wasm: Send nack when there is not well-formed resource messages #42928
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Change-Id: I8143ba8bc8c292ce2de5abda0a4f0c70c111bf80
Change-Id: I076929d14dd1312b3717fe992352520223997354
|
Skipping CI for Draft Pull Request. |
istio-testing
added
do-not-merge/work-in-progress
ingwonsong
changed the title
kyessenov
approved these changes
Jan 20, 2023
ingwonsong
changed the title
Change-Id: I31831ea1ba87c99ffc0451a7f3a2cb02acc14d91
istio-testing
added
size/L
istio-testing
removed
the
do-not-merge/work-in-progress
ingwonsong
added
the
release-notes-none
|
@howardjohn Could you please review this PR? (it was mistakenly merged, though). |
howardjohn
reviewed
Jan 23, 2023
| @@ -74,7 +74,7 @@ func MaybeConvertWasmExtensionConfig(resources []*anypb.Any, cache Cache) bool { | |||
| func convert(resource *anypb.Any, cache Cache) (newExtensionConfig *anypb.Any, sendNack bool) { | |||
| ec := &core.TypedExtensionConfig{} | |||
| newExtensionConfig = resource | |||
| sendNack = false | |||
| sendNack = true | |||
There was a problem hiding this comment.
I feel fairly uncomfortable with this.. a NACK is a huge risk, has the possibility to cause cluster wide outage by blocking all pod startup. Its worth a return nil, true to explicitly signal this rather than implicitly NACKing
There was a problem hiding this comment.
Return like this is bad practice in Go in general, IMO, but especially in this case
There was a problem hiding this comment.
Actually i guess in this case since we are proxying its a bit different but still a good policy.
Also its not clear - can convert return nil, false? What happens if so?
Also - On NACK, shouldn't we apply the valid configs and just NACK the invalid ones?
There was a problem hiding this comment.
The problem is that a valid xDS causes Envoy crash. The only mechanism to prevent it is NACK in the proxy. A crash is worse than inability to update some (optional) config.
There was a problem hiding this comment.
I am not saying we shouldn't NACK, just that the default being NACK and then unsettting it is confusing/risky. Just a syntax concern; we should explicitly annotate on each return nack or not
There was a problem hiding this comment.
Right, that's why I asked for the coverage report. We should have unit tests for good/bad cases and make sure they are reasonable.
There was a problem hiding this comment.
@kyessenov Here is the coverage report.
https://storage.googleapis.com/igsong-test-wasms/coverage/istio-wasm-coverage.html#file1
bleggett
added a commit
to bleggett/istio
that referenced
this pull request
Jan 24, 2023
Update protobufs Add dep Derp Consider actually using TCP Hmm Fix this Missed one Add log message Logging Remove these Testing Missed this gawd Hmm Fix this Testing Ugh Whitespace Testing Invalid component Testing Fix logging Testt Add alt case Hmm Fix Fix 2 Fix routing Actually fix Fix this Don't cleanup gateways Aight I'm a goofus Tidy Testing Test Hmm Test Fix this Hmmm Oh Fix this Fix this test Hmm Test Hmm Hmm Cleanup Revert "Cleanup" This reverts commit 1f933b720c504dc82cdb5683e1e08e6d464f5f1a. Fix this Better comment Fix comment Automator: update proxy@master in istio/istio@master (istio#42865) Automator: update common-files@master in istio/istio@master (istio#42879) Automator: update istio/client-go@master dependency in istio/istio@master (istio#42880) improve wasm ecds comments (istio#42883) Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Change no server certificate verify as warning level (istio#42876) * Change no server certificate verify as warning level * update Use latest helm dependency (istio#42891) Automator: update proxy@master in istio/istio@master (istio#42898) Automator: update common-files@master in istio/istio@master (istio#42900) Automator: update istio/client-go@master dependency in istio/istio@master (istio#42901) Automator: update proxy@master in istio/istio@master (istio#42907) Cleanup unused metadata (istio#42903) Update BASE_VERSION to master-2023-01-20T04-29-21 (istio#42913) Add