From 4b592f3dd6a80280894c1234e2f1bedc5e9481d7 Mon Sep 17 00:00:00 2001 From: alyssawilk Date: Thu, 30 May 2024 08:37:17 -0400 Subject: [PATCH] tls: plumbing for exception removal (#34394) Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a envoyproxy/envoy-mobile#176 Signed-off-by: Alyssa Wilk --- envoy/secret/secret_callbacks.h | 2 +- envoy/server/transport_socket_config.h | 12 +++--- envoy/ssl/context_config.h | 2 +- mobile/test/common/integration/test_server.cc | 3 +- .../listener_manager/listener_manager_impl.cc | 6 ++- .../quic_client_transport_socket_factory.cc | 2 +- .../quic_client_transport_socket_factory.h | 2 +- .../quic_server_transport_socket_factory.cc | 3 +- .../quic_server_transport_socket_factory.h | 2 +- source/common/tls/client_ssl_socket.cc | 5 ++- source/common/tls/client_ssl_socket.h | 2 +- source/common/tls/context_config_impl.cc | 16 +++---- source/common/tls/context_config_impl.h | 4 +- source/common/tls/server_ssl_socket.cc | 5 ++- source/common/tls/server_ssl_socket.h | 2 +- .../upstream/health_discovery_service.cc | 11 +++-- .../upstream/transport_socket_match_impl.cc | 22 ++++++++-- .../upstream/transport_socket_match_impl.h | 19 ++++++--- source/common/upstream/upstream_impl.cc | 15 ++++--- source/common/upstream/upstream_impl.h | 2 +- .../transport_sockets/alts/config.cc | 4 +- .../transport_sockets/alts/config.h | 4 +- .../transport_sockets/http_11_proxy/config.cc | 7 ++-- .../transport_sockets/http_11_proxy/config.h | 2 +- .../internal_upstream/config.cc | 7 ++-- .../proxy_protocol/config.cc | 7 ++-- .../transport_sockets/proxy_protocol/config.h | 2 +- .../transport_sockets/raw_buffer/config.cc | 4 +- .../transport_sockets/raw_buffer/config.h | 4 +- .../transport_sockets/starttls/config.cc | 36 ++++++++-------- .../transport_sockets/starttls/config.h | 4 +- .../transport_sockets/tap/config.cc | 16 +++---- .../extensions/transport_sockets/tap/config.h | 4 +- .../transport_sockets/tcp_stats/config.cc | 14 ++++--- .../tls/downstream_config.cc | 2 +- .../transport_sockets/tls/downstream_config.h | 2 +- .../transport_sockets/tls/upstream_config.cc | 3 +- .../transport_sockets/tls/upstream_config.h | 2 +- .../quic/envoy_quic_proof_source_test.cc | 4 +- .../quic_transport_socket_factory_test.cc | 2 +- test/common/secret/sds_api_test.cc | 42 +++++++------------ test/common/tls/context_impl_test.cc | 20 ++++----- .../upstream/cluster_manager_impl_test.cc | 2 +- test/common/upstream/hds_test.cc | 12 ++++-- .../upstream/transport_socket_matcher_test.cc | 7 ++-- .../alts/alts_integration_test.cc | 2 +- .../transport_sockets/alts/config_test.cc | 4 +- .../starttls/starttls_integration_test.cc | 2 +- .../tcp_stats/tcp_stats_test.cc | 6 +-- test/integration/base_integration_test.cc | 3 +- .../integration/quic_http_integration_test.cc | 1 + test/integration/ssl_utility.cc | 3 +- .../upstream_access_log_integration_test.cc | 4 +- test/integration/utility.cc | 2 +- test/mocks/secret/mocks.h | 2 +- test/mocks/ssl/mocks.h | 4 +- 56 files changed, 207 insertions(+), 176 deletions(-) diff --git a/envoy/secret/secret_callbacks.h b/envoy/secret/secret_callbacks.h index afdbcdccca75..b3f5716b503a 100644 --- a/envoy/secret/secret_callbacks.h +++ b/envoy/secret/secret_callbacks.h @@ -12,7 +12,7 @@ class SecretCallbacks { public: virtual ~SecretCallbacks() = default; - virtual void onAddOrUpdateSecret() PURE; + virtual absl::Status onAddOrUpdateSecret() PURE; }; } // namespace Secret diff --git a/envoy/server/transport_socket_config.h b/envoy/server/transport_socket_config.h index c39723b573ca..9bf86418d517 100644 --- a/envoy/server/transport_socket_config.h +++ b/envoy/server/transport_socket_config.h @@ -87,13 +87,13 @@ class UpstreamTransportSocketConfigFactory : public virtual TransportSocketConfi * @param config const Protobuf::Message& supplies the config message for the transport socket * implementation. * @param context TransportSocketFactoryContext& supplies the transport socket's context. - * @return Network::UpstreamTransportSocketFactoryPtr the transport socket factory instance. The - * returned TransportSocketFactoryPtr should not be nullptr. + * @return absl::StatusOr the transport socket factory + * instance or error status. The returned TransportSocketFactoryPtr should not be nullptr. * * @throw EnvoyException if the implementation is unable to produce a factory with the provided * parameters. */ - virtual Network::UpstreamTransportSocketFactoryPtr + virtual absl::StatusOr createTransportSocketFactory(const Protobuf::Message& config, TransportSocketFactoryContext& context) PURE; @@ -113,13 +113,13 @@ class DownstreamTransportSocketConfigFactory : public virtual TransportSocketCon * @param config const Protobuf::Message& supplies the config message for the transport socket * implementation. * @param context TransportSocketFactoryContext& supplies the transport socket's context. - * @return Network::DownstreamTransportSocketFactoryPtr the transport socket factory instance. The - * returned TransportSocketFactoryPtr should not be nullptr. + * @return absl::StatusOr the transport socket + * factory instance. The returned TransportSocketFactoryPtr should not be nullptr. * * @throw EnvoyException if the implementation is unable to produce a factory with the provided * parameters. */ - virtual Network::DownstreamTransportSocketFactoryPtr + virtual absl::StatusOr createTransportSocketFactory(const Protobuf::Message& config, TransportSocketFactoryContext& context, const std::vector& server_names) PURE; diff --git a/envoy/ssl/context_config.h b/envoy/ssl/context_config.h index 596c70df2fea..87c26f0250d0 100644 --- a/envoy/ssl/context_config.h +++ b/envoy/ssl/context_config.h @@ -81,7 +81,7 @@ class ContextConfig { * are downloaded from SDS server, this callback is invoked to update SSL context. * @param callback callback that is executed by context config. */ - virtual void setSecretUpdateCallback(std::function callback) PURE; + virtual void setSecretUpdateCallback(std::function callback) PURE; /** * @return a callback which can be used to create Handshaker instances. diff --git a/mobile/test/common/integration/test_server.cc b/mobile/test/common/integration/test_server.cc index 3b35b241417a..2d955309da87 100644 --- a/mobile/test/common/integration/test_server.cc +++ b/mobile/test/common/integration/test_server.cc @@ -535,7 +535,8 @@ Network::DownstreamTransportSocketFactoryPtr TestServer::createQuicUpstreamTlsCo Server::Configuration::DownstreamTransportSocketConfigFactory>( "envoy.transport_sockets.quic"); - return config_factory.createTransportSocketFactory(quic_config, factory_context, server_names); + return config_factory.createTransportSocketFactory(quic_config, factory_context, server_names) + .value(); } Network::DownstreamTransportSocketFactoryPtr TestServer::createUpstreamTlsContext( diff --git a/source/common/listener_manager/listener_manager_impl.cc b/source/common/listener_manager/listener_manager_impl.cc index 027228aeb94e..3ad8463904bb 100644 --- a/source/common/listener_manager/listener_manager_impl.cc +++ b/source/common/listener_manager/listener_manager_impl.cc @@ -1097,9 +1097,11 @@ Network::DrainableFilterChainSharedPtr ListenerFilterChainFactoryBuilder::buildF std::vector server_names(filter_chain.filter_chain_match().server_names().begin(), filter_chain.filter_chain_match().server_names().end()); + auto factory_or_error = config_factory.createTransportSocketFactory(*message, factory_context_, + std::move(server_names)); + THROW_IF_NOT_OK(factory_or_error.status()); auto filter_chain_res = std::make_shared( - config_factory.createTransportSocketFactory(*message, factory_context_, - std::move(server_names)), + std::move(factory_or_error.value()), listener_component_factory_.createNetworkFilterFactoryList(filter_chain.filters(), *filter_chain_factory_context), std::chrono::milliseconds( diff --git a/source/common/quic/quic_client_transport_socket_factory.cc b/source/common/quic/quic_client_transport_socket_factory.cc index e95abb81918b..84bd53b31c9a 100644 --- a/source/common/quic/quic_client_transport_socket_factory.cc +++ b/source/common/quic/quic_client_transport_socket_factory.cc @@ -13,7 +13,7 @@ namespace Envoy { namespace Quic { -Network::UpstreamTransportSocketFactoryPtr +absl::StatusOr QuicClientTransportSocketConfigFactory::createTransportSocketFactory( const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context) { diff --git a/source/common/quic/quic_client_transport_socket_factory.h b/source/common/quic/quic_client_transport_socket_factory.h index ee17332dcdbe..822815ccbbd4 100644 --- a/source/common/quic/quic_client_transport_socket_factory.h +++ b/source/common/quic/quic_client_transport_socket_factory.h @@ -69,7 +69,7 @@ class QuicClientTransportSocketConfigFactory public Server::Configuration::UpstreamTransportSocketConfigFactory { public: // Server::Configuration::UpstreamTransportSocketConfigFactory - Network::UpstreamTransportSocketFactoryPtr createTransportSocketFactory( + absl::StatusOr createTransportSocketFactory( const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context) override; diff --git a/source/common/quic/quic_server_transport_socket_factory.cc b/source/common/quic/quic_server_transport_socket_factory.cc index 781ce62cd2d2..162a77766a5b 100644 --- a/source/common/quic/quic_server_transport_socket_factory.cc +++ b/source/common/quic/quic_server_transport_socket_factory.cc @@ -12,7 +12,7 @@ namespace Envoy { namespace Quic { -Network::DownstreamTransportSocketFactoryPtr +absl::StatusOr QuicServerTransportSocketConfigFactory::createTransportSocketFactory( const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context, const std::vector& server_names) { @@ -121,6 +121,7 @@ void QuicServerTransportSocketFactory::initialize() { config_->setSecretUpdateCallback([this]() { // The callback also updates config_ with the new secret. onSecretUpdated(); + return absl::OkStatus(); }); if (!config_->alpnProtocols().empty()) { supported_alpns_ = absl::StrSplit(config_->alpnProtocols(), ','); diff --git a/source/common/quic/quic_server_transport_socket_factory.h b/source/common/quic/quic_server_transport_socket_factory.h index 32628d8837e6..e08feca645ee 100644 --- a/source/common/quic/quic_server_transport_socket_factory.h +++ b/source/common/quic/quic_server_transport_socket_factory.h @@ -72,7 +72,7 @@ class QuicServerTransportSocketConfigFactory public Server::Configuration::DownstreamTransportSocketConfigFactory { public: // Server::Configuration::DownstreamTransportSocketConfigFactory - Network::DownstreamTransportSocketFactoryPtr + absl::StatusOr createTransportSocketFactory(const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context, const std::vector& server_names) override; diff --git a/source/common/tls/client_ssl_socket.cc b/source/common/tls/client_ssl_socket.cc index 3246b354e369..0ea5261e5766 100644 --- a/source/common/tls/client_ssl_socket.cc +++ b/source/common/tls/client_ssl_socket.cc @@ -34,7 +34,7 @@ ClientSslSocketFactory::ClientSslSocketFactory(Envoy::Ssl::ClientContextConfigPt : manager_(manager), stats_scope_(stats_scope), stats_(generateStats(stats_scope)), config_(std::move(config)), ssl_ctx_(manager_.createSslClientContext(stats_scope_, *config_)) { - config_->setSecretUpdateCallback([this]() { onAddOrUpdateSecret(); }); + config_->setSecretUpdateCallback([this]() { return onAddOrUpdateSecret(); }); } ClientSslSocketFactory::~ClientSslSocketFactory() { manager_.removeContext(ssl_ctx_); } @@ -67,7 +67,7 @@ Network::TransportSocketPtr ClientSslSocketFactory::createTransportSocket( bool ClientSslSocketFactory::implementsSecureTransport() const { return true; } -void ClientSslSocketFactory::onAddOrUpdateSecret() { +absl::Status ClientSslSocketFactory::onAddOrUpdateSecret() { ENVOY_LOG(debug, "Secret is updated."); auto ctx = manager_.createSslClientContext(stats_scope_, *config_); { @@ -76,6 +76,7 @@ void ClientSslSocketFactory::onAddOrUpdateSecret() { } manager_.removeContext(ctx); stats_.ssl_context_update_by_sds_.inc(); + return absl::OkStatus(); } Envoy::Ssl::ClientContextSharedPtr ClientSslSocketFactory::sslCtx() { diff --git a/source/common/tls/client_ssl_socket.h b/source/common/tls/client_ssl_socket.h index e39e4b4a5cc4..d4b059fc280c 100644 --- a/source/common/tls/client_ssl_socket.h +++ b/source/common/tls/client_ssl_socket.h @@ -49,7 +49,7 @@ class ClientSslSocketFactory : public Network::CommonUpstreamTransportSocketFact bool supportsAlpn() const override { return true; } // Secret::SecretCallbacks - void onAddOrUpdateSecret() override; + absl::Status onAddOrUpdateSecret() override; OptRef clientContextConfig() const override { return {*config_}; } diff --git a/source/common/tls/context_config_impl.cc b/source/common/tls/context_config_impl.cc