From 792d4c24475e87dbc764450906b94b5c8a2adad6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 May 2026 16:04:51 +0000 Subject: [PATCH] chore: bump the golang group with 6 updates Bumps the golang group with 6 updates: | Package | From | To | | --- | --- | --- | | [cloud.google.com/go/cloudbuild](https://github.com/googleapis/google-cloud-go) | `1.28.0` | `1.29.0` | | [cloud.google.com/go/monitoring](https://github.com/googleapis/google-cloud-go) | `1.27.0` | `1.28.0` | | [github.com/docker/cli](https://github.com/docker/cli) | `29.4.1+incompatible` | `29.4.2+incompatible` | | [github.com/letsencrypt/boulder](https://github.com/letsencrypt/boulder) | `0.20260420.0` | `0.20260428.0` | | [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.276.0` | `0.277.0` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.80.0` | `1.81.0` | Updates `cloud.google.com/go/cloudbuild` from 1.28.0 to 1.29.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/kms/v1.28.0...kms/v1.29.0) Updates `cloud.google.com/go/monitoring` from 1.27.0 to 1.28.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/dlp/v1.27.0...kms/v1.28.0) Updates `github.com/docker/cli` from 29.4.1+incompatible to 29.4.2+incompatible - [Commits](https://github.com/docker/cli/compare/v29.4.1...v29.4.2) Updates `github.com/letsencrypt/boulder` from 0.20260420.0 to 0.20260428.0 - [Release notes](https://github.com/letsencrypt/boulder/releases) - [Changelog](https://github.com/letsencrypt/boulder/blob/main/docs/release.md) - [Commits](https://github.com/letsencrypt/boulder/compare/v0.20260420.0...v0.20260428.0) Updates `google.golang.org/api` from 0.276.0 to 0.277.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.276.0...v0.277.0) Updates `google.golang.org/grpc` from 1.80.0 to 1.81.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.80.0...v1.81.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/cloudbuild dependency-version: 1.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang - dependency-name: cloud.google.com/go/monitoring dependency-version: 1.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang - dependency-name: github.com/docker/cli dependency-version: 29.4.2+incompatible dependency-type: direct:production update-type: version-update:semver-patch dependency-group: golang - dependency-name: github.com/letsencrypt/boulder dependency-version: 0.20260428.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang - dependency-name: google.golang.org/api dependency-version: 0.277.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang - dependency-name: google.golang.org/grpc dependency-version: 1.81.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang ... Signed-off-by: dependabot[bot] --- go.mod | 14 +- go.sum | 28 +- .../apiv2/cloudbuildpb/cloudbuild.pb.go | 2 +- .../apiv2/cloudbuildpb/repositories.pb.go | 2 +- .../cloudbuildpb/repositories_grpc.pb.go | 2 +- .../go/cloudbuild/internal/version.go | 2 +- .../apiv3/v2/monitoringpb/alert.pb.go | 2 +- .../apiv3/v2/monitoringpb/alert_service.pb.go | 2 +- .../v2/monitoringpb/alert_service_grpc.pb.go | 2 +- .../apiv3/v2/monitoringpb/common.pb.go | 2 +- .../v2/monitoringpb/dropped_labels.pb.go | 2 +- .../apiv3/v2/monitoringpb/group.pb.go | 2 +- .../apiv3/v2/monitoringpb/group_service.pb.go | 2 +- .../v2/monitoringpb/group_service_grpc.pb.go | 2 +- .../apiv3/v2/monitoringpb/metric.pb.go | 2 +- .../v2/monitoringpb/metric_service.pb.go | 2 +- .../v2/monitoringpb/metric_service_grpc.pb.go | 2 +- .../v2/monitoringpb/mutation_record.pb.go | 2 +- .../apiv3/v2/monitoringpb/notification.pb.go | 2 +- .../monitoringpb/notification_service.pb.go | 2 +- .../notification_service_grpc.pb.go | 2 +- .../apiv3/v2/monitoringpb/query_service.pb.go | 2 +- .../v2/monitoringpb/query_service_grpc.pb.go | 2 +- .../apiv3/v2/monitoringpb/service.pb.go | 2 +- .../v2/monitoringpb/service_service.pb.go | 2 +- .../monitoringpb/service_service_grpc.pb.go | 2 +- .../apiv3/v2/monitoringpb/snooze.pb.go | 2 +- .../v2/monitoringpb/snooze_service.pb.go | 2 +- .../v2/monitoringpb/snooze_service_grpc.pb.go | 2 +- .../apiv3/v2/monitoringpb/span_context.pb.go | 2 +- .../apiv3/v2/monitoringpb/uptime.pb.go | 2 +- .../v2/monitoringpb/uptime_service.pb.go | 2 +- .../v2/monitoringpb/uptime_service_grpc.pb.go | 2 +- .../apiv1/dashboardpb/alertchart.pb.go | 2 +- .../apiv1/dashboardpb/collapsible_group.pb.go | 2 +- .../dashboard/apiv1/dashboardpb/common.pb.go | 2 +- .../apiv1/dashboardpb/dashboard.pb.go | 2 +- .../apiv1/dashboardpb/dashboard_filter.pb.go | 2 +- .../dashboardpb/dashboards_service.pb.go | 2 +- .../dashboardpb/dashboards_service_grpc.pb.go | 2 +- .../apiv1/dashboardpb/drilldowns.pb.go | 2 +- .../dashboardpb/error_reporting_panel.pb.go | 2 +- .../apiv1/dashboardpb/incident_list.pb.go | 2 +- .../dashboard/apiv1/dashboardpb/layouts.pb.go | 2 +- .../apiv1/dashboardpb/logs_panel.pb.go | 2 +- .../dashboard/apiv1/dashboardpb/metrics.pb.go | 2 +- .../apiv1/dashboardpb/piechart.pb.go | 2 +- .../apiv1/dashboardpb/scorecard.pb.go | 2 +- .../apiv1/dashboardpb/section_header.pb.go | 2 +- .../dashboard/apiv1/dashboardpb/service.pb.go | 2 +- .../apiv1/dashboardpb/single_view_group.pb.go | 2 +- .../dashboard/apiv1/dashboardpb/table.pb.go | 2 +- .../dashboardpb/table_display_options.pb.go | 2 +- .../dashboard/apiv1/dashboardpb/text.pb.go | 2 +- .../dashboard/apiv1/dashboardpb/widget.pb.go | 2 +- .../dashboard/apiv1/dashboardpb/xychart.pb.go | 2 +- .../go/monitoring/internal/version.go | 2 +- .../google.golang.org/api/internal/version.go | 2 +- .../balancer/grpclb/grpclb_remote_balancer.go | 8 +- .../grpc/balancer/rls/balancer.go | 65 +++-- .../grpc/balancer/rls/cache.go | 31 +-- .../grpc/balancer/rls/picker.go | 12 +- vendor/google.golang.org/grpc/clientconn.go | 48 +++- .../credentials/alts/internal/conn/record.go | 148 +++++++--- .../grpc/experimental/stats/metrics.go | 17 ++ .../credentials/xds/handshake_info.go | 105 ++++++-- .../grpc/internal/envconfig/envconfig.go | 10 + .../grpc/internal/envconfig/xds.go | 10 + .../grpc/internal/mem/buffer_pool.go | 27 +- .../grpc/internal/resolver/config_selector.go | 6 + .../grpc/internal/transport/http2_client.go | 18 +- .../grpc/internal/transport/http_util.go | 54 ++-- .../transport/readyreader/raw_conn_linux.go | 39 +++ .../readyreader/raw_conn_nonlinux.go | 35 +++ .../transport/readyreader/ready_reader.go | 253 ++++++++++++++++++ .../grpc/internal/transport/transport.go | 17 ++ .../xds/balancer/cdsbalancer/cdsbalancer.go | 206 +------------- .../xds/balancer/clusterimpl/clusterimpl.go | 193 +++++++++++-- .../balancer/clusterimpl/internal/internal.go | 25 ++ .../xds/balancer/clusterimpl/picker.go | 28 +- .../xds/balancer/priority/balancer_child.go | 7 + .../grpc/internal/xds/clients/config.go | 28 ++ .../xds/clients/lrsclient/lrs_stream.go | 41 ++- .../xds/clients/xdsclient/ads_stream.go | 28 +- .../xds/clients/xdsclient/authority.go | 53 ++++ .../internal/xds/clients/xdsclient/channel.go | 17 +- .../xds/clients/xdsclient/metrics/metrics.go | 22 ++ .../xds/clients/xdsclient/xdsclient.go | 73 +++++ .../internal/xds/httpfilter/fault/fault.go | 14 +- .../internal/xds/httpfilter/httpfilter.go | 94 ++++--- .../grpc/internal/xds/httpfilter/rbac/rbac.go | 16 +- .../internal/xds/httpfilter/router/router.go | 26 +- .../internal/xds/resolver/serviceconfig.go | 60 +---- .../internal/xds/resolver/xds_resolver.go | 160 ++++++++++- .../grpc/internal/xds/server/conn_wrapper.go | 4 +- .../xds/server/filter_chain_manager.go | 247 +++++++++++++---- .../internal/xds/server/listener_wrapper.go | 161 +++++++---- .../grpc/internal/xds/server/routing.go | 6 +- .../grpc/internal/xds/xdsclient/clientimpl.go | 69 ++++- .../xds/xdsclient/xdsresource/filter_chain.go | 6 +- .../xds/xdsclient/xdsresource/metadata.go | 10 +- .../xds/xdsclient/xdsresource/type_cds.go | 64 +++++ .../xds/xdsclient/xdsresource/type_eds.go | 1 - .../xds/xdsclient/xdsresource/type_lds.go | 2 +- .../xdsclient/xdsresource/unmarshal_cds.go | 72 ++++- .../xdsclient/xdsresource/unmarshal_eds.go | 5 + .../xdsclient/xdsresource/unmarshal_lds.go | 82 +++--- .../xdsclient/xdsresource/unmarshal_rds.go | 5 + .../xds/xdsclient/xdsresource/xdsconfig.go | 21 +- .../grpc/mem/buffer_slice.go | 2 +- vendor/google.golang.org/grpc/mem/buffers.go | 40 +++ .../stats/opentelemetry/client_metrics.go | 26 +- vendor/google.golang.org/grpc/stream.go | 3 +- vendor/google.golang.org/grpc/version.go | 2 +- vendor/modules.txt | 20 +- 115 files changed, 2244 insertions(+), 752 deletions(-) create mode 100644 vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_linux.go create mode 100644 vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_nonlinux.go create mode 100644 vendor/google.golang.org/grpc/internal/transport/readyreader/ready_reader.go create mode 100644 vendor/google.golang.org/grpc/internal/xds/balancer/clusterimpl/internal/internal.go diff --git a/go.mod b/go.mod index 3701988f84e..94100b92c83 100644 --- a/go.mod +++ b/go.mod @@ -39,8 +39,8 @@ replace k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20250628140032-d90c4fd require ( 4d63.com/tz v1.2.0 - cloud.google.com/go/cloudbuild v1.28.0 - cloud.google.com/go/monitoring v1.27.0 + cloud.google.com/go/cloudbuild v1.29.0 + cloud.google.com/go/monitoring v1.28.0 cloud.google.com/go/profiler v0.6.0 cloud.google.com/go/storage v1.62.1 dario.cat/mergo v1.0.2 @@ -58,7 +58,7 @@ require ( github.com/cenkalti/backoff/v4 v4.3.0 github.com/containerd/containerd v1.7.31 github.com/distribution/reference v0.6.0 - github.com/docker/cli v29.4.1+incompatible + github.com/docker/cli v29.4.2+incompatible github.com/docker/docker v28.5.2+incompatible github.com/docker/go-connections v0.7.0 github.com/dustin/go-humanize v1.0.1 @@ -82,7 +82,7 @@ require ( github.com/karrick/godirwalk v1.16.2 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 github.com/krishicks/yaml-patch v0.0.10 - github.com/letsencrypt/boulder v0.20260420.0 + github.com/letsencrypt/boulder v0.20260428.0 github.com/mattn/go-colorable v0.1.14 github.com/mitchellh/go-homedir v1.1.0 github.com/moby/buildkit v0.29.0 @@ -120,10 +120,10 @@ require ( golang.org/x/sys v0.43.0 golang.org/x/term v0.42.0 golang.org/x/tools v0.44.0 - google.golang.org/api v0.276.0 + google.golang.org/api v0.277.0 google.golang.org/genproto v0.0.0-20260420184626-e10c466a9529 google.golang.org/genproto/googleapis/api v0.0.0-20260420184626-e10c466a9529 - google.golang.org/grpc v1.80.0 + google.golang.org/grpc v1.81.0 google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 @@ -361,7 +361,7 @@ require ( golang.org/x/net v0.53.0 // indirect golang.org/x/text v0.36.0 // indirect golang.org/x/time v0.15.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20260420184626-e10c466a9529 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260427160629-7cedc36a6bc4 // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect diff --git a/go.sum b/go.sum index 52d974d082b..9af93f6e5b5 100644 --- a/go.sum +++ b/go.sum @@ -13,8 +13,8 @@ cloud.google.com/go/auth v0.20.0 h1:kXTssoVb4azsVDoUiF8KvxAqrsQcQtB53DcSgta74CA= cloud.google.com/go/auth v0.20.0/go.mod h1:942/yi/itH1SsmpyrbnTMDgGfdy2BUqIKyd0cyYLc5Q= cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= -cloud.google.com/go/cloudbuild v1.28.0 h1:rOfVbca71Be0MjV+PCg2Nacqdjlh8UZw4bdg5PvZZtI= -cloud.google.com/go/cloudbuild v1.28.0/go.mod h1:rg52xEmndQQPiC9NV/8sCaVtKxHMU9D9MeU+oE9VGKA= +cloud.google.com/go/cloudbuild v1.29.0 h1:Qk0blTJ6X2C3y6hFr+w8QPFsmTvdPAX3+lDXE1ZcYyQ= +cloud.google.com/go/cloudbuild v1.29.0/go.mod h1:rg52xEmndQQPiC9NV/8sCaVtKxHMU9D9MeU+oE9VGKA= cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs= cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10= cloud.google.com/go/iam v1.9.0 h1:89wyjxT6DL4b5rk/Nk8eBC9DHqf+JiMstrn5IEYxFw4= @@ -25,8 +25,8 @@ cloud.google.com/go/logging v1.16.0 h1:MMNgYRvZ/pEwiNSkcoJTKWfAbAJDqCqAMJiarZx+/ cloud.google.com/go/logging v1.16.0/go.mod h1:ZGKnpBaURITh+g/uom2VhbiFoFWvejcrHPDhxFtU/gI= cloud.google.com/go/longrunning v0.11.0 h1:fE4XVLJQj+gRnw1HrbDyQXXgC0aiqY3wxP7DDU4cWk0= cloud.google.com/go/longrunning v0.11.0/go.mod h1:8nqFBPOO1U/XkhWl0I19AMZEphrHi73VNABIpKYaTwM= -cloud.google.com/go/monitoring v1.27.0 h1:BhYwMqao+e5Nn7JtWMM9m6zRtKtVUK6kJWMizXChkLU= -cloud.google.com/go/monitoring v1.27.0/go.mod h1:72NOVjJXHY/HBfoLT0+qlCZBT059+9VXLeAnL2PeeVM= +cloud.google.com/go/monitoring v1.28.0 h1:jOe0Wkm+a56ptZnEeyHevXo7+KPWAPPP5wUTEJdP7GY= +cloud.google.com/go/monitoring v1.28.0/go.mod h1:72NOVjJXHY/HBfoLT0+qlCZBT059+9VXLeAnL2PeeVM= cloud.google.com/go/profiler v0.6.0 h1:Vwxqgnp8CQwBNcKjO8luwLCh7qblEkcZCtMUvhU9Yik= cloud.google.com/go/profiler v0.6.0/go.mod h1:cJV7Qfj0o9PAC7q/xQTkM6qn2FO9So3TFk4P5O5yLis= cloud.google.com/go/storage v1.62.1 h1:Os0G3XbUbjZumkpDUf2Y0rLoXJTCF1kU2kWUujKYXD8= @@ -255,8 +255,8 @@ github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v29.4.1+incompatible h1:02RT8QqqwtGRn+6SYypv8IUEbD/ltY6sfKCJIoUcGzk= -github.com/docker/cli v29.4.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v29.4.2+incompatible h1:nhxMY4v7wB0QMMc5ppeqV6FBMwzqv0n4t2gogu/R2DQ= +github.com/docker/cli v29.4.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM= @@ -572,8 +572,8 @@ github.com/krishicks/yaml-patch v0.0.10 h1:H4FcHpnNwVmw8u0MjPRjWyIXtco6zM2F78t+5 github.com/krishicks/yaml-patch v0.0.10/go.mod h1:Sm5TchwZS6sm7RJoyg87tzxm2ZcKzdRE4Q7TjNhPrME= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/letsencrypt/boulder v0.20260420.0 h1:PMFy37+tQAfNe2Qks7NhTrKbULzhVmj19LbaZIaz0SE= -github.com/letsencrypt/boulder v0.20260420.0/go.mod h1:ZisB912eU757QUU0PTH+zq2JScaegVjPVKtPn2K1U3w= +github.com/letsencrypt/boulder v0.20260428.0 h1:q1GQNWKn2A2O4eZ8HFHAcNp6AyoGGrNXgU3uM4qFVRU= +github.com/letsencrypt/boulder v0.20260428.0/go.mod h1:Ci7TOlM216Ht8nJLJUS8jKNX3KuDNo1O/nni1iFTWyc= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lucasb-eyer/go-colorful v1.4.0 h1:UtrWVfLdarDgc44HcS7pYloGHJUjHV/4FwW4TvVgFr4= @@ -1034,16 +1034,16 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E= -google.golang.org/api v0.276.0 h1:nVArUtfLEihtW+b0DdcqRGK1xoEm2+ltAihyztq7MKY= -google.golang.org/api v0.276.0/go.mod h1:Fnag/EWUPIcJXuIkP1pjoTgS5vdxlk3eeemL7Do6bvw= +google.golang.org/api v0.277.0 h1:HJfyJUiNeBBUMai7ez8u14wkp/gH/I4wpGbbO9o+cSk= +google.golang.org/api v0.277.0/go.mod h1:B9TqLBwJqVjp1mtt7WeoQwWRwvu/400y5lETOql+giQ= google.golang.org/genproto v0.0.0-20260420184626-e10c466a9529 h1:QoMBg0moLIlB/eucPzc+ID5SgPZWuirtjAn3l8nW2Dg= google.golang.org/genproto v0.0.0-20260420184626-e10c466a9529/go.mod h1:EjLmDZ8liSLBrCTK5vP+bGIxRQHE3ovGvOI0CzGk1PI= google.golang.org/genproto/googleapis/api v0.0.0-20260420184626-e10c466a9529 h1:zUWMZsvo/IJcD1t6MNCPO/azZTwz0TvwCBqr5aifoVY= google.golang.org/genproto/googleapis/api v0.0.0-20260420184626-e10c466a9529/go.mod h1:a5OGAgyRr4lqco7AG9hQM9Fwh0N2ZV4grR0eXFEsXQg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260420184626-e10c466a9529 h1:XF8+t6QQiS0o9ArVan/HW8Q7cycNPGsJf6GA2nXxYAg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260420184626-e10c466a9529/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= -google.golang.org/grpc v1.80.0 h1:Xr6m2WmWZLETvUNvIUmeD5OAagMw3FiKmMlTdViWsHM= -google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260427160629-7cedc36a6bc4 h1:tEkOQcXgF6dH1G+MVKZrfpYvozGrzb91k6ha7jireSM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260427160629-7cedc36a6bc4/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= +google.golang.org/grpc v1.81.0 h1:W3G9N3KQf3BU+YuCtGKJk0CmxQNbAISICD/9AORxLIw= +google.golang.org/grpc v1.81.0/go.mod h1:xGH9GfzOyMTGIOXBJmXt+BX/V0kcdQbdcuwQ/zNw42I= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/vendor/cloud.google.com/go/cloudbuild/apiv2/cloudbuildpb/cloudbuild.pb.go b/vendor/cloud.google.com/go/cloudbuild/apiv2/cloudbuildpb/cloudbuild.pb.go index 148d86121a8..56fab39ff7b 100644 --- a/vendor/cloud.google.com/go/cloudbuild/apiv2/cloudbuildpb/cloudbuild.pb.go +++ b/vendor/cloud.google.com/go/cloudbuild/apiv2/cloudbuildpb/cloudbuild.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/devtools/cloudbuild/v2/cloudbuild.proto package cloudbuildpb diff --git a/vendor/cloud.google.com/go/cloudbuild/apiv2/cloudbuildpb/repositories.pb.go b/vendor/cloud.google.com/go/cloudbuild/apiv2/cloudbuildpb/repositories.pb.go index fa7fa589c7e..5aef4d49d06 100644 --- a/vendor/cloud.google.com/go/cloudbuild/apiv2/cloudbuildpb/repositories.pb.go +++ b/vendor/cloud.google.com/go/cloudbuild/apiv2/cloudbuildpb/repositories.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/devtools/cloudbuild/v2/repositories.proto package cloudbuildpb diff --git a/vendor/cloud.google.com/go/cloudbuild/apiv2/cloudbuildpb/repositories_grpc.pb.go b/vendor/cloud.google.com/go/cloudbuild/apiv2/cloudbuildpb/repositories_grpc.pb.go index b9ff8fc6cef..c426192e484 100644 --- a/vendor/cloud.google.com/go/cloudbuild/apiv2/cloudbuildpb/repositories_grpc.pb.go +++ b/vendor/cloud.google.com/go/cloudbuild/apiv2/cloudbuildpb/repositories_grpc.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v6.31.0 +// - protoc v6.33.2 // source: google/devtools/cloudbuild/v2/repositories.proto package cloudbuildpb diff --git a/vendor/cloud.google.com/go/cloudbuild/internal/version.go b/vendor/cloud.google.com/go/cloudbuild/internal/version.go index 1221fc49ad8..6403eb8543b 100644 --- a/vendor/cloud.google.com/go/cloudbuild/internal/version.go +++ b/vendor/cloud.google.com/go/cloudbuild/internal/version.go @@ -17,4 +17,4 @@ package internal // Version is the current tagged release of the library. -const Version = "1.28.0" +const Version = "1.29.0" diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/alert.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/alert.pb.go index a536fd06a55..0e0b0f58f84 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/alert.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/alert.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/alert.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/alert_service.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/alert_service.pb.go index a1b121ef9e0..9db077f43d6 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/alert_service.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/alert_service.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/alert_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/alert_service_grpc.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/alert_service_grpc.pb.go index 89733e929ad..a9e32797c96 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/alert_service_grpc.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/alert_service_grpc.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v6.31.0 +// - protoc v6.33.2 // source: google/monitoring/v3/alert_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/common.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/common.pb.go index c9e47353fc0..f09a3d95898 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/common.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/common.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/common.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/dropped_labels.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/dropped_labels.pb.go index 8311d1a547b..ad8d2361ae6 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/dropped_labels.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/dropped_labels.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/dropped_labels.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/group.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/group.pb.go index f7244e0ed76..03c6fc298df 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/group.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/group.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/group.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/group_service.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/group_service.pb.go index 001599e000a..cb2af61ba50 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/group_service.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/group_service.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/group_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/group_service_grpc.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/group_service_grpc.pb.go index b72bfee4cbe..0d94d9a72a2 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/group_service_grpc.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/group_service_grpc.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v6.31.0 +// - protoc v6.33.2 // source: google/monitoring/v3/group_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/metric.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/metric.pb.go index f543ea942f9..de021e107d4 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/metric.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/metric.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/metric.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/metric_service.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/metric_service.pb.go index 111d6f4710e..fc6e03699ad 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/metric_service.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/metric_service.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/metric_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/metric_service_grpc.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/metric_service_grpc.pb.go index 016e3cfc842..a2627fbd7ab 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/metric_service_grpc.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/metric_service_grpc.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v6.31.0 +// - protoc v6.33.2 // source: google/monitoring/v3/metric_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/mutation_record.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/mutation_record.pb.go index 5a7e01f9189..12d685d9101 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/mutation_record.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/mutation_record.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/mutation_record.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/notification.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/notification.pb.go index 471f784afe7..e98909d56f9 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/notification.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/notification.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/notification.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/notification_service.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/notification_service.pb.go index cc1e617ff1c..93111711876 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/notification_service.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/notification_service.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/notification_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/notification_service_grpc.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/notification_service_grpc.pb.go index 4cd9d05e933..8adf4a88f62 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/notification_service_grpc.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/notification_service_grpc.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v6.31.0 +// - protoc v6.33.2 // source: google/monitoring/v3/notification_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/query_service.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/query_service.pb.go index e506e4a89d7..e175b33bf2f 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/query_service.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/query_service.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/query_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/query_service_grpc.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/query_service_grpc.pb.go index 339bf911484..7fef265221e 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/query_service_grpc.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/query_service_grpc.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v6.31.0 +// - protoc v6.33.2 // source: google/monitoring/v3/query_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/service.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/service.pb.go index deeff3cdf9d..b0448b0dbc2 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/service.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/service.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/service_service.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/service_service.pb.go index 224c89408c9..446fa68e1a2 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/service_service.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/service_service.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/service_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/service_service_grpc.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/service_service_grpc.pb.go index 6a31404f71e..96bfe0ab679 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/service_service_grpc.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/service_service_grpc.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v6.31.0 +// - protoc v6.33.2 // source: google/monitoring/v3/service_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/snooze.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/snooze.pb.go index d6c1d13ca3a..423d366af09 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/snooze.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/snooze.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/snooze.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/snooze_service.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/snooze_service.pb.go index 0268bade1c0..4cc87a48402 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/snooze_service.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/snooze_service.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/snooze_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/snooze_service_grpc.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/snooze_service_grpc.pb.go index 999be69ec1f..fe198fddd17 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/snooze_service_grpc.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/snooze_service_grpc.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v6.31.0 +// - protoc v6.33.2 // source: google/monitoring/v3/snooze_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/span_context.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/span_context.pb.go index b9a94586362..62e484ce6fe 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/span_context.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/span_context.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/span_context.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/uptime.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/uptime.pb.go index 7fa60cc3875..b2b96799bc4 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/uptime.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/uptime.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/uptime.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/uptime_service.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/uptime_service.pb.go index d0b3e8a46ac..3196f0d285f 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/uptime_service.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/uptime_service.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/v3/uptime_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/uptime_service_grpc.pb.go b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/uptime_service_grpc.pb.go index 8bb77247cf2..40727e4e8af 100644 --- a/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/uptime_service_grpc.pb.go +++ b/vendor/cloud.google.com/go/monitoring/apiv3/v2/monitoringpb/uptime_service_grpc.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v6.31.0 +// - protoc v6.33.2 // source: google/monitoring/v3/uptime_service.proto package monitoringpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/alertchart.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/alertchart.pb.go index 9e172ed63b5..6d765bb724c 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/alertchart.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/alertchart.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/alertchart.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/collapsible_group.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/collapsible_group.pb.go index f47b8f2a660..37a8c6438de 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/collapsible_group.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/collapsible_group.