From 2902b3ec0c32c0a1c4f454e798f6ec898f7d773f Mon Sep 17 00:00:00 2001 From: Kuat Yessenov Date: Wed, 16 Oct 2024 22:28:49 +0000 Subject: [PATCH] refactor some ssl code Change-Id: I4dc033f55c300324389c57ed39c6ce30af3b657a Signed-off-by: Kuat Yessenov --- .../private_key_providers/source/config.cc | 2 +- .../private_key_providers/source/config.h | 2 +- .../source/cryptomb_private_key_provider.cc | 9 ++++--- .../source/cryptomb_private_key_provider.h | 2 +- .../private_key_providers/test/config_test.cc | 12 +++++++--- .../test/fake_factory.cc | 5 ++-- .../private_key_providers/test/fake_factory.h | 2 +- .../private_key_providers/source/config.cc | 2 +- .../qat/private_key_providers/source/config.h | 2 +- .../source/qat_private_key_provider.cc | 7 +++--- .../source/qat_private_key_provider.h | 2 +- .../private_key_providers/test/config_test.cc | 10 +++++--- .../test/fake_factory.cc | 2 +- .../private_key_providers/test/fake_factory.h | 2 +- .../private_key_providers/test/ops_test.cc | 4 ++-- envoy/server/factory_context.h | 5 ++++ envoy/server/transport_socket_config.h | 5 ---- envoy/ssl/private_key/BUILD | 1 + envoy/ssl/private_key/private_key.h | 4 ++-- envoy/ssl/private_key/private_key_config.h | 5 ++-- .../common/listener_manager/listener_impl.cc | 4 ++-- .../quic_client_transport_socket_factory.cc | 3 ++- .../quic_server_transport_socket_factory.cc | 3 ++- .../common/ssl/tls_certificate_config_impl.cc | 24 +++++++++++-------- .../common/ssl/tls_certificate_config_impl.h | 5 ++-- source/common/tls/context_config_impl.cc | 8 +++---- .../private_key/private_key_manager_impl.cc | 2 +- .../private_key/private_key_manager_impl.h | 2 +- .../upstream/health_discovery_service.cc | 4 ++-- source/common/upstream/upstream_impl.cc | 4 ++-- .../tls/downstream_config.cc | 4 ++-- .../transport_sockets/tls/upstream_config.cc | 3 ++- source/server/server.h | 2 +- source/server/transport_socket_config_impl.h | 9 +++---- test/common/http/conn_pool_grid_test.cc | 11 +++++++-- test/common/http/http3/conn_pool_test.cc | 5 +++- .../listener_manager_impl_test.h | 2 ++ .../client_connection_factory_impl_test.cc | 5 +++- .../quic_transport_socket_factory_test.cc | 14 +++++++---- test/common/secret/sds_api_test.cc | 6 +++-- .../common/secret/secret_manager_impl_test.cc | 20 +++++++++------- test/common/tls/context_impl_test.cc | 15 ++++++++---- test/common/tls/ssl_socket_test.cc | 2 +- .../tls/test_private_key_method_provider.cc | 9 +++---- .../tls/test_private_key_method_provider.h | 7 +++--- test/common/upstream/hds_test.cc | 7 +++--- test/extensions/clusters/eds/leds_test.cc | 4 +--- test/integration/base_integration_test.cc | 3 ++- .../integration/quic_http_integration_test.cc | 3 ++- test/integration/ssl_utility.cc | 3 ++- test/integration/utility.cc | 3 ++- test/mocks/server/server_factory_context.cc | 1 + test/mocks/server/server_factory_context.h | 4 ++++ .../transport_socket_factory_context.cc | 1 - .../server/transport_socket_factory_context.h | 3 --- test/mocks/ssl/mocks.h | 2 +- 56 files changed, 166 insertions(+), 126 deletions(-) diff --git a/contrib/cryptomb/private_key_providers/source/config.cc b/contrib/cryptomb/private_key_providers/source/config.cc index 713dc733b6fb..09ecd177e04f 100644 --- a/contrib/cryptomb/private_key_providers/source/config.cc +++ b/contrib/cryptomb/private_key_providers/source/config.cc @@ -26,7 +26,7 @@ namespace CryptoMb { Ssl::PrivateKeyMethodProviderSharedPtr CryptoMbPrivateKeyMethodFactory::createPrivateKeyMethodProviderInstance( const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& proto_config, - Server::Configuration::TransportSocketFactoryContext& private_key_provider_context) { + Server::Configuration::ServerFactoryContext& private_key_provider_context) { ProtobufTypes::MessagePtr message = std::make_unique(); diff --git a/contrib/cryptomb/private_key_providers/source/config.h b/contrib/cryptomb/private_key_providers/source/config.h index d72a395da189..8b1a9fb1a303 100644 --- a/contrib/cryptomb/private_key_providers/source/config.h +++ b/contrib/cryptomb/private_key_providers/source/config.h @@ -15,7 +15,7 @@ class CryptoMbPrivateKeyMethodFactory : public Ssl::PrivateKeyMethodProviderInst // Ssl::PrivateKeyMethodProviderInstanceFactory Ssl::PrivateKeyMethodProviderSharedPtr createPrivateKeyMethodProviderInstance( const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& message, - Server::Configuration::TransportSocketFactoryContext& private_key_provider_context) override; + Server::Configuration::ServerFactoryContext& private_key_provider_context) override; std::string name() const override { return "cryptomb"; }; }; diff --git a/contrib/cryptomb/private_key_providers/source/cryptomb_private_key_provider.cc b/contrib/cryptomb/private_key_providers/source/cryptomb_private_key_provider.cc index 58c670e7c4df..137731fded60 100644 --- a/contrib/cryptomb/private_key_providers/source/cryptomb_private_key_provider.cc +++ b/contrib/cryptomb/private_key_providers/source/cryptomb_private_key_provider.cc @@ -681,11 +681,10 @@ void CryptoMbPrivateKeyMethodProvider::unregisterPrivateKeyMethod(SSL* ssl) { CryptoMbPrivateKeyMethodProvider::CryptoMbPrivateKeyMethodProvider( const envoy::extensions::private_key_providers::cryptomb::v3alpha:: CryptoMbPrivateKeyMethodConfig& conf, - Server::Configuration::TransportSocketFactoryContext& factory_context, IppCryptoSharedPtr ipp) - : api_(factory_context.serverFactoryContext().api()), - tls_(ThreadLocal::TypedSlot::makeUnique( - factory_context.serverFactoryContext().threadLocal())), - stats_(generateCryptoMbStats("cryptomb", factory_context.statsScope())) { + Server::Configuration::ServerFactoryContext& factory_context, IppCryptoSharedPtr ipp) + : api_(factory_context.api()), + tls_(ThreadLocal::TypedSlot::makeUnique(factory_context.threadLocal())), + stats_(generateCryptoMbStats("cryptomb", factory_context.scope())) { if (!ipp->mbxIsCryptoMbApplicable(0)) { ENVOY_LOG(warn, "Multi-buffer CPU instructions not available."); diff --git a/contrib/cryptomb/private_key_providers/source/cryptomb_private_key_provider.h b/contrib/cryptomb/private_key_providers/source/cryptomb_private_key_provider.h index 9806f64bac0d..86af8297364b 100644 --- a/contrib/cryptomb/private_key_providers/source/cryptomb_private_key_provider.h +++ b/contrib/cryptomb/private_key_providers/source/cryptomb_private_key_provider.h @@ -185,7 +185,7 @@ class CryptoMbPrivateKeyMethodProvider : public virtual Ssl::PrivateKeyMethodPro CryptoMbPrivateKeyMethodProvider( const envoy::extensions::private_key_providers::cryptomb::v3alpha:: CryptoMbPrivateKeyMethodConfig& config, - Server::Configuration::TransportSocketFactoryContext& private_key_provider_context, + Server::Configuration::ServerFactoryContext& private_key_provider_context, IppCryptoSharedPtr ipp); // Ssl::PrivateKeyMethodProvider diff --git a/contrib/cryptomb/private_key_providers/test/config_test.cc b/contrib/cryptomb/private_key_providers/test/config_test.cc index 1c0b5d18c48a..3e564dfb1883 100644 --- a/contrib/cryptomb/private_key_providers/test/config_test.cc +++ b/contrib/cryptomb/private_key_providers/test/config_test.cc @@ -37,7 +37,12 @@ class CryptoMbConfigTest : public Event::TestUsingSimulatedTime, public testing: CryptoMbConfigTest() : api_(Api::createApiForTest(store_, time_system_)) { ON_CALL(factory_context_.server_context_, api()).WillByDefault(ReturnRef(*api_)); ON_CALL(factory_context_.server_context_, threadLocal()).WillByDefault(ReturnRef(tls_)); - ON_CALL(factory_context_, sslContextManager()).WillByDefault(ReturnRef(context_manager_)); + ON_CALL(factory_context_.server_context_, sslContextManager()) + .WillByDefault(ReturnRef(context_manager_)); + ON_CALL(factory_context_.server_context_, messageValidationVisitor()) + .WillByDefault(ReturnRef(ProtobufMessage::getStrictValidationVisitor())); + ON_CALL(factory_context_.server_context_, scope()) + .WillByDefault(ReturnRef(*store_.rootScope())); ON_CALL(context_manager_, privateKeyMethodManager()) .WillByDefault(ReturnRef(private_key_method_manager_)); } @@ -48,9 +53,10 @@ class CryptoMbConfigTest : public Event::TestUsingSimulatedTime, public testing: Registry::InjectFactory cryptomb_private_key_method_factory(cryptomb_factory); - return factory_context_.sslContextManager() + return factory_context_.server_context_.sslContextManager() .privateKeyMethodManager() - .createPrivateKeyMethodProvider(parsePrivateKeyProviderFromV3Yaml(yaml), factory_context_); + .createPrivateKeyMethodProvider(parsePrivateKeyProviderFromV3Yaml(yaml), + factory_context_.server_context_); } Event::SimulatedTimeSystem time_system_; diff --git