteResetReason(error.internal_code()),
         Runtime::runtimeFeatureEnabled("envoy.reloadable_features.report_stream_reset_error_code")
-            ? quic::QuicRstStreamErrorCodeToString(error.internal_code())
+            ? absl::StrCat(quic::QuicRstStreamErrorCodeToString(error.internal_code()),
+                           "|FROM_PEER")
             : absl::string_view());
   }
   return true;
@@ -360,7 +361,7 @@ void EnvoyQuicServerStream::OnStreamReset(const quic::QuicRstStreamFrame& frame)
     runResetCallbacks(
         quicRstErrorToEnvoyRemoteResetReason(frame.error_code),
         Runtime::runtimeFeatureEnabled("envoy.reloadable_features.report_stream_reset_error_code")
-            ? quic::QuicRstStreamErrorCodeToString(frame.error_code)
+            ? absl::StrCat(quic::QuicRstStreamErrorCodeToString(frame.error_code), "|FROM_PEER")
             : absl::string_view());
   }
 }
@@ -375,7 +376,8 @@ void EnvoyQuicServerStream::ResetWithError(quic::QuicResetStreamError error) {
     runResetCallbacks(
         quicRstErrorToEnvoyLocalResetReason(error.internal_code()),
         Runtime::runtimeFeatureEnabled("envoy.reloadable_features.report_stream_reset_error_code")
-            ? quic::QuicRstStreamErrorCodeToString(error.internal_code())
+            ? absl::StrCat(quic::QuicRstStreamErrorCodeToString(error.internal_code()),
+                           "|FROM_SELF")
             : absl::string_view());
   }
   quic::QuicSpdyServerStreamBase::ResetWithError(error);

diff --git a/source/extensions/config_subscription/grpc/grpc_mux_failover.h b/source/extensions/config_subscription/grpc/grpc_mux_failover.h
@@ -188,6 +188,8 @@ class GrpcMuxFailover : public GrpcStreamInterface<RequestType, ResponseType>,
   }
 
 private:
+  friend class GrpcMuxFailoverTest;
+
   // A helper class that proxies the callbacks of GrpcStreamCallbacks for the primary service.
   class PrimaryGrpcStreamCallbacks : public GrpcStreamCallbacks<ResponseType> {
   public:
@@ -356,7 +358,15 @@ class GrpcMuxFailover : public GrpcStreamInterface<RequestType, ResponseType>,
   void onRemoteClose(Grpc::Status::GrpcStatus, const std::string&) override {
     PANIC("not implemented");
   }
-  void closeStream() override { PANIC("not implemented"); }
+  void closeStream() override {
+    if (connectingToOrConnectedToPrimary()) {
+      ENVOY_LOG_MISC(debug, "Intentionally closing the primary gRPC stream");
+      primary_grpc_stream_->closeStream();
+    } else if (connectingToOrConnectedToFailover()) {
+      ENVOY_LOG_MISC(debug, "Intentionally closing the failover gRPC stream");
+      failover_grpc_stream_->closeStream();
+    }
+  }
 
   // The stream callbacks that will be invoked on the GrpcMux object, to notify
   // about the state of the underlying primary/failover stream.