index 63bfc1b04bfb..43e34748e912 100644 --- a/source/common/tls/context_config_impl.cc +++ b/source/common/tls/context_config_impl.cc @@ -272,7 +272,7 @@ Ssl::CertificateValidationContextConfigPtr ContextConfigImpl::getCombinedValidat return std::move(config_or_status.value()); } -void ContextConfigImpl::setSecretUpdateCallback(std::function callback) { +void ContextConfigImpl::setSecretUpdateCallback(std::function callback) { // When any of tls_certificate_providers_ receives a new secret, this callback updates // ContextConfigImpl::tls_certificate_configs_ with new secret. for (const auto& tls_certificate_provider : tls_certificate_providers_) { @@ -287,8 +287,7 @@ void ContextConfigImpl::setSecretUpdateCallback(std::function callback) std::unique_ptr)); } } - callback(); - return absl::OkStatus(); + return callback(); })); } if (certificate_validation_context_provider_) { @@ -301,8 +300,7 @@ void ContextConfigImpl::setSecretUpdateCallback(std::function callback) certificate_validation_context_provider_->addUpdateCallback([this, callback]() { validation_context_config_ = getCombinedValidationContextConfig( *certificate_validation_context_provider_->secret()); - callback(); - return absl::OkStatus(); + return callback(); }); } else { // Once certificate_validation_context_provider_ receives new secret, this callback updates @@ -315,8 +313,7 @@ void ContextConfigImpl::setSecretUpdateCallback(std::function callback) throwEnvoyExceptionOrPanic(std::string(config_or_status.status().message())); } validation_context_config_ = std::move(config_or_status.value()); - callback(); - return absl::OkStatus(); + return callback(); }); } } @@ -452,7 +449,7 @@ ServerContextConfigImpl::ServerContextConfigImpl( } } -void ServerContextConfigImpl::setSecretUpdateCallback(std::function callback) { +void ServerContextConfigImpl::setSecretUpdateCallback(std::function callback) { ContextConfigImpl::setSecretUpdateCallback(callback); if (session_ticket_keys_provider_) { // Once session_ticket_keys_ receives new secret, this callback updates @@ -460,8 +457,7 @@ void ServerContextConfigImpl::setSecretUpdateCallback(std::function call stk_update_callback_handle_ = session_ticket_keys_provider_->addUpdateCallback([this, callback]() { session_ticket_keys_ = getSessionTicketKeys(*session_ticket_keys_provider_->secret()); - callback(); - return absl::OkStatus(); + return callback(); }); } } diff --git a/source/common/tls/context_config_impl.h b/source/common/tls/context_config_impl.h index 8629aaaa3320..27d316e5f754 100644 --- a/source/common/tls/context_config_impl.h +++ b/source/common/tls/context_config_impl.h @@ -59,7 +59,7 @@ class ContextConfigImpl : public virtual Ssl::ContextConfig { return tls_is_ready && combined_cvc_is_ready && cvc_is_ready; } - void setSecretUpdateCallback(std::function callback) override; + void setSecretUpdateCallback(std::function callback) override; Ssl::HandshakerFactoryCb createHandshaker() const override; Ssl::HandshakerCapabilities capabilities() const override { return capabilities_; } Ssl::SslCtxCb sslctxCb() const override { return sslctx_cb_; } @@ -162,7 +162,7 @@ class ServerContextConfigImpl : public ContextConfigImpl, public Envoy::Ssl::Ser return parent_is_ready && session_ticket_keys_are_ready; } - void setSecretUpdateCallback(std::function callback) override; + void setSecretUpdateCallback(std::function callback) override; bool disableStatelessSessionResumption() const override { return disable_stateless_session_resumption_; } diff --git a/source/common/tls/server_ssl_socket.cc b/source/common/tls/server_ssl_socket.cc index e3018db8d00f..55afe0697a63 100644 --- a/source/common/tls/server_ssl_socket.cc +++ b/source/common/tls/server_ssl_socket.cc @@ -35,7 +35,7 @@ ServerSslSocketFactory::ServerSslSocketFactory(Envoy::Ssl::ServerContextConfigPt : manager_(manager), stats_scope_(stats_scope), stats_(generateStats(stats_scope)), config_(std::move(config)), server_names_(server_names), ssl_ctx_(manager_.createSslServerContext(stats_scope_, *config_, server_names_, nullptr)) { - config_->setSecretUpdateCallback([this]() { onAddOrUpdateSecret(); }); + config_->setSecretUpdateCallback([this]() { return onAddOrUpdateSecret(); }); } ServerSslSocketFactory::~ServerSslSocketFactory() { manager_.removeContext(ssl_ctx_); } @@ -65,7 +65,7 @@ Network::TransportSocketPtr ServerSslSocketFactory::createDownstreamTransportSoc bool ServerSslSocketFactory::implementsSecureTransport() const { return true; } -void ServerSslSocketFactory::onAddOrUpdateSecret() { +absl::Status ServerSslSocketFactory::onAddOrUpdateSecret() { ENVOY_LOG(debug, "Secret is updated."); auto ctx = manager_.createSslServerContext(stats_scope_, *config_, server_names_, nullptr); { @@ -75,6 +75,7 @@ void ServerSslSocketFactory::onAddOrUpdateSecret() { manager_.removeContext(ctx); stats_.ssl_context_update_by_sds_.inc(); + return absl::OkStatus(); } } // namespace Tls diff --git a/source/common/tls/server_ssl_socket.h b/source/common/tls/server_ssl_socket.h index 40138c107c56..3788d4a74b2b 100644 --- a/source/common/tls/server_ssl_socket.h +++ b/source/common/tls/server_ssl_socket.h @@ -44,7 +44,7 @@ class ServerSslSocketFactory : public Network::DownstreamTransportSocketFactory, bool implementsSecureTransport() const override; // Secret::SecretCallbacks - void onAddOrUpdateSecret() override; + absl::Status onAddOrUpdateSecret() override; private: Ssl::ContextManager& manager_; diff --git a/source/common/upstream/health_discovery_service.cc b/source/common/upstream/health_discovery_service.cc index 3d6d68789450..5a67bc1cd1f1 100644 --- a/source/common/upstream/health_discovery_service.cc +++ b/source/common/upstream/health_discovery_service.cc @@ -541,10 +541,13 @@ ProdClusterInfoFactory::createClusterInfo(const CreateClusterInfoParams& params) params.server_context_.clusterManager(), params.server_context_.messageValidationVisitor()); // TODO(JimmyCYJ): Support SDS for HDS cluster. - Network::UpstreamTransportSocketFactoryPtr socket_factory = - Upstream::createTransportSocketFactory(params.cluster_, factory_context); - auto socket_matcher = std::make_unique( - params.cluster_.transport_socket_matches(), factory_context, socket_factory, *scope); + Network::UpstreamTransportSocketFactoryPtr socket_factory = THROW_OR_RETURN_VALUE( + Upstream::createTransportSocketFactory(params.cluster_, factory_context), + Network::UpstreamTransportSocketFactoryPtr); + auto socket_matcher = THROW_OR_RETURN_VALUE( + TransportSocketMatcherImpl::create(params.cluster_.transport_socket_matches(), + factory_context, socket_factory, *scope), + std::unique_ptr); return std::make_unique( params.server_context_.initManager(), params.server_context_, params.cluster_, diff --git a/source/common/upstream/transport_socket_match_impl.cc b/source/common/upstream/transport_socket_match_impl.cc index 18d29f7d1d0c..0fdc95191e97 100644 --- a/source/common/upstream/transport_socket_match_impl.cc +++ b/source/common/upstream/transport_socket_match_impl.cc @@ -9,11 +9,24 @@ namespace Envoy { namespace Upstream { +absl::StatusOr> TransportSocketMatcherImpl::create( + const Protobuf::RepeatedPtrField& + socket_matches, + Server::Configuration::TransportSocketFactoryContext& factory_context, + Network::UpstreamTransportSocketFactoryPtr& default_factory, Stats::Scope& stats_scope) { + absl::Status creation_status = absl::OkStatus(); + auto ret = std::unique_ptr(new TransportSocketMatcherImpl( + socket_matches, factory_context, default_factory, stats_scope, creation_status)); + RETURN_IF_NOT_OK(creation_status); + return ret; +} + TransportSocketMatcherImpl::TransportSocketMatcherImpl( const Protobuf::RepeatedPtrField& socket_matches, Server::Configuration::TransportSocketFactoryContext& factory_context, - Network::UpstreamTransportSocketFactoryPtr& default_factory, Stats::Scope& stats_scope) + Network::UpstreamTransportSocketFactoryPtr& default_factory, Stats::Scope& stats_scope, + absl::Status& creation_status) : stats_scope_(stats_scope), default_match_("default", std::move(default_factory), generateStats("default")) { for (const auto& socket_match : socket_matches) { @@ -22,9 +35,10 @@ TransportSocketMatcherImpl::TransportSocketMatcherImpl( Server::Configuration::UpstreamTransportSocketConfigFactory>(socket_config); ProtobufTypes::MessagePtr message = Config::Utility::translateToFactoryConfig( socket_config, factory_context.messageValidationVisitor(), config_factory); - FactoryMatch factory_match( - socket_match.name(), config_factory.createTransportSocketFactory(*message, factory_context), - generateStats(absl::StrCat(socket_match.name(), "."))); + auto factory_or_error = config_factory.createTransportSocketFactory(*message, factory_context); + SET_AND_RETURN_IF_NOT_OK(factory_or_error.status(), creation_status); + FactoryMatch factory_match(socket_match.name(), std::move(factory_or_error.value()), + generateStats(absl::StrCat(socket_match.name(), "."))); for (const auto& kv : socket_match.match().fields()) { factory_match.label_set.emplace_back(kv.first, kv.second); } diff --git a/source/common/upstream/transport_socket_match_impl.h b/source/common/upstream/transport_socket_match_impl.h index ad1933e1638a..43b8c0076a28 100644 --- a/source/common/upstream/transport_socket_match_impl.h +++ b/source/common/upstream/transport_socket_match_impl.h @@ -22,6 +22,12 @@ namespace Upstream { class TransportSocketMatcherImpl : public Logger::Loggable, public TransportSocketMatcher { public: + static absl::StatusOr> create( + const Protobuf::RepeatedPtrField& + socket_matches, + Server::Configuration::TransportSocketFactoryContext& factory_context, + Network::UpstreamTransportSocketFactoryPtr& default_factory, Stats::Scope& stats_scope); + struct FactoryMatch { FactoryMatch(std::string match_name, Network::UpstreamTransportSocketFactoryPtr socket_factory, TransportSocketMatchStats match_stats) @@ -32,12 +38,6 @@ class TransportSocketMatcherImpl : public Logger::Loggable mutable TransportSocketMatchStats stats; }; - TransportSocketMatcherImpl( - const Protobuf::RepeatedPtrField& - socket_matches, - Server::Configuration::TransportSocketFactoryContext& factory_context, - Network::UpstreamTransportSocketFactoryPtr& default_factory, Stats::Scope& stats_scope); - MatchData resolve(const envoy::config::core::v3::Metadata* metadata) const override; bool allMatchesSupportAlpn() const override { @@ -53,6 +53,13 @@ class TransportSocketMatcherImpl : public Logger::Loggable } protected: + TransportSocketMatcherImpl( + const Protobuf::RepeatedPtrField& + socket_matches, + Server::Configuration::TransportSocketFactoryContext& factory_context, + Network::UpstreamTransportSocketFactoryPtr& default_factory, Stats::Scope& stats_scope, + absl::Status& creation_status); + TransportSocketMatchStats generateStats(const std::string& prefix); Stats::Scope& stats_scope_; FactoryMatch default_match_; diff --git a/source/common/upstream/upstream_impl.cc b/source/common/upstream/upstream_impl.cc index 2f59eaf52ffa..cadf9a4b3647 100644 --- a/source/common/upstream/upstream_impl.cc +++ b/source/common/upstream/upstream_impl.cc @@ -1375,7 +1375,7 @@ ClusterInfoImpl::extensionProtocolOptions(const std::string& name) const { return nullptr; } -Network::UpstreamTransportSocketFactoryPtr createTransportSocketFactory( +absl::StatusOr createTransportSocketFactory( const envoy::config::cluster::v3::Cluster& config, Server::Configuration::TransportSocketFactoryContext& factory_context) { // If the cluster config doesn't have a transport socket configured, override with the default @@ -1474,12 +1474,15 @@ ClusterImplBase::ClusterImplBase(const envoy::config::cluster::v3::Cluster& clus cluster_context.clusterManager(), cluster_context.messageValidationVisitor()); transport_factory_context_->setInitManager(init_manager_); - auto socket_factory = createTransportSocketFactory(cluster, *transport_factory_context_); - auto* raw_factory_pointer = socket_factory.get(); + auto socket_factory_or_error = createTransportSocketFactory(cluster, *transport_factory_context_); + THROW_IF_NOT_OK(socket_factory_or_error.status()); + auto* raw_factory_pointer = socket_factory_or_error.value().get(); - auto socket_matcher = std::make_unique( - cluster.transport_socket_matches(), *transport_factory_context_, socket_factory, - *stats_scope); + auto socket_matcher = + THROW_OR_RETURN_VALUE(TransportSocketMatcherImpl::create( + cluster.transport_socket_matches(), *transport_factory_context_, + socket_factory_or_error.value(), *stats_scope), + std::unique_ptr); const bool matcher_supports_alpn = socket_matcher->allMatchesSupportAlpn(); auto& dispatcher = server_context.mainThreadDispatcher(); info_ = std::shared_ptr( diff --git a/source/common/upstream/upstream_impl.h