a/contrib/cryptomb/private_key_providers/test/fake_factory.cc b/contrib/cryptomb/private_key_providers/test/fake_factory.cc index eaa64bf4cc8e..98f3a5b83b1a 100644 --- a/contrib/cryptomb/private_key_providers/test/fake_factory.cc +++ b/contrib/cryptomb/private_key_providers/test/fake_factory.cc @@ -151,7 +151,7 @@ FakeCryptoMbPrivateKeyMethodFactory::FakeCryptoMbPrivateKeyMethodFactory( Ssl::PrivateKeyMethodProviderSharedPtr FakeCryptoMbPrivateKeyMethodFactory::createPrivateKeyMethodProviderInstance( const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& proto_config, - Server::Configuration::TransportSocketFactoryContext& private_key_provider_context) { + Server::Configuration::ServerFactoryContext& private_key_provider_context) { ProtobufTypes::MessagePtr message = std::make_unique(); @@ -169,8 +169,7 @@ FakeCryptoMbPrivateKeyMethodFactory::createPrivateKeyMethodProviderInstance( // We need to get more RSA key params in order to be able to use BoringSSL signing functions. std::string private_key = THROW_OR_RETURN_VALUE( - Config::DataSource::read(conf.private_key(), false, - private_key_provider_context.serverFactoryContext().api()), + Config::DataSource::read(conf.private_key(), false, private_key_provider_context.api()), std::string); bssl::UniquePtr bio( diff --git a/contrib/cryptomb/private_key_providers/test/fake_factory.h b/contrib/cryptomb/private_key_providers/test/fake_factory.h index 180e62b60f14..2a091442dbaa 100644 --- a/contrib/cryptomb/private_key_providers/test/fake_factory.h +++ b/contrib/cryptomb/private_key_providers/test/fake_factory.h @@ -51,7 +51,7 @@ class FakeCryptoMbPrivateKeyMethodFactory : public Ssl::PrivateKeyMethodProvider // Ssl::PrivateKeyMethodProviderInstanceFactory Ssl::PrivateKeyMethodProviderSharedPtr createPrivateKeyMethodProviderInstance( const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& message, - Server::Configuration::TransportSocketFactoryContext& private_key_provider_context) override; + Server::Configuration::ServerFactoryContext& private_key_provider_context) override; std::string name() const override { return "cryptomb"; }; private: diff --git a/contrib/qat/private_key_providers/source/config.cc b/contrib/qat/private_key_providers/source/config.cc index c190e4ddcf0e..ef7249123bdf 100644 --- a/contrib/qat/private_key_providers/source/config.cc +++ b/contrib/qat/private_key_providers/source/config.cc @@ -25,7 +25,7 @@ namespace Qat { Ssl::PrivateKeyMethodProviderSharedPtr QatPrivateKeyMethodFactory::createPrivateKeyMethodProviderInstance( const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& proto_config, - Server::Configuration::TransportSocketFactoryContext& private_key_provider_context) { + Server::Configuration::ServerFactoryContext& private_key_provider_context) { ProtobufTypes::MessagePtr message = std::make_unique< envoy::extensions::private_key_providers::qat::v3alpha::QatPrivateKeyMethodConfig>(); diff --git a/contrib/qat/private_key_providers/source/config.h b/contrib/qat/private_key_providers/source/config.h index 23a7e3173699..e270705f4c86 100644 --- a/contrib/qat/private_key_providers/source/config.h +++ b/contrib/qat/private_key_providers/source/config.h @@ -17,7 +17,7 @@ class QatPrivateKeyMethodFactory : public Ssl::PrivateKeyMethodProviderInstanceF // Ssl::PrivateKeyMethodProviderInstanceFactory Ssl::PrivateKeyMethodProviderSharedPtr createPrivateKeyMethodProviderInstance( const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& message, - Server::Configuration::TransportSocketFactoryContext& private_key_provider_context) override; + Server::Configuration::ServerFactoryContext& private_key_provider_context) override; public: std::string name() const override { return "qat"; }; diff --git a/contrib/qat/private_key_providers/source/qat_private_key_provider.cc b/contrib/qat/private_key_providers/source/qat_private_key_provider.cc index 1345f4c6ed67..b83e268ee8d1 100644 --- a/contrib/qat/private_key_providers/source/qat_private_key_provider.cc +++ b/contrib/qat/private_key_providers/source/qat_private_key_provider.cc @@ -347,11 +347,10 @@ void QatPrivateKeyMethodProvider::unregisterPrivateKeyMethod(SSL* ssl) { QatPrivateKeyMethodProvider::QatPrivateKeyMethodProvider( const envoy::extensions::private_key_providers::qat::v3alpha::QatPrivateKeyMethodConfig& conf, - Server::Configuration::TransportSocketFactoryContext& factory_context, - LibQatCryptoSharedPtr libqat) - : api_(factory_context.serverFactoryContext().api()), libqat_(libqat) { + Server::Configuration::ServerFactoryContext& factory_context, LibQatCryptoSharedPtr libqat) + : api_(factory_context.api()), libqat_(libqat) { - manager_ = factory_context.serverFactoryContext().singletonManager().getTyped( + manager_ = factory_context.singletonManager().getTyped( SINGLETON_MANAGER_REGISTERED_NAME(qat_manager), [libqat] { return std::make_shared(libqat); }); diff --git a/contrib/qat/private_key_providers/source/qat_private_key_provider.h b/contrib/qat/private_key_providers/source/qat_private_key_provider.h index 7636430233c9..a7487b778d63 100644 --- a/contrib/qat/private_key_providers/source/qat_private_key_provider.h +++ b/contrib/qat/private_key_providers/source/qat_private_key_provider.h @@ -40,7 +40,7 @@ class QatPrivateKeyMethodProvider : public virtual Ssl::PrivateKeyMethodProvider QatPrivateKeyMethodProvider( const envoy::extensions::private_key_providers::qat::v3alpha::QatPrivateKeyMethodConfig& config, - Server::Configuration::TransportSocketFactoryContext& private_key_provider_context, + Server::Configuration::ServerFactoryContext& private_key_provider_context, LibQatCryptoSharedPtr libqat); // Ssl::PrivateKeyMethodProvider void registerPrivateKeyMethod(SSL* ssl, Ssl::PrivateKeyConnectionCallbacks& cb, diff --git a/contrib/qat/private_key_providers/test/config_test.cc b/contrib/qat/private_key_providers/test/config_test.cc index d6e2304d06cf..ddd7ca8f49a3 100644 --- a/contrib/qat/private_key_providers/test/config_test.cc +++ b/contrib/qat/private_key_providers/test/config_test.cc @@ -50,7 +50,10 @@ class QatConfigTest : public Event::TestUsingSimulatedTime, public testing::Test : api_(Api::createApiForTest(store_, time_system_)), libqat_(std::make_shared()), fsm_(libqat_) { ON_CALL(factory_context_.server_context_, api()).WillByDefault(ReturnRef(*api_)); - ON_CALL(factory_context_, sslContextManager()).WillByDefault(ReturnRef(context_manager_)); + ON_CALL(factory_context_.server_context_, sslContextManager()) + .WillByDefault(ReturnRef(context_manager_)); + ON_CALL(factory_context_.server_context_, messageValidationVisitor()) + .WillByDefault(ReturnRef(ProtobufMessage::getStrictValidationVisitor())); ON_CALL(context_manager_, privateKeyMethodManager()) .WillByDefault(ReturnRef(private_key_method_manager_)); ON_CALL(factory_context_.server_context_, singletonManager()).WillByDefault(ReturnRef(fsm_)); @@ -61,9 +64,10 @@ class QatConfigTest : public Event::TestUsingSimulatedTime, public testing::Test Registry::InjectFactory qat_private_key_method_factory(qat_factory); - return factory_context_.sslContextManager() + return factory_context_.server_context_.sslContextManager() .privateKeyMethodManager() - .createPrivateKeyMethodProvider(parsePrivateKeyProviderFromV3Yaml(yaml), factory_context_); + .createPrivateKeyMethodProvider(parsePrivateKeyProviderFromV3Yaml(yaml), + factory_context_.server_context_); } Event::SimulatedTimeSystem time_system_; diff --git a/contrib/qat/private_key_providers/test/fake_factory.cc b/contrib/qat/private_key_providers/test/fake_factory.cc index 4f99aa8597da..65b20f264423 100644 --- a/contrib/qat/private_key_providers/test/fake_factory.cc +++ b/contrib/qat/private_key_providers/test/fake_factory.cc @@ -154,7 +154,7 @@ CpaStatus FakeLibQatCryptoImpl::cpaCyStopInstance(CpaInstanceHandle instance_han Ssl::PrivateKeyMethodProviderSharedPtr FakeQatPrivateKeyMethodFactory::createPrivateKeyMethodProviderInstance( const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& proto_config, - Server::Configuration::TransportSocketFactoryContext& private_key_provider_context) { + Server::Configuration::ServerFactoryContext& private_key_provider_context) { ProtobufTypes::MessagePtr message = std::make_unique< envoy::extensions::private_key_providers::qat::v3alpha::QatPrivateKeyMethodConfig>(); diff --git a/contrib/qat/private_key_providers/test/fake_factory.h b/contrib/qat/private_key_providers/test/fake_factory.h index badaacb13585..ad7965fc7725 100644 --- a/contrib/qat/private_key_providers/test/fake_factory.h +++ b/contrib/qat/private_key_providers/test/fake_factory.h @@ -78,7 +78,7 @@ class