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/collapsible_group.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/common.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/common.pb.go index a2a2bf2da6a..c3de6311d61 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/common.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/common.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/common.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboard.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboard.pb.go index a784142ed10..10e07168c02 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboard.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboard.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/dashboard.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboard_filter.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboard_filter.pb.go index fe3d88f9c58..862513c56c6 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboard_filter.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboard_filter.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/dashboard_filter.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboards_service.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboards_service.pb.go index 3e53c5029fe..a934dd94cbd 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboards_service.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboards_service.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/dashboards_service.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboards_service_grpc.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboards_service_grpc.pb.go index c3ed339e34a..378441e6448 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboards_service_grpc.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/dashboards_service_grpc.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v6.31.0 +// - protoc v6.33.2 // source: google/monitoring/dashboard/v1/dashboards_service.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/drilldowns.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/drilldowns.pb.go index 6da32e77de2..4b47eb17036 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/drilldowns.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/drilldowns.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/drilldowns.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/error_reporting_panel.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/error_reporting_panel.pb.go index dec196e2038..783aef3bb67 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/error_reporting_panel.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/error_reporting_panel.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/error_reporting_panel.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/incident_list.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/incident_list.pb.go index cf632ae2e90..ac6caba6a03 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/incident_list.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/incident_list.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/incident_list.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/layouts.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/layouts.pb.go index 13273b1d252..b91e88a47c6 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/layouts.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/layouts.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/layouts.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/logs_panel.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/logs_panel.pb.go index 48e847325f6..7f79e24a372 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/logs_panel.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/logs_panel.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/logs_panel.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/metrics.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/metrics.pb.go index f1195f031fd..3a589f3a330 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/metrics.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/metrics.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/metrics.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/piechart.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/piechart.pb.go index f376ecf17fe..eae6f8c262f 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/piechart.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/piechart.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/piechart.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/scorecard.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/scorecard.pb.go index 1b3ddf71534..05e0a482e88 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/scorecard.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/scorecard.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/scorecard.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/section_header.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/section_header.pb.go index 6a5d26b1e7a..5609bbe6bc6 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/section_header.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/section_header.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/section_header.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/service.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/service.pb.go index e00df743f63..0f1be301ea5 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/service.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/service.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/service.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/single_view_group.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/single_view_group.pb.go index 750f71830b0..ac37b71cf10 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/single_view_group.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/single_view_group.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/single_view_group.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/table.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/table.pb.go index 889b683fda4..41fa570b751 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/table.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/table.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/table.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/table_display_options.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/table_display_options.pb.go index 179d9250446..62419d76d23 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/table_display_options.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/table_display_options.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/table_display_options.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/text.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/text.pb.go index 2dc0dbd0ddf..539dcb8b3c4 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/text.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/text.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/text.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/widget.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/widget.pb.go index e11b329d49e..32e886754f1 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/widget.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/widget.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/widget.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/xychart.pb.go b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/xychart.pb.go index 035a161af35..36ab47e3c4f 100644 --- a/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/xychart.pb.go +++ b/vendor/cloud.google.com/go/monitoring/dashboard/apiv1/dashboardpb/xychart.pb.go @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v6.31.0 +// protoc v6.33.2 // source: google/monitoring/dashboard/v1/xychart.proto package dashboardpb diff --git a/vendor/cloud.google.com/go/monitoring/internal/version.go b/vendor/cloud.google.com/go/monitoring/internal/version.go index 665c40a52b8..1221fc49ad8 100644 --- a/vendor/cloud.google.com/go/monitoring/internal/version.go +++ b/vendor/cloud.google.com/go/monitoring/internal/version.go @@ -17,4 +17,4 @@ package internal // Version is the current tagged release of the library. -const Version = "1.27.0" +const Version = "1.28.0" diff --git a/vendor/google.golang.org/api/internal/version.go b/vendor/google.golang.org/api/internal/version.go index 2d97a25c14d..3219b97762e 100644 --- a/vendor/google.golang.org/api/internal/version.go +++ b/vendor/google.golang.org/api/internal/version.go @@ -5,4 +5,4 @@ package internal // Version is the current tagged release of the library. -const Version = "0.276.0" +const Version = "0.277.0" diff --git a/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go index 00205212057..baf9bc692f4 100644 --- a/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go +++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go @@ -23,6 +23,7 @@ import ( "fmt" "io" "net" + "net/netip" "sync" "time" @@ -82,7 +83,12 @@ func (lb *lbBalancer) processServerList(l *lbpb.ServerList) { } md := metadata.Pairs(lbTokenKey, s.LoadBalanceToken) - ipStr := net.IP(s.IpAddress).String() + var ipStr string + if ip, ok := netip.AddrFromSlice(s.IpAddress); ok { + ipStr = ip.String() + } else { + ipStr = fmt.Sprintf("? %x", s.IpAddress) + } addr := imetadata.Set(resolver.Address{Addr: net.JoinHostPort(ipStr, fmt.Sprintf("%d", s.Port))}, md) if lb.logger.V(2) { lb.logger.Infof("Server list entry:|%d|, ipStr:|%s|, port:|%d|, load balancer token:|%v|", i, ipStr, s.Port, s.LoadBalanceToken) diff --git a/vendor/google.golang.org/grpc/balancer/rls/balancer.go b/vendor/google.golang.org/grpc/balancer/rls/balancer.go index a45e8302f34..3e3c6fba9f1 100644 --- a/vendor/google.golang.org/grpc/balancer/rls/balancer.go +++ b/vendor/google.golang.org/grpc/balancer/rls/balancer.go @@ -79,14 +79,14 @@ var ( dataCachePurgeHook = func() {} resetBackoffHook = func() {} - cacheEntriesMetric = estats.RegisterInt64Gauge(estats.MetricDescriptor{ + cacheEntriesMetric = estats.RegisterInt64AsyncGauge(estats.MetricDescriptor{ Name: "grpc.lb.rls.cache_entries", Description: "EXPERIMENTAL. Number of entries in the RLS cache.", Unit: "{entry}", Labels: []string{"grpc.target", "grpc.lb.rls.server_target", "grpc.lb.rls.instance_uuid"}, Default: false, }) - cacheSizeMetric = estats.RegisterInt64Gauge(estats.MetricDescriptor{ + cacheSizeMetric = estats.RegisterInt64AsyncGauge(estats.MetricDescriptor{ Name: "grpc.lb.rls.cache_size", Description: "EXPERIMENTAL. The current size of the RLS cache.", Unit: "By", @@ -94,25 +94,28 @@ var ( Default: false, }) defaultTargetPicksMetric = estats.RegisterInt64Count(estats.MetricDescriptor{ - Name: "grpc.lb.rls.default_target_picks", - Description: "EXPERIMENTAL. Number of LB picks sent to the default target.", - Unit: "{pick}", - Labels: []string{"grpc.target", "grpc.lb.rls.server_target", "grpc.lb.rls.data_plane_target", "grpc.lb.pick_result"}, - Default: false, + Name: "grpc.lb.rls.default_target_picks", + Description: "EXPERIMENTAL. Number of LB picks sent to the default target.", + Unit: "{pick}", + Labels: []string{"grpc.target", "grpc.lb.rls.server_target", "grpc.lb.rls.data_plane_target", "grpc.lb.pick_result"}, + OptionalLabels: []string{"grpc.client.call.custom"}, + Default: false, }) targetPicksMetric = estats.RegisterInt64Count(estats.MetricDescriptor{ - Name: "grpc.lb.rls.target_picks", - Description: "EXPERIMENTAL. Number of LB picks sent to each RLS target. Note that if the default target is also returned by the RLS server, RPCs sent to that target from the cache will be counted in this metric, not in grpc.rls.default_target_picks.", - Unit: "{pick}", - Labels: []string{"grpc.target", "grpc.lb.rls.server_target", "grpc.lb.rls.data_plane_target", "grpc.lb.pick_result"}, - Default: false, + Name: "grpc.lb.rls.target_picks", + Description: "EXPERIMENTAL. Number of LB picks sent to each RLS target. Note that if the default target is also returned by the RLS server, RPCs sent to that target from the cache will be counted in this metric, not in grpc.rls.default_target_picks.", + Unit: "{pick}", + Labels: []string{"grpc.target", "grpc.lb.rls.server_target", "grpc.lb.rls.data_plane_target", "grpc.lb.pick_result"}, + OptionalLabels: []string{"grpc.client.call.custom"}, + Default: false, }) failedPicksMetric = estats.RegisterInt64Count(estats.MetricDescriptor{ - Name: "grpc.lb.rls.failed_picks", - Description: "EXPERIMENTAL. Number of LB picks failed due to either a failed RLS request or the RLS channel being throttled.", - Unit: "{pick}", - Labels: []string{"grpc.target", "grpc.lb.rls.server_target"}, - Default: false, + Name: "grpc.lb.rls.failed_picks", + Description: "EXPERIMENTAL. Number of LB picks failed due to either a failed RLS request or the RLS channel being throttled.", + Unit: "{pick}", + Labels: []string{"grpc.target", "grpc.lb.rls.server_target"}, + OptionalLabels: []string{"grpc.client.call.custom"}, + Default: false, }) ) @@ -140,7 +143,9 @@ func (rlsBB) Build(cc balancer.ClientConn, opts balancer.BuildOptions) balancer. updateCh: buffer.NewUnbounded(), } lb.logger = internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf("[rls-experimental-lb %p] ", lb)) - lb.dataCache = newDataCache(maxCacheSize, lb.logger, cc.MetricsRecorder(), opts.Target.String()) + lb.dataCache = newDataCache(maxCacheSize, lb.logger, opts.Target.String()) + metricsRecorder := cc.MetricsRecorder() + lb.unregisterMetricHandler = metricsRecorder.RegisterAsyncReporter(lb, cacheEntriesMetric, cacheSizeMetric) lb.bg = balancergroup.New(balancergroup.Options{ CC: cc, BuildOpts: opts, @@ -162,6 +167,9 @@ type rlsBalancer struct { dataCachePurgeHook func() logger *internalgrpclog.PrefixLogger + // unregisterMetricHandler is the function to deregister the async metric reporter. + unregisterMetricHandler func() + // If both cacheMu and stateMu need to be acquired, the former must be // acquired first to prevent a deadlock. This order restriction is due to the // fact that in places where we need to acquire both the locks, we always @@ -488,6 +496,7 @@ func (b *rlsBalancer) Close() { if b.ctrlCh != nil { b.ctrlCh.close() } + b.unregisterMetricHandler() b.bg.Close() b.stateMu.Unlock() @@ -702,3 +711,23 @@ func (b *rlsBalancer) releaseChildPolicyReferences(targets []string) { } b.stateMu.Unlock() } + +// Report reports the metrics data to the provided recorder. +func (b *rlsBalancer) Report(r estats.AsyncMetricsRecorder) error { + b.cacheMu.Lock() + currentSize := b.dataCache.currentSize + entriesLen := int64(len(b.dataCache.entries)) + rlsServerTarget := b.dataCache.rlsServerTarget + grpcTarget := b.dataCache.grpcTarget + uuid := b.dataCache.uuid + shutdown := b.dataCache.shutdown.HasFired() + b.cacheMu.Unlock() + + if shutdown { + return nil + } + + cacheSizeMetric.Record(r, currentSize, grpcTarget, rlsServerTarget, uuid) + cacheEntriesMetric.Record(r, entriesLen, grpcTarget, rlsServerTarget, uuid) + return nil +} diff --git a/vendor/google.golang.org/grpc/balancer/rls/cache.go b/vendor/google.golang.org/grpc/balancer/rls/cache.go index 7fe796c9587..2f48d85cdcc 100644 --- a/vendor/google.golang.org/grpc/balancer/rls/cache.go +++ b/vendor/google.golang.org/grpc/balancer/rls/cache.go @@ -23,7 +23,6 @@ import ( "time" "github.com/google/uuid" - estats "google.golang.org/grpc/experimental/stats" "google.golang.org/grpc/internal/backoff" internalgrpclog "google.golang.org/grpc/internal/grpclog" "google.golang.org/grpc/internal/grpcsync" @@ -174,21 +173,19 @@ type dataCache struct { rlsServerTarget string // Read only after initialization. - grpcTarget string - uuid string - metricsRecorder estats.MetricsRecorder + grpcTarget string + uuid string } -func newDataCache(size int64, logger *internalgrpclog.PrefixLogger, metricsRecorder estats.MetricsRecorder, grpcTarget string) *dataCache { +func newDataCache(size int64, logger *internalgrpclog.PrefixLogger, grpcTarget string) *dataCache { return &dataCache{ - maxSize: size, - keys: newLRU(), - entries: make(map[cacheKey]*cacheEntry), - logger: logger, - shutdown: grpcsync.NewEvent(), - grpcTarget: grpcTarget, - uuid: uuid.New().String(), - metricsRecorder: metricsRecorder, + maxSize: size, + keys: newLRU(), + entries: make(map[cacheKey]*cacheEntry), + logger: logger, + shutdown: grpcsync.NewEvent(), + grpcTarget: grpcTarget, + uuid: uuid.New().String(), } } @@ -327,8 +324,7 @@ func (dc *dataCache) addEntry(key cacheKey, entry *cacheEntry) (backoffCancelled if dc.currentSize > dc.maxSize { backoffCancelled = dc.resize(dc.maxSize) } - cacheSizeMetric.Record(dc.metricsRecorder, dc.currentSize, dc.grpcTarget, dc.rlsServerTarget, dc.uuid) - cacheEntriesMetric.Record(dc.metricsRecorder, int64(len(dc.entries)), dc.grpcTarget, dc.rlsServerTarget, dc.uuid) + return backoffCancelled, true } @@ -338,7 +334,7 @@ func (dc *dataCache) updateEntrySize(entry *cacheEntry, newSize int64) { dc.currentSize -= entry.size entry.size = newSize dc.currentSize += entry.size - cacheSizeMetric.Record(dc.metricsRecorder, dc.currentSize, dc.grpcTarget, dc.rlsServerTarget, dc.uuid) + } func (dc *dataCache) getEntry(key cacheKey) *cacheEntry { @@ -371,8 +367,7 @@ func (dc *dataCache) deleteAndCleanup(key cacheKey, entry *cacheEntry) { delete(dc.entries, key) dc.currentSize -= entry.size dc.keys.removeEntry(key) - cacheSizeMetric.Record(dc.metricsRecorder, dc.currentSize, dc.grpcTarget, dc.rlsServerTarget, dc.uuid) - cacheEntriesMetric.Record(dc.metricsRecorder, int64(len(dc.entries)), dc.grpcTarget, dc.rlsServerTarget, dc.uuid) + } func (dc *dataCache) stop() { diff --git a/vendor/google.golang.org/grpc/balancer/rls/picker.go b/vendor/google.golang.org/grpc/balancer/rls/picker.go index e5c86f29068..855fcc3f3cd 100644 --- a/vendor/google.golang.org/grpc/balancer/rls/picker.go +++ b/vendor/google.golang.org/grpc/balancer/rls/picker.go @@ -198,12 +198,13 @@ func (p *rlsPicker) delegateToChildPoliciesLocked(dcEntry *cacheEntry, info bala res, err := state.Picker.Pick(info) if err != nil { pr := errToPickResult(err) + customLabel := estats.CustomLabelFromContext(info.Ctx) return res, func() { if pr == "queue" { // Don't record metrics for queued Picks. return } - targetPicksMetric.Record(p.metricsRecorder, 1, p.grpcTarget, p.rlsServerTarget, cpw.target, pr) + targetPicksMetric.Record(p.metricsRecorder, 1, p.grpcTarget, p.rlsServerTarget, cpw.target, pr, customLabel) }, err } @@ -213,7 +214,8 @@ func (p *rlsPicker) delegateToChildPoliciesLocked(dcEntry *cacheEntry, info bala res.Metadata.Append(rlsDataHeaderName, dcEntry.headerData) } return res, func() { - targetPicksMetric.Record(p.metricsRecorder, 1, p.grpcTarget, p.rlsServerTarget, cpw.target, "complete") + customLabel := estats.CustomLabelFromContext(info.Ctx) + targetPicksMetric.Record(p.metricsRecorder, 1, p.grpcTarget, p.rlsServerTarget, cpw.target, "complete", customLabel) }, nil } } @@ -227,6 +229,8 @@ func (p *rlsPicker) delegateToChildPoliciesLocked(dcEntry *cacheEntry, info bala // target if one is configured, or fails the pick with the given error. Returns // a function to be invoked to record metrics. func (p *rlsPicker) useDefaultPickIfPossible(info balancer.PickInfo, errOnNoDefault error) (balancer.PickResult, func(), error) { + customLabel := estats.CustomLabelFromContext(info.Ctx) + if p.defaultPolicy != nil { state := (*balancer.State)(atomic.LoadPointer(&p.defaultPolicy.state)) res, err := state.Picker.Pick(info) @@ -236,12 +240,12 @@ func (p *rlsPicker) useDefaultPickIfPossible(info balancer.PickInfo, errOnNoDefa // Don't record metrics for queued Picks. return } - defaultTargetPicksMetric.Record(p.metricsRecorder, 1, p.grpcTarget, p.rlsServerTarget, p.defaultPolicy.target, pr) + defaultTargetPicksMetric.Record(p.metricsRecorder, 1, p.grpcTarget, p.rlsServerTarget, p.defaultPolicy.target, pr, customLabel) }, err } return balancer.PickResult{}, func() { - failedPicksMetric.Record(p.metricsRecorder, 1, p.grpcTarget, p.rlsServerTarget) + failedPicksMetric.Record(p.metricsRecorder, 1, p.grpcTarget, p.rlsServerTarget, customLabel) }, errOnNoDefault } diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go index 5dec2dacc0b..c4bca5203eb 100644 --- a/vendor/google.golang.org/grpc/clientconn.go +++ b/vendor/google.golang.org/grpc/clientconn.go @@ -24,10 +24,12 @@ import ( "fmt" "math" "net/url" + "os" "slices" "strings" "sync" "sync/atomic" + "syscall" "time" "google.golang.org/grpc/balancer" @@ -1268,8 +1270,9 @@ type addrConn struct { channelz *channelz.SubChannel - localityLabel string - backendServiceLabel string + localityLabel string + backendServiceLabel string + disconnectErrorLabel string } // Note: this requires a lock on ac.mu. @@ -1286,9 +1289,14 @@ func (ac *addrConn) updateConnectivityState(s connectivity.State, lastErr error) // TODO: https://github.com/grpc/grpc-go/issues/7862 - Remove the second // part of the if condition below once the issue is fixed. if ac.state == connectivity.Ready || (ac.state == connectivity.Connecting && s == connectivity.Idle) { - disconnectionsMetric.Record(ac.cc.metricsRecorderList, 1, ac.cc.target, ac.backendServiceLabel, ac.localityLabel, "unknown") + disconnectError := ac.disconnectErrorLabel + if disconnectError == "" { + disconnectError = "unknown" + } + disconnectionsMetric.Record(ac.cc.metricsRecorderList, 1, ac.cc.target, ac.backendServiceLabel, ac.localityLabel, disconnectError) openConnectionsMetric.Record(ac.cc.metricsRecorderList, -1, ac.cc.target, ac.backendServiceLabel, ac.securityLevelLocked(), ac.localityLabel) } + ac.disconnectErrorLabel = "" // Reset for next time ac.state = s ac.channelz.ChannelMetrics.State.Store(&s) if lastErr == nil { @@ -1483,11 +1491,11 @@ func (ac *addrConn) createTransport(ctx context.Context, addr resolver.Address, addr.ServerName = ac.cc.getServerName(addr) hctx, hcancel := context.WithCancel(ctx) - onClose := func(r transport.GoAwayReason) { + onClose := func(info transport.GoAwayInfo) { ac.mu.Lock() defer ac.mu.Unlock() // adjust params based on GoAwayReason - ac.adjustParams(r) + ac.adjustParams(info.Reason) if ctx.Err() != nil { // Already shut down or connection attempt canceled. tearDown() or // updateAddrs() already cleared the transport and canceled hctx @@ -1504,6 +1512,7 @@ func (ac *addrConn) createTransport(ctx context.Context, addr resolver.Address, return } ac.transport = nil + ac.disconnectErrorLabel = disconnectErrorString(info) // Refresh the name resolver on any connection loss. ac.cc.resolveNow(resolver.ResolveNowOptions{}) // Always go idle and wait for the LB policy to initiate a new @@ -1560,6 +1569,32 @@ func (ac *addrConn) createTransport(ctx context.Context, addr resolver.Address, return nil } +// disconnectErrorString returns the grpc.disconnect_error metric label corresponding +// to the provided transport.GoAwayInfo, as specified by gRFC A94: +// https://github.com/grpc/proposal/blob/master/A94-grpc-subchannel-disconnections-metrics.md +func disconnectErrorString(info transport.GoAwayInfo) string { + err := info.Err + var sysErr syscall.Errno + switch { + case info.Reason != transport.GoAwayInvalid: + return fmt.Sprintf("GOAWAY %s", info.GoAwayCode.String()) + case err == nil: + return "unknown" + case errors.Is(err, context.Canceled): + return "subchannel shutdown" + case errors.Is(err, syscall.ECONNRESET): + return "connection reset" + case errors.Is(err, syscall.ETIMEDOUT), errors.Is(err, context.DeadlineExceeded), errors.Is(err, os.ErrDeadlineExceeded): + return "connection timed out" + case errors.Is(err, syscall.ECONNABORTED): + return "connection aborted" + case errors.As(err, &sysErr): + return "socket error" + default: + return "unknown" + } +} + // startHealthCheck starts the health checking stream (RPC) to watch the health // stats of this connection if health checking is requested and configured. // @@ -1663,6 +1698,9 @@ func (ac *addrConn) tearDown(err error) { } curTr := ac.transport ac.transport = nil + if ac.disconnectErrorLabel == "" { + ac.disconnectErrorLabel = "subchannel shutdown" + } // We have to set the state to Shutdown before anything else to prevent races // between setting the state and logic that waits on context cancellation / etc. ac.updateConnectivityState(connectivity.Shutdown, nil) diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/conn/record.go b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/record.go index c7fcf5e2936..89bf22691ef 100644 --- a/vendor/google.golang.org/grpc/credentials/alts/internal/conn/record.go +++ b/vendor/google.golang.org/grpc/credentials/alts/internal/conn/record.go @@ -27,7 +27,9 @@ import ( "net" core "google.golang.org/grpc/credentials/alts/internal" - "google.golang.org/grpc/internal/mem" + imem "google.golang.org/grpc/internal/mem" + "google.golang.org/grpc/internal/transport/readyreader" + "google.golang.org/grpc/mem" ) // ALTSRecordCrypto is the interface for gRPC ALTS record protocol. @@ -74,11 +76,19 @@ const ( var ( protocols = make(map[string]ALTSRecordFunc) - writeBufPool *mem.BinaryTieredBufferPool + writeBufPool *imem.BinaryTieredBufferPool + // readBufPool pools buffers of at least `altsReadBufferInitialSize` size. + // Since the read buffer size is slightly larger than 32KB, using a regular + // BinaryTieredBufferPool results in allocating buffers of almost double the + // required length. + readBufPool = imem.NewDirtySimplePool() + + // Compile-time check to ensure conn implements ReadyReader. + _ readyreader.Reader = &conn{} ) func init() { - pool, err := mem.NewDirtyBinaryTieredBufferPool( + pool, err := imem.NewDirtyBinaryTieredBufferPool( 8, 12, // Go page size, 4KB 14, // 16KB (max HTTP/2 frame size used by gRPC) @@ -105,18 +115,23 @@ func RegisterProtocol(protocol string, f ALTSRecordFunc) error { // conn represents a secured connection. It implements the net.Conn interface. type conn struct { net.Conn + reader readyreader.Reader crypto ALTSRecordCrypto // buf holds data that has been read from the connection and decrypted, // but has not yet been returned by Read. It is a sub-slice of protected. buf []byte payloadLengthLimit int - // protected holds data read from the network but have not yet been - // decrypted. This data might not compose a complete frame. - protected []byte + // protectedHandle buffer holds data read from the network but have not yet + // been decrypted. This data might not compose a complete frame. + // + // The buffer pointer to points to a buffer from the readBufPool. The handle + // should only be returned to the pool once nextFrame and buf are empty. + protectedHandle *[]byte // nextFrame stores the next frame (in protected buffer) info. nextFrame []byte // overhead is the calculated overhead of each frame. - overhead int + overhead int + constPool constBufferPool // stored as a field to avoid heap allocations. } // NewConn creates a new secure channel instance given the other party role and @@ -135,91 +150,131 @@ func NewConn(c net.Conn, side core.Side, recordProtocol string, key []byte, prot // We pre-allocate protected to be of size 32KB during initialization. // We increase the size of the buffer by the required amount if it can't // hold a complete encrypted record. - protectedBuf := make([]byte, max(altsReadBufferInitialSize, len(protected))) + protectedHandle := readBufPool.Get(max(altsReadBufferInitialSize, len(protected))) + protectedBuf := *protectedHandle // Copy additional data from hanshaker service. copy(protectedBuf, protected) protectedBuf = protectedBuf[:len(protected)] altsConn := &conn{ Conn: c, + reader: readyreader.New(c), crypto: crypto, payloadLengthLimit: payloadLengthLimit, - protected: protectedBuf, + protectedHandle: protectedHandle, nextFrame: protectedBuf, overhead: overhead, } return altsConn, nil } +type constBufferPool struct { + buffer []byte +} + +func (p *constBufferPool) Get(int) *[]byte { + return &p.buffer +} + +func (p *constBufferPool) Put(*[]byte) {} + // Read reads and decrypts a frame from the underlying connection, and copies the // decrypted payload into b. If the size of the payload is greater than len(b), // Read retains the remaining bytes in an internal buffer, and subsequent calls // to Read will read from this buffer until it is exhausted. func (p *conn) Read(b []byte) (n int, err error) { + p.constPool.buffer = b + _, n, err = p.ReadOnReady(len(b), &p.constPool) + return n, err +} + +func (p *conn) ReadOnReady(bufSize int, pool mem.BufferPool) (*[]byte, int, error) { if len(p.buf) == 0 { var framedMsg []byte + var protected []byte + if p.protectedHandle != nil { + protected = *p.protectedHandle + protected = protected[:cap(protected)] + } + var err error framedMsg, p.nextFrame, err = ParseFramedMsg(p.nextFrame, altsRecordLengthLimit) if err != nil { - return n, err + return nil, 0, err } // Check whether the next frame to be decrypted has been // completely received yet. if len(framedMsg) == 0 { - copy(p.protected, p.nextFrame) - p.protected = p.protected[:len(p.nextFrame)] + copy(protected, p.nextFrame) + protected = protected[:len(p.nextFrame)] // Always copy next incomplete frame to the beginning of // the protected buffer and reset nextFrame to it. - p.nextFrame = p.protected + p.nextFrame = protected } // Check whether a complete frame has been received yet. for len(framedMsg) == 0 { - if len(p.protected) == cap(p.protected) { + if p.protectedHandle != nil && len(protected) == cap(protected) { // We can parse the length header to know exactly how large // the buffer needs to be to hold the entire frame. - length, didParse := parseMessageLength(p.protected) + length, didParse := parseMessageLength(protected) if !didParse { // The protected buffer is initialized with a capacity of // larger than 4B. It should always hold the message length // header. - panic(fmt.Sprintf("protected buffer length shorter than expected: %d vs %d", len(p.protected), MsgLenFieldSize)) + panic(fmt.Sprintf("protected buffer length shorter than expected: %d vs %d", len(protected), MsgLenFieldSize)) } - oldProtectedBuf := p.protected + oldProtectedBuf := protected + oldBufHandle := p.protectedHandle // The new buffer must be able to hold the message length header // and the entire message. requiredCapacity := int(length) + MsgLenFieldSize - p.protected = make([]byte, requiredCapacity) + p.protectedHandle = readBufPool.Get(requiredCapacity) + protected = *p.protectedHandle // Copy the contents of the old buffer and set the length of the // new buffer to the number of bytes already read. - copy(p.protected, oldProtectedBuf) - p.protected = p.protected[:len(oldProtectedBuf)] + copy(protected, oldProtectedBuf) + protected = protected[:len(oldProtectedBuf)] + readBufPool.Put(oldBufHandle) } - n, err = p.Conn.Read(p.protected[len(p.protected):cap(p.protected)]) - if err != nil { - return 0, err + if p.protectedHandle == nil { + // Connection was idle, need to re-allocate the read buffer. + newBuf, nRead, err := p.reader.ReadOnReady(altsReadBufferInitialSize, readBufPool) + if err != nil { + return nil, 0, err + } + p.protectedHandle = newBuf + protected = (*newBuf)[:nRead] + } else { + nRead, err := p.Conn.Read(protected[len(protected):cap(protected)]) + if err != nil { + return nil, 0, err + } + protected = protected[:len(protected)+nRead] } - p.protected = p.protected[:len(p.protected)+n] - framedMsg, p.nextFrame, err = ParseFramedMsg(p.protected, altsRecordLengthLimit) + framedMsg, p.nextFrame, err = ParseFramedMsg(protected, altsRecordLengthLimit) if err != nil { - return 0, err + return nil, 0, err } } // Now we have a complete frame, decrypted it. msg := framedMsg[MsgLenFieldSize:] msgType := binary.LittleEndian.Uint32(msg[:msgTypeFieldSize]) if msgType&0xff != altsRecordMsgType { - return 0, fmt.Errorf("received frame with incorrect message type %v, expected lower byte %v", + return nil, 0, fmt.Errorf("received frame with incorrect message type %v, expected lower byte %v", msgType, altsRecordMsgType) } ciphertext := msg[msgTypeFieldSize:] // Decrypt directly into the buffer, avoiding a copy from p.buf if // possible. - if len(b) >= len(ciphertext) { - dec, err := p.crypto.Decrypt(b[:0], ciphertext) + if bufSize >= len(ciphertext) { + allocatedBuf := pool.Get(bufSize) + dec, err := p.crypto.Decrypt((*allocatedBuf)[:0], ciphertext) if err != nil { - return 0, err + pool.Put(allocatedBuf) + return nil, 0, err } - return len(dec), nil + p.dropProtectedIfEmtpy() + return allocatedBuf, len(dec), nil } // Decrypt requires that if the dst and ciphertext alias, they // must alias exactly. Code here used to use msg[:0], but msg @@ -230,13 +285,28 @@ func (p *conn) Read(b []byte) (n int, err error) { // check: https://golang.org/pkg/crypto/cipher/#AEAD. p.buf, err = p.crypto.Decrypt(ciphertext[:0], ciphertext) if err != nil { - return 0, err + return nil, 0, err } } - n = copy(b, p.buf) + allocatedBuf := pool.Get(bufSize) + n := copy(*allocatedBuf, p.buf) p.buf = p.buf[n:] - return n, nil + p.dropProtectedIfEmtpy() + return allocatedBuf, n, nil +} + +func (p *conn) dropProtectedIfEmtpy() { + if len(p.buf) > 0 || len(p.nextFrame) > 0 { + return + } + // Potentially idle connection, release the read buffer. + p.nextFrame = nil + p.buf = nil + if p.protectedHandle != nil { + readBufPool.Put(p.protectedHandle) + p.protectedHandle = nil + } } // Write encrypts, frames, and writes bytes from b to the underlying connection. @@ -257,17 +327,11 @@ func (p *conn) Write(b []byte) (n int, err error) { writeBuf := *bufHandle for partialBStart := 0; partialBStart < len(b); partialBStart += partialBSize { - partialBEnd := partialBStart + partialBSize - if partialBEnd > len(b) { - partialBEnd = len(b) - } + partialBEnd := min(partialBStart+partialBSize, len(b)) partialB := b[partialBStart:partialBEnd] writeBufIndex := 0 for len(partialB) > 0 { - payloadLen := len(partialB) - if payloadLen > p.payloadLengthLimit { - payloadLen = p.payloadLengthLimit - } + payloadLen := min(len(partialB), p.payloadLengthLimit) buf := partialB[:payloadLen] partialB = partialB[payloadLen:] diff --git a/vendor/google.golang.org/grpc/experimental/stats/metrics.go b/vendor/google.golang.org/grpc/experimental/stats/metrics.go index 88742724a46..8732e53bde7 100644 --- a/vendor/google.golang.org/grpc/experimental/stats/metrics.go +++ b/vendor/google.golang.org/grpc/experimental/stats/metrics.go @@ -20,10 +20,27 @@ package stats import ( + "context" + "google.golang.org/grpc/internal" "google.golang.org/grpc/stats" ) +type customLabelKey struct{} + +// NewContextWithCustomLabel returns a new context with the provided custom label +// attached. The label will be propagated to all metric instruments specified in gRFC A108. +func NewContextWithCustomLabel(ctx context.Context, label string) context.Context { + return context.WithValue(ctx, customLabelKey{}, label) +} + +// CustomLabelFromContext returns the custom label from the context if it exists. +// If the custom label is not present, it returns an empty string. +func CustomLabelFromContext(ctx context.Context) string { + label, _ := ctx.Value(customLabelKey{}).(string) + return label +} + // MetricsRecorder records on metrics derived from metric registry. // Implementors must embed UnimplementedMetricsRecorder. type MetricsRecorder interface { diff --git a/vendor/google.golang.org/grpc/internal/credentials/xds/handshake_info.go b/vendor/google.golang.org/grpc/internal/credentials/xds/handshake_info.go index 81074bedb40..637254eb42e 100644 --- a/vendor/google.golang.org/grpc/internal/credentials/xds/handshake_info.go +++ b/vendor/google.golang.org/grpc/internal/credentials/xds/handshake_info.go @@ -26,24 +26,46 @@ import ( "errors" "fmt" "strings" - "unsafe" + "sync/atomic" "google.golang.org/grpc/attributes" "google.golang.org/grpc/credentials/tls/certprovider" "google.golang.org/grpc/internal" "google.golang.org/grpc/internal/credentials/spiffe" + "google.golang.org/grpc/internal/envconfig" "google.golang.org/grpc/internal/xds/matcher" "google.golang.org/grpc/resolver" ) func init() { - internal.GetXDSHandshakeInfoForTesting = GetHandshakeInfo + internal.GetXDSHandshakeInfoForTesting = HandshakeInfoFromAttributes } // handshakeAttrKey is the type used as the key to store HandshakeInfo in // the Attributes field of resolver.Address. type handshakeAttrKey struct{} +// hostnameKey is the type used as the key to store the hostname in the +// Attributes field of resolver.Address. +type hostnameKey struct{} + +// SetAddressHostname returns a copy of addr in which the Attributes field is +// updated with the provided hostname. +func SetAddressHostname(addr resolver.Address, hostname string) resolver.Address { + addr.Attributes = addr.Attributes.WithValue(hostnameKey{}, hostname) + return addr +} + +// Hostname returns the endpoint hostname stored in attr. +func Hostname(attr *attributes.Attributes) string { + if attr == nil { + return "" + } + v := attr.Value(hostnameKey{}) + hn, _ := v.(string) + return hn +} + // Equal reports whether the handshake info structs are identical. func (hi *HandshakeInfo) Equal(other *HandshakeInfo) bool { if hi == nil && other == nil { @@ -55,6 +77,9 @@ func (hi *HandshakeInfo) Equal(other *HandshakeInfo) bool { if hi.rootProvider != other.rootProvider || hi.identityProvider != other.identityProvider || hi.requireClientCert != other.requireClientCert || + hi.sni != other.sni || + hi.validateSANUsingSNI != other.validateSANUsingSNI || + hi.useAutoHostSNI != other.useAutoHostSNI || len(hi.sanMatchers) != len(other.sanMatchers) { return false } @@ -68,15 +93,15 @@ func (hi *HandshakeInfo) Equal(other *HandshakeInfo) bool { // SetHandshakeInfo returns a copy of addr in which the Attributes field is // updated with hiPtr. -func SetHandshakeInfo(addr resolver.Address, hiPtr *unsafe.Pointer) resolver.Address { +func SetHandshakeInfo(addr resolver.Address, hiPtr *atomic.Pointer[HandshakeInfo]) resolver.Address { addr.Attributes = addr.Attributes.WithValue(handshakeAttrKey{}, hiPtr) return addr } -// GetHandshakeInfo returns a pointer to the *HandshakeInfo stored in attr. -func GetHandshakeInfo(attr *attributes.Attributes) *unsafe.Pointer { +// HandshakeInfoFromAttributes returns a pointer to the *HandshakeInfo stored in attr. +func HandshakeInfoFromAttributes(attr *attributes.Attributes) *atomic.Pointer[HandshakeInfo] { v := attr.Value(handshakeAttrKey{}) - hi, _ := v.(*unsafe.Pointer) + hi, _ := v.(*atomic.Pointer[HandshakeInfo]) return hi } @@ -86,20 +111,26 @@ func GetHandshakeInfo(attr *attributes.Attributes) *unsafe.Pointer { type HandshakeInfo struct { // All fields written at init time and read only after that, so no // synchronization needed. - rootProvider certprovider.Provider - identityProvider certprovider.Provider - sanMatchers []matcher.StringMatcher // Only on the client side. - requireClientCert bool // Only on server side. + rootProvider certprovider.Provider + identityProvider certprovider.Provider + sanMatchers []matcher.StringMatcher // Only on the client side. + requireClientCert bool // Only on server side. + sni string // Only on client side, used for Server Name Indication in TLS handshake. + validateSANUsingSNI bool // Only on client side, indicates whether to perform validation of SANs based on SNI value. + useAutoHostSNI bool // Only on client side, indicates whether to use endpoint hostname as SNI. } // NewHandshakeInfo returns a new handshake info configured with the provided // options. -func NewHandshakeInfo(rootProvider certprovider.Provider, identityProvider certprovider.Provider, sanMatchers []matcher.StringMatcher, requireClientCert bool) *HandshakeInfo { +func NewHandshakeInfo(rootProvider certprovider.Provider, identityProvider certprovider.Provider, sanMatchers []matcher.StringMatcher, requireClientCert bool, sni string, validateSANUsingSNI bool, useAutoHostSNI bool) *HandshakeInfo { return &HandshakeInfo{ - rootProvider: rootProvider, - identityProvider: identityProvider, - sanMatchers: sanMatchers, - requireClientCert: requireClientCert, + rootProvider: rootProvider, + identityProvider: identityProvider, + sanMatchers: sanMatchers, + requireClientCert: requireClientCert, + sni: sni, + validateSANUsingSNI: validateSANUsingSNI, + useAutoHostSNI: useAutoHostSNI, } } @@ -120,7 +151,13 @@ func (hi *HandshakeInfo) GetSANMatchersForTesting() []matcher.StringMatcher { // ClientSideTLSConfig constructs a tls.Config to be used in a client-side // handshake based on the contents of the HandshakeInfo. -func (hi *HandshakeInfo) ClientSideTLSConfig(ctx context.Context) (*tls.Config, error) { +// +// hostname is passed as a parameter here instead of being part of the +// HandshakeInfo because HandshakeInfo contains cluster-level security +// configuration that applies to all endpoints in the cluster, while hostname is +// specific to each endpoint. This allows sharing a single HandshakeInfo +// instance across multiple endpoints in the same cluster. +func (hi *HandshakeInfo) ClientSideTLSConfig(ctx context.Context, hostname string) (*tls.Config, error) { // On the client side, rootProvider is mandatory. IdentityProvider is // optional based on whether the client is doing TLS or mTLS. if hi.rootProvider == nil { @@ -145,7 +182,17 @@ func (hi *HandshakeInfo) ClientSideTLSConfig(ctx context.Context) (*tls.Config, return nil, fmt.Errorf("xds: fetching trusted roots from CertificateProvider failed: %v", err) } cfg.RootCAs = km.Roots - cfg.VerifyPeerCertificate = hi.buildVerifyFunc(km, true) + + // If AutoHostSNI is true, and the endpoint hostname is present, we use the + // endpoint hostname as the SNI value and also for SAN validation. + // Otherwise, we use the SNI value from HandshakeInfo (which is configured + // by the control plane) and validating SANs based on that. + sni := hi.sni + if hi.useAutoHostSNI && hostname != "" { + sni = hostname + } + + cfg.VerifyPeerCertificate = hi.buildVerifyFunc(km, true, sni) if idProv != nil { km, err := idProv.KeyMaterial(ctx) @@ -154,10 +201,14 @@ func (hi *HandshakeInfo) ClientSideTLSConfig(ctx context.Context) (*tls.Config, } cfg.Certificates = km.Certs } + + if envconfig.XDSSNIEnabled && sni != "" { + cfg.ServerName = sni + } return cfg, nil } -func (hi *HandshakeInfo) buildVerifyFunc(km *certprovider.KeyMaterial, isClient bool) func(rawCerts [][]byte, _ [][]*x509.Certificate) error { +func (hi *HandshakeInfo) buildVerifyFunc(km *certprovider.KeyMaterial, isClient bool, sni string) func(rawCerts [][]byte, _ [][]*x509.Certificate) error { return func(rawCerts [][]byte, _ [][]*x509.Certificate) error { // Parse all raw certificates presented by the peer. var certs []*x509.Certificate @@ -200,7 +251,21 @@ func (hi *HandshakeInfo) buildVerifyFunc(km *certprovider.KeyMaterial, isClient if _, err := certs[0].Verify(opts); err != nil { return err } - // The SANs sent by the MeshCA are encoded as SPIFFE IDs. We need to + + // If XDSSNIEnabled and AutoSNISANValidation are both true and the SNI is + // non-empty, validate only DNS SANs against the SNI. Otherwise, fallback to + // validating all received SANs against the control plane provided SAN + // matchers. + if envconfig.XDSSNIEnabled && hi.validateSANUsingSNI && sni != "" { + // Verify SAN of leaf certificate with SNI using exact DNS matcher. + for _, san := range certs[0].DNSNames { + if dnsMatch(sni, san) { + return nil + } + } + return fmt.Errorf("xds: received DNS SANs: %v do not match the SNI: %s", certs[0].DNSNames, sni) + } + // The SANs sent by the xDS control plane are encoded as SPIFFE IDs. We need to // only look at the SANs on the leaf cert. if cert := certs[0]; !hi.MatchingSANExists(cert) { // TODO: Print the complete certificate once the x509 package @@ -247,7 +312,7 @@ func (hi *HandshakeInfo) ServerSideTLSConfig(ctx context.Context) (*tls.Config, // dropped to tls.RequireAnyClientCert so that custom verification // to use SPIFFE Bundles is done. cfg.ClientAuth = tls.RequireAnyClientCert - cfg.VerifyPeerCertificate = hi.buildVerifyFunc(km, false) + cfg.VerifyPeerCertificate = hi.buildVerifyFunc(km, false, "") } else { cfg.ClientCAs = km.Roots } diff --git a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go index 3ae45faa401..8ca87a57a28 100644 --- a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go +++ b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go @@ -126,6 +126,16 @@ var ( // enabled by setting the env variable // GRPC_EXPERIMENTAL_ENABLE_PRIORITY_LB_CHILD_POLICY_CACHE to true. EnablePriorityLBChildPolicyCache = boolFromEnv("GRPC_EXPERIMENTAL_ENABLE_PRIORITY_LB_CHILD_POLICY_CACHE", false) + + // EnableHTTPFramerReadBufferPooling enables the use of the + // readyreader.Reader interface to perform non-memory-pinning reads, + // provided the underlying net.Conn supports it. This reduces memory usage + // when subchannels are idle. + // + // This environment variable serves as an escape hatch to disable the + // feature if unforeseen issues arise, and it will be removed in a future + // release. + EnableHTTPFramerReadBufferPooling = boolFromEnv("GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING", true) ) func boolFromEnv(envVar string, def bool) bool { diff --git a/vendor/google.golang.org/grpc/internal/envconfig/xds.go b/vendor/google.golang.org/grpc/internal/envconfig/xds.go index 7685d08b54d..333d8a0b06a 100644 --- a/vendor/google.golang.org/grpc/internal/envconfig/xds.go +++ b/vendor/google.golang.org/grpc/internal/envconfig/xds.go @@ -79,4 +79,14 @@ var ( // xDS bootstrap configuration via the `call_creds` field. For more details, // see: https://github.com/grpc/proposal/blob/master/A97-xds-jwt-call-creds.md XDSBootstrapCallCredsEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_BOOTSTRAP_CALL_CREDS", false) + + // XDSSNIEnabled controls if gRPC should send SNI information in xDS + // configured TLS handshakes. For more details, see: + // https://github.com/grpc/proposal/blob/master/A101-SNI-setting-and-SNI-SAN-validation.md + XDSSNIEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_SNI", false) + + // XDSORCAToLRSPropEnabled controls whether ORCA metrics are explicitly + // filtered and prefix-propagated to the LRS server. For more details, see: + // https://github.com/grpc/proposal/blob/master/A85-lrs-custom-metrics-changes.md + XDSORCAToLRSPropEnabled = boolFromEnv("GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION", false) ) diff --git a/vendor/google.golang.org/grpc/internal/mem/buffer_pool.go b/vendor/google.golang.org/grpc/internal/mem/buffer_pool.go index c2348a82efe..2d83b2eced1 100644 --- a/vendor/google.golang.org/grpc/internal/mem/buffer_pool.go +++ b/vendor/google.golang.org/grpc/internal/mem/buffer_pool.go @@ -73,7 +73,7 @@ type BinaryTieredBufferPool struct { func NewBinaryTieredBufferPool(powerOfTwoExponents ...uint8) (*BinaryTieredBufferPool, error) { return newBinaryTiered(func(size int) bufferPool { return newSizedBufferPool(size, true) - }, &simpleBufferPool{shouldZero: true}, powerOfTwoExponents...) + }, &SimpleBufferPool{shouldZero: true}, powerOfTwoExponents...) } // NewDirtyBinaryTieredBufferPool returns a BufferPool backed by multiple @@ -82,7 +82,7 @@ func NewBinaryTieredBufferPool(powerOfTwoExponents ...uint8) (*BinaryTieredBuffe func NewDirtyBinaryTieredBufferPool(powerOfTwoExponents ...uint8) (*BinaryTieredBufferPool, error) { return newBinaryTiered(func(size int) bufferPool { return newSizedBufferPool(size, false) - }, &simpleBufferPool{shouldZero: false}, powerOfTwoExponents...) + }, NewDirtySimplePool(), powerOfTwoExponents...) } func newBinaryTiered(sizedPoolFactory func(int) bufferPool, fallbackPool bufferPool, powerOfTwoExponents ...uint8) (*BinaryTieredBufferPool, error) { @@ -258,7 +258,7 @@ func newSizedBufferPool(size int, zero bool) *sizedBufferPool { // buffer pools for different sizes of buffers. type TieredBufferPool struct { sizedPools []*sizedBufferPool - fallbackPool simpleBufferPool + fallbackPool SimpleBufferPool } // NewTieredBufferPool returns a BufferPool implementation that uses multiple @@ -271,7 +271,7 @@ func NewTieredBufferPool(poolSizes ...int) *TieredBufferPool { } return &TieredBufferPool{ sizedPools: pools, - fallbackPool: simpleBufferPool{shouldZero: true}, + fallbackPool: SimpleBufferPool{shouldZero: true}, } } @@ -297,16 +297,26 @@ func (p *TieredBufferPool) getPool(size int) bufferPool { return p.sizedPools[poolIdx] } -// simpleBufferPool is an implementation of the BufferPool interface that +// SimpleBufferPool is an implementation of the mem.BufferPool interface that // attempts to pool buffers with a sync.Pool. When Get is invoked, it tries to // acquire a buffer from the pool but if that buffer is too small, it returns it // to the pool and creates a new one. -type simpleBufferPool struct { +type SimpleBufferPool struct { pool sync.Pool shouldZero bool } -func (p *simpleBufferPool) Get(size int) *[]byte { +// NewDirtySimplePool constructs a [SimpleBufferPool]. It does not initialize +// the buffers before returning them. Callers must ensure they don't read the +// buffers before writing data to them. +func NewDirtySimplePool() *SimpleBufferPool { + return &SimpleBufferPool{ + shouldZero: false, + } +} + +// Get returns a buffer with specified length from the pool. +func (p *SimpleBufferPool) Get(size int) *[]byte { bs, ok := p.pool.Get().(*[]byte) if ok && cap(*bs) >= size { if p.shouldZero { @@ -333,6 +343,7 @@ func (p *simpleBufferPool) Get(size int) *[]byte { return &b } -func (p *simpleBufferPool) Put(buf *[]byte) { +// Put returns a buffer to the pool. +func (p *SimpleBufferPool) Put(buf *[]byte) { p.pool.Put(buf) } diff --git a/vendor/google.golang.org/grpc/internal/resolver/config_selector.go b/vendor/google.golang.org/grpc/internal/resolver/config_selector.go index f0603871c93..3db62ccad24 100644 --- a/vendor/google.golang.org/grpc/internal/resolver/config_selector.go +++ b/vendor/google.golang.org/grpc/internal/resolver/config_selector.go @@ -115,6 +115,9 @@ type ClientInterceptor interface { // ClientStream after done is called, since the interceptor is invoked by // application-layer operations. done must never be nil when called. NewStream(ctx context.Context, ri RPCInfo, done func(), newStream func(ctx context.Context, done func()) (ClientStream, error)) (ClientStream, error) + // Close closes the interceptor. Once called, no new calls to NewStream are + // accepted. Ongoing calls to NewStream are allowed to complete. + Close() } // ServerInterceptor is an interceptor for incoming RPC's on gRPC server side. @@ -123,6 +126,9 @@ type ServerInterceptor interface { // information about connection RPC was received on, and HTTP Headers. This // information will be piped into context. AllowRPC(ctx context.Context) error // TODO: Make this a real interceptor for filters such as rate limiting. + // Close closes the interceptor. Once called, no new calls to NewStream are + // accepted. Ongoing calls to NewStream are allowed to complete. + Close() } type csKeyType string diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go index c943503f359..d6bc6a6cc73 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go @@ -134,6 +134,8 @@ type http2Client struct { // goAwayDebugMessage contains a detailed human readable string about a // GoAway frame, useful for error messages. goAwayDebugMessage string + // goAwayCode records the http2.ErrCode received with the GoAway frame. + goAwayCode http2.ErrCode // A condition variable used to signal when the keepalive goroutine should // go dormant. The condition for dormancy is based on the number of active // streams and the `PermitWithoutStream` keepalive client parameter. And @@ -147,7 +149,7 @@ type http2Client struct { channelz *channelz.Socket - onClose func(GoAwayReason) + onClose OnCloseFunc bufferPool mem.BufferPool @@ -204,7 +206,7 @@ func isTemporary(err error) bool { // NewHTTP2Client constructs a connected ClientTransport to addr based on HTTP2 // and starts to receive messages on it. Non-nil error returns if construction // fails. -func NewHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts ConnectOptions, onClose func(GoAwayReason)) (_ ClientTransport, err error) { +func NewHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts ConnectOptions, onClose OnCloseFunc) (_ ClientTransport, err error) { scheme := "http" ctx, cancel := context.WithCancel(ctx) defer func() { @@ -1015,7 +1017,7 @@ func (t *http2Client) Close(err error) { // Call t.onClose ASAP to prevent the client from attempting to create new // streams. if t.state != draining { - t.onClose(GoAwayInvalid) + t.onClose(GoAwayInfo{Reason: GoAwayInvalid, GoAwayCode: http2.ErrCodeNo, Err: err}) } t.state = closing streams := t.activeStreams @@ -1086,7 +1088,7 @@ func (t *http2Client) GracefulClose() { if t.logger.V(logLevel) { t.logger.Infof("GracefulClose called") } - t.onClose(GoAwayInvalid) + t.onClose(GoAwayInfo{Reason: GoAwayInvalid, GoAwayCode: http2.ErrCodeNo}) t.state = draining active := len(t.activeStreams) t.mu.Unlock() @@ -1236,7 +1238,10 @@ func (t *http2Client) handleData(f *parsedDataFrame) { // The server has closed the stream without sending trailers. Record that // the read direction is closed, and set the status appropriately. if f.StreamEnded() { - t.closeStream(s, io.EOF, false, http2.ErrCodeNo, status.New(codes.Internal, "server closed the stream without sending trailers"), nil, true) + // If client received END_STREAM from server while stream was still + // active, send RST_STREAM. + rstStream := s.getState() == streamActive + t.closeStream(s, io.EOF, rstStream, http2.ErrCodeNo, status.New(codes.Internal, "server closed the stream without sending trailers"), nil, true) } } @@ -1372,7 +1377,7 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) error { // draining, to allow the client to stop attempting to create streams // before disallowing new streams on this connection. if t.state != draining { - t.onClose(t.goAwayReason) + t.onClose(GoAwayInfo{Reason: t.goAwayReason, GoAwayCode: t.goAwayCode}) t.state = draining } } @@ -1422,6 +1427,7 @@ func (t *http2Client) setGoAwayReason(f *http2.GoAwayFrame) { } else { t.goAwayDebugMessage = fmt.Sprintf("code: %s, debug data: %q", f.ErrCode, string(f.DebugData())) } + t.goAwayCode = f.ErrCode } func (t *http2Client) GetGoAwayReason() (GoAwayReason, string) { diff --git a/vendor/google.golang.org/grpc/internal/transport/http_util.go b/vendor/google.golang.org/grpc/internal/transport/http_util.go index 5bbb641ad90..c34975ffefd 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http_util.go +++ b/vendor/google.golang.org/grpc/internal/transport/http_util.go @@ -36,6 +36,9 @@ import ( "golang.org/x/net/http2" "golang.org/x/net/http2/hpack" "google.golang.org/grpc/codes" + "google.golang.org/grpc/internal/envconfig" + imem "google.golang.org/grpc/internal/mem" + "google.golang.org/grpc/internal/transport/readyreader" "google.golang.org/grpc/mem" ) @@ -296,7 +299,7 @@ func decodeGrpcMessageUnchecked(msg string) string { } type bufWriter struct { - pool *sync.Pool + pool *imem.SimpleBufferPool buf []byte offset int batchSize int @@ -304,7 +307,7 @@ type bufWriter struct { err error } -func newBufWriter(conn io.Writer, batchSize int, pool *sync.Pool) *bufWriter { +func newBufWriter(conn io.Writer, batchSize int, pool *imem.SimpleBufferPool) *bufWriter { w := &bufWriter{ batchSize: batchSize, conn: conn, @@ -326,7 +329,7 @@ func (w *bufWriter) Write(b []byte) (int, error) { return n, toIOError(err) } if w.buf == nil { - b := w.pool.Get().