From 9843648afb828eefb13da0fb5ac5b7487555adca Mon Sep 17 00:00:00 2001 From: Michael Lumish Date: Thu, 17 Apr 2025 10:04:48 -0700 Subject: [PATCH] Include previously skipped changes, fix auth context with no peer cert --- packages/grpc-js-xds/gulpfile.ts | 1 + packages/grpc-js-xds/interop/test-server.Dockerfile | 2 +- packages/grpc-js-xds/package.json | 2 +- packages/grpc-js/src/server-interceptors.ts | 3 ++- 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/packages/grpc-js-xds/gulpfile.ts b/packages/grpc-js-xds/gulpfile.ts index 7fd4a367..5f5d9dfc 100644 --- a/packages/grpc-js-xds/gulpfile.ts +++ b/packages/grpc-js-xds/gulpfile.ts @@ -71,6 +71,7 @@ const copyTestFixtures = checkTask(() => const runTests = checkTask(() => { process.env.GRPC_EXPERIMENTAL_XDS_FEDERATION = 'true'; process.env.GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG = 'true'; + process.env.GRPC_XDS_EXPERIMENTAL_RBAC = 'true'; if (Number(process.versions.node.split('.')[0]) <= 14) { process.env.GRPC_XDS_EXPERIMENTAL_ENABLE_RING_HASH = 'false'; } diff --git a/packages/grpc-js-xds/interop/test-server.Dockerfile b/packages/grpc-js-xds/interop/test-server.Dockerfile index 59954a84..7168c949 100644 --- a/packages/grpc-js-xds/interop/test-server.Dockerfile +++ b/packages/grpc-js-xds/interop/test-server.Dockerfile @@ -46,7 +46,7 @@ COPY --from=build /node/src/grpc-node/packages/grpc-js ./packages/grpc-js/ COPY --from=build /node/src/grpc-node/packages/grpc-js-xds ./packages/grpc-js-xds/ ENV GRPC_VERBOSITY="DEBUG" -ENV GRPC_TRACE=xds_client,server,xds_server,http_filter,certificate_provider +ENV GRPC_TRACE=xds_client,server,xds_server,http_filter,certificate_provider,rbac_filter # tini serves as PID 1 and enables the server to properly respond to signals. COPY --from=build /tini /tini diff --git a/packages/grpc-js-xds/package.json b/packages/grpc-js-xds/package.json index 1666d2aa..3c9fa944 100644 --- a/packages/grpc-js-xds/package.json +++ b/packages/grpc-js-xds/package.json @@ -12,7 +12,7 @@ "prepare": "npm run generate-types && npm run compile", "pretest": "npm run compile", "posttest": "npm run check", - "generate-types": "proto-loader-gen-types --keepCase --longs String --enums String --defaults --oneofs --includeComments --includeDirs deps/envoy-api/ deps/xds/ deps/googleapis/ deps/protoc-gen-validate/ -O src/generated/ --grpcLib @grpc/grpc-js envoy/service/discovery/v3/ads.proto envoy/service/load_stats/v3/lrs.proto envoy/config/listener/v3/listener.proto envoy/config/route/v3/route.proto envoy/config/cluster/v3/cluster.proto envoy/config/endpoint/v3/endpoint.proto envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto udpa/type/v1/typed_struct.proto xds/type/v3/typed_struct.proto envoy/extensions/filters/http/fault/v3/fault.proto envoy/service/status/v3/csds.proto envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.proto envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.proto envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.proto envoy/extensions/clusters/aggregate/v3/cluster.proto envoy/extensions/transport_sockets/tls/v3/tls.proto envoy/config/rbac/v3/rbac.proto", + "generate-types": "proto-loader-gen-types --keepCase --longs String --enums String --defaults --oneofs --includeComments --includeDirs deps/envoy-api/ deps/xds/ deps/googleapis/ deps/protoc-gen-validate/ -O src/generated/ --grpcLib @grpc/grpc-js envoy/service/discovery/v3/ads.proto envoy/service/load_stats/v3/lrs.proto envoy/config/listener/v3/listener.proto envoy/config/route/v3/route.proto envoy/config/cluster/v3/cluster.proto envoy/config/endpoint/v3/endpoint.proto envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto udpa/type/v1/typed_struct.proto xds/type/v3/typed_struct.proto envoy/extensions/filters/http/fault/v3/fault.proto envoy/service/status/v3/csds.proto envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.proto envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.proto envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.proto envoy/extensions/clusters/aggregate/v3/cluster.proto envoy/extensions/transport_sockets/tls/v3/tls.proto envoy/config/rbac/v3/rbac.proto envoy/extensions/filters/http/rbac/v3/rbac.proto", "generate-interop-types": "proto-loader-gen-types --keep-case --longs String --enums String --defaults --oneofs --json --includeComments --includeDirs proto/ -O interop/generated --grpcLib @grpc/grpc-js grpc/testing/test.proto", "generate-test-types": "proto-loader-gen-types --keep-case --longs String --enums String --defaults --oneofs --json --includeComments --includeDirs proto/ -O test/generated --grpcLib @grpc/grpc-js grpc/testing/echo.proto" }, diff --git a/packages/grpc-js/src/server-interceptors.ts b/packages/grpc-js/src/server-interceptors.ts index d6c6e227..88d05943 100644 --- a/packages/grpc-js/src/server-interceptors.ts +++ b/packages/grpc-js/src/server-interceptors.ts @@ -1005,9 +1005,10 @@ export class BaseServerInterceptingCall } getAuthContext(): AuthContext { if (this.stream.session?.socket instanceof TLSSocket) { + const peerCertificate = this.stream.session.socket.getPeerCertificate(); return { transportSecurityType: 'ssl', - sslPeerCertificate: this.stream.session.socket.getPeerCertificate() + sslPeerCertificate: peerCertificate.raw ? peerCertificate : undefined } } else { return {};