FakeQatPrivateKeyMethodFactory : public Ssl::PrivateKeyMethodProviderInsta // Ssl::PrivateKeyMethodProviderInstanceFactory Ssl::PrivateKeyMethodProviderSharedPtr createPrivateKeyMethodProviderInstance( const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& message, - Server::Configuration::TransportSocketFactoryContext& private_key_provider_context) override; + Server::Configuration::ServerFactoryContext& private_key_provider_context) override; std::string name() const override { return "qat"; }; }; diff --git a/contrib/qat/private_key_providers/test/ops_test.cc b/contrib/qat/private_key_providers/test/ops_test.cc index aff14109592e..78be41b9bbd9 100644 --- a/contrib/qat/private_key_providers/test/ops_test.cc +++ b/contrib/qat/private_key_providers/test/ops_test.cc @@ -251,8 +251,8 @@ TEST_F(QatProviderRsaTest, TestQatDeviceInit) { // no device found libqat_->icpSalUserStart_return_value_ = CPA_STATUS_FAIL; - Ssl::PrivateKeyMethodProviderSharedPtr provider = - std::make_shared(conf, factory_context_, libqat_); + Ssl::PrivateKeyMethodProviderSharedPtr provider = std::make_shared( + conf, factory_context_.server_context_, libqat_); EXPECT_EQ(provider->isAvailable(), false); delete private_key; } diff --git a/envoy/server/factory_context.h b/envoy/server/factory_context.h index 6a4d77f3ad19..ffc827692498 100644 --- a/envoy/server/factory_context.h +++ b/envoy/server/factory_context.h @@ -145,6 +145,11 @@ class CommonFactoryContext { * @return the server regex engine. */ virtual Regex::Engine& regexEngine() PURE; + + /** + * @return Ssl::ContextManager& the SSL context manager. + */ + virtual Ssl::ContextManager& sslContextManager() PURE; }; /** diff --git a/envoy/server/transport_socket_config.h b/envoy/server/transport_socket_config.h index 9bf86418d517..3e546f8791a6 100644 --- a/envoy/server/transport_socket_config.h +++ b/envoy/server/transport_socket_config.h @@ -48,11 +48,6 @@ class TransportSocketFactoryContext { */ virtual ProtobufMessage::ValidationVisitor& messageValidationVisitor() PURE; - /** - * @return Ssl::ContextManager& the SSL context manager. - */ - virtual Ssl::ContextManager& sslContextManager() PURE; - /** * @return Stats::Scope& the transport socket's stats scope. */ diff --git a/envoy/ssl/private_key/BUILD b/envoy/ssl/private_key/BUILD index aedc02691ed0..27038d9685d1 100644 --- a/envoy/ssl/private_key/BUILD +++ b/envoy/ssl/private_key/BUILD @@ -26,6 +26,7 @@ envoy_cc_library( ":private_key_interface", "//envoy/config:typed_config_interface", "//envoy/registry", + "//envoy/server:factory_context_interface", "@envoy_api//envoy/extensions/transport_sockets/tls/v3:pkg_cc_proto", ], ) diff --git a/envoy/ssl/private_key/private_key.h b/envoy/ssl/private_key/private_key.h index 861df49516af..0524992b2275 100644 --- a/envoy/ssl/private_key/private_key.h +++ b/envoy/ssl/private_key/private_key.h @@ -14,7 +14,7 @@ namespace Envoy { namespace Server { namespace Configuration { // Prevent a dependency loop with the forward declaration. -class TransportSocketFactoryContext; +class ServerFactoryContext; } // namespace Configuration } // namespace Server @@ -88,7 +88,7 @@ class PrivateKeyMethodManager { */ virtual PrivateKeyMethodProviderSharedPtr createPrivateKeyMethodProvider( const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& config, - Envoy::Server::Configuration::TransportSocketFactoryContext& factory_context) PURE; + Envoy::Server::Configuration::ServerFactoryContext& factory_context) PURE; }; } // namespace Ssl diff --git a/envoy/ssl/private_key/private_key_config.h b/envoy/ssl/private_key/private_key_config.h index 6a563e38b10f..bb9226b58fa0 100644 --- a/envoy/ssl/private_key/private_key_config.h +++ b/envoy/ssl/private_key/private_key_config.h @@ -3,6 +3,7 @@ #include "envoy/config/typed_config.h" #include "envoy/extensions/transport_sockets/tls/v3/cert.pb.h" #include "envoy/registry/registry.h" +#include "envoy/server/factory_context.h" #include "envoy/ssl/private_key/private_key.h" namespace Envoy { @@ -19,11 +20,11 @@ class PrivateKeyMethodProviderInstanceFactory : public Config::UntypedFactory { * unable to produce a PrivateKeyMethodProvider with the provided parameters, it should throw * an EnvoyException. The returned pointer should always be valid. * @param config supplies the custom proto configuration for the PrivateKeyMethodProvider - * @param context supplies the factory context + * @param context supplies the server factory context */ virtual PrivateKeyMethodProviderSharedPtr createPrivateKeyMethodProviderInstance( const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& config, - Server::Configuration::TransportSocketFactoryContext& factory_context) PURE; + Server::Configuration::ServerFactoryContext& factory_context) PURE; std::string category() const override { return "envoy.tls.key_providers"; }; }; diff --git a/source/common/listener_manager/listener_impl.cc b/source/common/listener_manager/listener_impl.cc index ed1585afe452..8683c8fd593e 100644 --- a/source/common/listener_manager/listener_impl.cc +++ b/source/common/listener_manager/listener_impl.cc @@ -335,8 +335,8 @@ ListenerImpl::ListenerImpl(const envoy::config::listener::v3::Listener& config, }), transport_factory_context_( std::make_shared( - parent_.server_.serverFactoryContext(), parent_.server_.sslContextManager(), - listenerScope(), parent_.server_.clusterManager(), validation_visitor_)), + parent_.server_.serverFactoryContext(), listenerScope(), + parent_.server_.clusterManager(), validation_visitor_)), quic_stat_names_(parent_.quicStatNames()), missing_listener_config_stats_({ALL_MISSING_LISTENER_CONFIG_STATS( POOL_COUNTER(listener_factory_context_->listenerScope()))}) { diff --git a/source/common/quic/quic_client_transport_socket_factory.cc b/source/common/quic/quic_client_transport_socket_factory.cc index 0ec580f830b0..6e0689c012bd 100644 --- a/source/common/quic/quic_client_transport_socket_factory.cc +++ b/source/common/quic/quic_client_transport_socket_factory.cc @@ -47,7 +47,8 @@ QuicClientTransportSocketFactory::QuicClientTransportSocketFactory( : QuicTransportSocketFactoryBase(factory_context.statsScope(), "client"), tls_slot_(factory_context.serverFactoryContext().threadLocal()) { auto factory_or_error = Extensions::TransportSockets::Tls::ClientSslSocketFactory::create( - std::move(config), factory_context.sslContextManager(), factory_context.statsScope()); + std::move(config), factory_context.serverFactoryContext().sslContextManager(), + factory_context.statsScope()); SET_AND_RETURN_IF_NOT_OK(factory_or_error.status(), creation_status); fallback_factory_ = std::move(*factory_or_error); tls_slot_.set([](Event::Dispatcher&) { return std::make_shared(); }); diff --git a/source/common/quic/quic_server_transport_socket_factory.cc b/source/common/quic/quic_server_transport_socket_factory.cc index 7d7f9dd416a3..75fc005f4c00 100644 --- a/source/common/quic/quic_server_transport_socket_factory.cc +++ b/source/common/quic/quic_server_transport_socket_factory.cc @@ -31,7 +31,8 @@ QuicServerTransportSocketConfigFactory::createTransportSocketFactory( auto factory_or_error = QuicServerTransportSocketFactory::create( PROTOBUF_GET_WRAPPED_OR_DEFAULT(quic_transport, enable_early_data, true), - context.statsScope(), std::move(server_config), context.sslContextManager(), server_names); + context.statsScope(), std::move(server_config), + context.serverFactoryContext().sslContextManager(), server_names); RETURN_IF_NOT_OK(factory_or_error.status()); (*factory_or_error)->initialize(); return std::move(*factory_or_error); diff --git a/source/common/ssl/tls_certificate_config_impl.cc b/source/common/ssl/tls_certificate_config_impl.cc index 24393f420a75..05bcfab802b5 100644 --- a/source/common/ssl/tls_certificate_config_impl.cc +++ b/source/common/ssl/tls_certificate_config_impl.cc @@ -47,34 +47,38 @@ static const std::string INLINE_STRING = ""; absl::StatusOr> TlsCertificateConfigImpl::create( const envoy::extensions::transport_sockets::tls::v3::TlsCertificate& config, - Server::Configuration::TransportSocketFactoryContext& factory_context, Api::Api& api) { + Server::Configuration::ServerFactoryContext& factory_context) { absl::Status creation_status = absl::OkStatus(); std::unique_ptr ret( - new TlsCertificateConfigImpl(config, factory_context, api, creation_status)); + new TlsCertificateConfigImpl(config, factory_context, creation_status)); RETURN_IF_NOT_OK(creation_status); return ret; } TlsCertificateConfigImpl::TlsCertificateConfigImpl( const