(*[]byte) + b := w.pool.Get(w.batchSize) w.buf = *b } written := 0 @@ -407,22 +410,32 @@ type framer struct { errDetail error } -var writeBufferPoolMap = make(map[int]*sync.Pool) -var writeBufferMutex sync.Mutex +var ioBufferPoolMap = make(map[int]*imem.SimpleBufferPool) +var ioBufferMutex sync.Mutex + +func bufferedReader(r io.Reader, bufSize int) io.Reader { + if bufSize <= 0 { + return r + } + if envconfig.EnableHTTPFramerReadBufferPooling { + if rr := readyreader.NewNonBlocking(r); rr != nil { + readPool := ioBufferPool(bufSize) + return readyreader.NewBuffered(rr, bufSize, readPool) + } + } + return bufio.NewReaderSize(r, bufSize) +} func newFramer(conn io.ReadWriter, writeBufferSize, readBufferSize int, sharedWriteBuffer bool, maxHeaderListSize uint32, memPool mem.BufferPool) *framer { if writeBufferSize < 0 { writeBufferSize = 0 } - var r io.Reader = conn - if readBufferSize > 0 { - r = bufio.NewReaderSize(r, readBufferSize) - } - var pool *sync.Pool + r := bufferedReader(conn, readBufferSize) + var writePool *imem.SimpleBufferPool if sharedWriteBuffer { - pool = getWriteBufferPool(writeBufferSize) + writePool = ioBufferPool(writeBufferSize) } - w := newBufWriter(conn, writeBufferSize, pool) + w := newBufWriter(conn, writeBufferSize, writePool) f := &framer{ writer: w, fr: http2.NewFramer(w, r), @@ -578,20 +591,15 @@ func (df *parsedDataFrame) Header() http2.FrameHeader { return df.FrameHeader } -func getWriteBufferPool(size int) *sync.Pool { - writeBufferMutex.Lock() - defer writeBufferMutex.Unlock() - pool, ok := writeBufferPoolMap[size] +func ioBufferPool(size int) *imem.SimpleBufferPool { + ioBufferMutex.Lock() + defer ioBufferMutex.Unlock() + pool, ok := ioBufferPoolMap[size] if ok { return pool } - pool = &sync.Pool{ - New: func() any { - b := make([]byte, size) - return &b - }, - } - writeBufferPoolMap[size] = pool + pool = imem.NewDirtySimplePool() + ioBufferPoolMap[size] = pool return pool } diff --git a/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_linux.go b/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_linux.go new file mode 100644 index 00000000000..56906c35b3c --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_linux.go @@ -0,0 +1,39 @@ +/* + * + * Copyright 2026 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package readyreader + +import "syscall" + +func isRawConnSupported() bool { + return true +} + +// sysRead uses the standard syscall package rather than the modern unix package +// to avoid triggering the race detector. Because both packages perform sync +// operations on a local variable to satisfy the race detector, mixing them +// for read and write syscalls causes data races. We use syscall here to remain +// consistent with net.Conn implementations in standard library. +func sysRead(fd uintptr, p []byte) (int, error) { + return syscall.Read(int(fd), p) +} + +// wouldBlock checks standard Unix non-blocking errors. +func wouldBlock(err error) bool { + return err == syscall.EAGAIN || err == syscall.EWOULDBLOCK +} diff --git a/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_nonlinux.go b/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_nonlinux.go new file mode 100644 index 00000000000..4d1f3300607 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_nonlinux.go @@ -0,0 +1,35 @@ +//go:build !linux + +/* + * + * Copyright 2026 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package readyreader + +func isRawConnSupported() bool { + return false +} + +// sysRead is not implemented. Support can be added in the future if necessary. +func sysRead(uintptr, []byte) (int, error) { + panic("RawConn functionality is not implemented for non-unix platforms.") +} + +// wouldBlock is not implemented. Support can be added in the future if necessary. +func wouldBlock(error) bool { + panic("RawConn functionality is not implemented for non-unix platforms.") +} diff --git a/vendor/google.golang.org/grpc/internal/transport/readyreader/ready_reader.go b/vendor/google.golang.org/grpc/internal/transport/readyreader/ready_reader.go new file mode 100644 index 00000000000..250a300c73c --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/transport/readyreader/ready_reader.go @@ -0,0 +1,253 @@ +/* + * + * Copyright 2026 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +// Package readyreader provides utilities to perform non-memory-pinning reads. +package readyreader + +import ( + "io" + "net" + "syscall" + + "google.golang.org/grpc/mem" +) + +// Reader is an optional interface that can be implemented by [net.Conn] +// implementations to enable gRPC to perform non-memory-pinning reads. +type Reader interface { + // ReadOnReady waits for data to arrive, fetches a buffer, and performs a + // read. When the underlying IO is readable, it allocates a buffer of size + // bufSize from the pool and reads up to bufSize bytes into the buffer. + // + // It returns a pointer to the buffer so it can be returned to the pool + // later, the number of bytes read, and an error. + // + // Callers should always process the n > 0 bytes returned before considering + // the error. Doing so correctly handles I/O errors that happen after + // reading some bytes, as well as both of the allowed EOF behaviors. + ReadOnReady(bufSize int, pool mem.BufferPool) (b *[]byte, n int, err error) +} + +// nonBlockingReader is optimized for non-memory-pinning reads using the RawConn +// interface. +type nonBlockingReader struct { + raw syscall.RawConn + // The following fields are stored as field to avoid heap allocations. + state readState + doRead func(fd uintptr) bool +} + +type readState struct { + // Request params. + bufSize int + pool mem.BufferPool + + // Response params. + readError error + bytesRead int + buf *[]byte +} + +// NewNonBlocking returns a ReadyReader if the passed reader supports +// non-memory-pinning reads, else nil. +func NewNonBlocking(r io.Reader) Reader { + if rr, ok := r.(Reader); ok { + return rr + } + if !isRawConnSupported() { + return nil + } + // We restrict the types before asserting syscall.Conn. The credentials + // package may return a wrapper that implements syscall.Conn by embedding + // both the raw connection and the encrypted connection. If the code + // attempts to read directly from the raw syscall.RawConn, it would read + // encrypted data. + switch r.(type) { + case *net.TCPConn, *net.UDPConn, *net.UnixConn, *net.IPConn: + default: + return nil + } + sysConn, ok := r.(syscall.Conn) + if !ok { + return nil + } + raw, err := sysConn.SyscallConn() + if err != nil { + return nil + } + rr := &nonBlockingReader{raw: raw} + rr.doRead = func(fd uintptr) bool { + s := &rr.state + + s.buf = s.pool.Get(s.bufSize) + s.bytesRead, s.readError = sysRead(fd, *s.buf) + + if s.readError != nil { + s.pool.Put(s.buf) + s.buf = nil + } + return !wouldBlock(s.readError) + } + return rr +} + +func (c *nonBlockingReader) ReadOnReady(bufSize int, pool mem.BufferPool) (*[]byte, int, error) { + c.state = readState{ + pool: pool, + bufSize: bufSize, + } + err := c.raw.Read(c.doRead) + + buf := c.state.buf + n := c.state.bytesRead + readErr := c.state.readError + c.state = readState{} + + if err != nil { + if buf != nil { + pool.Put(buf) + } + return nil, 0, err + } + if readErr != nil { + // buffer is already released in the callback. + return nil, 0, readErr + } + if n == 0 { + // syscall.Read doesn't consider a graceful socket closure to be an + // error condition, but Go's io.Reader expects an EOF error. + pool.Put(buf) + return nil, 0, io.EOF + } + return buf, n, nil +} + +type blockingReader struct { + reader io.Reader +} + +func (c *blockingReader) ReadOnReady(bufSize int, pool mem.BufferPool) (*[]byte, int, error) { + buf := pool.Get(bufSize) + n, err := c.reader.Read(*buf) + if err != nil { + pool.Put(buf) + return nil, 0, err + } + return buf, n, nil +} + +// New detects if [syscall.RawConn] is available for non-memory-pinning reads. +// If [syscall.RawConn] is unavailable, it falls back to using the simpler +// [io.Reader] interface for reads. +func New(r io.Reader) Reader { + if r := NewNonBlocking(r); r != nil { + return r + } + return &blockingReader{reader: r} +} + +// bufReadyReader implements buffering for a ReadyReader object. +// A new bufReadyReader is created by calling [NewBuffered]. +type bufReadyReader struct { + buf *[]byte + pool mem.BufferPool + bufSize int + rd Reader // reader provided by the caller + r, w int // buf read and write positions + err error + constPool constBufferPool // stored as a field to avoid heap allocations. +} + +// NewBuffered returns a new [io.Reader] with a buffer of the specified size +// which is allocated from the provided pool. +func NewBuffered(rd Reader, size int, pool mem.BufferPool) io.Reader { + return &bufReadyReader{ + rd: rd, + pool: pool, + bufSize: size, + } +} + +func (b *bufReadyReader) readErr() error { + err := b.err + b.err = nil + return err +} + +func (b *bufReadyReader) buffered() int { return b.w - b.r } + +// Read reads data into p. It returns the number of bytes read into p. The +// bytes are taken from at most one Read on the underlying [ReadyReader], +// hence n may be less than len(p). If the underlying [ReadyReader] can return +// a non-zero count with io.EOF, then this Read method can do so as well; see +// the [io.Reader] docs. +func (b *bufReadyReader) Read(p []byte) (n int, err error) { + n = len(p) + if n == 0 { + if b.buffered() > 0 { + return 0, nil + } + return 0, b.readErr() + } + if b.r == b.w { + if b.err != nil { + return 0, b.readErr() + } + if len(p) >= b.bufSize { + // Large read, empty buffer. + // Read directly into p to avoid copy. + b.constPool.buffer = p + _, n, b.err = b.rd.ReadOnReady(len(p), &b.constPool) + return n, b.readErr() + } + // One read. + b.r = 0 + b.w = 0 + b.buf, n, b.err = b.rd.ReadOnReady(b.bufSize, b.pool) + if n == 0 { + if b.buf != nil { + b.pool.Put(b.buf) + b.buf = nil + } + return 0, b.readErr() + } + b.w += n + } + + // copy as much as we can + // b.buf must be non-nil since b.r != b.w. + buf := *b.buf + n = copy(p, buf[b.r:b.w]) + b.r += n + if b.r == b.w { + // Consumed entire buffer, release it. + b.pool.Put(b.buf) + b.buf = nil + } + return n, nil +} + +type constBufferPool struct { + buffer []byte +} + +func (p *constBufferPool) Get(int) *[]byte { + return &p.buffer +} + +func (p *constBufferPool) Put(*[]byte) {} diff --git a/vendor/google.golang.org/grpc/internal/transport/transport.go b/vendor/google.golang.org/grpc/internal/transport/transport.go index b86094da943..1e224576e80 100644 --- a/vendor/google.golang.org/grpc/internal/transport/transport.go +++ b/vendor/google.golang.org/grpc/internal/transport/transport.go @@ -31,6 +31,7 @@ import ( "sync/atomic" "time" + "golang.org/x/net/http2" "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" "google.golang.org/grpc/internal/channelz" @@ -742,6 +743,22 @@ const ( GoAwayTooManyPings GoAwayReason = 2 ) +// GoAwayInfo contains metadata about why a connection was closed. +type GoAwayInfo struct { + // Reason is the parsed reason for an HTTP/2 GOAWAY frame. + Reason GoAwayReason + // GoAwayCode is the raw HTTP/2 error code received in a GOAWAY frame. + GoAwayCode http2.ErrCode + // Err is the underlying error that caused the connection to close. It is + // populated if the connection was closed due to a socket error or context + // cancellation without receiving a GOAWAY frame. If the connection was + // closed due to a GOAWAY frame, this field will be nil. + Err error +} + +// OnCloseFunc is a callback invoked when a ClientTransport closes. +type OnCloseFunc func(GoAwayInfo) + // ContextErr converts the error from context package into a status error. func ContextErr(err error) error { switch err { diff --git a/vendor/google.golang.org/grpc/internal/xds/balancer/cdsbalancer/cdsbalancer.go b/vendor/google.golang.org/grpc/internal/xds/balancer/cdsbalancer/cdsbalancer.go index a73d5ff46c5..08b6b451510 100644 --- a/vendor/google.golang.org/grpc/internal/xds/balancer/cdsbalancer/cdsbalancer.go +++ b/vendor/google.golang.org/grpc/internal/xds/balancer/cdsbalancer/cdsbalancer.go @@ -18,21 +18,14 @@ package cdsbalancer import ( - "context" - "crypto/x509" "encoding/json" "fmt" - "sync/atomic" - "unsafe" "google.golang.org/grpc/attributes" "google.golang.org/grpc/balancer" "google.golang.org/grpc/balancer/base" "google.golang.org/grpc/connectivity" - "google.golang.org/grpc/credentials" - "google.golang.org/grpc/credentials/tls/certprovider" "google.golang.org/grpc/internal/balancer/nop" - xdsinternal "google.golang.org/grpc/internal/credentials/xds" "google.golang.org/grpc/internal/grpclog" "google.golang.org/grpc/internal/pretty" internalserviceconfig "google.golang.org/grpc/internal/serviceconfig" @@ -59,11 +52,6 @@ var ( // balancer because the cdsBalancer does not deal with subConns. return builder.Build(cc, opts), nil } - buildProvider = buildProviderFunc - - // x509SystemCertPoolFunc is used for mocking the system cert pool for - // tests. - x509SystemCertPoolFunc = x509.SystemCertPool ) func init() { @@ -91,34 +79,15 @@ func (bb) Build(cc balancer.ClientConn, opts balancer.BuildOptions) balancer.Bal return nop.NewBalancer(cc, fmt.Errorf("%q LB policy does not implement a config parser", priority.Name)) } - hi := xdsinternal.NewHandshakeInfo(nil, nil, nil, false) - xdsHIPtr := unsafe.Pointer(hi) b := &cdsBalancer{ bOpts: opts, childConfigParser: parser, - xdsHIPtr: &xdsHIPtr, clusterConfigs: make(map[string]*xdsresource.ClusterResult), priorityConfigs: make(map[string]*priorityConfig), + cc: cc, } b.logger = prefixLogger(b) - b.ccw = &ccWrapper{ - ClientConn: cc, - xdsHIPtr: b.xdsHIPtr, - logger: b.logger, - } b.logger.Infof("Created") - - var creds credentials.TransportCredentials - switch { - case opts.DialCreds != nil: - creds = opts.DialCreds - case opts.CredsBundle != nil: - creds = opts.CredsBundle.TransportCredentials() - } - if xc, ok := creds.(interface{ UsesXDS() bool }); ok && xc.UsesXDS() { - b.xdsCredsInUse = true - } - b.logger.Infof("xDS credentials in use: %v", b.xdsCredsInUse) return b } @@ -154,13 +123,10 @@ type cdsBalancer struct { // The following fields are initialized at build time and are either // read-only after that or provide their own synchronization, and therefore // do not need to be guarded by a mutex. - ccw *ccWrapper // ClientConn interface passed to child LB. + cc balancer.ClientConn // ClientConn interface passed to child LB. bOpts balancer.BuildOptions // BuildOptions passed to child LB. childConfigParser balancer.ConfigParser // Config parser for cluster_resolver LB policy. logger *grpclog.PrefixLogger // Prefix logger for all logging. - xdsCredsInUse bool - - xdsHIPtr *unsafe.Pointer // Accessed atomically. // All fields below are accessed only from methods implementing the // balancer.Balancer interface. Since gRPC guarantees that these methods are @@ -182,97 +148,6 @@ type cdsBalancer struct { // names. But to make sure the names across leaf clusters doesn't conflict, // we need a seq ID. This ID is incremented for each new cluster. childNameGeneratorSeqID uint64 - - // The certificate providers are cached here to that they can be closed when - // a new provider is to be created. - cachedRoot certprovider.Provider - cachedIdentity certprovider.Provider -} - -// handleSecurityConfig processes the security configuration received from the -// management server, creates appropriate certificate provider plugins, and -// updates the HandshakeInfo which is added as an address attribute in -// NewSubConn() calls. -func (b *cdsBalancer) handleSecurityConfig(config *xdsresource.SecurityConfig) error { - // If xdsCredentials are not in use, i.e, the user did not want to get - // security configuration from an xDS server, we should not be acting on the - // received security config here. Doing so poses a security threat. - if !b.xdsCredsInUse { - return nil - } - var xdsHI *xdsinternal.HandshakeInfo - - // Security config being nil is a valid case where the management server has - // not sent any security configuration. The xdsCredentials implementation - // handles this by delegating to its fallback credentials. - if config == nil { - // We need to explicitly set the fields to nil here since this might be - // a case of switching from a good security configuration to an empty - // one where fallback credentials are to be used. - xdsHI = xdsinternal.NewHandshakeInfo(nil, nil, nil, false) - atomic.StorePointer(b.xdsHIPtr, unsafe.Pointer(xdsHI)) - return nil - - } - - // A root provider is required whether we are using TLS or mTLS. - cpc := b.xdsClient.BootstrapConfig().CertProviderConfigs() - var rootProvider certprovider.Provider - if config.UseSystemRootCerts { - rootProvider = systemRootCertsProvider{} - } else { - rp, err := buildProvider(cpc, config.RootInstanceName, config.RootCertName, false, true) - if err != nil { - return err - } - rootProvider = rp - } - - // The identity provider is only present when using mTLS. - var identityProvider certprovider.Provider - if name, cert := config.IdentityInstanceName, config.IdentityCertName; name != "" { - var err error - identityProvider, err = buildProvider(cpc, name, cert, true, false) - if err != nil { - return err - } - } - - // Close the old providers and cache the new ones. - if b.cachedRoot != nil { - b.cachedRoot.Close() - } - if b.cachedIdentity != nil { - b.cachedIdentity.Close() - } - b.cachedRoot = rootProvider - b.cachedIdentity = identityProvider - xdsHI = xdsinternal.NewHandshakeInfo(rootProvider, identityProvider, config.SubjectAltNameMatchers, false) - atomic.StorePointer(b.xdsHIPtr, unsafe.Pointer(xdsHI)) - return nil -} - -func buildProviderFunc(configs map[string]*certprovider.BuildableConfig, instanceName, certName string, wantIdentity, wantRoot bool) (certprovider.Provider, error) { - cfg, ok := configs[instanceName] - if !ok { - // Defensive programming. If a resource received from the management - // server contains a certificate provider instance name that is not - // found in the bootstrap, the resource is NACKed by the xDS client. - return nil, fmt.Errorf("certificate provider instance %q not found in bootstrap file", instanceName) - } - provider, err := cfg.Build(certprovider.BuildOptions{ - CertName: certName, - WantIdentity: wantIdentity, - WantRoot: wantRoot, - }) - if err != nil { - // This error is not expected since the bootstrap process parses the - // config and makes sure that it is acceptable to the plugin. Still, it - // is possible that the plugin parses the config successfully, but its - // Build() method errors out. - return nil, fmt.Errorf("xds: failed to get security plugin instance (%+v): %v", cfg, err) - } - return provider, nil } // UpdateClientConnState receives the serviceConfig, xdsConfig, @@ -348,14 +223,6 @@ func (b *cdsBalancer) handleXDSConfigUpdate() error { if clusterUpdate.Err != nil { return clusterUpdate.Err } - - if err := b.handleSecurityConfig(clusterUpdate.Config.Cluster.SecurityCfg); err != nil { - // If the security config is invalid, for example, if the provider - // instance is not found in the bootstrap config, we need to put the - // channel in transient failure. - return b.annotateErrorWithNodeID(fmt.Errorf("received Cluster resource that contains invalid security config: %v", err)) - - } return b.handleClusterUpdate() } @@ -401,7 +268,7 @@ func (b *cdsBalancer) handleClusterUpdate() error { // configuration is then pushed to the child policy. func (b *cdsBalancer) updateChildConfig() error { if b.childLB == nil { - childLB, err := newChildBalancer(b.ccw, b.bOpts) + childLB, err := newChildBalancer(b.cc, b.bOpts) if err != nil { return fmt.Errorf("failed to create child policy of type %s: %v", priority.Name, err) } @@ -424,14 +291,10 @@ func (b *cdsBalancer) updateChildConfig() error { for j := range endpoints[i].Addresses { addr := endpoints[i].Addresses[j] addr.BalancerAttributes = endpoints[i].Attributes - // BalancerAttributes need to be present in endpoint addresses. This - // temporary workaround is required to make load reporting work - // with the old pickfirst policy which creates SubConns with multiple - // addresses. Since the addresses can be from different localities, - // an Address.BalancerAttribute is used to identify the locality of the - // address used by the transport. This workaround can be removed once - // the old pickfirst is removed. - // See https://github.com/grpc/grpc-go/issues/7339 + // BalancerAttributes are used for the following: + // * Authority Override. + // * grpc.lb.backend_service metric label propagation. + // See https://github.com/grpc/grpc-go/issues/6472 endpoints[i].Addresses[j] = addr } } @@ -534,7 +397,7 @@ func (b *cdsBalancer) closeChildPolicyAndReportTF(err error) { b.childLB.Close() b.childLB = nil } - b.ccw.UpdateState(balancer.State{ + b.cc.UpdateState(balancer.State{ ConnectivityState: connectivity.TransientFailure, Picker: base.NewErrPicker(err), }) @@ -547,12 +410,6 @@ func (b *cdsBalancer) Close() { b.childLB.Close() b.childLB = nil } - if b.cachedRoot != nil { - b.cachedRoot.Close() - } - if b.cachedIdentity != nil { - b.cachedIdentity.Close() - } if b.unsubscribe != nil { b.unsubscribe() } @@ -613,50 +470,3 @@ func (b *cdsBalancer) onClusterError(name string, err error) { b.onClusterResourceError(name, err) } } - -// ccWrapper wraps the balancer.ClientConn passed to the CDS balancer at -// creation and intercepts the NewSubConn() and UpdateAddresses() call from the -// child policy to add security configuration required by xDS credentials. -// -// Other methods of the balancer.ClientConn interface are not overridden and -// hence get the original implementation. -type ccWrapper struct { - balancer.ClientConn - - xdsHIPtr *unsafe.Pointer - logger *grpclog.PrefixLogger -} - -// NewSubConn intercepts NewSubConn() calls from the child policy and adds an -// address attribute which provides all information required by the xdsCreds -// handshaker to perform the TLS handshake. -func (ccw *ccWrapper) NewSubConn(addrs []resolver.Address, opts balancer.NewSubConnOptions) (balancer.SubConn, error) { - newAddrs := make([]resolver.Address, len(addrs)) - for i, addr := range addrs { - newAddrs[i] = xdsinternal.SetHandshakeInfo(addr, ccw.xdsHIPtr) - } - - // No need to override opts.StateListener; just forward all calls to the - // child that created the SubConn. - return ccw.ClientConn.NewSubConn(newAddrs, opts) -} - -func (ccw *ccWrapper) UpdateAddresses(sc balancer.SubConn, _ []resolver.Address) { - ccw.logger.Errorf("UpdateAddresses(%v) called unexpectedly", sc) -} - -// systemRootCertsProvider implements a certprovider.Provider that returns the -// system default root certificates for validation. -type systemRootCertsProvider struct{} - -func (systemRootCertsProvider) Close() {} - -func (systemRootCertsProvider) KeyMaterial(context.Context) (*certprovider.KeyMaterial, error) { - rootCAs, err := x509SystemCertPoolFunc() - if err != nil { - return nil, err - } - return &certprovider.KeyMaterial{ - Roots: rootCAs, - }, nil -} diff --git a/vendor/google.golang.org/grpc/internal/xds/balancer/clusterimpl/clusterimpl.go b/vendor/google.golang.org/grpc/internal/xds/balancer/clusterimpl/clusterimpl.go index 371d52e97f9..8c8f00d1de2 100644 --- a/vendor/google.golang.org/grpc/internal/xds/balancer/clusterimpl/clusterimpl.go +++ b/vendor/google.golang.org/grpc/internal/xds/balancer/clusterimpl/clusterimpl.go @@ -27,17 +27,24 @@ import ( "context" "encoding/json" "fmt" + "net" "slices" "sync" + "sync/atomic" "time" "google.golang.org/grpc/balancer" "google.golang.org/grpc/balancer/weightedroundrobin" "google.golang.org/grpc/connectivity" + "google.golang.org/grpc/credentials" + "google.golang.org/grpc/credentials/tls/certprovider" "google.golang.org/grpc/internal/balancer/gracefulswitch" + "google.golang.org/grpc/internal/credentials/xds" "google.golang.org/grpc/internal/grpclog" "google.golang.org/grpc/internal/pretty" xdsinternal "google.golang.org/grpc/internal/xds" + + "google.golang.org/grpc/internal/xds/balancer/clusterimpl/internal" "google.golang.org/grpc/internal/xds/balancer/loadstore" "google.golang.org/grpc/internal/xds/bootstrap" "google.golang.org/grpc/internal/xds/clients" @@ -60,6 +67,7 @@ var ( // tests to give tests visibility into exactly when certain events happen. clientConnUpdateHook = func() {} pickerUpdateHook = func() {} + buildProvider = buildProviderFunc ) func init() { @@ -74,9 +82,22 @@ func (bb) Build(cc balancer.ClientConn, bOpts balancer.BuildOptions) balancer.Ba loadWrapper: loadstore.NewWrapper(), requestCountMax: defaultRequestCountMax, } + b.xdsHIPtr.Store(xds.NewHandshakeInfo(nil, nil, nil, false, "", false, false)) b.logger = prefixLogger(b) b.child = gracefulswitch.NewBalancer(b, bOpts) b.logger.Infof("Created") + + var creds credentials.TransportCredentials + switch { + case bOpts.DialCreds != nil: + creds = bOpts.DialCreds + case bOpts.CredsBundle != nil: + creds = bOpts.CredsBundle.TransportCredentials() + } + if xc, ok := creds.(interface{ UsesXDS() bool }); ok && xc.UsesXDS() { + b.xdsCredsInUse = true + } + b.logger.Infof("xDS credentials in use: %v", b.xdsCredsInUse) return b } @@ -106,29 +127,44 @@ type clusterImplBalancer struct { lrsServer *bootstrap.ServerConfig // Load reporting server configuration. dropCategories []DropConfig // The categories for drops. child *gracefulswitch.Balancer + xdsHIPtr atomic.Pointer[xds.HandshakeInfo] // Accessed atomically as it is shared between the balancer and the transport. + xdsCredsInUse bool + + // The certificate providers are cached here to that they can be closed when + // a new provider is to be created. + cachedRoot certprovider.Provider + cachedIdentity certprovider.Provider // The following fields are protected by mu, since they are accessed in // balancer API methods and in methods called from the child policy. - mu sync.Mutex - clusterName string // The cluster name for credentials handshaking. - inhibitPickerUpdates bool // Inhibits state updates from child policy when processing an update from the parent. - pendingPickerUpdates bool // True if a picker update from the child policy was inhibited when processing an update from the parent. - childState balancer.State // Most recent state update from the child policy. - drops []*dropper // Drops implementation. - requestCounterCluster string // The cluster name for the request counter, from LB config. - requestCounterService string // The service name for the request counter, from LB config. - requestCountMax uint32 // Max concurrent requests, from LB config. - requestCounter *xdsclient.ClusterRequestsCounter // Tracks total inflight requests for a given service. - telemetryLabels map[string]string // Telemetry labels to set on picks, from LB config. + mu sync.Mutex + clusterName string // The cluster name for credentials handshaking. + inhibitPickerUpdates bool // Inhibits state updates from child policy when processing an update from the parent. + pendingPickerUpdates bool // True if a picker update from the child policy was inhibited when processing an update from the parent. + childState balancer.State // Most recent state update from the child policy. + drops []*dropper // Drops implementation. + requestCounterCluster string // The cluster name for the request counter, from LB config. + requestCounterService string // The service name for the request counter, from LB config. + requestCountMax uint32 // Max concurrent requests, from LB config. + requestCounter *xdsclient.ClusterRequestsCounter // Tracks total inflight requests for a given service. + telemetryLabels map[string]string // Telemetry labels to set on picks, from LB config. + lrsReportEndpointMetrics *xdsresource.LRSReportEndpointMetricsConfig // LRS metrics to propagate. } -// handleDropAndRequestCountLocked compares drop and request counter in new -// update with the one currently used by picker, and is protected by b.mu. It -// returns a boolean indicating if a new picker needs to be generated. -func (b *clusterImplBalancer) handleDropAndRequestCountLocked(clusterConfig xdsresource.ClusterConfig) bool { +// handleClusterConfigLocked updates the internal state of the balancer with the +// new cluster configuration. It returns true if a new picker needs to be +// generated as a result of these changes. It must be called with b.mu held. +func (b *clusterImplBalancer) handleClusterConfigLocked(clusterConfig xdsresource.ClusterConfig) bool { clusterUpdate := clusterConfig.Cluster var updatePicker bool + b.telemetryLabels = clusterUpdate.TelemetryLabels + + if !b.lrsReportEndpointMetrics.Equal(clusterUpdate.LRSReportEndpointMetrics) { + b.lrsReportEndpointMetrics = clusterUpdate.LRSReportEndpointMetrics + updatePicker = true + } + var newDrops []DropConfig if clusterUpdate.ClusterType == xdsresource.ClusterTypeEDS { edsUpdate := clusterConfig.EndpointConfig.EDSUpdate @@ -176,6 +212,7 @@ func (b *clusterImplBalancer) newPickerLocked() *picker { countMax: b.requestCountMax, telemetryLabels: b.telemetryLabels, clusterName: b.clusterName, + metrics: b.lrsReportEndpointMetrics, } } @@ -259,6 +296,84 @@ func (b *clusterImplBalancer) updateLoadStore(clusterUpdate *xdsresource.Cluster return nil } +func buildProviderFunc(configs map[string]*certprovider.BuildableConfig, instanceName, certName string, wantIdentity, wantRoot bool) (certprovider.Provider, error) { + cfg := configs[instanceName] + provider, err := cfg.Build(certprovider.BuildOptions{ + CertName: certName, + WantIdentity: wantIdentity, + WantRoot: wantRoot, + }) + if err != nil { + // This error is not expected since the bootstrap process parses the + // config and makes sure that it is acceptable to the plugin. Still, it + // is possible that the plugin parses the config successfully, but its + // Build() method errors out. + return nil, fmt.Errorf("xds: failed to get security plugin instance (%+v): %v", cfg, err) + } + return provider, nil +} + +// handleSecurityConfig processes the security configuration received from the +// management server, creates appropriate certificate provider plugins, and +// updates the HandshakeInfo which is added as an address attribute in +// NewSubConn() calls. +func (b *clusterImplBalancer) handleSecurityConfig(config *xdsresource.SecurityConfig) error { + // If xdsCredentials are not in use, i.e, the user did not want to get + // security configuration from an xDS server, we should not be acting on the + // received security config here. Doing so poses a security threat. + if !b.xdsCredsInUse { + return nil + } + + // Security config being nil is a valid case where the management server has + // not sent any security configuration. The xdsCredentials implementation + // handles this by delegating to its fallback credentials. + if config == nil { + // We