b/source/common/upstream/upstream_impl.h index 5537f13e8fbd..f5b8fbd8a2b0 100644 --- a/source/common/upstream/upstream_impl.h +++ b/source/common/upstream/upstream_impl.h @@ -1114,7 +1114,7 @@ class ClusterInfoImpl : public ClusterInfo, * given a cluster configuration and transport socket factory * context. */ -Network::UpstreamTransportSocketFactoryPtr +absl::StatusOr createTransportSocketFactory(const envoy::config::cluster::v3::Cluster& config, Server::Configuration::TransportSocketFactoryContext& factory_context); diff --git a/source/extensions/transport_sockets/alts/config.cc b/source/extensions/transport_sockets/alts/config.cc index e463abb817d6..5437e7c2f44f 100644 --- a/source/extensions/transport_sockets/alts/config.cc +++ b/source/extensions/transport_sockets/alts/config.cc @@ -119,7 +119,7 @@ ProtobufTypes::MessagePtr AltsTransportSocketConfigFactory::createEmptyConfigPro return std::make_unique(); } -Network::UpstreamTransportSocketFactoryPtr +absl::StatusOr UpstreamAltsTransportSocketConfigFactory::createTransportSocketFactory( const Protobuf::Message& message, Server::Configuration::TransportSocketFactoryContext& factory_ctxt) { @@ -127,7 +127,7 @@ UpstreamAltsTransportSocketConfigFactory::createTransportSocketFactory( message, /* is_upstream */ true, factory_ctxt); } -Network::DownstreamTransportSocketFactoryPtr +absl::StatusOr DownstreamAltsTransportSocketConfigFactory::createTransportSocketFactory( const Protobuf::Message& message, Server::Configuration::TransportSocketFactoryContext& factory_ctxt, diff --git a/source/extensions/transport_sockets/alts/config.h b/source/extensions/transport_sockets/alts/config.h index ce1df9853886..fde8ae42de2c 100644 --- a/source/extensions/transport_sockets/alts/config.h +++ b/source/extensions/transport_sockets/alts/config.h @@ -19,7 +19,7 @@ class UpstreamAltsTransportSocketConfigFactory : public AltsTransportSocketConfigFactory, public Server::Configuration::UpstreamTransportSocketConfigFactory { public: - Network::UpstreamTransportSocketFactoryPtr + absl::StatusOr createTransportSocketFactory(const Protobuf::Message&, Server::Configuration::TransportSocketFactoryContext&) override; }; @@ -28,7 +28,7 @@ class DownstreamAltsTransportSocketConfigFactory : public AltsTransportSocketConfigFactory, public Server::Configuration::DownstreamTransportSocketConfigFactory { public: - Network::DownstreamTransportSocketFactoryPtr + absl::StatusOr createTransportSocketFactory(const Protobuf::Message&, Server::Configuration::TransportSocketFactoryContext&, const std::vector&) override; diff --git a/source/extensions/transport_sockets/http_11_proxy/config.cc b/source/extensions/transport_sockets/http_11_proxy/config.cc index e8b01d11a29b..a54ead186aac 100644 --- a/source/extensions/transport_sockets/http_11_proxy/config.cc +++ b/source/extensions/transport_sockets/http_11_proxy/config.cc @@ -12,7 +12,7 @@ namespace Extensions { namespace TransportSockets { namespace Http11Connect { -Network::UpstreamTransportSocketFactoryPtr +absl::StatusOr UpstreamHttp11ConnectSocketConfigFactory::createTransportSocketFactory( const Protobuf::Message& message, Server::Configuration::TransportSocketFactoryContext& context) { @@ -23,9 +23,10 @@ UpstreamHttp11ConnectSocketConfigFactory::createTransportSocketFactory( Server::Configuration::UpstreamTransportSocketConfigFactory>(outer_config.transport_socket()); ProtobufTypes::MessagePtr inner_factory_config = Config::Utility::translateToFactoryConfig( outer_config.transport_socket(), context.messageValidationVisitor(), inner_config_factory); - auto inner_transport_factory = + auto factory_or_error = inner_config_factory.createTransportSocketFactory(*inner_factory_config, context); - return std::make_unique(std::move(inner_transport_factory)); + RETURN_IF_STATUS_NOT_OK(factory_or_error); + return std::make_unique(std::move(factory_or_error.value())); } ProtobufTypes::MessagePtr UpstreamHttp11ConnectSocketConfigFactory::createEmptyConfigProto() { diff --git a/source/extensions/transport_sockets/http_11_proxy/config.h b/source/extensions/transport_sockets/http_11_proxy/config.h index 14918f3a5be4..b9ecc34bccde 100644 --- a/source/extensions/transport_sockets/http_11_proxy/config.h +++ b/source/extensions/transport_sockets/http_11_proxy/config.h @@ -16,7 +16,7 @@ class UpstreamHttp11ConnectSocketConfigFactory public: std::string name() const override { return "envoy.transport_sockets.http_11_proxy"; } ProtobufTypes::MessagePtr createEmptyConfigProto() override; - Network::UpstreamTransportSocketFactoryPtr createTransportSocketFactory( + absl::StatusOr createTransportSocketFactory( const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context) override; }; diff --git a/source/extensions/transport_sockets/internal_upstream/config.cc b/source/extensions/transport_sockets/internal_upstream/config.cc index 5517c5c34203..dfef2a21e662 100644 --- a/source/extensions/transport_sockets/internal_upstream/config.cc +++ b/source/extensions/transport_sockets/internal_upstream/config.cc @@ -24,7 +24,7 @@ class InternalUpstreamConfigFactory return std::make_unique< envoy::extensions::transport_sockets::internal_upstream::v3::InternalUpstreamTransport>(); } - Network::UpstreamTransportSocketFactoryPtr createTransportSocketFactory( + absl::StatusOr createTransportSocketFactory( const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context) override { const auto& outer_config = @@ -38,10 +38,11 @@ class InternalUpstreamConfigFactory Envoy::Config::Utility::translateToFactoryConfig(outer_config.transport_socket(), context.messageValidationVisitor(), inner_config_factory); - auto inner_transport_factory = + auto factory_or_error = inner_config_factory.createTransportSocketFactory(*inner_factory_config, context); + RETURN_IF_STATUS_NOT_OK(factory_or_error); return std::make_unique(context, outer_config, - std::move(inner_transport_factory)); + std::move(factory_or_error.value())); } }; diff --git a/source/extensions/transport_sockets/proxy_protocol/config.cc b/source/extensions/transport_sockets/proxy_protocol/config.cc index bdd57dfdc84f..05551ad61f28 100644 --- a/source/extensions/transport_sockets/proxy_protocol/config.cc +++ b/source/extensions/transport_sockets/proxy_protocol/config.cc @@ -12,7 +12,7 @@ namespace Extensions { namespace TransportSockets { namespace ProxyProtocol { -Network::UpstreamTransportSocketFactoryPtr +absl::StatusOr UpstreamProxyProtocolSocketConfigFactory::createTransportSocketFactory( const Protobuf::Message& message, Server::Configuration::TransportSocketFactoryContext& context) { @@ -24,10 +24,11 @@ UpstreamProxyProtocolSocketConfigFactory::createTransportSocketFactory( Server::Configuration::UpstreamTransportSocketConfigFactory>(outer_config.transport_socket()); ProtobufTypes::MessagePtr inner_factory_config = Config::Utility::translateToFactoryConfig( outer_config.transport_socket(), context.messageValidationVisitor(), inner_config_factory); - auto inner_transport_factory = + auto factory_or_error = inner_config_factory.createTransportSocketFactory(*inner_factory_config, context); + RETURN_IF_STATUS_NOT_OK(factory_or_error); return std::make_unique( - std::move(inner_transport_factory), outer_config.config(), context.statsScope()); + std::move(factory_or_error.value()), outer_config.config(), context.statsScope()); } ProtobufTypes::MessagePtr UpstreamProxyProtocolSocketConfigFactory::createEmptyConfigProto() { diff --git a/source/extensions/transport_sockets/proxy_protocol/config.h b/source/extensions/transport_sockets/proxy_protocol/config.h index f40a938cc530..bcd1afbb0d55 100644 --- a/source/extensions/transport_sockets/proxy_protocol/config.h +++ b/source/extensions/transport_sockets/proxy_protocol/config.h @@ -16,7 +16,7 @@ class UpstreamProxyProtocolSocketConfigFactory public: std::string name() const override { return "envoy.transport_sockets.upstream_proxy_protocol"; } ProtobufTypes::MessagePtr createEmptyConfigProto() override; - Network::UpstreamTransportSocketFactoryPtr createTransportSocketFactory( + absl::StatusOr createTransportSocketFactory( const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context) override; }; diff --git a/source/extensions/transport_sockets/raw_buffer/config.cc b/source/extensions/transport_sockets/raw_buffer/config.cc index e7e31a0cb248..7f44962441a8 100644 --- a/source/extensions/transport_sockets/raw_buffer/config.cc +++ b/source/extensions/transport_sockets/raw_buffer/config.cc @@ -12,13 +12,13 @@ namespace Extensions { namespace TransportSockets { namespace RawBuffer { -Network::UpstreamTransportSocketFactoryPtr +absl::StatusOr UpstreamRawBufferSocketFactory::createTransportSocketFactory( const Protobuf::Message&, Server::Configuration::TransportSocketFactoryContext&) { return std::make_unique(); } -Network::DownstreamTransportSocketFactoryPtr +absl::StatusOr DownstreamRawBufferSocketFactory::createTransportSocketFactory( const Protobuf::Message&, Server::Configuration::TransportSocketFactoryContext&, const std::vector&) { diff --git a/source/extensions/transport_sockets/raw_buffer/config.h b/source/extensions/transport_sockets/raw_buffer/config.h index 5dd53a124789..b2a766bbb6de 100644 --- a/source/extensions/transport_sockets/raw_buffer/config.h +++ b/source/extensions/transport_sockets/raw_buffer/config.h @@ -22,7 +22,7 @@ class UpstreamRawBufferSocketFactory : public Server::Configuration::UpstreamTransportSocketConfigFactory, public RawBufferSocketFactory { public: - Network::UpstreamTransportSocketFactoryPtr createTransportSocketFactory( + absl::StatusOr createTransportSocketFactory( const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context) override; }; @@ -31,7 +31,7 @@ class DownstreamRawBufferSocketFactory : public Server::Configuration::DownstreamTransportSocketConfigFactory, public RawBufferSocketFactory { public: - Network::DownstreamTransportSocketFactoryPtr + absl::StatusOr createTransportSocketFactory(const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context, const std::vector& server_names) override; diff --git a/source/extensions/transport_sockets/starttls/config.cc b/source/extensions/transport_sockets/starttls/config.cc index 525146f82578..7d4552a7a1e6 100644 --- a/source/extensions/transport_sockets/starttls/config.cc +++ b/source/extensions/transport_sockets/starttls/config.cc @@ -7,7 +7,7 @@ namespace Extensions { namespace TransportSockets { namespace StartTls { -Network::DownstreamTransportSocketFactoryPtr +absl::StatusOr DownstreamStartTlsSocketFactory::createTransportSocketFactory( const Protobuf::Message& message, Server::Configuration::TransportSocketFactoryContext& context, const std::vector& server_names) { @@ -18,19 +18,19 @@ DownstreamStartTlsSocketFactory::createTransportSocketFactory( auto& raw_socket_config_factory = rawSocketConfigFactory(); auto& tls_socket_config_factory = tlsSocketConfigFactory(); - Network::DownstreamTransportSocketFactoryPtr raw_socket_factory = - raw_socket_config_factory.createTransportSocketFactory(outer_config.cleartext_socket_config(), - context, server_names); + auto raw_or_error = raw_socket_config_factory.createTransportSocketFactory( + outer_config.cleartext_socket_config(), context, server_names); + RETURN_IF_STATUS_NOT_OK(raw_or_error); - Network::DownstreamTransportSocketFactoryPtr tls_socket_factory = - tls_socket_config_factory.createTransportSocketFactory(outer_config.tls_socket_config(), - context, server_names); + auto factory_or_error = tls_socket_config_factory.createTransportSocketFactory( + outer_config.tls_socket_config(), context, server_names); + RETURN_IF_STATUS_NOT_OK(factory_or_error); - return std::make_unique(std::move(raw_socket_factory), - std::move(tls_socket_factory)); + return std::make_unique(std::move(raw_or_error.value()), + std::move(factory_or_error.value())); } -Network::UpstreamTransportSocketFactoryPtr +absl::StatusOr UpstreamStartTlsSocketFactory::createTransportSocketFactory( const Protobuf::Message& message, Server::Configuration::TransportSocketFactoryContext& context) { @@ -41,16 +41,16 @@ UpstreamStartTlsSocketFactory::createTransportSocketFactory( auto& raw_socket_config_factory = rawSocketConfigFactory(); auto& tls_socket_config_factory = tlsSocketConfigFactory(); - Network::UpstreamTransportSocketFactoryPtr raw_socket_factory = - raw_socket_config_factory.createTransportSocketFactory(outer_config.cleartext_socket_config(), - context); + auto raw_or_error = raw_socket_config_factory.createTransportSocketFactory( + outer_config.cleartext_socket_config(), context); + RETURN_IF_STATUS_NOT_OK(raw_or_error); - Network::UpstreamTransportSocketFactoryPtr tls_socket_factory = - tls_socket_config_factory.createTransportSocketFactory(outer_config.tls_socket_config(), - context); + auto