envoy::extensions::transport_sockets::tls::v3::TlsCertificate& config, - Server::Configuration::TransportSocketFactoryContext& factory_context, Api::Api& api, - absl::Status& creation_status) - : certificate_chain_(maybeSet(Config::DataSource::read(config.certificate_chain(), true, api), - creation_status)), + Server::Configuration::ServerFactoryContext& factory_context, absl::Status& creation_status) + : certificate_chain_(maybeSet( + Config::DataSource::read(config.certificate_chain(), true, factory_context.api()), + creation_status)), certificate_chain_path_( Config::DataSource::getPath(config.certificate_chain()) .value_or(certificate_chain_.empty() ? EMPTY_STRING : INLINE_STRING)), private_key_( - maybeSet(Config::DataSource::read(config.private_key(), true, api), creation_status)), + maybeSet(Config::DataSource::read(config.private_key(), true, factory_context.api()), + creation_status)), private_key_path_(Config::DataSource::getPath(config.private_key()) .value_or(private_key_.empty() ? EMPTY_STRING : INLINE_STRING)), - pkcs12_(maybeSet(Config::DataSource::read(config.pkcs12(), true, api), creation_status)), + pkcs12_(maybeSet(Config::DataSource::read(config.pkcs12(), true, factory_context.api()), + creation_status)), pkcs12_path_(Config::DataSource::getPath(config.pkcs12()) .value_or(pkcs12_.empty() ? EMPTY_STRING : INLINE_STRING)), - password_(maybeSet(Config::DataSource::read(config.password(), true, api), creation_status)), + password_(maybeSet(Config::DataSource::read(config.password(), true, factory_context.api()), + creation_status)), password_path_(Config::DataSource::getPath(config.password()) .value_or(password_.empty() ? EMPTY_STRING : INLINE_STRING)), - ocsp_staple_(maybeReadOcspStaple(config.ocsp_staple(), api, creation_status)), + ocsp_staple_( + maybeReadOcspStaple(config.ocsp_staple(), factory_context.api(), creation_status)), ocsp_staple_path_(Config::DataSource::getPath(config.ocsp_staple()) .value_or(ocsp_staple_.empty() ? EMPTY_STRING : INLINE_STRING)), private_key_method_(nullptr) { diff --git a/source/common/ssl/tls_certificate_config_impl.h b/source/common/ssl/tls_certificate_config_impl.h index b97d86eaf408..229edbe9dd50 100644 --- a/source/common/ssl/tls_certificate_config_impl.h +++ b/source/common/ssl/tls_certificate_config_impl.h @@ -14,7 +14,7 @@ class TlsCertificateConfigImpl : public TlsCertificateConfig { public: static absl::StatusOr> create(const envoy::extensions::transport_sockets::tls::v3::TlsCertificate& config, - Server::Configuration::TransportSocketFactoryContext& factory_context, Api::Api& api); + Server::Configuration::ServerFactoryContext& factory_context); const std::string& certificateChain() const override { return certificate_chain_; } const std::string& certificateChainPath() const override { return certificate_chain_path_; } @@ -33,8 +33,7 @@ class TlsCertificateConfigImpl : public TlsCertificateConfig { private: TlsCertificateConfigImpl( const envoy::extensions::transport_sockets::tls::v3::TlsCertificate& config, - Server::Configuration::TransportSocketFactoryContext& factory_context, Api::Api& api, - absl::Status& creation_status); + Server::Configuration::ServerFactoryContext& factory_context, absl::Status& creation_status); const std::string certificate_chain_; const std::string certificate_chain_path_; diff --git a/source/common/tls/context_config_impl.cc b/source/common/tls/context_config_impl.cc index 3b5247eb848b..a30c9aa967f3 100644 --- a/source/common/tls/context_config_impl.cc +++ b/source/common/tls/context_config_impl.cc @@ -188,8 +188,8 @@ ContextConfigImpl::ContextConfigImpl( if (!tls_certificate_providers_.empty()) { for (auto& provider : tls_certificate_providers_) { if (provider->secret() != nullptr) { - auto config_or_error = - Ssl::TlsCertificateConfigImpl::create(*provider->secret(), factory_context, api_); + auto config_or_error = Ssl::TlsCertificateConfigImpl::create( + *provider->secret(), factory_context.serverFactoryContext()); SET_AND_RETURN_IF_NOT_OK(config_or_error.status(), creation_status); tls_certificate_configs_.emplace_back(std::move(*config_or_error)); } @@ -241,8 +241,8 @@ void ContextConfigImpl::setSecretUpdateCallback(std::function ca for (const auto& tls_certificate_provider : tls_certificate_providers_) { auto* secret = tls_certificate_provider->secret(); if (secret != nullptr) { - auto config_or_error = - Ssl::TlsCertificateConfigImpl::create(*secret, factory_context_, api_); + auto config_or_error = Ssl::TlsCertificateConfigImpl::create( + *secret, factory_context_.serverFactoryContext()); RETURN_IF_NOT_OK(config_or_error.status()); tls_certificate_configs_.emplace_back(std::move(*config_or_error)); } diff --git a/source/common/tls/private_key/private_key_manager_impl.cc b/source/common/tls/private_key/private_key_manager_impl.cc index 93ccbc622d5b..a6140fac7127 100644 --- a/source/common/tls/private_key/private_key_manager_impl.cc +++ b/source/common/tls/private_key/private_key_manager_impl.cc @@ -11,7 +11,7 @@ namespace Tls { Envoy::Ssl::PrivateKeyMethodProviderSharedPtr PrivateKeyMethodManagerImpl::createPrivateKeyMethodProvider( const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& config, - Server::Configuration::TransportSocketFactoryContext& factory_context) { + Server::Configuration::ServerFactoryContext& factory_context) { Ssl::PrivateKeyMethodProviderInstanceFactory* factory = Registry::FactoryRegistry::getFactory( diff --git a/source/common/tls/private_key/private_key_manager_impl.h b/source/common/tls/private_key/private_key_manager_impl.h index 06d85658d6a4..7e7b729fdf51 100644 --- a/source/common/tls/private_key/private_key_manager_impl.h +++ b/source/common/tls/private_key/private_key_manager_impl.h @@ -14,7 +14,7 @@ class PrivateKeyMethodManagerImpl : public virtual Ssl::PrivateKeyMethodManager // Ssl::PrivateKeyMethodManager Ssl::PrivateKeyMethodProviderSharedPtr createPrivateKeyMethodProvider( const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& config, - Server::Configuration::TransportSocketFactoryContext& factory_context) override; + Server::Configuration::ServerFactoryContext& factory_context) override; }; } // namespace Tls diff --git a/source/common/upstream/health_discovery_service.cc b/source/common/upstream/health_discovery_service.cc index 36fa65196d7e..ab178fbe4e74 100644 --- a/source/common/upstream/health_discovery_service.cc +++ b/source/common/upstream/health_discovery_service.cc @@ -538,8 +538,8 @@ ProdClusterInfoFactory::createClusterInfo(const CreateClusterInfoParams& params) params.stats_.createScope(fmt::format("cluster.{}.", params.cluster_.name())); Envoy::Server::Configuration::TransportSocketFactoryContextImpl factory_context( - params.server_context_, params.ssl_context_manager_, *scope, - params.server_context_.clusterManager(), params.server_context_.messageValidationVisitor()); + params.server_context_, *scope, params.server_context_.clusterManager(), + params.server_context_.messageValidationVisitor()); // TODO(JimmyCYJ): Support SDS for HDS cluster. Network::UpstreamTransportSocketFactoryPtr socket_factory = THROW_OR_RETURN_VALUE( diff --git a/source/common/upstream/upstream_impl.cc b/source/common/upstream/upstream_impl.cc index 1dafc23d65b8..bc9dff3d7f15 100644 --- a/source/common/upstream/upstream_impl.cc +++ b/source/common/upstream/upstream_impl.cc @@ -1606,8 +1606,8 @@ ClusterImplBase::ClusterImplBase(const envoy::config::cluster::v3::Cluster& clus auto stats_scope = generateStatsScope(cluster, server_context.serverScope().store()); transport_factory_context_ = std::make_unique( - server_context, cluster_context.sslContextManager(), *stats_scope, - cluster_context.clusterManager(), cluster_context.messageValidationVisitor()); + server_context, *stats_scope, cluster_context.clusterManager(), + cluster_context.messageValidationVisitor()); transport_factory_context_->setInitManager(init_manager_); auto socket_factory_or_error = createTransportSocketFactory(cluster, *transport_factory_context_); diff --git a/source/extensions/transport_sockets/tls/downstream_config.cc b/source/extensions/transport_sockets/tls/downstream_config.cc index 0821dc9dbcd7..2b289f39bb25 100644 --- a/source/extensions/transport_sockets/tls/downstream_config.cc +++ b/source/extensions/transport_sockets/tls/downstream_config.cc @@ -24,8 +24,8 @@ DownstreamSslSocketFactory::createTransportSocketFactory( context, false); RETURN_IF_NOT_OK(server_config_or_error.status()); return ServerSslSocketFactory::create(std::move(server_config_or_error.value()), - context.sslContextManager(), context.statsScope(), - server_names); + context.serverFactoryContext().sslContextManager(), + context.statsScope(), server_names); } ProtobufTypes::MessagePtr