need to explicitly set the fields to nil here since this might be + // a case of switching from a good security configuration to an empty + // one where fallback credentials are to be used. + b.xdsHIPtr.Store(xds.NewHandshakeInfo(nil, nil, nil, false, "", false, false)) + return nil + + } + + // A root provider is required whether we are using TLS or mTLS. + cpc := b.xdsClient.BootstrapConfig().CertProviderConfigs() + var rootProvider certprovider.Provider + if config.UseSystemRootCerts { + rootProvider = systemRootCertsProvider{} + } else { + rp, err := buildProvider(cpc, config.RootInstanceName, config.RootCertName, false, true) + if err != nil { + return err + } + rootProvider = rp + } + + // The identity provider is only present when using mTLS. + var identityProvider certprovider.Provider + if name, cert := config.IdentityInstanceName, config.IdentityCertName; name != "" { + var err error + identityProvider, err = buildProvider(cpc, name, cert, true, false) + if err != nil { + return err + } + } + + // Close the old providers and cache the new ones. + if b.cachedRoot != nil { + b.cachedRoot.Close() + } + if b.cachedIdentity != nil { + b.cachedIdentity.Close() + } + b.cachedRoot = rootProvider + b.cachedIdentity = identityProvider + + b.xdsHIPtr.Store(xds.NewHandshakeInfo(rootProvider, identityProvider, config.SubjectAltNameMatchers, false, config.SNI, config.AutoSNISANValidation, config.UseAutoHostSNI)) + return nil +} + func (b *clusterImplBalancer) UpdateClientConnState(s balancer.ClientConnState) error { defer clientConnUpdateHook() @@ -296,7 +411,13 @@ func (b *clusterImplBalancer) UpdateClientConnState(s balancer.ClientConnState) } clusterCfg := xdsConfig.Clusters[newConfig.Cluster] clusterUpdate := clusterCfg.Config.Cluster + if err := b.handleSecurityConfig(clusterUpdate.SecurityCfg); err != nil { + // If the security config is invalid, for example, if the provider + // instance is not found in the bootstrap config, we need to put the + // channel in transient failure. + return fmt.Errorf("received Cluster resource that contains invalid security config: %v", err) + } // Update load reporting config. This needs to be done before updating the // child policy because we need the loadStore from the updated client to be // passed to the ccWrapper, so that the next picker from the child policy @@ -322,15 +443,15 @@ func (b *clusterImplBalancer) UpdateClientConnState(s balancer.ClientConnState) }) b.mu.Lock() - b.telemetryLabels = clusterUpdate.TelemetryLabels + updatePicker := b.handleClusterConfigLocked(clusterCfg.Config) // We want to send a picker update to the parent if one of the two // conditions are met: - // - drop/request config has changed *and* there is already a picker from - // the child, or + // - drop/request count config or LRS metrics config has changed *and* there + // is already a picker from the child, or // - there is a pending picker update from the child (and this covers the // case where the drop/request config has not changed, but the child sent // a picker update while we were still processing config from our parent). - if (b.handleDropAndRequestCountLocked(clusterCfg.Config) && b.childState.Picker != nil) || b.pendingPickerUpdates { + if (updatePicker && b.childState.Picker != nil) || b.pendingPickerUpdates { b.pendingPickerUpdates = false b.ClientConn.UpdateState(balancer.State{ ConnectivityState: b.childState.ConnectivityState, @@ -378,6 +499,12 @@ func (b *clusterImplBalancer) Close() { b.cancelLoadReport(stopCtx) b.cancelLoadReport = nil } + if b.cachedRoot != nil { + b.cachedRoot.Close() + } + if b.cachedIdentity != nil { + b.cachedIdentity.Close() + } b.logger.Infof("Shutdown") } @@ -446,6 +573,20 @@ func (b *clusterImplBalancer) NewSubConn(addrs []resolver.Address, opts balancer newAddrs := make([]resolver.Address, len(addrs)) for i, addr := range addrs { newAddrs[i] = xdsinternal.SetXDSHandshakeClusterName(addr, clusterName) + newAddrs[i] = xds.SetHandshakeInfo(newAddrs[i], &b.xdsHIPtr) + + hostname := xdsresource.Hostname(addr) + // If the hostname contains a port, strip it. Per [RFC 6066, Section + // 3](https://www.rfc-editor.org/rfc/rfc6066.html#section-3), the SNI + // may only contain a qualified DNS hostname, which excludes port + // numbers. + h, _, err := net.SplitHostPort(hostname) + if err == nil { + hostname = h + } + // Store hostname in the address attributes, so that it can be used in + // the client handshake. + newAddrs[i] = xds.SetAddressHostname(newAddrs[i], hostname) } var sc balancer.SubConn scw := &scWrapper{} @@ -472,3 +613,17 @@ func (b *clusterImplBalancer) RemoveSubConn(sc balancer.SubConn) { func (b *clusterImplBalancer) UpdateAddresses(sc balancer.SubConn, _ []resolver.Address) { b.logger.Errorf("UpdateAddresses(%v) called unexpectedly", sc) } + +// systemRootCertsProvider implements a certprovider.Provider that returns the +// system default root certificates for validation. +type systemRootCertsProvider struct{} + +func (systemRootCertsProvider) Close() {} + +func (systemRootCertsProvider) KeyMaterial(context.Context) (*certprovider.KeyMaterial, error) { + rootCAs, err := internal.X509SystemCertPoolFunc() + if err != nil { + return nil, err + } + return &certprovider.KeyMaterial{Roots: rootCAs}, nil +} diff --git a/vendor/google.golang.org/grpc/internal/xds/balancer/clusterimpl/internal/internal.go b/vendor/google.golang.org/grpc/internal/xds/balancer/clusterimpl/internal/internal.go new file mode 100644 index 00000000000..711896bc1b1 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/xds/balancer/clusterimpl/internal/internal.go @@ -0,0 +1,25 @@ +/* + * Copyright 2026 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +// Package internal contains code internal to the clusterimpl package. +package internal + +import "crypto/x509" + +// X509SystemCertPoolFunc is used for overriding the system cert pool for +// tests. +var X509SystemCertPoolFunc = x509.SystemCertPool diff --git a/vendor/google.golang.org/grpc/internal/xds/balancer/clusterimpl/picker.go b/vendor/google.golang.org/grpc/internal/xds/balancer/clusterimpl/picker.go index ddead1375d0..b808f6dd7bd 100644 --- a/vendor/google.golang.org/grpc/internal/xds/balancer/clusterimpl/picker.go +++ b/vendor/google.golang.org/grpc/internal/xds/balancer/clusterimpl/picker.go @@ -26,11 +26,13 @@ import ( "google.golang.org/grpc/balancer" "google.golang.org/grpc/codes" "google.golang.org/grpc/connectivity" + "google.golang.org/grpc/internal/envconfig" "google.golang.org/grpc/internal/stats" "google.golang.org/grpc/internal/wrr" xdsinternal "google.golang.org/grpc/internal/xds" "google.golang.org/grpc/internal/xds/clients" "google.golang.org/grpc/internal/xds/xdsclient" + "google.golang.org/grpc/internal/xds/xdsclient/xdsresource" "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" ) @@ -90,6 +92,7 @@ type picker struct { countMax uint32 telemetryLabels map[string]string clusterName string + metrics *xdsresource.LRSReportEndpointMetricsConfig } func telemetryLabels(ctx context.Context) map[string]string { @@ -183,8 +186,29 @@ func (d *picker) Pick(info balancer.PickInfo) (balancer.PickResult, error) { if !ok || load == nil { return } - for n, c := range load.NamedMetrics { - d.loadStore.CallServerLoad(locality, n, c) + + if envconfig.XDSORCAToLRSPropEnabled { + if d.metrics != nil { + if d.metrics.CPUUtilization { + d.loadStore.CallServerLoad(locality, "cpu_utilization", load.CpuUtilization) + } + if d.metrics.MemUtilization { + d.loadStore.CallServerLoad(locality, "mem_utilization", load.MemUtilization) + } + if d.metrics.ApplicationUtilization { + d.loadStore.CallServerLoad(locality, "application_utilization", load.ApplicationUtilization) + } + for n, c := range load.NamedMetrics { + _, ok := d.metrics.NamedMetrics[n] + if d.metrics.NamedMetricsAll || ok { + d.loadStore.CallServerLoad(locality, "named_metrics."+n, c) + } + } + } + } else { + for n, c := range load.NamedMetrics { + d.loadStore.CallServerLoad(locality, n, c) + } } } } diff --git a/vendor/google.golang.org/grpc/internal/xds/balancer/priority/balancer_child.go b/vendor/google.golang.org/grpc/internal/xds/balancer/priority/balancer_child.go index 4cc4ae98805..ad5b5a8f7a5 100644 --- a/vendor/google.golang.org/grpc/internal/xds/balancer/priority/balancer_child.go +++ b/vendor/google.golang.org/grpc/internal/xds/balancer/priority/balancer_child.go @@ -116,8 +116,15 @@ func (cb *childBalancer) sendUpdate() { ResolverState: cb.rState, BalancerConfig: cb.config, }) + // Report TF if update to the child fails. if err != nil { cb.parent.logger.Warningf("Failed to update state for child policy %q: %v", cb.name, err) + cb.reportedTF = true + cb.state = balancer.State{ + ConnectivityState: connectivity.TransientFailure, + Picker: base.NewErrPicker(err), + } + cb.parent.handleChildStateUpdate(cb.name, cb.state) } } diff --git a/vendor/google.golang.org/grpc/internal/xds/clients/config.go b/vendor/google.golang.org/grpc/internal/xds/clients/config.go index f106465f646..aa89d2b1cee 100644 --- a/vendor/google.golang.org/grpc/internal/xds/clients/config.go +++ b/vendor/google.golang.org/grpc/internal/xds/clients/config.go @@ -109,4 +109,32 @@ type MetricsReporter interface { // Each client will produce different metrics. Please see the client's // documentation for a list of possible metrics events. ReportMetric(metric any) + + // RegisterAsyncReporter registers a reporter to produce metric values for + // the set of metrics supported by the client. See the metrics sub-package + // for the specific client (e.g. internal/xds/clients/xdsclient/metrics/metrics.go) + // for the list of supported metrics. The returned function must be called + // when the metrics are no longer needed, which will remove the reporter. + // The function is expected to be idempotent. + // + // Once the returned cancel function is called, the Report method on the + // registered reporter is guaranteed not to be called again. + RegisterAsyncReporter(reporter AsyncReporter) func() +} + +// AsyncReporter records metrics asynchronously. +// Implementations must be concurrent-safe. +// The metric will be recorded once per collection cycle, rather than every time +// its value changes. +type AsyncReporter interface { + // Report records metric values using the provided recorder. + Report(AsyncMetricsRecorder) error +} + +// AsyncMetricsRecorder is a recorder for async metrics (i.e the metric will be +// recorded once per collection cycle, rather than every time its value changes). +type AsyncMetricsRecorder interface { + // ReportMetric reports a metric. The metric will be one of the predefined + // set of types in the internal/xds/clients/xdsclient/metrics/metrics.go file. + ReportMetric(metric any) } diff --git a/vendor/google.golang.org/grpc/internal/xds/clients/lrsclient/lrs_stream.go b/vendor/google.golang.org/grpc/internal/xds/clients/lrsclient/lrs_stream.go index 9a95983b0f6..9a45bea11fa 100644 --- a/vendor/google.golang.org/grpc/internal/xds/clients/lrsclient/lrs_stream.go +++ b/vendor/google.golang.org/grpc/internal/xds/clients/lrsclient/lrs_stream.go @@ -25,6 +25,7 @@ import ( "google.golang.org/grpc/grpclog" "google.golang.org/grpc/internal/backoff" + "google.golang.org/grpc/internal/envconfig" igrpclog "google.golang.org/grpc/internal/grpclog" "google.golang.org/grpc/internal/pretty" "google.golang.org/grpc/internal/xds/clients" @@ -244,12 +245,39 @@ func (lrs *streamImpl) sendLoadStatsRequest(stream clients.Stream, loads []*load localityStats := make([]*v3endpointpb.UpstreamLocalityStats, 0, len(sd.localityStats)) for lid, localityData := range sd.localityStats { loadMetricStats := make([]*v3endpointpb.EndpointLoadMetricStats, 0, len(localityData.loadStats)) + var cpuUtilization, memUtilization, appUtilization *v3endpointpb.UnnamedEndpointLoadMetricStats for name, loadData := range localityData.loadStats { - loadMetricStats = append(loadMetricStats, &v3endpointpb.EndpointLoadMetricStats{ - MetricName: name, - NumRequestsFinishedWithMetric: loadData.count, - TotalMetricValue: loadData.sum, - }) + if envconfig.XDSORCAToLRSPropEnabled { + switch name { + case "cpu_utilization": + cpuUtilization = &v3endpointpb.UnnamedEndpointLoadMetricStats{ + NumRequestsFinishedWithMetric: loadData.count, + TotalMetricValue: loadData.sum, + } + case "mem_utilization": + memUtilization = &v3endpointpb.UnnamedEndpointLoadMetricStats{ + NumRequestsFinishedWithMetric: loadData.count, + TotalMetricValue: loadData.sum, + } + case "application_utilization": + appUtilization = &v3endpointpb.UnnamedEndpointLoadMetricStats{ + NumRequestsFinishedWithMetric: loadData.count, + TotalMetricValue: loadData.sum, + } + default: + loadMetricStats = append(loadMetricStats, &v3endpointpb.EndpointLoadMetricStats{ + MetricName: name, + NumRequestsFinishedWithMetric: loadData.count, + TotalMetricValue: loadData.sum, + }) + } + } else { + loadMetricStats = append(loadMetricStats, &v3endpointpb.EndpointLoadMetricStats{ + MetricName: name, + NumRequestsFinishedWithMetric: loadData.count, + TotalMetricValue: loadData.sum, + }) + } } localityStats = append(localityStats, &v3endpointpb.UpstreamLocalityStats{ Locality: &v3corepb.Locality{ @@ -261,6 +289,9 @@ func (lrs *streamImpl) sendLoadStatsRequest(stream clients.Stream, loads []*load TotalRequestsInProgress: localityData.requestStats.inProgress, TotalErrorRequests: localityData.requestStats.errored, TotalIssuedRequests: localityData.requestStats.issued, + CpuUtilization: cpuUtilization, + MemUtilization: memUtilization, + ApplicationUtilization: appUtilization, LoadMetricStats: loadMetricStats, UpstreamEndpointStats: nil, // TODO: populate for per endpoint loads. }) diff --git a/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/ads_stream.go b/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/ads_stream.go index 24e66b83471..95c5d88b6fe 100644 --- a/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/ads_stream.go +++ b/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/ads_stream.go @@ -22,6 +22,7 @@ import ( "context" "fmt" "sync" + "sync/atomic" "time" "google.golang.org/grpc/grpclog" @@ -111,8 +112,12 @@ type adsStreamImpl struct { // Guards access to the below fields (and to the contents of the map). mu sync.Mutex resourceTypeState map[ResourceType]*resourceTypeState // Map of resource types to their state. - firstRequest bool // False after the first request is sent out. pendingRequests []request // Subscriptions and unsubscriptions are pushed here. + + // The following fields are accessed atomically. + firstRequest atomic.Bool // False after the first request is sent out. + firstStreamCreated atomic.Bool // Set to true after the very first ADS stream is created. + streamEstablished atomic.Bool // Set to true when an ADS stream is established and a response is received, except for the very first stream which is set to true immediately. } // adsStreamOpts contains the options for creating a new ADS Stream. @@ -241,6 +246,7 @@ func (s *adsStreamImpl) runner(ctx context.Context) { stream, err := s.transport.NewStream(ctx, "/envoy.service.discovery.v3.AggregatedDiscoveryService/StreamAggregatedResources") if err != nil { s.logger.Warningf("Failed to create a new ADS streaming RPC: %v", err) + s.streamEstablished.Store(false) s.onError(err, false) return nil } @@ -248,9 +254,11 @@ func (s *adsStreamImpl) runner(ctx context.Context) { s.logger.Infof("ADS stream created") } - s.mu.Lock() - s.firstRequest = true - s.mu.Unlock() + s.firstRequest.Store(true) + if !s.firstStreamCreated.Load() { + s.streamEstablished.Store(true) + s.firstStreamCreated.Store(true) + } // Ensure that the most recently created stream is pushed on the // channel for the `send` goroutine to consume. @@ -383,7 +391,7 @@ func (s *adsStreamImpl) sendMessageLocked(stream clients.Stream, names []string, // The xDS protocol only requires that we send the node proto in the first // discovery request on every stream. Sending the node proto in every // request wastes CPU resources on the client and the server. - if s.firstRequest { + if s.firstRequest.Load() { req.Node = s.nodeProto } @@ -402,7 +410,7 @@ func (s *adsStreamImpl) sendMessageLocked(stream clients.Stream, names []string, s.logger.Warningf("Sending ADS request for type %q, resources: %v, version: %q, nonce: %q failed: %v", url, names, version, nonce, err) return err } - s.firstRequest = false + s.firstRequest.Store(false) if s.logger.V(perRPCVerbosityLevel) { s.logger.Infof("ADS request sent: %v", pretty.ToJSON(req)) @@ -437,10 +445,14 @@ func (s *adsStreamImpl) recv(stream clients.Stream) bool { resources, url, version, nonce, err := s.recvMessage(stream) if err != nil { + if !msgReceived { + s.streamEstablished.Store(false) + } s.onError(err, msgReceived) s.logger.Warningf("ADS stream closed: %v", err) return msgReceived } + s.streamEstablished.Store(true) msgReceived = true // Invoke the onResponse event handler to parse the incoming message and @@ -715,3 +727,7 @@ func (fc *adsFlowControl) wait() bool { return fc.stopped } + +func (s *adsStreamImpl) isStreamEstablished() bool { + return s.streamEstablished.Load() +} diff --git a/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/authority.go b/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/authority.go index 3aff20bb43c..3b5666bf1bb 100644 --- a/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/authority.go +++ b/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/authority.go @@ -934,3 +934,56 @@ func (a *authority) resourceWatchStateForTesting(rType ResourceType, resourceNam return state, err } + +// resourceStats returns a snapshot of the current state of all resources watched +// by this authority. The return value is a nested map where: +// - The outer map's key is the resource type name (e.g., "ListenerResource"). +// - The inner map's key is the cache state of the resource (e.g., "requested", +// "acked", "nacked", "does_not_exist"). +// - The inner map's value is the total count of resources in that specific state. +func (a *authority) resourceStats() map[string]map[string]int { + ret := make(chan map[string]map[string]int, 1) + op := func(context.Context) { + summary := make(map[string]map[string]int) + for rType, resourceMap := range a.resources { + typeName := rType.TypeName + if _, ok := summary[typeName]; !ok { + summary[typeName] = make(map[string]int) + } + for _, state := range resourceMap { + s := cacheState(state) + summary[typeName][s]++ + } + } + + ret <- summary + } + a.xdsClientSerializer.ScheduleOr(op, func() { + ret <- nil + }) + + return <-ret +} + +// cacheState determines the metrics label string for a given resource state. +func cacheState(r *resourceState) string { + switch r.md.Status { + case xdsresource.ServiceStatusRequested: + return "requested" + case xdsresource.ServiceStatusNotExist: + return "does_not_exist" + case xdsresource.ServiceStatusACKed: + return "acked" + case xdsresource.ServiceStatusNACKed: + // If the status is NACKed, it means the *latest* update failed. + // However, if 'r.cache' is not nil, it means we are still holding onto + // a previously ACKed version of the resource. + if r.cache != nil { + return "nacked_but_cached" + } + return "nacked" + default: + // Fallback for initialization states + return "requested" + } +} diff --git a/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/channel.go b/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/channel.go index b4c3e65be00..354c0496539 100644 --- a/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/channel.go +++ b/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/channel.go @@ -214,12 +214,7 @@ func (xc *xdsChannel) onResponse(resp response, onDone func()) ([]string, error) return nil, xdsresource.NewErrorf(xdsresource.ErrorTypeResourceTypeUnsupported, "Resource type URL %q unknown in response from server", resp.typeURL) } - // Decode the resources and build the list of resource names to return. - opts := &DecodeOptions{ - Config: xc.clientConfig, - ServerConfig: xc.serverConfig, - } - updates, md, err := decodeResponse(opts, &rType, resp) + updates, md, err := xc.decodeResponse(&rType, resp) var names []string for name := range updates { names = append(names, name) @@ -243,12 +238,16 @@ func (xc *xdsChannel) onResponse(resp response, onDone func()) ([]string, error) // If there are any errors decoding the resources, the metadata will indicate // that the update was NACKed, and the returned error will contain information // about all errors encountered by this function. -func decodeResponse(opts *DecodeOptions, rType *ResourceType, resp response) (map[string]dataAndErrTuple, xdsresource.UpdateMetadata, error) { +func (xc *xdsChannel) decodeResponse(rType *ResourceType, resp response) (map[string]dataAndErrTuple, xdsresource.UpdateMetadata, error) { timestamp := time.Now() md := xdsresource.UpdateMetadata{ Version: resp.version, Timestamp: timestamp, } + opts := &DecodeOptions{ + Config: xc.clientConfig, + ServerConfig: xc.serverConfig, + } topLevelErrors := make([]error, 0) // Tracks deserialization errors, where we don't have a resource name. perResourceErrors := make(map[string]error) // Tracks resource validation errors, where we have a resource name. @@ -268,6 +267,10 @@ func decodeResponse(opts *DecodeOptions, rType *ResourceType, resp response) (ma // Name field of the result is left unpopulated only when resource // deserialization fails. name := "" + if result == nil && err == nil { + xc.logger.Errorf("Decode() returned nil result and nil error for resource: %v", r) + continue + } if result != nil { name = xdsresource.ParseName(result.Name).String() } diff --git a/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/metrics/metrics.go b/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/metrics/metrics.go index 2e14efb1ae9..fa1277cf33b 100644 --- a/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/metrics/metrics.go +++ b/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/metrics/metrics.go @@ -19,6 +19,9 @@ // Package metrics defines all metrics that can be produced by an xDS client. // All calls to the MetricsRecorder by the xDS client will contain a struct // from this package passed by pointer. +// +// For definitions of these metrics and their labels, see gRFC A78: +// https://github.com/grpc/proposal/blob/master/A78-grpc-metrics-wrr-xds.md package metrics // ResourceUpdateValid is a metric to report a valid resource update from @@ -40,3 +43,22 @@ type ResourceUpdateInvalid struct { type ServerFailure struct { ServerURI string } + +// XDSClientConnected reports the connectivity state of the ADS stream. +// Per gRFC A78, Value is 1 if connected, and 0 otherwise. +// This metric provides the labels grpc.target and grpc.xds.server. +type XDSClientConnected struct { + ServerURI string + Value int64 +} + +// XDSClientResourceStats reports the current cache states of xDS resources. +// For label definitions, see gRFC A78. +// This metric provides the labels grpc.target, grpc.xds.authority, +// grpc.xds.cache_state, and grpc.xds.resource_type. +type XDSClientResourceStats struct { + Authority string + ResourceType string + CacheState string + Count int64 +} diff --git a/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/xdsclient.go b/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/xdsclient.go index b1c6955484d..ad82e7fd126 100644 --- a/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/xdsclient.go +++ b/vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/xdsclient.go @@ -95,6 +95,8 @@ type XDSClient struct { // Once all references to a channel are dropped, the channel is closed. channelsMu sync.Mutex xdsActiveChannels map[ServerConfig]*channelState // Map from server config to in-use xdsChannels. + + metricsCleanup func() } // New returns a new xDS Client configured with the provided config. @@ -114,6 +116,11 @@ func New(config Config) (*XDSClient, error) { if err != nil { return nil, err } + // Register this client instance as an Async Reporter. + if client.metricsReporter != nil { + reporter := &xdsClientMetricReporter{c: client} + client.metricsCleanup = client.metricsReporter.RegisterAsyncReporter(reporter) + } return client, nil } @@ -171,6 +178,9 @@ func (c *XDSClient) Close() { if c.done.HasFired() { return } + if c.metricsCleanup != nil { + c.metricsCleanup() + } c.done.Fire() c.topLevelAuthority.close() @@ -441,3 +451,66 @@ func resourceWatchStateForTesting(c *XDSClient, rType ResourceType, resourceName return a.resourceWatchStateForTesting(rType, resourceName) } + +// xdsClientMetricReporter is a wrapper around XDSClient used solely for +// reporting metrics. We create this separate type to implement the +// clients.AsyncReporter interface, preventing its Report method from +// becoming part of the public XDSClient API. This is especially important +// because the AsyncReporter interface is experimental, and we want to +// avoid coupling experimental changes to the stable XDSClient API. +type xdsClientMetricReporter struct { + c *XDSClient +} + +// Report implements clients.AsyncReporter. +// This is the entry point invoked by the metrics system during a scrape. +func (r *xdsClientMetricReporter) Report(rec clients.AsyncMetricsRecorder) error { + r.c.reportConnectedState(rec) + r.c.reportResourceStats(rec) + return nil +} + +// reportConnectedState handles the "grpc.xds_client.connected" metric. +func (c *XDSClient) reportConnectedState(rec clients.AsyncMetricsRecorder) { + c.channelsMu.Lock() + defer c.channelsMu.Unlock() + + for _, cs := range c.xdsActiveChannels { + val := int64(0) + if cs.channel.ads.isStreamEstablished() { + val = 1 + } + + rec.ReportMetric(&metrics.XDSClientConnected{ + ServerURI: cs.serverConfig.ServerIdentifier.ServerURI, + Value: val, + }) + } +} + +// reportResourceStats handles the "grpc.xds_client.resources" metric. +func (c *XDSClient) reportResourceStats(rec clients.AsyncMetricsRecorder) { + reportForAuthority := func(a *authority) { + stats := a.resourceStats() + for resourceType, stateCounts := range stats { + for cacheState, count := range stateCounts { + if count > 0 { + authorityName := a.name + if authorityName == "" { + authorityName = "#old" + } + rec.ReportMetric(&metrics.XDSClientResourceStats{ + Authority: authorityName, + ResourceType: resourceType, + CacheState: cacheState, + Count: int64(count), + }) + } + } + } + } + reportForAuthority(c.topLevelAuthority) + for _, a := range c.authorities { + reportForAuthority(a) + } +} diff --git a/vendor/google.golang.org/grpc/internal/xds/httpfilter/fault/fault.go b/vendor/google.golang.org/grpc/internal/xds/httpfilter/fault/fault.go index 3acd4aec6aa..2d6f8afb800 100644 --- a/vendor/google.golang.org/grpc/internal/xds/httpfilter/fault/fault.go +++ b/vendor/google.golang.org/grpc/internal/xds/httpfilter/fault/fault.go @@ -104,9 +104,17 @@ func (builder) IsTerminal() bool { return false } -var _ httpfilter.ClientInterceptorBuilder = builder{} +func (builder) BuildClientFilter() httpfilter.ClientFilter { + return clientFilter{} +} + +var _ httpfilter.ClientFilterBuilder = builder{} + +type clientFilter struct{} -func (builder) BuildClientInterceptor(cfg, override httpfilter.FilterConfig) (iresolver.ClientInterceptor, error) { +func (clientFilter) Close() {} + +func (clientFilter) BuildClientInterceptor(cfg, override httpfilter.FilterConfig) (iresolver.ClientInterceptor, error) { if cfg == nil { return nil, fmt.Errorf("fault: nil config provided") } @@ -161,6 +169,8 @@ func (i *interceptor) NewStream(ctx context.Context, _ iresolver.RPCInfo, done f return newStream(ctx, done) } +func (i *interceptor) Close() {} + // For overriding in tests var randIntn = rand.IntN var newTimer = time.NewTimer diff --git a/vendor/google.golang.org/grpc/internal/xds/httpfilter/httpfilter.go b/vendor/google.golang.org/grpc/internal/xds/httpfilter/httpfilter.go index 4402f0ebff5..0b004f5c320 100644 --- a/vendor/google.golang.org/grpc/internal/xds/httpfilter/httpfilter.go +++ b/vendor/google.golang.org/grpc/internal/xds/httpfilter/httpfilter.go @@ -16,8 +16,8 @@ * */ -// Package httpfilter contains the HTTPFilter interface and a registry for -// storing and retrieving their implementations. +// Package httpfilter contains interface definitions for xDS-based HTTP filters +// and a registry for filter builders. package httpfilter import ( @@ -31,11 +31,11 @@ type FilterConfig interface { isFilterConfig() } -// Filter defines the parsing functionality of an HTTP filter. A Filter may -// optionally implement either ClientInterceptorBuilder or -// ServerInterceptorBuilder or both, indicating it is capable of working on the -// client side or server side or both, respectively. -type Filter interface { +// Builder defines the parsing functionality of an HTTP filter. A