factory_or_error = tls_socket_config_factory.createTransportSocketFactory( + outer_config.tls_socket_config(), context); + RETURN_IF_STATUS_NOT_OK(factory_or_error); - return std::make_unique(std::move(raw_socket_factory), - std::move(tls_socket_factory)); + return std::make_unique(std::move(raw_or_error.value()), + std::move(factory_or_error.value())); } LEGACY_REGISTER_FACTORY(DownstreamStartTlsSocketFactory, diff --git a/source/extensions/transport_sockets/starttls/config.h b/source/extensions/transport_sockets/starttls/config.h index 30de231dc8e9..1e15bda31b1e 100644 --- a/source/extensions/transport_sockets/starttls/config.h +++ b/source/extensions/transport_sockets/starttls/config.h @@ -36,7 +36,7 @@ class DownstreamStartTlsSocketFactory Server::Configuration::DownstreamTransportSocketConfigFactory, envoy::extensions::transport_sockets::starttls::v3::StartTlsConfig> { public: - Network::DownstreamTransportSocketFactoryPtr + absl::StatusOr createTransportSocketFactory(const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context, const std::vector& server_names) override; @@ -47,7 +47,7 @@ class UpstreamStartTlsSocketFactory Server::Configuration::UpstreamTransportSocketConfigFactory, envoy::extensions::transport_sockets::starttls::v3::UpstreamStartTlsConfig> { public: - Network::UpstreamTransportSocketFactoryPtr createTransportSocketFactory( + absl::StatusOr createTransportSocketFactory( const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context) override; }; diff --git a/source/extensions/transport_sockets/tap/config.cc b/source/extensions/transport_sockets/tap/config.cc index c8267771e854..2bb7c37f22f7 100644 --- a/source/extensions/transport_sockets/tap/config.cc +++ b/source/extensions/transport_sockets/tap/config.cc @@ -34,7 +34,7 @@ class SocketTapConfigFactoryImpl : public Extensions::Common::Tap::TapConfigFact Server::Configuration::TransportSocketFactoryContext& factory_context_; }; -Network::UpstreamTransportSocketFactoryPtr +absl::StatusOr UpstreamTapSocketConfigFactory::createTransportSocketFactory( const Protobuf::Message& message, Server::Configuration::TransportSocketFactoryContext& context) { @@ -45,8 +45,9 @@ UpstreamTapSocketConfigFactory::createTransportSocketFactory( Server::Configuration::UpstreamTransportSocketConfigFactory>(outer_config.transport_socket()); ProtobufTypes::MessagePtr inner_factory_config = Config::Utility::translateToFactoryConfig( outer_config.transport_socket(), context.messageValidationVisitor(), inner_config_factory); - auto inner_transport_factory = + auto factory_or_error = inner_config_factory.createTransportSocketFactory(*inner_factory_config, context); + RETURN_IF_STATUS_NOT_OK(factory_or_error); auto& server_context = context.serverFactoryContext(); return std::make_unique( @@ -54,10 +55,10 @@ UpstreamTapSocketConfigFactory::createTransportSocketFactory( std::make_unique( server_context.mainThreadDispatcher().timeSource(), context), server_context.admin(), server_context.singletonManager(), server_context.threadLocal(), - server_context.mainThreadDispatcher(), std::move(inner_transport_factory)); + server_context.mainThreadDispatcher(), std::move(factory_or_error.value())); } -Network::DownstreamTransportSocketFactoryPtr +absl::StatusOr DownstreamTapSocketConfigFactory::createTransportSocketFactory( const Protobuf::Message& message, Server::Configuration::TransportSocketFactoryContext& context, const std::vector& server_names) { @@ -69,15 +70,16 @@ DownstreamTapSocketConfigFactory::createTransportSocketFactory( outer_config.transport_socket()); ProtobufTypes::MessagePtr inner_factory_config = Config::Utility::translateToFactoryConfig( outer_config.transport_socket(), context.messageValidationVisitor(), inner_config_factory); - auto inner_transport_factory = inner_config_factory.createTransportSocketFactory( - *inner_factory_config, context, server_names); + auto factory_or_error = inner_config_factory.createTransportSocketFactory(*inner_factory_config, + context, server_names); + RETURN_IF_STATUS_NOT_OK(factory_or_error); auto& server_context = context.serverFactoryContext(); return std::make_unique( outer_config, std::make_unique( server_context.mainThreadDispatcher().timeSource(), context), server_context.admin(), server_context.singletonManager(), server_context.threadLocal(), - server_context.mainThreadDispatcher(), std::move(inner_transport_factory)); + server_context.mainThreadDispatcher(), std::move(factory_or_error.value())); } ProtobufTypes::MessagePtr TapSocketConfigFactory::createEmptyConfigProto() { diff --git a/source/extensions/transport_sockets/tap/config.h b/source/extensions/transport_sockets/tap/config.h index 6bed5b5dd23d..0fc6199f5d80 100644 --- a/source/extensions/transport_sockets/tap/config.h +++ b/source/extensions/transport_sockets/tap/config.h @@ -21,7 +21,7 @@ class UpstreamTapSocketConfigFactory : public Server::Configuration::UpstreamTransportSocketConfigFactory, public TapSocketConfigFactory { public: - Network::UpstreamTransportSocketFactoryPtr createTransportSocketFactory( + absl::StatusOr createTransportSocketFactory( const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context) override; }; @@ -30,7 +30,7 @@ class DownstreamTapSocketConfigFactory : public Server::Configuration::DownstreamTransportSocketConfigFactory, public TapSocketConfigFactory { public: - Network::DownstreamTransportSocketFactoryPtr + absl::StatusOr createTransportSocketFactory(const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context, const std::vector& server_names) override; diff --git a/source/extensions/transport_sockets/tcp_stats/config.cc b/source/extensions/transport_sockets/tcp_stats/config.cc index 0e362f959b1e..f3702c051ad3 100644 --- a/source/extensions/transport_sockets/tcp_stats/config.cc +++ b/source/extensions/transport_sockets/tcp_stats/config.cc @@ -78,7 +78,7 @@ class UpstreamTcpStatsConfigFactory : public Server::Configuration::UpstreamTransportSocketConfigFactory, public TcpStatsConfigFactory { public: - Network::UpstreamTransportSocketFactoryPtr createTransportSocketFactory( + absl::StatusOr createTransportSocketFactory( const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context) override { const auto& outer_config = MessageUtil::downcastAndValidate< @@ -91,10 +91,11 @@ class UpstreamTcpStatsConfigFactory