DownstreamSslSocketFactory::createEmptyConfigProto() { diff --git a/source/extensions/transport_sockets/tls/upstream_config.cc b/source/extensions/transport_sockets/tls/upstream_config.cc index 9f228fed09be..0d8530e9453b 100644 --- a/source/extensions/transport_sockets/tls/upstream_config.cc +++ b/source/extensions/transport_sockets/tls/upstream_config.cc @@ -24,7 +24,8 @@ UpstreamSslSocketFactory::createTransportSocketFactory( context); RETURN_IF_NOT_OK(client_config_or_error.status()); return ClientSslSocketFactory::create(std::move(client_config_or_error.value()), - context.sslContextManager(), context.statsScope()); + context.serverFactoryContext().sslContextManager(), + context.statsScope()); } ProtobufTypes::MessagePtr UpstreamSslSocketFactory::createEmptyConfigProto() { diff --git a/source/server/server.h b/source/server/server.h index 41dcd8363264..e52a5a9542f9 100644 --- a/source/server/server.h +++ b/source/server/server.h @@ -207,11 +207,11 @@ class ServerFactoryContextImpl : public Configuration::ServerFactoryContext, envoy::config::bootstrap::v3::Bootstrap& bootstrap() override { return server_.bootstrap(); } OverloadManager& overloadManager() override { return server_.overloadManager(); } OverloadManager& nullOverloadManager() override { return server_.nullOverloadManager(); } + Ssl::ContextManager& sslContextManager() override { return server_.sslContextManager(); } bool healthCheckFailed() const override { return server_.healthCheckFailed(); } // Configuration::TransportSocketFactoryContext ServerFactoryContext& serverFactoryContext() override { return *this; } - Ssl::ContextManager& sslContextManager() override { return server_.sslContextManager(); } Secret::SecretManager& secretManager() override { return server_.secretManager(); } Stats::Scope& statsScope() override { return *server_scope_; } Init::Manager& initManager() override { return server_.initManager(); } diff --git a/source/server/transport_socket_config_impl.h b/source/server/transport_socket_config_impl.h index 87f9aaeac244..ab27b21b41be 100644 --- a/source/server/transport_socket_config_impl.h +++ b/source/server/transport_socket_config_impl.h @@ -13,11 +13,10 @@ namespace Configuration { class TransportSocketFactoryContextImpl : public TransportSocketFactoryContext { public: TransportSocketFactoryContextImpl(Server::Configuration::ServerFactoryContext& server_context, - Ssl::ContextManager& context_manager, Stats::Scope& stats_scope, - Upstream::ClusterManager& cm, + Stats::Scope& stats_scope, Upstream::ClusterManager& cm, ProtobufMessage::ValidationVisitor& validation_visitor) - : server_context_(server_context), context_manager_(context_manager), - stats_scope_(stats_scope), cluster_manager_(cm), validation_visitor_(validation_visitor) {} + : server_context_(server_context), stats_scope_(stats_scope), cluster_manager_(cm), + validation_visitor_(validation_visitor) {} /** * Pass an init manager to register dynamic secret provider. @@ -31,7 +30,6 @@ class TransportSocketFactoryContextImpl : public TransportSocketFactoryContext { ProtobufMessage::ValidationVisitor& messageValidationVisitor() override { return validation_visitor_; } - Ssl::ContextManager& sslContextManager() override { return context_manager_; } Stats::Scope& statsScope() override { return stats_scope_; } Secret::SecretManager& secretManager() override { return clusterManager().clusterManagerFactory().secretManager(); @@ -43,7 +41,6 @@ class TransportSocketFactoryContextImpl : public TransportSocketFactoryContext { private: Server::Configuration::ServerFactoryContext& server_context_; - Ssl::ContextManager& context_manager_; Stats::Scope& stats_scope_; Upstream::ClusterManager& cluster_manager_; ProtobufMessage::ValidationVisitor& validation_visitor_; diff --git a/test/common/http/conn_pool_grid_test.cc b/test/common/http/conn_pool_grid_test.cc index 4ca040f8d41b..e6363c1b08d6 100644 --- a/test/common/http/conn_pool_grid_test.cc +++ b/test/common/http/conn_pool_grid_test.cc @@ -167,6 +167,8 @@ class ConnectivityGridTest : public Event::TestUsingSimulatedTime, public testin quic_stat_names_(store_.symbolTable()) { ON_CALL(factory_context_.server_context_, threadLocal()) .WillByDefault(ReturnRef(thread_local_)); + ON_CALL(factory_context_.server_context_, threadLocal()) + .WillByDefault(ReturnRef(thread_local_)); // Make sure we test happy eyeballs code. address_list_ = {*Network::Utility::resolveUrl("tcp://127.0.0.1:9000"), *Network::Utility::resolveUrl("tcp://[::]:9000")}; @@ -1351,6 +1353,9 @@ namespace { TEST_F(ConnectivityGridTest, RealGrid) { initialize(); testing::InSequence s; + testing::NiceMock ssl_context_manager; + ON_CALL(factory_context_.server_context_, sslContextManager()) + .WillByDefault(ReturnRef(ssl_context_manager)); dispatcher_.allow_null_callback_ = true; // Set the cluster up to have a quic transport socket. Envoy::Ssl::ClientContextConfigPtr config(new NiceMock()); @@ -1392,8 +1397,10 @@ TEST_F(ConnectivityGridTest, ConnectionCloseDuringAysnConnect) { // Set the cluster up to have a quic transport socket. Envoy::Ssl::ClientContextConfigPtr config(new NiceMock()); Ssl::ClientContextSharedPtr ssl_context(new Ssl::MockClientContext()); - EXPECT_CALL(factory_context_.context_manager_, createSslClientContext(_, _)) - .WillOnce(Return(ssl_context)); + testing::NiceMock ssl_context_manager; + ON_CALL(factory_context_.server_context_, sslContextManager()) + .WillByDefault(ReturnRef(ssl_context_manager)); + EXPECT_CALL(ssl_context_manager, createSslClientContext(_, _)).WillOnce(Return(ssl_context)); auto factory = *Quic::QuicClientTransportSocketFactory::create(std::move(config), factory_context_); factory->initialize(); diff --git a/test/common/http/http3/conn_pool_test.cc b/test/common/http/http3/conn_pool_test.cc index 48e2548942e2..8fb290c63e6c 100644 --- a/test/common/http/http3/conn_pool_test.cc +++ b/test/common/http/http3/conn_pool_test.cc @@ -41,7 +41,9 @@ class Http3ConnPoolImplTest : public Event::TestUsingSimulatedTime, public testi public: Http3ConnPoolImplTest() { ON_CALL(context_.server_context_, threadLocal()).WillByDefault(ReturnRef(thread_local_)); - EXPECT_CALL(context_.context_manager_, createSslClientContext(_, _)) + ON_CALL(context_.server_context_, sslContextManager()) + .WillByDefault(ReturnRef(ssl_context_manager_)); + EXPECT_CALL(ssl_context_manager_, createSslClientContext(_, _)) .WillRepeatedly(Return(ssl_context_)); factory_ = *Quic::QuicClientTransportSocketFactory::create( std::unique_ptr( @@ -89,6 +91,7 @@ class Http3ConnPoolImplTest : public Event::TestUsingSimulatedTime, public testi new Upstream::HostDescription::AddressVector{ *Network::Utility::resolveUrl("tcp://127.0.0.1:3000"), *Network::Utility::resolveUrl("tcp://[::]:3000")}}; + NiceMock ssl_context_manager_; NiceMock context_; std::unique_ptr factory_; Ssl::ClientContextSharedPtr ssl_context_{new Ssl::MockClientContext()}; diff --git a/test/common/listener_manager/listener_manager_impl_test.h b/test/common/listener_manager/listener_manager_impl_test.h index 493534c6dd2a..034b16861a7e 100644 --- a/test/common/listener_manager/listener_manager_impl_test.h +++ b/test/common/listener_manager/listener_manager_impl_test.h @@ -76,6 +76,8 @@ class ListenerManagerImplTest : public testing::TestWithParam { void SetUp() override { ON_CALL(server_, api()).WillByDefault(ReturnRef(*api_)); ON_CALL(*server_.server_factory_context_, api()).WillByDefault(ReturnRef(*api_)); + ON_CALL(*server_.server_factory_context_, sslContextManager()) + .WillByDefault(ReturnRef(server_.ssl_context_manager_)); EXPECT_CALL(worker_factory_, createWorker_()).WillOnce(Return(worker_)); ON_CALL(server_.validation_context_, staticValidationVisitor()) .WillByDefault(ReturnRef(validation_visitor)); diff --git a/test/common/quic/client_connection_factory_impl_test.cc b/test/common/quic/client_connection_factory_impl_test.cc index 7b407eb46f2f..c3b818604bee 100644 --- a/test/common/quic/client_connection_factory_impl_test.cc +++ b/test/common/quic/client_connection_factory_impl_test.cc @@ -31,6 +31,8 @@ class QuicNetworkConnectionTest : public Event::TestUsingSimulatedTime, protected: void initialize() { ON_CALL(context_.server_context_, threadLocal()).WillByDefault(ReturnRef(thread_local_)); + ON_CALL(context_.server_context_, sslContextManager()) + .WillByDefault(ReturnRef(ssl_context_manager_)); EXPECT_CALL(*cluster_, perConnectionBufferLimitBytes()).WillOnce(Return(45)); EXPECT_CALL(*cluster_, connectTimeout).WillOnce(Return(std::chrono::seconds(10))); auto* protocol_options = cluster_->http3_options_.mutable_quic_protocol_options(); @@ -66,7 +68,7 @@ class QuicNetworkConnectionTest : public Event::TestUsingSimulatedTime, test_address_ = *Network::Utility::resolveUrl(absl::StrCat( "tcp://", Network::Test::getLoopbackAddressUrlString(GetParam()), ":", PEER_PORT)); Ssl::ClientContextSharedPtr context{new Ssl::MockClientContext()}; - EXPECT_CALL(context_.context_manager_, createSslClientContext(_, _)).WillOnce(Return(context)); + EXPECT_CALL(ssl_context_manager_, createSslClientContext(_, _)).WillOnce(Return(context)); factory_ = *Quic::QuicClientTransportSocketFactory::create( std::unique_ptr( new NiceMock), @@ -79,6 +81,7 @@ class QuicNetworkConnectionTest : public Event::TestUsingSimulatedTime, } NiceMock dispatcher_; + testing::NiceMock ssl_context_manager_; std::unique_ptr quic_info_; std::shared_ptr cluster_{new NiceMock()}; Upstream::HostSharedPtr host_{new NiceMock}; diff --git a/test/common/quic/quic_transport_socket_factory_test.cc b/test/common/quic/quic_transport_socket_factory_test.cc index 07d6a6c73fd4..8f4be540527a 100644 --- a/test/common/quic/quic_transport_socket_factory_test.cc +++ b/test/common/quic/quic_transport_socket_factory_test.cc @@ -20,6 +20,8 @@ class QuicServerTransportSocketFactoryConfigTest : public Event::TestUsingSimula : server_api_(Api::createApiForTest(server_stats_store_, simTime())) { ON_CALL(context_.server_context_, api()).WillByDefault(ReturnRef(*server_api_)); ON_CALL(context_.server_context_, threadLocal()).WillByDefault(ReturnRef(thread_local_)); + ON_CALL(context_.server_context_, sslContextManager()) + .WillByDefault(ReturnRef(ssl_context_manager_)); } void verifyQuicServerTransportSocketFactory(std::string yaml, bool expect_early_data) { @@ -36,6 +38,7 @@ class QuicServerTransportSocketFactoryConfigTest : public Event::TestUsingSimula QuicServerTransportSocketConfigFactory config_factory_; Stats::TestUtil::TestStore server_stats_store_; Api::ApiPtr server_api_; + testing::NiceMock ssl_context_manager_; NiceMock context_; testing::NiceMock thread_local_; }; @@ -117,13 +120,16 @@ class QuicClientTransportSocketFactoryTest : public testing::Test { public: QuicClientTransportSocketFactoryTest() { ON_CALL(context_.server_context_, threadLocal()).WillByDefault(ReturnRef(thread_local_)); - EXPECT_CALL(context_.context_manager_, createSslClientContext(_, _)).WillOnce(Return(nullptr)); + ON_CALL(context_.server_context_, sslContextManager()) + .WillByDefault(ReturnRef(ssl_context_manager_)); + EXPECT_CALL(ssl_context_manager_, createSslClientContext(_, _)).WillOnce(Return(nullptr)); EXPECT_CALL(*context_config_, setSecretUpdateCallback(_)) .WillOnce(testing::SaveArg<0>(&update_callback_)); factory_ = *Quic::QuicClientTransportSocketFactory::create( std::unique_ptr(context_config_), context_); } + testing::NiceMock ssl_context_manager_; NiceMock context_; std::unique_ptr factory_; // Will be owned by factory_. @@ -145,15 +151,13 @@ TEST_F(QuicClientTransportSocketFactoryTest, GetCryptoConfig) { EXPECT_EQ(nullptr, factory_->getCryptoConfig()); Ssl::ClientContextSharedPtr ssl_context1{new Ssl::MockClientContext()}; - EXPECT_CALL(context_.context_manager_, createSslClientContext(_, _)) - .WillOnce(Return(ssl_context1)); + EXPECT_CALL(ssl_context_manager_, createSslClientContext(_, _)).WillOnce(Return(ssl_context1)); update_callback_(); std::shared_ptr crypto_config1 = factory_->getCryptoConfig(); EXPECT_NE(nullptr, crypto_config1); Ssl::ClientContextSharedPtr ssl_context2{new Ssl::MockClientContext()}; - EXPECT_CALL(context_.context_manager_, createSslClientContext(_, _)) - .WillOnce(Return(ssl_context2)); + EXPECT_CALL(ssl_context_manager_, createSslClientContext(_, _)).WillOnce(Return(ssl_context2)); update_callback_(); std::shared_ptr crypto_config2 = factory_->getCryptoConfig(); EXPECT_NE(crypto_config2, crypto_config1); diff --git a/test/common/secret/sds_api_test.cc b/test/common/secret/sds_api_test.cc index 1f73cacb7e39..b965ba75834f 100644 --- a/test/common/secret/sds_api_test.cc +++ b/test/common/secret/sds_api_test.cc @@ -179,7 +179,8 @@ TEST_F(SdsApiTest, DynamicTlsCertificateUpdateSuccess) { EXPECT_TRUE(subscription_factory_.callbacks_->onConfigUpdate(decoded_resources.refvec_, "").ok()); testing::NiceMock ctx; - auto tls_config = Ssl::TlsCertificateConfigImpl::create(*sds_api.secret(), ctx, *api_).value(); + auto tls_config = + Ssl::TlsCertificateConfigImpl::create(*sds_api.secret(), ctx.server_context_).value(); const std::string cert_pem = "{{ test_rundir }}/test/common/tls/test_data/selfsigned_cert.pem"; EXPECT_EQ(TestEnvironment::readFileToStringForTest(TestEnvironment::substitute(cert_pem)), tls_config->certificateChain()); @@ -600,7 +601,8 @@ TEST_F(SdsApiTest, DeltaUpdateSuccess) { subscription_factory_.callbacks_->onConfigUpdate(decoded_resources.refvec_, {}, "").ok()); testing::NiceMock ctx; - auto tls_config = Ssl::TlsCertificateConfigImpl::create(*sds_api.secret(), ctx, *api_).value(); + auto tls_config = + Ssl::TlsCertificateConfigImpl::create(*sds_api.secret(), ctx.server_context_).value(); const std::string cert_pem = "{{ test_rundir }}/test/common/tls/test_data/selfsigned_cert.pem"; EXPECT_EQ(TestEnvironment::readFileToStringForTest(TestEnvironment::substitute(cert_pem)), tls_config->certificateChain()); diff --git a/test/common/secret/secret_manager_impl_test.cc b/test/common/secret/secret_manager_impl_test.cc index d5f5b9406581..75881982e176 100644 --- a/test/common/secret/secret_manager_impl_test.cc +++ b/test/common/secret/secret_manager_impl_test.cc @@ -83,10 +83,11 @@ name: "abc.com" ASSERT_NE(secret_manager->findStaticTlsCertificateProvider("abc.com"), nullptr); testing::NiceMock ctx; - auto tls_config = - Ssl::TlsCertificateConfigImpl::create( - *secret_manager->findStaticTlsCertificateProvider("abc.com")->secret(), ctx, *api_) - .value(); + EXPECT_CALL(ctx.server_context_, api()).WillRepeatedly(ReturnRef(*api_)); + auto tls_config = Ssl::TlsCertificateConfigImpl::create( + *secret_manager->findStaticTlsCertificateProvider("abc.com")->secret(), + ctx.server_context_) + .value(); const std::string cert_pem = "{{ test_rundir }}/test/common/tls/test_data/selfsigned_cert.pem"; EXPECT_EQ(TestEnvironment::readFileToStringForTest(TestEnvironment::substitute(cert_pem)), tls_config->certificateChain()); @@ -385,7 +386,8 @@ name: "abc.com" .ok()); testing::NiceMock ctx; auto tls_config = - Ssl::TlsCertificateConfigImpl::create(*secret_provider->secret(), ctx, *api_).value(); + Ssl::TlsCertificateConfigImpl::create(*secret_provider->secret(), ctx.server_context_) + .value(); const std::string cert_pem = "{{ test_rundir }}/test/common/tls/test_data/selfsigned_cert.pem"; EXPECT_EQ(TestEnvironment::readFileToStringForTest(TestEnvironment::substitute(cert_pem)), tls_config->certificateChain()); @@ -484,7 +486,8 @@ name: "abc.com" .ok()); testing::NiceMock ctx; auto tls_config = - Ssl::TlsCertificateConfigImpl::create(*secret_provider->secret(), ctx, *api_).value(); + Ssl::TlsCertificateConfigImpl::create(*secret_provider->secret(), ctx.server_context_) + .value(); EXPECT_EQ("DUMMY_INLINE_BYTES_FOR_CERT_CHAIN", tls_config->certificateChain()); EXPECT_EQ("DUMMY_INLINE_BYTES_FOR_PRIVATE_KEY", tls_config->privateKey()); EXPECT_EQ("DUMMY_PASSWORD", tls_config->password()); @@ -1122,8 +1125,9 @@ name: "abc.com" .WillRepeatedly(Return(nullptr)); EXPECT_CALL(ssl_context_manager, privateKeyMethodManager()) .WillRepeatedly(ReturnRef(private_key_method_manager)); - EXPECT_CALL(ctx, sslContextManager()).WillRepeatedly(ReturnRef(ssl_context_manager)); - EXPECT_EQ(Ssl::TlsCertificateConfigImpl::create(*secret_provider->secret(), ctx, *api_) + EXPECT_CALL(ctx.server_context_, sslContextManager()) + .WillRepeatedly(ReturnRef(ssl_context_manager)); + EXPECT_EQ(Ssl::TlsCertificateConfigImpl::create(*secret_provider->secret(), ctx.server_context_) .status() .message(), "Failed to load private key provider: test"); diff --git a/test/common/tls/context_impl_test.cc b/test/common/tls/context_impl_test.cc index 1ad54a85b213..fdc1ade6efed 100644 --- a/test/common/tls/context_impl_test.cc +++ b/test/common/tls/context_impl_test.cc @@ -2073,7 +2073,8 @@ TEST_F(ServerContextConfigImplTest, PrivateKeyMethodLoadFailureNoProvider) { envoy::extensions::transport_sockets::tls::v3::DownstreamTlsContext tls_context; NiceMock context_manager; NiceMock private_key_method_manager; - EXPECT_CALL(factory_context_, sslContextManager()).WillOnce(ReturnRef(context_manager)); + EXPECT_CALL(factory_context_.server_context_, sslContextManager()) + .WillOnce(ReturnRef(context_manager)); EXPECT_CALL(context_manager, privateKeyMethodManager()) .WillOnce(ReturnRef(private_key_method_manager)); const std::string tls_context_yaml = R"EOF( @@ -2098,7 +2099,8 @@ TEST_F(ServerContextConfigImplTest, PrivateKeyMethodLoadFailureNoProviderFallbac envoy::extensions::transport_sockets::tls::v3::DownstreamTlsContext tls_context; NiceMock context_manager; NiceMock private_key_method_manager; - EXPECT_CALL(factory_context_, sslContextManager()).WillOnce(ReturnRef(context_manager)); + EXPECT_CALL(factory_context_.server_context_, sslContextManager()) + .WillOnce(ReturnRef(context_manager)); EXPECT_CALL(context_manager, privateKeyMethodManager()) .WillOnce(ReturnRef(private_key_method_manager)); const std::string tls_context_yaml = R"EOF( @@ -2129,7 +2131,8 @@ TEST_F(ServerContextConfigImplTest, PrivateKeyMethodLoadFailureNoMethod) { auto private_key_method_provider_ptr = std::make_shared>(); ContextManagerImpl manager(server_factory_context_); - EXPECT_CALL(factory_context_, sslContextManager()).WillOnce(ReturnRef(context_manager)); + EXPECT_CALL(factory_context_.server_context_, sslContextManager()) + .WillOnce(ReturnRef(context_manager)); EXPECT_CALL(context_manager, privateKeyMethodManager()) .WillOnce(ReturnRef(private_key_method_manager)); EXPECT_CALL(private_key_method_manager, createPrivateKeyMethodProvider(_, _)) @@ -2164,7 +2167,8 @@ TEST_F(ServerContextConfigImplTest, PrivateKeyMethodLoadSuccess) { NiceMock private_key_method_manager; auto private_key_method_provider_ptr = std::make_shared>(); - EXPECT_CALL(factory_context_, sslContextManager()).WillOnce(ReturnRef(context_manager)); + EXPECT_CALL(factory_context_.server_context_, sslContextManager()) + .WillOnce(ReturnRef(context_manager)); EXPECT_CALL(context_manager, privateKeyMethodManager()) .WillOnce(ReturnRef(private_key_method_manager)); EXPECT_CALL(private_key_method_manager, createPrivateKeyMethodProvider(_, _)) @@ -2193,7 +2197,8 @@ TEST_F(ServerContextConfigImplTest, PrivateKeyMethodFallback) { NiceMock private_key_method_manager; auto private_key_method_provider_ptr = std::make_shared>(); - EXPECT_CALL(factory_context_, sslContextManager()).WillOnce(ReturnRef(context_manager)); + EXPECT_CALL(factory_context_.server_context_, sslContextManager()) + .WillOnce(ReturnRef(context_manager)); EXPECT_CALL(context_manager, privateKeyMethodManager()) .WillOnce(ReturnRef(private_key_method_manager)); EXPECT_CALL(private_key_method_manager, createPrivateKeyMethodProvider(_, _)) diff --git a/test/common/tls/ssl_socket_test.cc b/test/common/tls/ssl_socket_test.cc index f63f82f1500c..84abdc15876b 100644 --- a/test/common/tls/ssl_socket_test.cc +++ b/test/common/tls/ssl_socket_test.cc @@ -416,7 +416,7 @@ void testUtil(const TestUtilOptions& options) { test_private_key_method_factory(test_factory); PrivateKeyMethodManagerImpl private_key_method_manager; if (options.expectedPrivateKeyMethod()) { - EXPECT_CALL(transport_socket_factory_context, sslContextManager()) + EXPECT_CALL(transport_socket_factory_context.server_context_, sslContextManager()) .WillOnce(ReturnRef(context_manager)) .WillRepeatedly(ReturnRef(context_manager)); EXPECT_CALL(context_manager, privateKeyMethodManager()) diff --git a/test/common/tls/test_private_key_method_provider.cc b/test/common/tls/test_private_key_method_provider.cc index 242e634f671e..85a8d1998f3b 100644 --- a/test/common/tls/test_private_key_method_provider.cc +++ b/test/common/tls/test_private_key_method_provider.cc @@ -315,7 +315,7 @@ int TestPrivateKeyMethodProvider::ecdsaConnectionIndex() { TestPrivateKeyMethodProvider::TestPrivateKeyMethodProvider( const ProtobufWkt::Any& typed_config, - Server::Configuration::TransportSocketFactoryContext& factory_context) { + Server::Configuration::ServerFactoryContext& factory_context) { std::string private_key_path; auto config = MessageUtil::anyConvert(typed_config); @@ -359,11 +359,8 @@ TestPrivateKeyMethodProvider::TestPrivateKeyMethodProvider( return; } - std::string private_key = factory_context.serverFactoryContext() - .api() - .fileSystem() - .fileReadToEnd(private_key_path) - .value(); + std::string private_key = + factory_context.api().fileSystem().fileReadToEnd(private_key_path).value(); bssl::UniquePtr bio( BIO_new_mem_buf(const_cast(private_key.data()), private_key.size())); bssl::UniquePtr pkey(PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr)); diff --git a/test/common/tls/test_private_key_method_provider.h b/test/common/tls/test_private_key_method_provider.h index 7de910d4a2db..d70bf0ecbd47 100644 --- a/test/common/tls/test_private_key_method_provider.h +++ b/test/common/tls/test_private_key_method_provider.h @@ -63,9 +63,8 @@ class TestPrivateKeyConnection { class TestPrivateKeyMethodProvider : public virtual Ssl::PrivateKeyMethodProvider { public: - TestPrivateKeyMethodProvider( - const ProtobufWkt::Any& typed_config, - Server::Configuration::TransportSocketFactoryContext& factory_context); + TestPrivateKeyMethodProvider(const ProtobufWkt::Any& typed_config, + Server::Configuration::ServerFactoryContext& factory_context); // Ssl::PrivateKeyMethodProvider void registerPrivateKeyMethod(SSL* ssl, Ssl::PrivateKeyConnectionCallbacks& cb, Event::Dispatcher& dispatcher) override; @@ -89,7 +88,7 @@ class TestPrivateKeyMethodFactory : public Ssl::PrivateKeyMethodProviderInstance // Ssl::PrivateKeyMethodProviderInstanceFactory Ssl::PrivateKeyMethodProviderSharedPtr createPrivateKeyMethodProviderInstance( const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& config, - Server::Configuration::TransportSocketFactoryContext& factory_context) override { + Server::Configuration::ServerFactoryContext& factory_context) override { return std::make_shared(config.typed_config(), factory_context); } diff --git a/test/common/upstream/hds_test.cc b/test/common/upstream/hds_test.cc index 3d4d0ae5af6c..f54c1369a111 100644 --- a/test/common/upstream/hds_test.cc +++ b/test/common/upstream/hds_test.cc @@ -63,6 +63,7 @@ class HdsTest : public testing::Test { async_client_(new Grpc::MockAsyncClient()), api_(Api::createApiForTest(stats_store_, random_)), ssl_context_manager_(server_context_) { ON_CALL(server_context_, api()).WillByDefault(ReturnRef(*api_)); + ON_CALL(server_context_, sslContextManager()).WillByDefault(ReturnRef(ssl_context_manager_)); node_.set_id("hds-node"); } @@ -616,8 +617,7 @@ TEST_F(HdsTest, TestSocketContext) { Envoy::Stats::ScopeSharedPtr scope = params.stats_.createScope(fmt::format("cluster.{}.", params.cluster_.name())); Envoy::Server::Configuration::TransportSocketFactoryContextImpl factory_context( - params.server_context_, params.ssl_context_manager_, *scope, - params.server_context_.clusterManager(), + params.server_context_, *scope, params.server_context_.clusterManager(), params.server_context_.messageValidationVisitor()); // Create a mock socket_factory for the scope of this unit test. @@ -1107,8 +1107,7 @@ TEST_F(HdsTest, TestUpdateSocketContext) { Envoy::Stats::ScopeSharedPtr scope = params.stats_.createScope(fmt::format("cluster.{}.", params.cluster_.name())); Envoy::Server::Configuration::TransportSocketFactoryContextImpl factory_context( - params.server_context_, params.ssl_context_manager_, *scope, - params.server_context_.clusterManager(), + params.server_context_, *scope, params.server_context_.clusterManager(), params.server_context_.messageValidationVisitor()); // Create a mock socket_factory for the scope of this unit test. diff --git a/test/extensions/clusters/eds/leds_test.cc b/test/extensions/clusters/eds/leds_test.cc index d0f4d714ef94..6d8d67601ead 100644 --- a/test/extensions/clusters/eds/leds_test.cc +++ b/test/extensions/clusters/eds/leds_test.cc @@ -89,8 +89,7 @@ class LedsTest : public testing::Test { cluster_scope_ = stats_.createScope("cluster.xds_cluster."); Envoy::Server::Configuration::TransportSocketFactoryContextImpl factory_context( - server_context_, ssl_context_manager_, *cluster_scope_, server_context_.cluster_manager_, - validation_visitor_); + server_context_, *cluster_scope_, server_context_.cluster_manager_, validation_visitor_); // Setup LEDS subscription. EXPECT_CALL(server_context_.cluster_manager_.subscription_factory_, @@ -151,7 +150,6 @@ class LedsTest : public testing::Test { NiceMock server_context_; uint32_t callbacks_called_counter_{0}; Stats::TestUtil::TestStore stats_; - Ssl::MockContextManager ssl_context_manager_; Envoy::Stats::ScopeSharedPtr cluster_scope_; LedsSubscriptionPtr leds_subscription_; NiceMock random_; diff --git a/test/integration/base_integration_test.cc b/test/integration/base_integration_test.cc index 6cabd66f3dfb..c5825e40c715 100644 --- a/test/integration/base_integration_test.cc +++ b/test/integration/base_integration_test.cc @@ -74,7 +74,8 @@ BaseIntegrationTest::BaseIntegrationTest(const