Builder may +// optionally implement either ClientFilterBuilder or ServerFilterBuilder or +// both, indicating it is capable of working on the client side or server side +// or both, respectively. +type Builder interface { // TypeURLs are the proto message types supported by this filter. A filter // will be registered by each of its supported message types. TypeURLs() []string @@ -56,53 +56,79 @@ type Filter interface { IsTerminal() bool } -// ClientInterceptorBuilder constructs a Client Interceptor. If this type is -// implemented by a Filter, it is capable of working on a client. -type ClientInterceptorBuilder interface { - // BuildClientInterceptor uses the FilterConfigs produced above to produce - // an HTTP filter interceptor for clients. config will always be non-nil, - // but override may be nil if no override config exists for the filter. It - // is valid for Build to return a nil Interceptor and a nil error. In this - // case, the RPC will not be intercepted by this filter. +// ClientFilterBuilder is an optional interface that a Builder can implement to +// indicate its capability to build client-side filters. +type ClientFilterBuilder interface { + // BuildClientFilter constructs a ClientFilter. + BuildClientFilter() ClientFilter +} + +// ClientFilter represents the actual filter implementation on the client side. +// Implementations are free to maintain internal state when required, and share +// it across interceptors. Filter instances are retained by the resolver as long +// as they are present in the LDS configuration. +type ClientFilter interface { + // BuildClientInterceptor uses the given FilterConfigs to produce an HTTP + // filter interceptor for clients. config will always be non-nil, but + // override may be nil if no override config exists for the filter. + // + // It is valid for this method to return a nil Interceptor and a nil error. + // In this case, the RPC will not be intercepted by this filter. BuildClientInterceptor(config, override FilterConfig) (iresolver.ClientInterceptor, error) + + // Close is called when the filter is no longer needed. + Close() } -// ServerInterceptorBuilder constructs a Server Interceptor. If this type is -// implemented by a Filter, it is capable of working on a server. -type ServerInterceptorBuilder interface { - // BuildServerInterceptor uses the FilterConfigs produced above to produce - // an HTTP filter interceptor for servers. config will always be non-nil, - // but override may be nil if no override config exists for the filter. It - // is valid for Build to return a nil Interceptor and a nil error. In this - // case, the RPC will not be intercepted by this filter. +// ServerFilterBuilder is an optional interface that a Builder can implement to +// indicate its capability to build server-side filters. +type ServerFilterBuilder interface { + // BuildServerFilter constructs a ServerFilter. + BuildServerFilter() ServerFilter +} + +// ServerFilter represents the actual filter implementation on the server side. +// Implementations are free to maintain internal state when required, and share +// it across interceptors. Filter instances are retained by the server as long +// as they are present in any of the filter chains in the LDS configuration. +type ServerFilter interface { + // BuildServerInterceptor uses the given FilterConfigs to produce + // an HTTP filter interceptor for servers. config will always be non-nil, + // but override may be nil if no override config exists for the filter. + // + // It is valid for this method to return a nil Interceptor and a nil error. + // In this case, the RPC will not be intercepted by this filter. BuildServerInterceptor(config, override FilterConfig) (iresolver.ServerInterceptor, error) + + // Close is called when the filter is no longer needed. + Close() } var ( - // m is a map from scheme to filter. - m = make(map[string]Filter) + // registeredBuilders is a map from scheme to filter builder. + registeredBuilders = make(map[string]Builder) ) -// Register registers the HTTP filter Builder to the filter map. b.TypeURLs() +// Register registers the HTTP Filter Builder with the registry. b.TypeURLs() // will be used as the types for this filter. // // NOTE: this function must only be called during initialization time (i.e. in // an init() function), and is not thread-safe. If multiple filters are // registered with the same type URL, the one registered last will take effect. -func Register(b Filter) { +func Register(b Builder) { for _, u := range b.TypeURLs() { - m[u] = b + registeredBuilders[u] = b } } -// UnregisterForTesting unregisters the HTTP Filter for testing purposes. +// UnregisterForTesting unregisters the HTTP Filter Builder for testing purposes. func UnregisterForTesting(typeURL string) { - delete(m, typeURL) + delete(registeredBuilders, typeURL) } -// Get returns the HTTPFilter registered with typeURL. +// Get returns the HTTP Filter Builder registered with typeURL. // -// If no filter is register with typeURL, nil will be returned. -func Get(typeURL string) Filter { - return m[typeURL] +// If no filter builder is register with typeURL, nil will be returned. +func Get(typeURL string) Builder { + return registeredBuilders[typeURL] } diff --git a/vendor/google.golang.org/grpc/internal/xds/httpfilter/rbac/rbac.go b/vendor/google.golang.org/grpc/internal/xds/httpfilter/rbac/rbac.go index 0155009034e..eb42a7fb1ff 100644 --- a/vendor/google.golang.org/grpc/internal/xds/httpfilter/rbac/rbac.go +++ b/vendor/google.golang.org/grpc/internal/xds/httpfilter/rbac/rbac.go @@ -160,11 +160,17 @@ func (builder) IsTerminal() bool { return false } -var _ httpfilter.ServerInterceptorBuilder = builder{} +func (builder) BuildServerFilter() httpfilter.ServerFilter { + return serverFilter{} +} + +var _ httpfilter.ServerFilterBuilder = builder{} + +type serverFilter struct{} -// BuildServerInterceptor is an optional interface builder implements in order -// to signify it works server side. -func (builder) BuildServerInterceptor(cfg httpfilter.FilterConfig, override httpfilter.FilterConfig) (resolver.ServerInterceptor, error) { +func (serverFilter) Close() {} + +func (serverFilter) BuildServerInterceptor(cfg httpfilter.FilterConfig, override httpfilter.FilterConfig) (resolver.ServerInterceptor, error) { if cfg == nil { return nil, fmt.Errorf("rbac: nil config provided") } @@ -201,3 +207,5 @@ type interceptor struct { func (i *interceptor) AllowRPC(ctx context.Context) error { return i.chainEngine.IsAuthorized(ctx) } + +func (i *interceptor) Close() {} diff --git a/vendor/google.golang.org/grpc/internal/xds/httpfilter/router/router.go b/vendor/google.golang.org/grpc/internal/xds/httpfilter/router/router.go index d3a498d6770..7118ea14b4c 100644 --- a/vendor/google.golang.org/grpc/internal/xds/httpfilter/router/router.go +++ b/vendor/google.golang.org/grpc/internal/xds/httpfilter/router/router.go @@ -37,8 +37,8 @@ func init() { httpfilter.Register(builder{}) } -// IsRouterFilter returns true iff a HTTP filter is a Router filter. -func IsRouterFilter(b httpfilter.Filter) bool { +// IsRouterFilter returns true iff b is a Router filter builder. +func IsRouterFilter(b httpfilter.Builder) bool { _, ok := b.(builder) return ok } @@ -76,12 +76,22 @@ func (builder) IsTerminal() bool { return true } -var ( - _ httpfilter.ClientInterceptorBuilder = builder{} - _ httpfilter.ServerInterceptorBuilder = builder{} -) +func (builder) BuildClientFilter() httpfilter.ClientFilter { + return filter{} +} + +func (builder) BuildServerFilter() httpfilter.ServerFilter { + return filter{} +} + +var _ httpfilter.ClientFilterBuilder = builder{} +var _ httpfilter.ServerFilterBuilder = builder{} + +type filter struct{} + +func (filter) Close() {} -func (builder) BuildClientInterceptor(cfg, override httpfilter.FilterConfig) (iresolver.ClientInterceptor, error) { +func (filter) BuildClientInterceptor(cfg, override httpfilter.FilterConfig) (iresolver.ClientInterceptor, error) { if _, ok := cfg.(config); !ok { return nil, fmt.Errorf("router: incorrect config type provided (%T): %v", cfg, cfg) } @@ -94,7 +104,7 @@ func (builder) BuildClientInterceptor(cfg, override httpfilter.FilterConfig) (ir return nil, nil } -func (builder) BuildServerInterceptor(cfg, override httpfilter.FilterConfig) (iresolver.ServerInterceptor, error) { +func (filter) BuildServerInterceptor(cfg, override httpfilter.FilterConfig) (iresolver.ServerInterceptor, error) { if _, ok := cfg.(config); !ok { return nil, fmt.Errorf("router: incorrect config type provided (%T): %v", cfg, cfg) } diff --git a/vendor/google.golang.org/grpc/internal/xds/resolver/serviceconfig.go b/vendor/google.golang.org/grpc/internal/xds/resolver/serviceconfig.go index 2846412470f..563026a6fa8 100644 --- a/vendor/google.golang.org/grpc/internal/xds/resolver/serviceconfig.go +++ b/vendor/google.golang.org/grpc/internal/xds/resolver/serviceconfig.go @@ -19,7 +19,6 @@ package resolver import ( - "context" "encoding/json" "fmt" "math/bits" @@ -37,7 +36,6 @@ import ( "google.golang.org/grpc/internal/wrr" "google.golang.org/grpc/internal/xds/balancer/clusterimpl" "google.golang.org/grpc/internal/xds/balancer/clustermanager" - "google.golang.org/grpc/internal/xds/httpfilter" "google.golang.org/grpc/internal/xds/xdsclient/xdsresource" "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" @@ -115,6 +113,7 @@ type route struct { m *xdsresource.CompositeMatcher // converted from route matchers actionType xdsresource.RouteActionType // holds route action type clusters wrr.WRR // holds *routeCluster entries + interceptors []iresolver.ClientInterceptor // Interceptors across clusters belonging to this route maxStreamDuration time.Duration retryConfig *xdsresource.RetryConfig hashPolicies []*xdsresource.HashPolicy @@ -161,6 +160,7 @@ type configSelector struct { clusters map[string]*clusterInfo plugins map[string]*clusterInfo httpFilterConfig []xdsresource.HTTPFilter + xdsConfig *xdsresource.XDSConfig } var errNoMatchedRouteFound = status.Errorf(codes.Unavailable, "no matched route was found") @@ -208,6 +208,7 @@ func (cs *configSelector) SelectConfig(rpcInfo iresolver.RPCInfo) (*iresolver.RP atomic.AddInt32(ref, 1) lbCtx := clustermanager.SetPickedCluster(rpcInfo.Context, cluster.name) + lbCtx = xdsresource.NewContextWithXDSConfig(lbCtx, cs.xdsConfig) lbCtx = iringhash.SetXDSRequestHash(lbCtx, cs.generateHash(rpcInfo, rt.hashPolicies)) if rt.autoHostRewrite { lbCtx = clusterimpl.EnableAutoHostRewrite(lbCtx) @@ -336,6 +337,14 @@ func (cs *configSelector) stop() { if cs == nil { return } + + // Stop all interceptors associated with this config selector. + for _, r := range cs.routes { + for _, i := range r.interceptors { + i.Close() + } + } + // If any reference counts drop to zero, a service config update is required // to remove the clusters. Since the old config selector is stopped // after a new one is active, we must trigger a subsequent update to delete @@ -351,50 +360,3 @@ func (cs *configSelector) stop() { } } } - -// newInterceptor builds a chain of client interceptors for the given filters -// and override configuration. The cluster override has the highest priority, -// followed by the route override, and finally the virtual host override. -func newInterceptor(filters []xdsresource.HTTPFilter, clusterOverride, routeOverride, virtualHostOverride map[string]httpfilter.FilterConfig) (iresolver.ClientInterceptor, error) { - if len(filters) == 0 { - return nil, nil - } - interceptors := make([]iresolver.ClientInterceptor, 0, len(filters)) - for _, filter := range filters { - override := clusterOverride[filter.Name] - if override == nil { - override = routeOverride[filter.Name] - } - if override == nil { - override = virtualHostOverride[filter.Name] - } - ib, ok := filter.Filter.(httpfilter.ClientInterceptorBuilder) - if !ok { - // Should not happen if it passed xdsClient validation. - return nil, fmt.Errorf("filter %q does not support use in client", filter.Name) - } - i, err := ib.BuildClientInterceptor(filter.Config, override) - if err != nil { - return nil, fmt.Errorf("error constructing filter: %v", err) - } - if i != nil { - interceptors = append(interceptors, i) - } - } - return &interceptorList{interceptors: interceptors}, nil -} - -type interceptorList struct { - interceptors []iresolver.ClientInterceptor -} - -func (il *interceptorList) NewStream(ctx context.Context, ri iresolver.RPCInfo, _ func(), newStream func(ctx context.Context, _ func()) (iresolver.ClientStream, error)) (iresolver.ClientStream, error) { - for i := len(il.interceptors) - 1; i >= 0; i-- { - ns := newStream - interceptor := il.interceptors[i] - newStream = func(ctx context.Context, done func()) (iresolver.ClientStream, error) { - return interceptor.NewStream(ctx, ri, done, ns) - } - } - return newStream(ctx, func() {}) -} diff --git a/vendor/google.golang.org/grpc/internal/xds/resolver/xds_resolver.go b/vendor/google.golang.org/grpc/internal/xds/resolver/xds_resolver.go index 918ce623efb..8de3a14bdfb 100644 --- a/vendor/google.golang.org/grpc/internal/xds/resolver/xds_resolver.go +++ b/vendor/google.golang.org/grpc/internal/xds/resolver/xds_resolver.go @@ -23,6 +23,8 @@ import ( "context" "fmt" rand "math/rand/v2" + "slices" + "strings" "sync/atomic" estats "google.golang.org/grpc/experimental/stats" @@ -32,6 +34,7 @@ import ( iresolver "google.golang.org/grpc/internal/resolver" "google.golang.org/grpc/internal/wrr" "google.golang.org/grpc/internal/xds/bootstrap" + "google.golang.org/grpc/internal/xds/httpfilter" rinternal "google.golang.org/grpc/internal/xds/resolver/internal" "google.golang.org/grpc/internal/xds/xdsclient" "google.golang.org/grpc/internal/xds/xdsclient/xdsresource" @@ -135,6 +138,7 @@ func (b *xdsResolverBuilder) Build(target resolver.Target, cc resolver.ClientCon xdsClientClose: xdsClientClose, activeClusters: make(map[string]*clusterInfo), activePlugins: make(map[string]*clusterInfo), + httpFilters: make(map[clientFilterKey]httpfilter.ClientFilter), channelID: rand.Uint64(), ldsResourceName: ldsResourceName, @@ -255,6 +259,11 @@ type xdsResolver struct { // plugin name from this map. activePlugins map[string]*clusterInfo curConfigSelector stoppableConfigSelector + // httpFilters is a map from client filter key to client filter instance. It + // lives here so that the resolver can reuse filter instances across config + // updates when the same filter is specified, and to be able to clean up + // filter instances that are no longer used. + httpFilters map[clientFilterKey]httpfilter.ClientFilter } // ResolveNow calls RequestDNSReresolution on the dependency manager. @@ -274,10 +283,15 @@ func (r *xdsResolver) Close() { if r.dm != nil { r.dm.Close() } - if r.xdsClientClose != nil { r.xdsClientClose() } + if r.curConfigSelector != nil { + r.curConfigSelector.stop() + } + for _, cf := range r.httpFilters { + cf.Close() + } r.logger.Infof("Shutdown") } @@ -347,7 +361,7 @@ func (r *xdsResolver) sendNewServiceConfig(cs stoppableConfigSelector) bool { sc := serviceConfigJSON(r.activeClusters, r.activePlugins) if r.logger.V(2) { - r.logger.Infof("For Listener resource %q and RouteConfiguration resource %q, generated service config: %+v", r.ldsResourceName, r.xdsConfig.Listener.APIListener.RouteConfigName, sc) + r.logger.Infof("For Listener resource %q and RouteConfiguration resource %q, generated service config: %s", r.ldsResourceName, r.xdsConfig.Listener.APIListener.RouteConfigName, string(sc)) } // Send the update to the ClientConn. @@ -370,7 +384,7 @@ func (r *xdsResolver) sendNewServiceConfig(cs stoppableConfigSelector) bool { // r.activeClusters for previously-unseen clusters. // // Only executed in the context of a serializer callback. -func (r *xdsResolver) newConfigSelector() (*configSelector, error) { +func (r *xdsResolver) newConfigSelector() (_ *configSelector, err error) { cs := &configSelector{ channelID: r.channelID, xdsNodeID: r.xdsClient.BootstrapConfig().Node().GetId(), @@ -386,10 +400,21 @@ func (r *xdsResolver) newConfigSelector() (*configSelector, error) { clusters: make(map[string]*clusterInfo), plugins: make(map[string]*clusterInfo), httpFilterConfig: r.xdsConfig.Listener.APIListener.HTTPFilters, + xdsConfig: r.xdsConfig, } + defer func() { + if err != nil { + // Stop the config selector if an error occurs during construction + // to ensure that interceptors that were created successfully before + // the error are cleaned up. + cs.stop() + } + }() + for i, rt := range r.xdsConfig.VirtualHost.Routes { clusters := rinternal.NewWRR.(func() wrr.WRR)() + interceptors := []iresolver.ClientInterceptor{} if rt.ClusterSpecifierPlugin != "" { clusterName := clusterSpecifierPluginPrefix + rt.ClusterSpecifierPlugin clusters.Add(&routeCluster{name: clusterName}, 1) @@ -399,21 +424,29 @@ func (r *xdsResolver) newConfigSelector() (*configSelector, error) { } else { for _, wc := range rt.WeightedClusters { clusterName := clusterPrefix + wc.Name - interceptor, err := newInterceptor(r.xdsConfig.Listener.APIListener.HTTPFilters, wc.HTTPFilterConfigOverride, rt.HTTPFilterConfigOverride, r.xdsConfig.VirtualHost.HTTPFilterConfigOverride) + interceptor, err := r.newInterceptor(r.xdsConfig.Listener.APIListener.HTTPFilters, wc.HTTPFilterConfigOverride, rt.HTTPFilterConfigOverride, r.xdsConfig.VirtualHost.HTTPFilterConfigOverride) if err != nil { + // Clean up any interceptors that were successfully built + // for the current route before this error occurred. Note + // that this is not handled by the call to cs.stop() in the + // deferred function. + for _, i := range interceptors { + i.Close() + } return nil, err } clusters.Add(&routeCluster{ name: clusterName, interceptor: interceptor, }, int64(wc.Weight)) + interceptors = append(interceptors, interceptor) ci := r.addOrGetActiveClusterInfo(clusterName, wc.Name) ci.cfg = xdsChildConfig{ChildPolicy: newBalancerConfig(cdsName, cdsBalancerConfig{Cluster: wc.Name})} cs.clusters[clusterName] = ci } } cs.routes[i].clusters = clusters - + cs.routes[i].interceptors = interceptors cs.routes[i].m = xdsresource.RouteToMatcher(rt) cs.routes[i].actionType = rt.ActionType if rt.MaxStreamDuration == nil { @@ -437,6 +470,20 @@ func (r *xdsResolver) newConfigSelector() (*configSelector, error) { atomic.AddInt32(&ci.refCount, 1) } + // Cleanup filter instances that are no longer specified in the current + // listener resource. + filtersInNewConfig := make(map[clientFilterKey]bool) + for _, filter := range r.xdsConfig.Listener.APIListener.HTTPFilters { + filtersInNewConfig[newClientFilterKey(&filter)] = true + } + for key, cf := range r.httpFilters { + if _, ok := filtersInNewConfig[key]; ok { + continue + } + cf.Close() + delete(r.httpFilters, key) + } + return cs, nil } @@ -524,3 +571,106 @@ func (r *xdsResolver) onResourceError(err error) { } r.curConfigSelector = cs } + +// newInterceptor builds a chain of client interceptors for the given filters +// and override configuration. The cluster override has the highest priority, +// followed by the route override, and finally the virtual host override. +// +// Only executed in the context of a serializer callback. +func (r *xdsResolver) newInterceptor(filters []xdsresource.HTTPFilter, clusterOverride, routeOverride, virtualHostOverride map[string]httpfilter.FilterConfig) (_ iresolver.ClientInterceptor, err error) { + interceptors := make([]iresolver.ClientInterceptor, 0, len(filters)) + defer func() { + // Clean up any interceptors that were successfully built before the + // error occurred, to avoid leaking resources. + if err != nil { + for _, i := range interceptors { + i.Close() + } + } + }() + for _, filter := range filters { + override := clusterOverride[filter.Name] + if override == nil { + override = routeOverride[filter.Name] + } + if override == nil { + override = virtualHostOverride[filter.Name] + } + builder, ok := filter.Filter.(httpfilter.ClientFilterBuilder) + if !ok { + // Should not happen if it passed xdsClient validation. + return nil, fmt.Errorf("filter %q does not support use in client", filter.Name) + } + + clientFilter := r.getOrCreateClientFilter(builder, newClientFilterKey(&filter)) + i, err := clientFilter.BuildClientInterceptor(filter.Config, override) + if err != nil { + return nil, fmt.Errorf("failed to build client interceptor for filter %q: %v", filter.Name, err) + } + if i != nil { + interceptors = append(interceptors, i) + } + } + + return &interceptorList{interceptors: interceptors}, nil +} + +// interceptorList is a client interceptor that contains a list of client +// interceptors to execute in order. +type interceptorList struct { + interceptors []iresolver.ClientInterceptor +} + +func (il *interceptorList) NewStream(ctx context.Context, ri iresolver.RPCInfo, _ func(), newStream func(ctx context.Context, _ func()) (iresolver.ClientStream, error)) (iresolver.ClientStream, error) { + for idx := len(il.interceptors) - 1; idx >= 0; idx-- { + ns := newStream + i := il.interceptors[idx] + newStream = func(ctx context.Context, done func()) (iresolver.ClientStream, error) { + return i.NewStream(ctx, ri, done, ns) + } + } + return newStream(ctx, func() {}) +} + +func (il *interceptorList) Close() { + for _, i := range il.interceptors { + i.Close() + } +} + +// getOrCreateClientFilter retrieves an existing client filter from the +// httpFilters map or creates a new one if it doesn't exist. It uses the filter +// builder to create a new client filter and stores it in the httpFilters map +// for future use. +// +// Only executed in the context of a serializer callback. +func (r *xdsResolver) getOrCreateClientFilter(builder httpfilter.ClientFilterBuilder, key clientFilterKey) httpfilter.ClientFilter { + clientFilter, ok := r.httpFilters[key] + if ok { + return clientFilter + } + + cf := builder.BuildClientFilter() + r.httpFilters[key] = cf + return cf +} + +// newClientFilterKey generates a key for the given filter using the filter name +// and type URLs. This is used for storing ClientFilters in a map. +func newClientFilterKey(f *xdsresource.HTTPFilter) clientFilterKey { + typeURLs := slices.Clone(f.Filter.TypeURLs()) + slices.Sort(typeURLs) + return clientFilterKey{ + name: f.Name, + typeURLs: strings.Join(typeURLs, ":"), + } +} + +func (f *clientFilterKey) String() string { + return f.name + ":" + f.typeURLs +} + +type clientFilterKey struct { + name string + typeURLs string +} diff --git a/vendor/google.golang.org/grpc/internal/xds/server/conn_wrapper.go b/vendor/google.golang.org/grpc/internal/xds/server/conn_wrapper.go index 71f5c6a91aa..b2f707fabee 100644 --- a/vendor/google.golang.org/grpc/internal/xds/server/conn_wrapper.go +++ b/vendor/google.golang.org/grpc/internal/xds/server/conn_wrapper.go @@ -97,7 +97,7 @@ func (c *connWrapper) XDSHandshakeInfo() (*xdsinternal.HandshakeInfo, error) { // did not provide any security configuration and therefore we should // return an empty HandshakeInfo here so that the xdsCreds can use the // configured fallback credentials. - return xdsinternal.NewHandshakeInfo(nil, nil, nil, false), nil + return xdsinternal.NewHandshakeInfo(nil, nil, nil, false, "", false, false), nil } cpc := c.parent.xdsC.BootstrapConfig().CertProviderConfigs() @@ -119,7 +119,7 @@ func (c *connWrapper) XDSHandshakeInfo() (*xdsinternal.HandshakeInfo, error) { c.identityProvider = ip c.rootProvider = rp - return xdsinternal.NewHandshakeInfo(c.rootProvider, c.identityProvider, nil, secCfg.RequireClientCert), nil + return xdsinternal.NewHandshakeInfo(c.rootProvider, c.identityProvider, nil, secCfg.RequireClientCert, "", false, false), nil } // PassServerTransport drains the passed in ServerTransport if draining is set, diff --git a/vendor/google.golang.org/grpc/internal/xds/server/filter_chain_manager.go b/vendor/google.golang.org/grpc/internal/xds/server/filter_chain_manager.go index 438c58b91eb..2a12fd73fe7 100644 --- a/vendor/google.golang.org/grpc/internal/xds/server/filter_chain_manager.go +++ b/vendor/google.golang.org/grpc/internal/xds/server/filter_chain_manager.go @@ -18,9 +18,12 @@ package server import ( + "context" "errors" "fmt" - "net" + "net/netip" + "slices" + "strings" "sync/atomic" "google.golang.org/grpc/codes" @@ -64,7 +67,7 @@ func newFilterChainManager(filterChainConfigs *xdsresource.NetworkFilterChainMap if filterChainConfigs != nil { for _, entry := range filterChainConfigs.DstPrefixes { - dstEntry := &destPrefixEntry{net: entry.Prefix} + dstEntry := &destPrefixEntry{prefix: entry.Prefix} for i, srcPrefixes := range entry.SourceTypeArr { if len(srcPrefixes.Entries) == 0 { @@ -74,7 +77,7 @@ func newFilterChainManager(filterChainConfigs *xdsresource.NetworkFilterChainMap dstEntry.srcTypeArr[i] = stDest for _, srcEntryConfig := range srcPrefixes.Entries { srcEntry := &sourcePrefixEntry{ - net: srcEntryConfig.Prefix, + prefix: srcEntryConfig.Prefix, srcPortMap: make(map[int]*filterChain, len(srcEntryConfig.PortMap)), } stDest.srcPrefixes = append(stDest.srcPrefixes, srcEntry) @@ -117,10 +120,27 @@ func (fcm *filterChainManager) filterChainFromConfig(config *xdsresource.Network return fc } +func (fcm *filterChainManager) stop() { + for _, fc := range fcm.filterChains { + urc := fc.usableRouteConfiguration.Load() + if urc.err != nil { + continue + } + for _, vh := range urc.vhs { + for _, r := range vh.routes { + if r.interceptor != nil { + r.interceptor.Close() + } + } + } + fc.stop() + } +} + // destPrefixEntry contains a destination prefix entry and associated source // type matchers. type destPrefixEntry struct { - net *net.IPNet + prefix netip.Prefix srcTypeArr sourceTypesArray } @@ -144,7 +164,7 @@ type sourcePrefixes struct { // sourcePrefixEntry contains a source prefix entry and associated source port // matchers. type sourcePrefixEntry struct { - net *net.IPNet + prefix netip.Prefix srcPortMap map[int]*filterChain } @@ -154,6 +174,7 @@ type sourcePrefixEntry struct { type filterChain struct { securityCfg *xdsresource.SecurityConfig httpFilters []xdsresource.HTTPFilter + serverFilters []httpfilter.ServerFilter // Server filters with reference counts, stored for cleanup purposes. routeConfigName string inlineRouteConfig *xdsresource.RouteConfigUpdate usableRouteConfiguration *atomic.Pointer[usableRouteConfiguration] @@ -177,16 +198,16 @@ type virtualHostWithInterceptors struct { // routeWithInterceptors captures information in a Route, and contains // a usable matcher and also instantiated HTTP Filters. type routeWithInterceptors struct { - matcher *xdsresource.CompositeMatcher - actionType xdsresource.RouteActionType - interceptors []resolver.ServerInterceptor + matcher *xdsresource.CompositeMatcher + actionType xdsresource.RouteActionType + interceptor resolver.ServerInterceptor } type lookupParams struct { - isUnspecifiedListener bool // Whether the server is listening on a wildcard address. - dstAddr net.IP // dstAddr is the local address of an incoming connection. - srcAddr net.IP // srcAddr is the remote address of an incoming connection. - srcPort int // srcPort is the remote port of an incoming connection. + isUnspecifiedListener bool // Whether the server is listening on a wildcard address. + dstAddr netip.Addr // dstAddr is the local address of an incoming connection. + srcAddr netip.Addr // srcAddr is the remote address of an incoming connection. + srcPort int // srcPort is the remote port of an incoming connection. } // lookup returns the most specific matching filter chain to be used for an @@ -202,7 +223,7 @@ func (fcm *filterChainManager) lookup(params lookupParams) (*filterChain, error) } srcType := sourceTypeExternal - if params.srcAddr.Equal(params.dstAddr) || params.srcAddr.IsLoopback() { + if params.srcAddr == params.dstAddr || params.srcAddr.IsLoopback() { srcType = sourceTypeSameOrLoopback } srcPrefixes := filterBySourceType(dstPrefixes, srcType) @@ -229,7 +250,7 @@ func (fcm *filterChainManager) lookup(params lookupParams) (*filterChain, error) // matching algorithm. It takes the complete set of configured filter chain // matchers and returns the most specific matchers based on the destination // prefix match criteria (the prefixes which match the most number of bits). -func filterByDestinationPrefixes(dstPrefixes []*destPrefixEntry, isUnspecified bool, dstAddr net.IP) []*destPrefixEntry { +func filterByDestinationPrefixes(dstPrefixes []*destPrefixEntry, isUnspecified bool, dstAddr netip.Addr) []*destPrefixEntry { if !isUnspecified { // Destination prefix matchers are considered only when the listener is // bound to the wildcard address. @@ -238,18 +259,18 @@ func filterByDestinationPrefixes(dstPrefixes []*destPrefixEntry, isUnspecified b var matchingDstPrefixes []*destPrefixEntry maxSubnetMatch := noPrefixMatch - for _, prefix := range dstPrefixes { - if prefix.net != nil && !prefix.net.Contains(dstAddr) { + for _, entry := range dstPrefixes { + if entry.prefix.IsValid() && !entry.prefix.Contains(dstAddr) { // Skip prefixes which don't match. continue } - // For unspecified prefixes, since we do not store a real net.IPNet + // For unspecified prefixes, since we do not store a real netip.Prefix // inside prefix, we do not perform a match. Instead we simply set // the matchSize to -1, which is less than the matchSize (0) for a // wildcard prefix. matchSize := unspecifiedPrefixMatch - if prefix.net != nil { - matchSize, _ = prefix.net.Mask.Size() + if entry.prefix.IsValid() { + matchSize = entry.prefix.Bits() } if matchSize < maxSubnetMatch { continue @@ -258,7 +279,7 @@ func filterByDestinationPrefixes(dstPrefixes []*destPrefixEntry, isUnspecified b maxSubnetMatch = matchSize matchingDstPrefixes = make([]*destPrefixEntry, 0, 1) } - matchingDstPrefixes = append(matchingDstPrefixes, prefix) + matchingDstPrefixes = append(matchingDstPrefixes, entry) } return matchingDstPrefixes } @@ -272,12 +293,12 @@ func filterBySourceType(dstPrefixes []*destPrefixEntry, srcType sourceType) []*s srcPrefixes []*sourcePrefixes bestSrcTypeMatch sourceType ) - for _, prefix := range dstPrefixes { + for _, entry := range dstPrefixes { match := srcType - srcPrefix := prefix.srcTypeArr[srcType] + srcPrefix := entry.srcTypeArr[srcType] if srcPrefix == nil { match = sourceTypeAny - srcPrefix = prefix.srcTypeArr[sourceTypeAny] + srcPrefix = entry.srcTypeArr[sourceTypeAny] } if match < bestSrcTypeMatch { continue @@ -298,22 +319,22 @@ func filterBySourceType(dstPrefixes []*destPrefixEntry, srcType sourceType) []*s // filterBySourcePrefixes is the third stage of the filter chain matching // algorithm. It trims the filter chains based on the source prefix. At most one // filter chain with the most specific match progress to the next stage. -func filterBySourcePrefixes(srcPrefixes []*sourcePrefixes, srcAddr net.IP) (*sourcePrefixEntry, error) { +func filterBySourcePrefixes(srcPrefixes []*sourcePrefixes, srcAddr netip.Addr) (*sourcePrefixEntry, error) { var matchingSrcPrefixes []*sourcePrefixEntry maxSubnetMatch := noPrefixMatch for _, sp := range srcPrefixes { - for _, prefix := range sp.srcPrefixes { - if prefix.net != nil && !prefix.net.Contains(srcAddr) { + for _, entry := range sp.srcPrefixes { + if entry.prefix.IsValid() && !entry.prefix.Contains(srcAddr) { // Skip prefixes which don't match. continue } - // For unspecified prefixes, since we do not store a real net.IPNet + // For unspecified prefixes, since we do not store a real netip.Prefix // inside prefix, we do not perform a match. Instead we simply set // the matchSize to -1, which is less than the matchSize (0) for a // wildcard prefix. matchSize := unspecifiedPrefixMatch - if prefix.net != nil { - matchSize, _ = prefix.net.Mask.Size() + if entry.prefix.IsValid() { + matchSize = entry.prefix.Bits() } if matchSize < maxSubnetMatch { continue @@ -322,7 +343,7 @@ func filterBySourcePrefixes(srcPrefixes []*sourcePrefixes, srcAddr net.IP) (*sou maxSubnetMatch = matchSize matchingSrcPrefixes = make([]*sourcePrefixEntry, 0, 1) } - matchingSrcPrefixes = append(matchingSrcPrefixes, prefix) + matchingSrcPrefixes = append(matchingSrcPrefixes, entry) } } if len(matchingSrcPrefixes) == 0 { @@ -361,50 +382,71 @@ func filterBySourcePorts(spe *sourcePrefixEntry, srcPort int) *filterChain { return nil } +func (fc *filterChain) stop() { + for _, sf := range fc.serverFilters { + sf.Close() + } +} + +// serverFilterProvider is used to get a ServerFilter. +// +// This functionality is provided by the listener wrapper, which maintains a map +// of reference counted ServerFilters keyed by {filter_name + type_urls} for all +// filters across all filter chains, and ensures that the same filter instance +// is reused across resource updates. This allows filter instances to retain +// state across resource updates. +type serverFilterProvider func(filter xdsresource.HTTPFilter) (httpfilter.ServerFilter, error) + // constructUsableRouteConfiguration takes Route Configuration and converts it // into matchable route configuration, with instantiated HTTP Filters per route. -func (fc *filterChain) constructUsableRouteConfiguration(config xdsresource.RouteConfigUpdate) *usableRouteConfiguration { +func (fc *filterChain) constructUsableRouteConfiguration(config xdsresource.RouteConfigUpdate, provider serverFilterProvider) *usableRouteConfiguration { vhs := make([]virtualHostWithInterceptors, 0, len(config.VirtualHosts)) + var serverFilters []httpfilter.ServerFilter for _, vh := range config.VirtualHosts { - vhwi, err := fc.convertVirtualHost(vh) + vhwi, sfs, err := fc.convertVirtualHost(vh, provider) if err != nil { + for _, sf := range serverFilters { + sf.Close() + } // Non nil if (lds + rds) fails, shouldn't happen since validated by // xDS Client, treat as L7 error but shouldn't happen. return &usableRouteConfiguration{err: fmt.Errorf("virtual host construction: %v", err)} } vhs = append(vhs, vhwi) + serverFilters = append(serverFilters, sfs...) + } + + // Release references to old server filters before replacing with new ones. + for _, sf := range fc.serverFilters { + sf.Close() } + fc.serverFilters = serverFilters + return &usableRouteConfiguration{vhs: vhs} } -func (fc *filterChain) convertVirtualHost(virtualHost *xdsresource.VirtualHost) (virtualHostWithInterceptors, error) { +func (fc *filterChain) convertVirtualHost(virtualHost *xdsresource.VirtualHost, provider serverFilterProvider) (_ virtualHostWithInterceptors, _ []httpfilter.ServerFilter, err error) { + var serverFilters []httpfilter.ServerFilter + defer func() { + if err != nil { + for _, sf := range serverFilters { + sf.Close() + } + } + }() + rs := make([]routeWithInterceptors, len(virtualHost.Routes)) for i, r := range virtualHost.Routes { rs[i].actionType = r.ActionType rs[i].matcher = xdsresource.RouteToMatcher(r) - for _, filter := range fc.httpFilters { - // Route is highest priority on server side, as there is no concept - // of an upstream cluster on server side. - override := r.HTTPFilterConfigOverride[filter.Name] - if override == nil { - // Virtual Host is second priority. - override = virtualHost.HTTPFilterConfigOverride[filter.Name] - } - sb, ok := filter.Filter.(httpfilter.ServerInterceptorBuilder) - if !ok { - // Should not happen if it passed xdsClient validation. - return virtualHostWithInterceptors{}, fmt.Errorf("filter does not support use in server") - } - si, err := sb.BuildServerInterceptor(filter.Config, override) - if err != nil { - return virtualHostWithInterceptors{}, fmt.Errorf("filter construction: %v", err) - } - if si != nil { - rs[i].interceptors = append(rs[i].interceptors, si) - } + interceptor, sfs, err := fc.newInterceptor(r.HTTPFilterConfigOverride, virtualHost.HTTPFilterConfigOverride, provider) + if err != nil { + return virtualHostWithInterceptors{}, nil, err } + serverFilters = append(serverFilters, sfs...) + rs[i].interceptor = interceptor } - return virtualHostWithInterceptors{domains: virtualHost.Domains, routes: rs}, nil + return virtualHostWithInterceptors{domains: virtualHost.Domains, routes: rs}, serverFilters, nil } // statusErrWithNodeID returns an error produced by the status package with the @@ -412,3 +454,100 @@ func (fc *filterChain) convertVirtualHost(virtualHost *xdsresource.VirtualHost) func (rc *usableRouteConfiguration) statusErrWithNodeID(c codes.Code, msg string, args ...any) error { return status.Error(c, fmt.Sprintf("[xDS node id: %v]: %s", rc.nodeID, fmt.Sprintf(msg, args...))) } + +func (fc *filterChain) newInterceptor(routeOverride, virtualHostOverride map[string]httpfilter.FilterConfig, provider serverFilterProvider) (_ resolver.ServerInterceptor, _ []httpfilter.ServerFilter, err error) { + serverFilters := []httpfilter.ServerFilter{} + interceptors := make([]resolver.ServerInterceptor, 0, len(fc.httpFilters)) + defer func() { + if err != nil { + for _, sf := range serverFilters { + sf.Close() + } + for _, i := range interceptors { + i.Close() + } + } + }() + + for _, filter := range fc.httpFilters { + // Route is highest priority on server side, as there is no concept + // of an upstream cluster on server side. + override := routeOverride[filter.Name] + if override == nil { + // Virtual Host is second priority. + override = virtualHostOverride[filter.Name] + } + + serverFilter, err := provider(filter) + if err != nil { + return nil, nil, err + } + serverFilters = append(serverFilters, serverFilter) + i, err := serverFilter.BuildServerInterceptor(filter.Config, override) + if err != nil { + return nil, nil, fmt.Errorf("error constructing filter: %v", err) + } + if i != nil { + interceptors = append(interceptors, i) + } + } + + return &interceptorList{interceptors: interceptors}, serverFilters, nil +} + +type interceptorList struct { + interceptors []resolver.ServerInterceptor +} + +func (il *interceptorList) AllowRPC(ctx context.Context) error { + for _, i := range il.interceptors { + if err := i.AllowRPC(ctx); err != nil { + return err + } + } + return nil +} + +func (il *interceptorList) Close() { + for _, i := range il.interceptors { + i.Close() + } +} + +// refCountedServerFilter wraps a ServerFilter along with a reference count. +// This is used to manage server filters that are shared across filter chains +// within a filter chain manager. +type refCountedServerFilter struct { + httpfilter.ServerFilter + refCnt atomic.Int32 +} + +func (rsf *refCountedServerFilter) incRef() { + rsf.refCnt.Add(1) +} + +func (rsf *refCountedServerFilter) Close() { + if rsf.refCnt.Add(-1) == 0 { + rsf.ServerFilter.Close() + } +} + +// newServerFilterKey generates a key for the given filter using the filter name +// and type URLs. This is used for storing ServerFilters in a map. +func newServerFilterKey(f *xdsresource.HTTPFilter) serverFilterKey { + typeURLs := slices.Clone(f.Filter.TypeURLs()) + slices.Sort(typeURLs) + return serverFilterKey{ + name: f.Name, + typeURLs: strings.Join(typeURLs, ":"), + } +} + +type serverFilterKey struct { + name string + typeURLs string +} + +func (f *serverFilterKey) String() string { + return f.name + ":" + f.typeURLs +} diff --git a/vendor/google.golang.org/grpc/internal/xds/server/listener_wrapper.go b/vendor/google.golang.org/grpc/internal/xds/server/listener_wrapper.go index 7304a60cb86..b7d20b2ba06 100644 --- a/vendor/google.golang.org/grpc/internal/xds/server/listener_wrapper.go +++ b/vendor/google.golang.org/grpc/internal/xds/server/listener_wrapper.go @@ -23,6 +23,7 @@ package server import ( "fmt" "net" + "net/netip" "sync" "time" @@ -34,6 +35,7 @@ import ( "google.golang.org/grpc/internal/grpcsync" "google.golang.org/grpc/internal/xds/bootstrap" "google.golang.org/grpc/internal/xds/clients/xdsclient" + "google.golang.org/grpc/internal/xds/httpfilter" "google.golang.org/grpc/internal/xds/xdsclient/xdsresource" ) @@ -89,9 +91,9 @@ func NewListenerWrapper(params ListenerWrapperParams) net.Listener { modeCallback: params.ModeCallback, isUnspecifiedAddr: params.Listener.Addr().(*net.TCPAddr).IP.IsUnspecified(), conns: make(map[*connWrapper]bool), - - mode: connectivity.ServingModeNotServing, - closed: grpcsync.NewEvent(), + mode: connectivity.ServingModeNotServing, + closed: grpcsync.NewEvent(), + httpFilters: make(map[serverFilterKey]*refCountedServerFilter), } lw.logger = internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf("[xds-server-listener %p] ", lw)) @@ -113,51 +115,31 @@ func NewListenerWrapper(params ListenerWrapperParams) net.Listener { // passed to Serve(). It also contains all other state associated with this // particular invocation of Serve(). type listenerWrapper struct { + // The following fields are initialized at creation and are immutable + // afterwards, so do not need synchronization. net.Listener - logger *internalgrpclog.PrefixLogger - - name string - xdsC XDSClient - xdsNodeID string - cancelWatch func() - modeCallback ServingModeCallback - - // Set to true if the listener is bound to the IP_ANY address (which is - // "0.0.0.0" for IPv4 and "::" for IPv6). - isUnspecifiedAddr bool - // Listening address and port. Used to validate the socket address in the - // Listener resource received from the control plane. - addr, port string - - // A small race exists in the XDSClient code between the receipt of an xDS - // response and the user cancelling the associated watch. In this window, - // the registered callback may be invoked after the watch is canceled, and - // the user is expected to work around this. This event signifies that the - // listener is closed (and hence the watch is cancelled), and we drop any - // updates received in the callback if this event has fired. - closed *grpcsync.Event - - // mu guards access to the current serving mode and the active filter chain - // manager. - mu sync.Mutex - // Current serving mode. - mode connectivity.ServingMode - // Filter chain manager currently serving. - activeFilterChainManager *filterChainManager - // conns accepted with configuration from activeFilterChainManager. - conns map[*connWrapper]bool + logger *internalgrpclog.PrefixLogger + name string + xdsC XDSClient + xdsNodeID string + cancelWatch func() + modeCallback ServingModeCallback + isUnspecifiedAddr bool // True if listener is bound to IP_ANY address. + addr, port string // Listening address and port, validates socket address in LDS responses. + closed *grpcsync.Event + + // mu guards access to the below fields. + mu sync.Mutex + mode connectivity.ServingMode // Current serving mode. + activeFilterChainManager *filterChainManager // Filter chain manager currently serving. + httpFilters map[serverFilterKey]*refCountedServerFilter // HTTP filter instances keyed by {filter_name + type_urls}. + conns map[*connWrapper]bool // conns accepted with configuration from activeFilterChainManager. // These fields are read/written to in the context of xDS updates, which are // guaranteed to be emitted synchronously from the xDS Client. Thus, they do // not need further synchronization. - - // Pending filter chain manager. Will go active once rdsHandler has received - // all the RDS resources this filter chain manager needs. - pendingFilterChainManager *filterChainManager - - // rdsHandler is used for any dynamic RDS resources specified in a LDS - // update. - rdsHandler *rdsHandler + pendingFilterChainManager *filterChainManager // Will become active when all route configurations are ready. + rdsHandler *rdsHandler // Handles RDS watches and updates for this listener. } // maybeUpdateFilterChains swaps in the pending filter chain manager to the @@ -179,16 +161,41 @@ func (l *listenerWrapper) maybeUpdateFilterChains() { // configuration apply." - A36 connsToClose := l.conns l.conns = make(map[*connWrapper]bool) + + // Swap in the new filter chain manager before draining connections. + prevActive := l.activeFilterChainManager l.activeFilterChainManager = l.pendingFilterChainManager l.pendingFilterChainManager = nil l.instantiateFilterChainRoutingConfigurationsLocked() + if prevActive != nil { + prevActive.stop() + } + + // Build a set of all keys currently in use. + activeKeys := make(map[serverFilterKey]struct{}) + for _, fc := range l.activeFilterChainManager.filterChains { + for _, f := range fc.httpFilters { + activeKeys[newServerFilterKey(&f)] = struct{}{} + } + } + + // Iterate through the existing filters and delete those not in the active + // set. + for key, filter := range l.httpFilters { + if _, active := activeKeys[key]; !active { + if filter.refCnt.Load() != 0 { + l.logger.Errorf("HTTP filter with key %s is not used by any active filter chain but has non-zero reference count: %d. This indicates a bug in the filter reference counting logic.", key, filter.refCnt.Load()) + } + delete(l.httpFilters, key) + } + } l.mu.Unlock() + go func() { for conn := range connsToClose { conn.Drain() } }() - } // handleRDSUpdate rebuilds any routing configuration server side for any filter @@ -196,6 +203,7 @@ func (l *listenerWrapper) maybeUpdateFilterChains() { // configuration to swap to be active. func (l *listenerWrapper) handleRDSUpdate(routeName string, rcu rdsWatcherUpdate) { // Update any filter chains that point to this route configuration. + l.mu.Lock() if l.activeFilterChainManager != nil { for _, fc := range l.activeFilterChainManager.filterChains { if fc.routeConfigName != routeName { @@ -207,11 +215,13 @@ func (l *listenerWrapper) handleRDSUpdate(routeName string, rcu rdsWatcherUpdate fc.usableRouteConfiguration.Store(urc) continue } - urc := fc.constructUsableRouteConfiguration(*rcu.data) + urc := fc.constructUsableRouteConfiguration(*rcu.data, l.getOrCreateServerFilterLocked) urc.nodeID = l.xdsNodeID fc.usableRouteConfiguration.Store(urc) } } + l.mu.Unlock() + if l.rdsHandler.determineRouteConfigurationReady() { l.maybeUpdateFilterChains() } @@ -220,11 +230,12 @@ func (l *listenerWrapper) handleRDSUpdate(routeName string, rcu rdsWatcherUpdate // instantiateFilterChainRoutingConfigurationsLocked instantiates all of the // routing configuration for the newly active filter chains. For any inline // route configurations, uses that, otherwise uses cached rdsHandler updates. -// Must be called within an xDS Client Callback. +// +// Must be called with l.mu held. func (l *listenerWrapper) instantiateFilterChainRoutingConfigurationsLocked() { for _, fc := range l.activeFilterChainManager.filterChains { if fc.inlineRouteConfig != nil { - urc := fc.constructUsableRouteConfiguration(*fc.inlineRouteConfig) + urc := fc.constructUsableRouteConfiguration(*fc.inlineRouteConfig, l.getOrCreateServerFilterLocked) urc.nodeID = l.xdsNodeID fc.usableRouteConfiguration.Store(urc) // Can't race with an RPC coming in but no harm making atomic. continue @@ -236,7 +247,7 @@ func (l *listenerWrapper) instantiateFilterChainRoutingConfigurationsLocked() { fc.usableRouteConfiguration.Store(urc) continue } - urc := fc.constructUsableRouteConfiguration(*rcu.data) + urc := fc.constructUsableRouteConfiguration(*rcu.data, l.getOrCreateServerFilterLocked) urc.nodeID = l.xdsNodeID fc.usableRouteConfiguration.Store(urc) // Can't race with an RPC coming in but no harm making atomic. } @@ -297,10 +308,12 @@ func (l *listenerWrapper) Accept() (net.Conn, error) { continue } + destIP, _ := netip.AddrFromSlice(destAddr.IP) + srcIP, _ := netip.AddrFromSlice(srcAddr.IP) fc, err := l.activeFilterChainManager.lookup(lookupParams{ isUnspecifiedListener: l.isUnspecifiedAddr, - dstAddr: destAddr.IP, - srcAddr: srcAddr.IP, + dstAddr: destIP.Unmap(), + srcAddr: srcIP.Unmap(), srcPort: srcAddr.Port, }) if err != nil { @@ -343,6 +356,14 @@ func (l *listenerWrapper) Close() error { l.cancelWatch() } l.rdsHandler.close() + l.mu.Lock() + if l.activeFilterChainManager != nil { + l.activeFilterChainManager.stop() + } + if l.pendingFilterChainManager != nil { + l.pendingFilterChainManager.stop() + } + l.mu.Unlock() return nil } @@ -379,6 +400,36 @@ func (l *listenerWrapper) switchModeLocked(newMode connectivity.ServingMode, err } } +// getOrCreateServerFilterLocked retrieves an existing server filter from the +// httpFilters map or creates a new one if it doesn't exist. It uses the filter +// builder to create a new server filter and stores it in the httpFilters map +// for future use. +// +// Must be called with l.mu held. +func (l *listenerWrapper) getOrCreateServerFilterLocked(filter xdsresource.HTTPFilter) (httpfilter.ServerFilter, error) { + builder, ok := filter.Filter.(httpfilter.ServerFilterBuilder) + if !ok { + return nil, fmt.Errorf("filter %q does not support use in server", filter.Name) + } + return getOrCreateServerFilterWithMap(l.httpFilters, builder, newServerFilterKey(&filter)), nil +} + +// This functionality is put in a separate function to allow for testing with a +// custom map. +func getOrCreateServerFilterWithMap(httpFilters map[serverFilterKey]*refCountedServerFilter, builder httpfilter.ServerFilterBuilder, key serverFilterKey) httpfilter.ServerFilter { + serverFilter, ok := httpFilters[key] + if ok { + serverFilter.incRef() + return serverFilter + } + + sf := builder.BuildServerFilter() + serverFilter = &refCountedServerFilter{ServerFilter: sf} + httpFilters[key] = serverFilter + serverFilter.incRef() + return serverFilter +} + // ldsWatcher implements the xdsresource.ListenerWatcher interface and is // passed to the WatchListener API. type ldsWatcher struct { @@ -443,8 +494,14 @@ func (lw *ldsWatcher) ResourceError(err error, onDone func()) { l.mu.Lock() defer l.mu.Unlock() l.switchModeLocked(connectivity.ServingModeNotServing, err) - l.activeFilterChainManager = nil - l.pendingFilterChainManager = nil + if l.activeFilterChainManager != nil { + l.activeFilterChainManager.stop() + l.activeFilterChainManager = nil + } + if l.pendingFilterChainManager != nil { + l.pendingFilterChainManager.stop() + l.pendingFilterChainManager = nil + } l.rdsHandler.updateRouteNamesToWatch(make(map[string]bool)) } diff --git a/vendor/google.golang.org/grpc/internal/xds/server/routing.go b/vendor/google.golang.org/grpc/internal/xds/server/routing.go index 9e5c7943fd3..67dd7609e1f 100644 --- a/vendor/google.golang.org/grpc/internal/xds/server/routing.go +++ b/vendor/google.golang.org/grpc/internal/xds/server/routing.go @@ -92,10 +92,8 @@ func RouteAndProcess(ctx context.Context) error { if rwi == nil { return rc.statusErrWithNodeID(codes.Unavailable, "the incoming RPC did not match a configured Route") } - for _, interceptor := range rwi.interceptors { - if err := interceptor.AllowRPC(ctx); err != nil { - return rc.statusErrWithNodeID(codes.PermissionDenied, "Incoming RPC is not allowed: %v", err) - } + if err := rwi.interceptor.AllowRPC(ctx); err != nil { + return rc.statusErrWithNodeID(codes.PermissionDenied, "Incoming RPC is not allowed: %v", err) } return nil } diff --git a/vendor/google.golang.org/grpc/internal/xds/xdsclient/clientimpl.go b/vendor/google.golang.org/grpc/internal/xds/xdsclient/clientimpl.go index b2088647011..23d6227300c 100644 --- a/vendor/google.golang.org/grpc/internal/xds/xdsclient/clientimpl.go +++ b/vendor/google.golang.org/grpc/internal/xds/xdsclient/clientimpl.go @@ -75,6 +75,20 @@ var ( Labels: []string{"grpc.target", "grpc.xds.server"}, Default: false, }) + xdsClientConnectedMetric = estats.RegisterInt64AsyncGauge(estats.MetricDescriptor{ + Name: "grpc.xds_client.connected", + Description: "A metric that is 1 if the xDS Client has a working ADS stream to the server, 0 otherwise.", + Unit: "{connected}", + Type: estats.MetricTypeIntAsyncGauge, + Labels: []string{"grpc.target", "grpc.xds.server"}, + }) + xdsClientResourcesMetric = estats.RegisterInt64AsyncGauge(estats.MetricDescriptor{ + Name: "grpc.xds_client.resources", + Description: "Counts of xDS resources.", + Unit: "{resource}", + Type: estats.MetricTypeIntAsyncGauge, + Labels: []string{"grpc.target", "grpc.xds.authority", "grpc.xds.cache_state", "grpc.xds.resource_type"}, + }) ) // clientImpl embed xdsclient.XDSClient and implement internal XDSClient @@ -121,7 +135,7 @@ func (mr *metricsReporter) ReportMetric(metric any) { } func newClientImpl(config *bootstrap.Config, metricsRecorder estats.MetricsRecorder, target string, watchExpiryTimeout time.Duration) (*clientImpl, error) { - gConfig, err := buildXDSClientConfig(config, metricsRecorder, target, watchExpiryTimeout) + gConfig, err := BuildXDSClientConfig(config, metricsRecorder, target, watchExpiryTimeout) if err != nil { return nil, err } @@ -188,8 +202,10 @@ func buildServerConfigs(bootstrapSC []*bootstrap.ServerConfig, grpcTransportConf return gServerCfg, nil } -// buildXDSClientConfig builds the xdsclient.Config from the bootstrap.Config. -func buildXDSClientConfig(config *bootstrap.Config, metricsRecorder estats.MetricsRecorder, target string, watchExpiryTimeout time.Duration) (xdsclient.Config, error) { +// BuildXDSClientConfig builds the xdsclient.Config from the bootstrap.Config. +// +// This function is exported for fuzz testing purposes only. +func BuildXDSClientConfig(config *bootstrap.Config, metricsRecorder estats.MetricsRecorder, target string, watchExpiryTimeout time.Duration) (xdsclient.Config, error) { grpcTransportConfigs := make(map[string]grpctransport.Config) gServerCfgMap := make(map[xdsclient.ServerConfig]*bootstrap.ServerConfig) @@ -263,3 +279,50 @@ func populateGRPCTransportConfigsFromServerConfig(sc *bootstrap.ServerConfig, gr } return nil } + +// RegisterAsyncReporter adapts the generic clients.AsyncReporter to the +// estats.AsyncMetricReporter interface and registers it. +func (mr *metricsReporter) RegisterAsyncReporter(reporter clients.AsyncReporter) func() { + if mr.recorder == nil || reporter == nil { + return func() {} + } + + // Define which metrics we intend to report for OTel registration. + descriptors := []estats.AsyncMetric{ + xdsClientConnectedMetric, + xdsClientResourcesMetric, + } + + // Create the callback wrapper. + // This function is invoked by the stats system during a scrape. + cbWrapper := func(rec estats.AsyncMetricsRecorder) error { + wrapper := &asyncMetricsRecorderAdapter{ + target: mr.target, + delegate: rec, + } + reporter.Report(wrapper) + return nil + } + + // Register with the underlying gRPC stats recorder. + return mr.recorder.RegisterAsyncReporter(estats.AsyncMetricReporterFunc(cbWrapper), descriptors...) +} + +// asyncMetricsRecorderAdapter adapts estats.AsyncMetricsRecorder to clients.AsyncMetricsRecorder. +type asyncMetricsRecorderAdapter struct { + target string + delegate estats.AsyncMetricsRecorder +} + +func (a *asyncMetricsRecorderAdapter) ReportMetric(metric any) { + switch m := metric.