Locality info to debug interface (istio#42884) Switching revision in IstioOperator istio-gateway cache fix (istio#42529) * switching revision in IstioOperator istio-gateway cache fix Signed-off-by: Shubham Chauhan <shubham@tetrate.io> * include all components Signed-off-by: Shubham Chauhan <shubham@tetrate.io> Signed-off-by: Shubham Chauhan <shubham@tetrate.io> Automator: update proxy@master in istio/istio@master (istio#42923) Automator: update istio/client-go@master dependency in istio/istio@master (istio#42926) add e2e for MetricDefinition (istio#42563) (istio#42924) * add e2e for MetricDefinition * fix lint * send http traffic only * fix prom query Co-authored-by: zirain <hejianpeng2@huawei.com> tf: ensure Check is always set (istio#42908) * tf: ensure Check is always set Avoid cases where we do not test anything * Always set * a few more * fix Initial messing about for PROXY protocol tests Fix this Automator: update proxy@master in istio/istio@master (istio#42865) Automator: update common-files@master in istio/istio@master (istio#42879) Automator: update istio/client-go@master dependency in istio/istio@master (istio#42880) improve wasm ecds comments (istio#42883) Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Change no server certificate verify as warning level (istio#42876) * Change no server certificate verify as warning level * update Use latest helm dependency (istio#42891) Automator: update proxy@master in istio/istio@master (istio#42898) Automator: update common-files@master in istio/istio@master (istio#42900) Automator: update istio/client-go@master dependency in istio/istio@master (istio#42901) Automator: update proxy@master in istio/istio@master (istio#42907) Cleanup unused metadata (istio#42903) Update BASE_VERSION to master-2023-01-20T04-29-21 (istio#42913) Add Locality info to debug interface (istio#42884) Switching revision in IstioOperator istio-gateway cache fix (istio#42529) * switching revision in IstioOperator istio-gateway cache fix Signed-off-by: Shubham Chauhan <shubham@tetrate.io> * include all components Signed-off-by: Shubham Chauhan <shubham@tetrate.io> Signed-off-by: Shubham Chauhan <shubham@tetrate.io> Automator: update proxy@master in istio/istio@master (istio#42923) Automator: update istio/client-go@master dependency in istio/istio@master (istio#42926) add e2e for MetricDefinition (istio#42563) (istio#42924) * add e2e for MetricDefinition * fix lint * send http traffic only * fix prom query Co-authored-by: zirain <hejianpeng2@huawei.com> tf: ensure Check is always set (istio#42908) * tf: ensure Check is always set Avoid cases where we do not test anything * Always set * a few more * fix wasm: Send nack when there is not well-formed resource messages (istio#42928) * Send nack when there is an unmarshal error. Change-Id: I8143ba8bc8c292ce2de5abda0a4f0c70c111bf80 * change if structure to have more readability Change-Id: I076929d14dd1312b3717fe992352520223997354 * add unit tests Change-Id: I31831ea1ba87c99ffc0451a7f3a2cb02acc14d91 Automator: update proxy@master in istio/istio@master (istio#42931) Automator: update go dependencies@ in istio/istio@master (istio#42932) Fix TestDeltaEDS flake (istio#42925) improve appsv1 package import statement (istio#42946) Signed-off-by: xin.li <xin.li@daocloud.io> Signed-off-by: xin.li <xin.li@daocloud.io> Use the slices package for contains check (istio#42947) Automator: update common-files@master in istio/istio@master (istio#42948) reducing leaseduration, renewdeadline and retryperiod to shorten test time (istio#42920) add patch name to envoy filter crash log line (istio#42935) * add patch name to envoy filter crash log line Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * log line change Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> use authn filter constant every where (istio#42936) Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Automator: update istio/client-go@master dependency in istio/istio@master (istio#42949) Automator: update proxy@master in istio/istio@master (istio#42950) Automator: update proxy@master in istio/istio@master (istio#42953) Update master branch from 1.17 to 1.18 (istio#42875) * Update master branch from 1.17 to 1.18 * Remove older envoy filters * Fixup some version errors Update default k8s for test and buildkit (istio#42952) Use helm repo for integration tests instead of tarballs (istio#42864) * Use helm repo for integration tests instead of tarballs Signed-off-by: Faseela K <faseela.k@est.tech> * refactor Signed-off-by: Faseela K <faseela.k@est.tech> * configuration option for helm repo Signed-off-by: Faseela K <faseela.k@est.tech> * fix lint failure Signed-off-by: Faseela K <faseela.k@est.tech> * add --repo to individual commands Signed-off-by: Faseela K <faseela.k@est.tech> Signed-off-by: Faseela K <faseela.k@est.tech> Automator: update common-files@master in istio/istio@master (istio#42957)
|
/cherrypick release-1.15 |
|
@ingwonsong: new pull request created: #42981 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
istio-testing
pushed a commit
that referenced
this pull request
Jan 31, 2023
* Test * Add basic integration tests for PROXY protocol and gateway Update protobufs Add dep Derp Consider actually using TCP Hmm Fix this Missed one Add log message Logging Remove these Testing Missed this gawd Hmm Fix this Testing Ugh Whitespace Testing Invalid component Testing Fix logging Testt Add alt case Hmm Fix Fix 2 Fix routing Actually fix Fix this Don't cleanup gateways Aight I'm a goofus Tidy Testing Test Hmm Test Fix this Hmmm Oh Fix this Fix this test Hmm Test Hmm Hmm Cleanup Revert "Cleanup" This reverts commit 1f933b720c504dc82cdb5683e1e08e6d464f5f1a. Fix this Better comment Fix comment Automator: update proxy@master in istio/istio@master (#42865) Automator: update common-files@master in istio/istio@master (#42879) Automator: update istio/client-go@master dependency in istio/istio@master (#42880) improve wasm ecds comments (#42883) Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Change no server certificate verify as warning level (#42876) * Change no server certificate verify as warning level * update Use latest helm dependency (#42891) Automator: update proxy@master in istio/istio@master (#42898) Automator: update common-files@master in istio/istio@master (#42900) Automator: update istio/client-go@master dependency in istio/istio@master (#42901) Automator: update proxy@master in istio/istio@master (#42907) Cleanup unused metadata (#42903) Update BASE_VERSION to master-2023-01-20T04-29-21 (#42913) Add Locality info to debug interface (#42884) Switching revision in IstioOperator istio-gateway cache fix (#42529) * switching revision in IstioOperator istio-gateway cache fix Signed-off-by: Shubham Chauhan <shubham@tetrate.io> * include all components Signed-off-by: Shubham Chauhan <shubham@tetrate.io> Signed-off-by: Shubham Chauhan <shubham@tetrate.io> Automator: update proxy@master in istio/istio@master (#42923) Automator: update istio/client-go@master dependency in istio/istio@master (#42926) add e2e for MetricDefinition (#42563) (#42924) * add e2e for MetricDefinition * fix lint * send http traffic only * fix prom query Co-authored-by: zirain <hejianpeng2@huawei.com> tf: ensure Check is always set (#42908) * tf: ensure Check is always set Avoid cases where we do not test anything * Always set * a few more * fix Initial messing about for PROXY protocol tests Fix this Automator: update proxy@master in istio/istio@master (#42865) Automator: update common-files@master in istio/istio@master (#42879) Automator: update istio/client-go@master dependency in istio/istio@master (#42880) improve wasm ecds comments (#42883) Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Change no server certificate verify as warning level (#42876) * Change no server certificate verify as warning level * update Use latest helm dependency (#42891) Automator: update proxy@master in istio/istio@master (#42898) Automator: update common-files@master in istio/istio@master (#42900) Automator: update istio/client-go@master dependency in istio/istio@master (#42901) Automator: update proxy@master in istio/istio@master (#42907) Cleanup unused metadata (#42903) Update BASE_VERSION to master-2023-01-20T04-29-21 (#42913) Add Locality info to debug interface (#42884) Switching revision in IstioOperator istio-gateway cache fix (#42529) * switching revision in IstioOperator istio-gateway cache fix Signed-off-by: Shubham Chauhan <shubham@tetrate.io> * include all components Signed-off-by: Shubham Chauhan <shubham@tetrate.io> Signed-off-by: Shubham Chauhan <shubham@tetrate.io> Automator: update proxy@master in istio/istio@master (#42923) Automator: update istio/client-go@master dependency in istio/istio@master (#42926) add e2e for MetricDefinition (#42563) (#42924) * add e2e for MetricDefinition * fix lint * send http traffic only * fix prom query Co-authored-by: zirain <hejianpeng2@huawei.com> tf: ensure Check is always set (#42908) * tf: ensure Check is always set Avoid cases where we do not test anything * Always set * a few more * fix wasm: Send nack when there is not well-formed resource messages (#42928) * Send nack when there is an unmarshal error. Change-Id: I8143ba8bc8c292ce2de5abda0a4f0c70c111bf80 * change if structure to have more readability Change-Id: I076929d14dd1312b3717fe992352520223997354 * add unit tests Change-Id: I31831ea1ba87c99ffc0451a7f3a2cb02acc14d91 Automator: update proxy@master in istio/istio@master (#42931) Automator: update go dependencies@ in istio/istio@master (#42932) Fix TestDeltaEDS flake (#42925) improve appsv1 package import statement (#42946) Signed-off-by: xin.li <xin.li@daocloud.io> Signed-off-by: xin.li <xin.li@daocloud.io> Use the slices package for contains check (#42947) Automator: update common-files@master in istio/istio@master (#42948) reducing leaseduration, renewdeadline and retryperiod to shorten test time (#42920) add patch name to envoy filter crash log line (#42935) * add patch name to envoy filter crash log line Signed-off-by: Rama Chavali <rama.rao@salesforce.com> * log line change Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> use authn filter constant every where (#42936) Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Automator: update istio/client-go@master dependency in istio/istio@master (#42949) Automator: update proxy@master in istio/istio@master (#42950) Automator: update proxy@master in istio/istio@master (#42953) Update master branch from 1.17 to 1.18 (#42875) * Update master branch from 1.17 to 1.18 * Remove older envoy filters * Fixup some version errors Update default k8s for test and buildkit (#42952) Use helm repo for integration tests instead of tarballs (#42864) * Use helm repo for integration tests instead of tarballs Signed-off-by: Faseela K <faseela.k@est.tech> * refactor Signed-off-by: Faseela K <faseela.k@est.tech> * configuration option for helm repo Signed-off-by: Faseela K <faseela.k@est.tech> * fix lint failure Signed-off-by: Faseela K <faseela.k@est.tech> * add --repo to individual commands Signed-off-by: Faseela K <faseela.k@est.tech> Signed-off-by: Faseela K <faseela.k@est.tech> Automator: update common-files@master in istio/istio@master (#42957) * Fix these * Lint fixes * Fix comments * Lint fixes * More lint fixes * Be slightly more efficient with gateway creation * Lints * Update tests/integration/pilot/common/routing.go Co-authored-by: Lin Sun <lin.sun@solo.io> --------- Co-authored-by: Lin Sun <lin.sun@solo.io>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Change-Id: I8143ba8bc8c292ce2de5abda0a4f0c70c111bf80
In current impl, if ECDS resource message is not well-formed (e.g., fail to unmarshal or absence of required fields), the ECDS is just bypassed to Envoy.
This would just defer the error to Envoy and makes debugging harder.
So, this proposes to send Nack in that case.
In addition, to help debugging, Debugf is changed to Errorf for the cases that the message is not well-formed.
Please note that this PR is a part of efforts for preventing "bypassing ECDS" to Envoy if there is "Wasm" filter pointing "remote URL" as a workaround of envoyproxy/envoy#25052