InstanceConstSharedPtrFn& upstrea })); ON_CALL(factory_context_.server_context_, api()).WillByDefault(ReturnRef(*api_)); ON_CALL(factory_context_, statsScope()).WillByDefault(ReturnRef(*stats_store_.rootScope())); - ON_CALL(factory_context_, sslContextManager()).WillByDefault(ReturnRef(context_manager_)); + ON_CALL(factory_context_.server_context_, sslContextManager()) + .WillByDefault(ReturnRef(context_manager_)); ON_CALL(factory_context_.server_context_, threadLocal()).WillByDefault(ReturnRef(thread_local_)); #ifndef ENVOY_ADMIN_FUNCTIONALITY diff --git a/test/integration/quic_http_integration_test.cc b/test/integration/quic_http_integration_test.cc index f859f5d2b028..4bc36fefc404 100644 --- a/test/integration/quic_http_integration_test.cc +++ b/test/integration/quic_http_integration_test.cc @@ -323,7 +323,8 @@ class QuicHttpIntegrationTestBase : public HttpIntegrationTest { NiceMock context; ON_CALL(context.server_context_, api()).WillByDefault(testing::ReturnRef(*api_)); ON_CALL(context, statsScope()).WillByDefault(testing::ReturnRef(stats_scope_)); - ON_CALL(context, sslContextManager()).WillByDefault(testing::ReturnRef(context_manager_)); + ON_CALL(context.server_context_, sslContextManager()) + .WillByDefault(testing::ReturnRef(context_manager_)); ON_CALL(context.server_context_, threadLocal()) .WillByDefault(testing::ReturnRef(thread_local_)); envoy::extensions::transport_sockets::quic::v3::QuicUpstreamTransport diff --git a/test/integration/ssl_utility.cc b/test/integration/ssl_utility.cc index 082edc9e0f78..425f8ca63d91 100644 --- a/test/integration/ssl_utility.cc +++ b/test/integration/ssl_utility.cc @@ -131,6 +131,8 @@ createUpstreamSslContext(ContextManager& context_manager, Api::Api& api, bool us NiceMock mock_factory_ctx; ON_CALL(mock_factory_ctx.server_context_, api()).WillByDefault(ReturnRef(api)); + ON_CALL(mock_factory_ctx.server_context_, sslContextManager()) + .WillByDefault(ReturnRef(context_manager)); auto cfg = *Extensions::TransportSockets::Tls::ServerContextConfigImpl::create( tls_context, mock_factory_ctx, false); @@ -144,7 +146,6 @@ createUpstreamSslContext(ContextManager& context_manager, Api::Api& api, bool us quic_config.mutable_downstream_tls_context()->MergeFrom(tls_context); ON_CALL(mock_factory_ctx, statsScope()) .WillByDefault(ReturnRef(*upstream_stats_store->rootScope())); - ON_CALL(mock_factory_ctx, sslContextManager()).WillByDefault(ReturnRef(context_manager)); std::vector server_names; auto& config_factory = Config::Utility::getAndCheckFactoryByName< diff --git a/test/integration/utility.cc b/test/integration/utility.cc index 40d3a533639e..ddd13dc518c4 100644 --- a/test/integration/utility.cc +++ b/test/integration/utility.cc @@ -148,7 +148,8 @@ IntegrationUtil::createQuicUpstreamTransportSocketFactory(Api::Api& api, Stats:: NiceMock context; ON_CALL(context.server_context_, api()).WillByDefault(testing::ReturnRef(api)); ON_CALL(context, statsScope()).WillByDefault(testing::ReturnRef(*store.rootScope())); - ON_CALL(context, sslContextManager()).WillByDefault(testing::ReturnRef(context_manager)); + ON_CALL(context.server_context_, sslContextManager()) + .WillByDefault(testing::ReturnRef(context_manager)); ON_CALL(context.server_context_, threadLocal()).WillByDefault(testing::ReturnRef(threadlocal)); envoy::extensions::transport_sockets::quic::v3::QuicUpstreamTransport quic_transport_socket_config; diff --git a/test/mocks/server/server_factory_context.cc b/test/mocks/server/server_factory_context.cc index 80fe4b390425..9305d5674a1d 100644 --- a/test/mocks/server/server_factory_context.cc +++ b/test/mocks/server/server_factory_context.cc @@ -37,6 +37,7 @@ MockServerFactoryContext::MockServerFactoryContext() ON_CALL(*this, options()).WillByDefault(ReturnRef(options_)); ON_CALL(*this, overloadManager()).WillByDefault(ReturnRef(overload_manager_)); ON_CALL(*this, nullOverloadManager()).WillByDefault(ReturnRef(null_overload_manager_)); + ON_CALL(*this, sslContextManager()).WillByDefault(ReturnRef(ssl_context_manager_)); } MockServerFactoryContext::~MockServerFactoryContext() = default; diff --git a/test/mocks/server/server_factory_context.h b/test/mocks/server/server_factory_context.h index fc4c69deed00..901ee4cb63ba 100644 --- a/test/mocks/server/server_factory_context.h +++ b/test/mocks/server/server_factory_context.h @@ -27,6 +27,7 @@ #include "test/mocks/server/options.h" #include "test/mocks/server/overload_manager.h" #include "test/mocks/server/server_lifecycle_notifier.h" +#include "test/mocks/ssl/mocks.h" #include "test/mocks/stats/mocks.h" #include "test/mocks/thread_local/mocks.h" #include "test/mocks/tracing/mocks.h" @@ -86,6 +87,7 @@ class MockServerFactoryContext : public virtual ServerFactoryContext { MOCK_METHOD(AccessLog::AccessLogManager&, accessLogManager, (), ()); MOCK_METHOD(OverloadManager&, overloadManager, ()); MOCK_METHOD(OverloadManager&, nullOverloadManager, ()); + MOCK_METHOD(Ssl::ContextManager&, sslContextManager, ()); MOCK_METHOD(bool, shouldBypassOverloadManager, (), (const)); MOCK_METHOD(bool, healthCheckFailed, (), (const)); @@ -116,6 +118,7 @@ class MockServerFactoryContext : public virtual ServerFactoryContext { envoy::config::bootstrap::v3::Bootstrap bootstrap_; testing::NiceMock options_; Regex::GoogleReEngine regex_engine_; + testing::NiceMock ssl_context_manager_; }; class MockGenericFactoryContext : public GenericFactoryContext { @@ -170,6 +173,7 @@ class StatelessMockServerFactoryContext : public virtual ServerFactoryContext { MOCK_METHOD(AccessLog::AccessLogManager&, accessLogManager, (), ()); MOCK_METHOD(OverloadManager&, overloadManager, ()); MOCK_METHOD(OverloadManager&, nullOverloadManager, ()); + MOCK_METHOD(Ssl::ContextManager&, sslContextManager, ()); MOCK_METHOD(bool, shouldBypassOverloadManager, (), (const)); MOCK_METHOD(bool, healthCheckFailed, (), (const)); }; diff --git a/test/mocks/server/transport_socket_factory_context.cc b/test/mocks/server/transport_socket_factory_context.cc index 09859ef97131..5004d4b14b82 100644 --- a/test/mocks/server/transport_socket_factory_context.cc +++ b/test/mocks/server/transport_socket_factory_context.cc @@ -17,7 +17,6 @@ MockTransportSocketFactoryContext::MockTransportSocketFactoryContext() ON_CALL(*this, clusterManager()).WillByDefault(ReturnRef(cluster_manager_)); ON_CALL(*this, messageValidationVisitor()) .WillByDefault(ReturnRef(ProtobufMessage::getStrictValidationVisitor())); - ON_CALL(*this, sslContextManager()).WillByDefault(ReturnRef(context_manager_)); ON_CALL(*this, statsScope()).WillByDefault(ReturnRef(*store_.rootScope())); ON_CALL(server_context_, serverScope()).WillByDefault(ReturnRef(*store_.rootScope())); diff --git a/test/mocks/server/transport_socket_factory_context.h b/test/mocks/server/transport_socket_factory_context.h index 828bf47b44d9..cbefffd504f8 100644 --- a/test/mocks/server/transport_socket_factory_context.h +++ b/test/mocks/server/transport_socket_factory_context.h @@ -8,7 +8,6 @@ #include "test/mocks/api/mocks.h" #include "test/mocks/server/options.h" #include "test/mocks/server/server_factory_context.h" -#include "test/mocks/ssl/mocks.h" #include "test/mocks/stats/mocks.h" #include "test/mocks/upstream/cluster_manager.h" @@ -28,7 +27,6 @@ class MockTransportSocketFactoryContext : public TransportSocketFactoryContext { MOCK_METHOD(ServerFactoryContext&, serverFactoryContext, ()); MOCK_METHOD(Upstream::ClusterManager&, clusterManager, ()); MOCK_METHOD(ProtobufMessage::ValidationVisitor&, messageValidationVisitor, ()); - MOCK_METHOD(Ssl::ContextManager&, sslContextManager, ()); MOCK_METHOD(Stats::Scope&, statsScope, ()); MOCK_METHOD(Init::Manager&, initManager, ()); @@ -36,7 +34,6 @@ class MockTransportSocketFactoryContext : public TransportSocketFactoryContext { testing::NiceMock cluster_manager_; testing::NiceMock api_; testing::NiceMock config_tracker_; - testing::NiceMock context_manager_; testing::NiceMock store_; testing::NiceMock options_; std::unique_ptr secret_manager_; diff --git a/test/mocks/ssl/mocks.h b/test/mocks/ssl/mocks.h index 6305d8fe3c44..017f36bd6100 100644 --- a/test/mocks/ssl/mocks.h +++ b/test/mocks/ssl/mocks.h @@ -214,7 +214,7 @@ class MockPrivateKeyMethodManager : public PrivateKeyMethodManager { MOCK_METHOD(PrivateKeyMethodProviderSharedPtr, createPrivateKeyMethodProvider, (const envoy::extensions::transport_sockets::tls::v3::PrivateKeyProvider& config, - Envoy::Server::Configuration::TransportSocketFactoryContext& factory_context)); + Envoy::Server::Configuration::ServerFactoryContext& factory_context)); }; class MockPrivateKeyMethodProvider : public PrivateKeyMethodProvider {