(type) { + case *metrics.XDSClientConnected: + // Record: grpc.xds_client.connected + // Labels: grpc.target, grpc.xds.server + a.delegate.RecordInt64AsyncGauge(xdsClientConnectedMetric, m.Value, a.target, m.ServerURI) + case *metrics.XDSClientResourceStats: + // Record: grpc.xds_client.resources + // Labels: grpc.target, grpc.xds.authority, grpc.xds.cache_state, grpc.xds.resource_type + a.delegate.RecordInt64AsyncGauge(xdsClientResourcesMetric, m.Count, a.target, m.Authority, m.CacheState, m.ResourceType) + } +} diff --git a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/filter_chain.go b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/filter_chain.go index 03d538957e7..8d69422d2e3 100644 --- a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/filter_chain.go +++ b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/filter_chain.go @@ -19,7 +19,7 @@ package xdsresource import ( "fmt" - "net" + "net/netip" "google.golang.org/grpc/internal/xds/xdsclient/xdsresource/version" @@ -40,7 +40,7 @@ type NetworkFilterChainMap struct { // source type matchers. type DestinationPrefixEntry struct { // Prefix is the destination IP prefix. - Prefix *net.IPNet + Prefix netip.Prefix // SourceTypeArr contains the source type matchers. The supported source // types and their associated indices in the array are: // - 0: Any: matches connection attempts from any source. @@ -59,7 +59,7 @@ type SourcePrefixes struct { // port matchers. type SourcePrefixEntry struct { // Prefix is the source IP prefix. - Prefix *net.IPNet + Prefix netip.Prefix // PortMap contains the matchers for source ports. PortMap map[int]NetworkFilterChainConfig } diff --git a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/metadata.go b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/metadata.go index 7c0b56e82fc..566f46f8ba4 100644 --- a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/metadata.go +++ b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/metadata.go @@ -33,8 +33,8 @@ func init() { } var ( - // metdataRegistry is a map from proto type to metadataConverter. - metdataRegistry = make(map[string]metadataConverter) + // metadataRegistry is a map from proto type to metadataConverter. + metadataRegistry = make(map[string]metadataConverter) ) // metadataConverter converts xds metadata entries in @@ -48,18 +48,18 @@ type metadataConverter interface { // registerMetadataConverter registers the converter to the map keyed on a proto // type_url. Must be called at init time. Not thread safe. func registerMetadataConverter(protoType string, c metadataConverter) { - metdataRegistry[protoType] = c + metadataRegistry[protoType] = c } // metadataConverterForType retrieves a converter based on key given. func metadataConverterForType(typeURL string) metadataConverter { - return metdataRegistry[typeURL] + return metadataRegistry[typeURL] } // unregisterMetadataConverterForTesting removes a converter from the registry. // For testing only. func unregisterMetadataConverterForTesting(typeURL string) { - delete(metdataRegistry, typeURL) + delete(metadataRegistry, typeURL) } // StructMetadataValue stores the values in a google.protobuf.Struct from diff --git a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/type_cds.go b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/type_cds.go index f596adf1577..d4b2d323df1 100644 --- a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/type_cds.go +++ b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/type_cds.go @@ -79,6 +79,50 @@ type ClusterUpdate struct { // "com.google.csm.telemetry_labels" with keys "service_name" or // "service_namespace". TelemetryLabels map[string]string + + // LRSReportEndpointMetrics specifies the subset of ORCA metrics that + // should be propagated to the LRS server. + LRSReportEndpointMetrics *LRSReportEndpointMetricsConfig +} + +// LRSReportEndpointMetricsConfig holds the configuration for propagating ORCA +// metrics to the LRS server. +type LRSReportEndpointMetricsConfig struct { + CPUUtilization bool + MemUtilization bool + ApplicationUtilization bool + // NamedMetricsAll specifies whether all named metrics should be propagated. + // If true, NamedMetrics is ignored. + NamedMetricsAll bool + // NamedMetrics specifies the set of named metrics to propagate when + // NamedMetricsAll is false. + NamedMetrics map[string]struct{} +} + +// Equal returns whether the two LRSReportEndpointMetricsConfig configurations +// are identical. +func (bmp *LRSReportEndpointMetricsConfig) Equal(other *LRSReportEndpointMetricsConfig) bool { + switch { + case bmp == nil && other == nil: + return true + case (bmp != nil) != (other != nil): + return false + } + if bmp.CPUUtilization != other.CPUUtilization || + bmp.MemUtilization != other.MemUtilization || + bmp.ApplicationUtilization != other.ApplicationUtilization || + bmp.NamedMetricsAll != other.NamedMetricsAll { + return false + } + if len(bmp.NamedMetrics) != len(other.NamedMetrics) { + return false + } + for k := range bmp.NamedMetrics { + if _, ok := other.NamedMetrics[k]; !ok { + return false + } + } + return true } // SecurityConfig contains the security configuration received as part of the @@ -120,6 +164,20 @@ type SecurityConfig struct { // after unmarshalling xDS resources ensures that this field is set only // when both RootCertName and RootInstanceName are empty. UseSystemRootCerts bool + // SNI is the string to be used as the Server Name when creating TLS + // configurations for the handshake. An empty string for SNI value will be + // treated as SNI not specified. + SNI string + // UseAutoHostSNI indicates whether to set the ServerName for the TLS handshake + // configuration to the hostname (if available). The host is the DNS + // hostname for DNS clusters, or Endpoint.hostname for EDS clusters. The + // port will not be included in the SNI value. + UseAutoHostSNI bool + // AutoSNISANValidation indicates whether to replace any Subject Alternative + // Name (SAN) matchers with a validation for a DNS SAN matching the SNI + // value sent. This validation uses the SNI being set in the TLS + // configuration, regardless of how the SNI is determined. + AutoSNISANValidation bool } // Equal returns true if sc is equal to other. @@ -143,6 +201,12 @@ func (sc *SecurityConfig) Equal(other *SecurityConfig) bool { return false case sc.UseSystemRootCerts != other.UseSystemRootCerts: return false + case sc.SNI != other.SNI: + return false + case sc.UseAutoHostSNI != other.UseAutoHostSNI: + return false + case sc.AutoSNISANValidation != other.AutoSNISANValidation: + return false default: if len(sc.SubjectAltNameMatchers) != len(other.SubjectAltNameMatchers) { return false diff --git a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/type_eds.go b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/type_eds.go index 0310e25a0fa..937d2cffe1c 100644 --- a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/type_eds.go +++ b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/type_eds.go @@ -49,7 +49,6 @@ const ( ) // Endpoint contains information of an endpoint. -// TODO(i/8757) : Replace Endpoint with resolver.Endpoint struct. type Endpoint struct { ResolverEndpoint resolver.Endpoint HealthStatus EndpointHealthStatus diff --git a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/type_lds.go b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/type_lds.go index 55118d08516..8993c8cf76a 100644 --- a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/type_lds.go +++ b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/type_lds.go @@ -66,7 +66,7 @@ type HTTPFilter struct { // yet supported). Name string // Filter is the HTTP filter found in the registry for the config type. - Filter httpfilter.Filter + Filter httpfilter.Builder // Config contains the filter's configuration Config httpfilter.FilterConfig } diff --git a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_cds.go b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_cds.go index d7133c996cb..4ff3224bd81 100644 --- a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_cds.go +++ b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_cds.go @@ -47,9 +47,12 @@ import ( // validateClusterAndConstructClusterUpdate function for testing purposes. var ValidateClusterAndConstructClusterUpdateForTesting = validateClusterAndConstructClusterUpdate -// TransportSocket proto message has a `name` field which is expected to be set -// to this value by the management server. -const transportSocketName = "envoy.transport_sockets.tls" +const ( + maxSNILength = 255 + // TransportSocket proto message has a `name` field which is expected to be set + // to this value by the management server. + transportSocketName = "envoy.transport_sockets.tls" +) func unmarshalClusterResource(r *anypb.Any, serverCfg *bootstrap.ServerConfig) (string, ClusterUpdate, error) { r, err := UnwrapResource(r) @@ -65,6 +68,10 @@ func unmarshalClusterResource(r *anypb.Any, serverCfg *bootstrap.ServerConfig) ( if err := proto.Unmarshal(r.GetValue(), cluster); err != nil { return "", ClusterUpdate{}, fmt.Errorf("failed to unmarshal resource: %v", err) } + + if cluster.GetName() == "" { + return "", ClusterUpdate{}, fmt.Errorf("empty resource name in Cluster resource") + } cu, err := validateClusterAndConstructClusterUpdate(cluster, serverCfg) if err != nil { return cluster.GetName(), ClusterUpdate{}, err @@ -178,14 +185,44 @@ func validateClusterAndConstructClusterUpdate(cluster *v3clusterpb.Cluster, serv return ClusterUpdate{}, fmt.Errorf("JSON generated from xDS LB policy registry: %s is invalid: %v", pretty.FormatJSON(lbPolicy), err) } } + var lrsReportEndpointMetrics *LRSReportEndpointMetricsConfig + if envconfig.XDSORCAToLRSPropEnabled && len(cluster.GetLrsReportEndpointMetrics()) > 0 { + lrsReportEndpointMetrics = &LRSReportEndpointMetricsConfig{ + NamedMetrics: make(map[string]struct{}), + } + for _, m := range cluster.GetLrsReportEndpointMetrics() { + switch m { + case "cpu_utilization": + lrsReportEndpointMetrics.CPUUtilization = true + case "mem_utilization": + lrsReportEndpointMetrics.MemUtilization = true + case "application_utilization": + lrsReportEndpointMetrics.ApplicationUtilization = true + case "named_metrics.*": + // If "named_metrics.*" is present, it takes precedence over any specific + // "named_metrics.foo" fields. Per gRFC A85, specific named metrics are ignored + // if NamedMetricsAll is true. We clear the map to save memory. + lrsReportEndpointMetrics.NamedMetricsAll = true + lrsReportEndpointMetrics.NamedMetrics = nil + default: + if lrsReportEndpointMetrics.NamedMetricsAll { + continue + } + if name, found := strings.CutPrefix(m, "named_metrics."); found && name != "" { + lrsReportEndpointMetrics.NamedMetrics[name] = struct{}{} + } + } + } + } ret := ClusterUpdate{ - ClusterName: cluster.GetName(), - SecurityCfg: sc, - MaxRequests: circuitBreakersFromCluster(cluster), - LBPolicy: lbPolicy, - OutlierDetection: od, - TelemetryLabels: telemetryLabels, + ClusterName: cluster.GetName(), + SecurityCfg: sc, + MaxRequests: circuitBreakersFromCluster(cluster), + LBPolicy: lbPolicy, + OutlierDetection: od, + TelemetryLabels: telemetryLabels, + LRSReportEndpointMetrics: lrsReportEndpointMetrics, } if lrs := cluster.GetLrsServer(); lrs != nil { @@ -295,14 +332,27 @@ func securityConfigFromCluster(cluster *v3clusterpb.Cluster) (*SecurityConfig, e return nil, fmt.Errorf("failed to unmarshal UpstreamTlsContext in CDS response: %v", err) } // The following fields from `UpstreamTlsContext` are ignored: - // - sni // - allow_renegotiation // - max_session_keys if upstreamCtx.GetCommonTlsContext() == nil { return nil, errors.New("UpstreamTlsContext in CDS response does not contain a CommonTlsContext") } - return securityConfigFromCommonTLSContext(upstreamCtx.GetCommonTlsContext(), false) + sc, err := securityConfigFromCommonTLSContext(upstreamCtx.GetCommonTlsContext(), false) + if err != nil { + return nil, err + } + // Set SNI related fields in SecurityConfig from UpstreamTlsContext if + // `GRPC_EXPERIMENTAL_XDS_SNI` is enabled. + if envconfig.XDSSNIEnabled { + sc.SNI = upstreamCtx.GetSni() + if len(sc.SNI) > maxSNILength { + return nil, fmt.Errorf("SNI value %q in UpstreamTlsContext in CDS response exceeds max length of %d", sc.SNI, maxSNILength) + } + sc.UseAutoHostSNI = upstreamCtx.GetAutoHostSni() + sc.AutoSNISANValidation = upstreamCtx.GetAutoSniSanValidation() + } + return sc, nil } // common is expected to be not nil. diff --git a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_eds.go b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_eds.go index 581cbf6f72e..93bb3e42416 100644 --- a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_eds.go +++ b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_eds.go @@ -74,11 +74,16 @@ func unmarshalEndpointsResource(r *anypb.Any) (string, EndpointsUpdate, error) { return "", EndpointsUpdate{}, fmt.Errorf("failed to unmarshal resource: %v", err) } + if cla.GetClusterName() == "" { + return "", EndpointsUpdate{}, fmt.Errorf("empty resource name in endpoints resource") + } + u, err := parseEDSRespProto(cla) if err != nil { return cla.GetClusterName(), EndpointsUpdate{}, err } u.Raw = r + return cla.GetClusterName(), u, nil } diff --git a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_lds.go b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_lds.go index 95816d146c1..117f5e4b78f 100644 --- a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_lds.go +++ b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_lds.go @@ -18,14 +18,14 @@ package xdsresource import ( - "bytes" "errors" "fmt" - "net" + "net/netip" "strconv" v1xdsudpatypepb "github.com/cncf/xds/go/udpa/type/v1" v3xdsxdstypepb "github.com/cncf/xds/go/xds/type/v3" + v3corepb "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" v3listenerpb "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" v3routepb "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" v3httppb "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" @@ -51,11 +51,16 @@ func unmarshalListenerResource(r *anypb.Any, opts *xdsclient.DecodeOptions) (str return "", ListenerUpdate{}, fmt.Errorf("failed to unmarshal resource: %v", err) } + if lis.GetName() == "" { + return "", ListenerUpdate{}, fmt.Errorf("empty resource name in listener resource") + } + lu, err := processListener(lis, opts) if err != nil { return lis.GetName(), ListenerUpdate{}, err } lu.Raw = r + return lis.GetName(), *lu, nil } @@ -143,7 +148,7 @@ func unwrapHTTPFilterConfig(config *anypb.Any) (proto.Message, string, error) { } } -func validateHTTPFilterConfig(cfg *anypb.Any, lds, optional bool) (httpfilter.Filter, httpfilter.FilterConfig, error) { +func validateHTTPFilterConfig(cfg *anypb.Any, lds, optional bool) (httpfilter.Builder, httpfilter.FilterConfig, error) { config, typeURL, err := unwrapHTTPFilterConfig(cfg) if err != nil { return nil, nil, err @@ -217,13 +222,13 @@ func processHTTPFilters(filters []*v3httppb.HttpFilter, server bool) ([]HTTPFilt continue } if server { - if _, ok := httpFilter.(httpfilter.ServerInterceptorBuilder); !ok { + if _, ok := httpFilter.(httpfilter.ServerFilterBuilder); !ok { if filter.GetIsOptional() { continue } return nil, fmt.Errorf("HTTP filter %q not supported server-side", name) } - } else if _, ok := httpFilter.(httpfilter.ClientInterceptorBuilder); !ok { + } else if _, ok := httpFilter.(httpfilter.ClientFilterBuilder); !ok { if filter.GetIsOptional() { continue } @@ -396,21 +401,16 @@ func buildFilterChainMap(fcs []*v3listenerpb.FilterChain) (NetworkFilterChainMap func addFilterChainsForDestPrefixes(dstPrefixEntries []*dstPrefixEntry, fc *v3listenerpb.FilterChain) ([]*dstPrefixEntry, error) { ranges := fc.GetFilterChainMatch().GetPrefixRanges() - dstPrefixes := make([]*net.IPNet, 0, len(ranges)) - for _, pr := range ranges { - cidr := fmt.Sprintf("%s/%d", pr.GetAddressPrefix(), pr.GetPrefixLen().GetValue()) - _, ipnet, err := net.ParseCIDR(cidr) - if err != nil { - return nil, fmt.Errorf("failed to parse destination prefix range: %+v", pr) - } - dstPrefixes = append(dstPrefixes, ipnet) + dstPrefixes, err := parsePrefixRanges(ranges) + if err != nil { + return nil, fmt.Errorf("failed to parse destination prefix ranges: %v", err) } var entry *dstPrefixEntry if len(dstPrefixes) == 0 { // Use the unspecified entry when destination prefix is unspecified, and - // set the `net` field to nil. - dstPrefixEntries, entry = getOrCreateDestPrefixEntry(dstPrefixEntries, nil) + // set the `prefix` field to nil. + dstPrefixEntries, entry = getOrCreateDestPrefixEntry(dstPrefixEntries, netip.Prefix{}) if err := addFilterChainsForServerNames(entry, fc); err != nil { return nil, err } @@ -429,9 +429,9 @@ func addFilterChainsForDestPrefixes(dstPrefixEntries []*dstPrefixEntry, fc *v3li // provided slice with the same destination prefix as the provided prefix. If // such an entry is found, it is returned. Otherwise, a new entry is created and // appended to the slice, and the new entry is returned. -func getOrCreateDestPrefixEntry(dstPrefixEntries []*dstPrefixEntry, prefix *net.IPNet) ([]*dstPrefixEntry, *dstPrefixEntry) { +func getOrCreateDestPrefixEntry(dstPrefixEntries []*dstPrefixEntry, prefix netip.Prefix) ([]*dstPrefixEntry, *dstPrefixEntry) { for _, e := range dstPrefixEntries { - if ipNetEqual(e.entry.Prefix, prefix) { + if e.entry.Prefix == prefix { return dstPrefixEntries, e } } @@ -513,18 +513,13 @@ func addFilterChainsForSourceType(entry *DestinationPrefixEntry, fc *v3listenerp func addFilterChainsForSourcePrefixes(srcPrefixes *SourcePrefixes, fc *v3listenerpb.FilterChain) error { ranges := fc.GetFilterChainMatch().GetSourcePrefixRanges() - prefixes := make([]*net.IPNet, 0, len(ranges)) - for _, pr := range ranges { - cidr := fmt.Sprintf("%s/%d", pr.GetAddressPrefix(), pr.GetPrefixLen().GetValue()) - _, ipnet, err := net.ParseCIDR(cidr) - if err != nil { - return fmt.Errorf("failed to parse source prefix range: %+v", pr) - } - prefixes = append(prefixes, ipnet) + prefixes, err := parsePrefixRanges(ranges) + if err != nil { + return fmt.Errorf("failed to parse source prefix ranges: %v", err) } if len(prefixes) == 0 { - return getOrCreateSourcePrefixEntry(srcPrefixes, nil, fc) + return getOrCreateSourcePrefixEntry(srcPrefixes, netip.Prefix{}, fc) } for _, prefix := range prefixes { if err := getOrCreateSourcePrefixEntry(srcPrefixes, prefix, fc); err != nil { @@ -534,6 +529,27 @@ func addFilterChainsForSourcePrefixes(srcPrefixes *SourcePrefixes, fc *v3listene return nil } +func parsePrefixRanges(ranges []*v3corepb.CidrRange) ([]netip.Prefix, error) { + prefixes := make([]netip.Prefix, 0, len(ranges)) + for _, pr := range ranges { + addrStr := pr.GetAddressPrefix() + bits := int(pr.GetPrefixLen().GetValue()) + + addr, err := netip.ParseAddr(addrStr) + if err != nil { + return nil, fmt.Errorf("invalid address: %q", addrStr) + } + prefix := netip.PrefixFrom(addr.Unmap(), bits).Masked() + + if !prefix.IsValid() { + return nil, fmt.Errorf(`length %d is invalid for "%s" (max %d)`, bits, addrStr, addr.BitLen()) + } + + prefixes = append(prefixes, prefix) + } + return prefixes, nil +} + // getOrCreateSourcePrefixEntry looks for an existing SourcePrefixEntry in the // provided SourcePrefixes with the same source prefix as the provided prefix. If // such an entry is found, the provided filter chain is added to the entry and @@ -541,9 +557,9 @@ func addFilterChainsForSourcePrefixes(srcPrefixes *SourcePrefixes, fc *v3listene // SourcePrefixes, the provided filter chain is added to the new entry, and nil // is returned. If there are multiple filter chains with overlapping matching // rules, an error is returned. -func getOrCreateSourcePrefixEntry(srcPrefixes *SourcePrefixes, prefix *net.IPNet, fc *v3listenerpb.FilterChain) error { +func getOrCreateSourcePrefixEntry(srcPrefixes *SourcePrefixes, prefix netip.Prefix, fc *v3listenerpb.FilterChain) error { for i := range srcPrefixes.Entries { - if ipNetEqual(srcPrefixes.Entries[i].Prefix, prefix) { + if srcPrefixes.Entries[i].Prefix == prefix { return addFilterChainsForSourcePorts(&srcPrefixes.Entries[i], fc) } } @@ -586,13 +602,3 @@ func addFilterChainsForSourcePorts(entry *SourcePrefixEntry, fc *v3listenerpb.Fi } return nil } - -func ipNetEqual(a, b *net.IPNet) bool { - if a == nil && b == nil { - return true - } - if a == nil || b == nil { - return false - } - return a.IP.Equal(b.IP) && bytes.Equal(a.Mask, b.Mask) -} diff --git a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_rds.go b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_rds.go index d988b4e77f9..09589d6bcaa 100644 --- a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_rds.go +++ b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_rds.go @@ -50,11 +50,16 @@ func unmarshalRouteConfigResource(r *anypb.Any, opts *xdsclient.DecodeOptions) ( return "", RouteConfigUpdate{}, fmt.Errorf("failed to unmarshal resource: %v", err) } + if rc.GetName() == "" { + return "", RouteConfigUpdate{}, fmt.Errorf("empty resource name in route config resource") + } + u, err := generateRDSUpdateFromRouteConfiguration(rc, opts) if err != nil { return rc.GetName(), RouteConfigUpdate{}, err } u.Raw = r + return rc.GetName(), u, nil } diff --git a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/xdsconfig.go b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/xdsconfig.go index 5c13714a26b..35e5a1deb88 100644 --- a/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/xdsconfig.go +++ b/vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/xdsconfig.go @@ -17,7 +17,11 @@ package xdsresource -import "google.golang.org/grpc/resolver" +import ( + "context" + + "google.golang.org/grpc/resolver" +) // XDSConfig holds the complete gRPC client-side xDS configuration containing // all necessary resources. @@ -112,3 +116,18 @@ func XDSConfigFromResolverState(state resolver.State) *XDSConfig { } return nil } + +type xdsConfigKey struct{} + +// NewContextWithXDSConfig returns a new context with xDSConfig added to it. +func NewContextWithXDSConfig(ctx context.Context, config *XDSConfig) context.Context { + return context.WithValue(ctx, xdsConfigKey{}, config) +} + +// XDSConfigFromContext returns the XDSConfig stored in ctx. +func XDSConfigFromContext(ctx context.Context) *XDSConfig { + if v := ctx.Value(xdsConfigKey{}); v != nil { + return v.(*XDSConfig) + } + return nil +} diff --git a/vendor/google.golang.org/grpc/mem/buffer_slice.go b/vendor/google.golang.org/grpc/mem/buffer_slice.go index 084fb19c6d1..086e9f95ded 100644 --- a/vendor/google.golang.org/grpc/mem/buffer_slice.go +++ b/vendor/google.golang.org/grpc/mem/buffer_slice.go @@ -165,7 +165,7 @@ func (r *Reader) Close() error { } func (r *Reader) freeFirstBufferIfEmpty() bool { - if len(r.data) == 0 || r.bufferIdx != len(r.data[0].ReadOnlyData()) { + if len(r.data) == 0 || r.bufferIdx != r.data[0].Len() { return false } diff --git a/vendor/google.golang.org/grpc/mem/buffers.go b/vendor/google.golang.org/grpc/mem/buffers.go index db1620e6ace..2b410b16ebd 100644 --- a/vendor/google.golang.org/grpc/mem/buffers.go +++ b/vendor/google.golang.org/grpc/mem/buffers.go @@ -53,6 +53,10 @@ type Buffer interface { Free() // Len returns the Buffer's size. Len() int + // Slice returns a new Buffer that is a view into this buffer's data + // from [start:end). The buffer is not modified. Panics if the buffer + // has been freed or if start/end are out of bounds. + Slice(start, end int) Buffer split(n int) (left, right Buffer) read(buf []byte) (int, Buffer) @@ -180,6 +184,32 @@ func (b *buffer) Len() int { return len(b.ReadOnlyData()) } +func (b *buffer) Slice(start, end int) Buffer { + if b.rootBuf == nil { + panic("Cannot slice freed buffer") + } + + data := b.data[start:end] // access the data to check slice bounds + + if len(data) == 0 { + return emptyBuffer{} + } + if len(data) == len(b.data) { + b.Ref() + return b + } + // We are creating a new reference (view) to a portion of the root buffer's + // data. Therefore, we must increment the reference count of the root buffer + // to ensure the underlying data is not freed while this view is still in + // use. + b.rootBuf.Ref() + s := newBuffer() + s.data = data + s.rootBuf = b.rootBuf + s.refs.Store(1) + return s +} + func (b *buffer) split(n int) (Buffer, Buffer) { if b.rootBuf == nil || b.rootBuf.refs.Add(1) <= 1 { panic("Cannot split freed buffer") @@ -240,6 +270,13 @@ func (e emptyBuffer) Len() int { return 0 } +func (e emptyBuffer) Slice(start, end int) Buffer { + if start != 0 || end != 0 { + panic(fmt.Sprintf("slice bounds out of range [%d:%d] with length 0", start, end)) + } + return e +} + func (e emptyBuffer) split(int) (left, right Buffer) { return e, e } @@ -264,6 +301,9 @@ func (s SliceBuffer) Free() {} // Len is a noop implementation of Len. func (s SliceBuffer) Len() int { return len(s) } +// Slice returns a new SliceBuffer that is a view into the receiver from [start:end). +func (s SliceBuffer) Slice(start, end int) Buffer { return s[start:end] } + func (s SliceBuffer) split(n int) (left, right Buffer) { return s[:n], s[n:] } diff --git a/vendor/google.golang.org/grpc/stats/opentelemetry/client_metrics.go b/vendor/google.golang.org/grpc/stats/opentelemetry/client_metrics.go index c3b77da5bf7..420482b446c 100644 --- a/vendor/google.golang.org/grpc/stats/opentelemetry/client_metrics.go +++ b/vendor/google.golang.org/grpc/stats/opentelemetry/client_metrics.go @@ -134,11 +134,18 @@ func (h *clientMetricsHandler) streamInterceptor(ctx context.Context, desc *grpc // perCallMetrics records per call metrics for both unary and stream calls. func (h *clientMetricsHandler) perCallMetrics(ctx context.Context, err error, startTime time.Time, ci *callInfo) { callLatency := float64(time.Since(startTime)) / float64(time.Second) - attrs := otelmetric.WithAttributeSet(otelattribute.NewSet( + attributes := []otelattribute.KeyValue{ otelattribute.String("grpc.method", ci.method), otelattribute.String("grpc.target", ci.target), otelattribute.String("grpc.status", canonicalString(status.Code(err))), - )) + } + for _, o := range h.options.MetricsOptions.OptionalLabels { + if o == "grpc.client.call.custom" { + label := estats.CustomLabelFromContext(ctx) + attributes = append(attributes, otelattribute.String(o, label)) + } + } + attrs := otelmetric.WithAttributeSet(otelattribute.NewSet(attributes...)) h.clientMetrics.callDuration.Record(ctx, callLatency, attrs) } @@ -207,10 +214,18 @@ func (h *clientMetricsHandler) processRPCEvent(ctx context.Context, s stats.RPCS return } - attrs := otelmetric.WithAttributeSet(otelattribute.NewSet( + attributes := []otelattribute.KeyValue{ otelattribute.String("grpc.method", ci.method), otelattribute.String("grpc.target", ci.target), - )) + } + for _, o := range h.options.MetricsOptions.OptionalLabels { + if o == "grpc.client.call.custom" { + label := estats.CustomLabelFromContext(ctx) + attributes = append(attributes, otelattribute.String(o, label)) + } + } + + attrs := otelmetric.WithAttributeSet(otelattribute.NewSet(attributes...)) h.clientMetrics.attemptStarted.Add(ctx, 1, attrs) case *stats.OutPayload: atomic.AddInt64(&ai.sentCompressedBytes, int64(st.CompressedLength)) @@ -264,6 +279,9 @@ func (h *clientMetricsHandler) processRPCEnd(ctx context.Context, ai *attemptInf // CSM Plugin Option layer by adding an optional labels API. if val, ok := ai.xdsLabels[o]; ok { attributes = append(attributes, otelattribute.String(o, val)) + } else if o == "grpc.client.call.custom" { + label := estats.CustomLabelFromContext(ctx) + attributes = append(attributes, otelattribute.String(o, label)) } } diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go index eedb5f9b99c..4aac644a833 100644 --- a/vendor/google.golang.org/grpc/stream.go +++ b/vendor/google.golang.org/grpc/stream.go @@ -21,6 +21,7 @@ package grpc import ( "context" "errors" + "fmt" "io" "math" rand "math/rand/v2" @@ -749,7 +750,7 @@ func (a *csAttempt) shouldRetry(err error) (bool, error) { return false, err } if cs.numRetries+1 >= rp.MaxAttempts { - return false, err + return false, fmt.Errorf("max retries exhausted: failed after %d attempts: %w", cs.numRetries+1, err) } var dur time.Duration diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go index 12f649dcb7b..7ac723c1289 100644 --- a/vendor/google.golang.org/grpc/version.go +++ b/vendor/google.golang.org/grpc/version.go @@ -19,4 +19,4 @@ package grpc // Version is the current grpc version. -const Version = "1.80.0" +const Version = "1.81.0" diff --git a/vendor/modules.txt b/vendor/modules.txt index 32c6a8b8b1e..6ad726daa5a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -40,7 +40,7 @@ cloud.google.com/go/auth/internal/trustboundary # cloud.google.com/go/auth/oauth2adapt v0.2.8 ## explicit; go 1.23.0 cloud.google.com/go/auth/oauth2adapt -# cloud.google.com/go/cloudbuild v1.28.0 +# cloud.google.com/go/cloudbuild v1.29.0 ## explicit; go 1.25.0 cloud.google.com/go/cloudbuild/apiv2 cloud.google.com/go/cloudbuild/apiv2/cloudbuildpb @@ -58,7 +58,7 @@ cloud.google.com/go/longrunning cloud.google.com/go/longrunning/autogen cloud.google.com/go/longrunning/autogen/longrunningpb cloud.google.com/go/longrunning/internal -# cloud.google.com/go/monitoring v1.27.0 +# cloud.google.com/go/monitoring v1.28.0 ## explicit; go 1.25.0 cloud.google.com/go/monitoring/apiv3/v2 cloud.google.com/go/monitoring/apiv3/v2/monitoringpb @@ -513,7 +513,7 @@ github.com/dimchansky/utfbom # github.com/distribution/reference v0.6.0 ## explicit; go 1.20 github.com/distribution/reference -# github.com/docker/cli v29.4.1+incompatible +# github.com/docker/cli v29.4.2+incompatible ## explicit github.com/docker/cli/cli/compose/interpolation github.com/docker/cli/cli/compose/loader @@ -1128,8 +1128,8 @@ github.com/klauspost/cpuid/v2 # github.com/krishicks/yaml-patch v0.0.10 ## explicit github.com/krishicks/yaml-patch -# github.com/letsencrypt/boulder v0.20260420.0 -## explicit; go 1.25.0 +# github.com/letsencrypt/boulder v0.20260428.0 +## explicit; go 1.26.0 github.com/letsencrypt/boulder/core github.com/letsencrypt/boulder/core/proto github.com/letsencrypt/boulder/identifier @@ -1810,7 +1810,7 @@ golang.org/x/tools/internal/stdlib golang.org/x/tools/internal/typeparams golang.org/x/tools/internal/typesinternal golang.org/x/tools/internal/versions -# google.golang.org/api v0.276.0 +# google.golang.org/api v0.277.0 ## explicit; go 1.25.0 google.golang.org/api/cloudbuild/v1 google.golang.org/api/googleapi @@ -1849,13 +1849,13 @@ google.golang.org/genproto/googleapis/api/httpbody google.golang.org/genproto/googleapis/api/label google.golang.org/genproto/googleapis/api/metric google.golang.org/genproto/googleapis/api/monitoredres -# google.golang.org/genproto/googleapis/rpc v0.0.0-20260420184626-e10c466a9529 +# google.golang.org/genproto/googleapis/rpc v0.0.0-20260427160629-7cedc36a6bc4 ## explicit; go 1.25.0 google.golang.org/genproto/googleapis/rpc/code google.golang.org/genproto/googleapis/rpc/errdetails google.golang.org/genproto/googleapis/rpc/status -# google.golang.org/grpc v1.80.0 -## explicit; go 1.24.0 +# google.golang.org/grpc v1.81.0 +## explicit; go 1.25.0 google.golang.org/grpc google.golang.org/grpc/attributes google.golang.org/grpc/authz/audit @@ -1947,11 +1947,13 @@ google.golang.org/grpc/internal/status google.golang.org/grpc/internal/syscall google.golang.org/grpc/internal/transport google.golang.org/grpc/internal/transport/networktype +google.golang.org/grpc/internal/transport/readyreader google.golang.org/grpc/internal/wrr google.golang.org/grpc/internal/xds google.golang.org/grpc/internal/xds/balancer google.golang.org/grpc/internal/xds/balancer/cdsbalancer google.golang.org/grpc/internal/xds/balancer/clusterimpl +google.golang.org/grpc/internal/xds/balancer/clusterimpl/internal google.golang.org/grpc/internal/xds/balancer/clustermanager google.golang.org/grpc/internal/xds/balancer/loadstore google.golang.org/grpc/internal/xds/balancer/outlierdetection