Envoy::Config::Utility::translateToFactoryConfig(outer_config.transport_socket(), context.messageValidationVisitor(), inner_config_factory); - auto inner_transport_factory = + auto factory_or_error = inner_config_factory.createTransportSocketFactory(*inner_factory_config, context); + RETURN_IF_STATUS_NOT_OK(factory_or_error); return std::make_unique(context, outer_config, - std::move(inner_transport_factory)); + std::move(factory_or_error.value())); } }; @@ -102,7 +103,7 @@ class DownstreamTcpStatsConfigFactory : public Server::Configuration::DownstreamTransportSocketConfigFactory, public TcpStatsConfigFactory { public: - Network::DownstreamTransportSocketFactoryPtr + absl::StatusOr createTransportSocketFactory(const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context, const std::vector& server_names) override { @@ -116,10 +117,11 @@ class DownstreamTcpStatsConfigFactory Envoy::Config::Utility::translateToFactoryConfig(outer_config.transport_socket(), context.messageValidationVisitor(), inner_config_factory); - auto inner_transport_factory = inner_config_factory.createTransportSocketFactory( + auto factory_or_error = inner_config_factory.createTransportSocketFactory( *inner_factory_config, context, server_names); + RETURN_IF_STATUS_NOT_OK(factory_or_error); return std::make_unique(context, outer_config, - std::move(inner_transport_factory)); + std::move(factory_or_error.value())); } }; diff --git a/source/extensions/transport_sockets/tls/downstream_config.cc b/source/extensions/transport_sockets/tls/downstream_config.cc index 7a3ea092db71..4a9bab6e3040 100644 --- a/source/extensions/transport_sockets/tls/downstream_config.cc +++ b/source/extensions/transport_sockets/tls/downstream_config.cc @@ -12,7 +12,7 @@ namespace Extensions { namespace TransportSockets { namespace Tls { -Network::DownstreamTransportSocketFactoryPtr +absl::StatusOr DownstreamSslSocketFactory::createTransportSocketFactory( const Protobuf::Message& message, Server::Configuration::TransportSocketFactoryContext& context, const std::vector& server_names) { diff --git a/source/extensions/transport_sockets/tls/downstream_config.h b/source/extensions/transport_sockets/tls/downstream_config.h index 8a9d5db5c433..2154e47a76d1 100644 --- a/source/extensions/transport_sockets/tls/downstream_config.h +++ b/source/extensions/transport_sockets/tls/downstream_config.h @@ -14,7 +14,7 @@ class DownstreamSslSocketFactory : public Server::Configuration::DownstreamTransportSocketConfigFactory, public SslSocketConfigFactory { public: - Network::DownstreamTransportSocketFactoryPtr + absl::StatusOr createTransportSocketFactory(const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context, const std::vector& server_names) override; diff --git a/source/extensions/transport_sockets/tls/upstream_config.cc b/source/extensions/transport_sockets/tls/upstream_config.cc index c9bff7d78727..b7a703757957 100644 --- a/source/extensions/transport_sockets/tls/upstream_config.cc +++ b/source/extensions/transport_sockets/tls/upstream_config.cc @@ -12,7 +12,8 @@ namespace Extensions { namespace TransportSockets { namespace Tls { -Network::UpstreamTransportSocketFactoryPtr UpstreamSslSocketFactory::createTransportSocketFactory( +absl::StatusOr +UpstreamSslSocketFactory::createTransportSocketFactory( const Protobuf::Message& message, Server::Configuration::TransportSocketFactoryContext& context) { auto client_config = std::make_unique( diff --git a/source/extensions/transport_sockets/tls/upstream_config.h b/source/extensions/transport_sockets/tls/upstream_config.h index a053faf35b62..ada6d96fd942 100644 --- a/source/extensions/transport_sockets/tls/upstream_config.h +++ b/source/extensions/transport_sockets/tls/upstream_config.h @@ -13,7 +13,7 @@ namespace Tls { class UpstreamSslSocketFactory : public Server::Configuration::UpstreamTransportSocketConfigFactory, public SslSocketConfigFactory { public: - Network::UpstreamTransportSocketFactoryPtr createTransportSocketFactory( + absl::StatusOr createTransportSocketFactory( const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context) override; ProtobufTypes::MessagePtr createEmptyConfigProto() override; diff --git a/test/common/quic/envoy_quic_proof_source_test.cc b/test/common/quic/envoy_quic_proof_source_test.cc index ae0f7295162e..64a602e11b08 100644 --- a/test/common/quic/envoy_quic_proof_source_test.cc +++ b/test/common/quic/envoy_quic_proof_source_test.cc @@ -211,7 +211,7 @@ class EnvoyQuicProofSourceTest : public ::testing::Test { .WillRepeatedly(ReturnRef(pkey_)); } ASSERT_TRUE(secret_update_callback_ != nullptr); - secret_update_callback_(); + ASSERT_TRUE(secret_update_callback_().ok()); } protected: @@ -231,7 +231,7 @@ class EnvoyQuicProofSourceTest : public ::testing::Test { Server::Configuration::MockServerFactoryContext factory_context_; Extensions::TransportSockets::Tls::ContextManagerImpl ssl_context_manager_{factory_context_}; Ssl::MockServerContextConfig* mock_context_config_; - std::function secret_update_callback_; + std::function secret_update_callback_; std::unique_ptr transport_socket_factory_; Ssl::MockTlsCertificateConfig tls_cert_config_; Server::ListenerStats listener_stats_; diff --git a/test/common/quic/quic_transport_socket_factory_test.cc b/test/common/quic/quic_transport_socket_factory_test.cc index 678b8a1731ef..22d0732889df 100644 --- a/test/common/quic/quic_transport_socket_factory_test.cc +++ b/test/common/quic/quic_transport_socket_factory_test.cc @@ -26,7 +26,7 @@ class QuicServerTransportSocketFactoryConfigTest : public Event::TestUsingSimula envoy::extensions::transport_sockets::quic::v3::QuicDownstreamTransport proto_config; TestUtility::loadFromYaml(yaml, proto_config); Network::DownstreamTransportSocketFactoryPtr transport_socket_factory = - config_factory_.createTransportSocketFactory(proto_config, context_, {}); + config_factory_.createTransportSocketFactory(proto_config, context_, {}).value(); EXPECT_EQ(expect_early_data, static_cast(*transport_socket_factory) .earlyDataEnabled()); diff --git a/test/common/secret/sds_api_test.cc b/test/common/secret/sds_api_test.cc index 6f3b359488e5..4e1fab3c1042 100644 --- a/test/common/secret/sds_api_test.cc +++ b/test/common/secret/sds_api_test.cc @@ -159,10 +159,8 @@ TEST_F(SdsApiTest, DynamicTlsCertificateUpdateSuccess) { init_manager_.add(*sds_api.initTarget()); initialize(); NiceMock secret_callback; - auto handle = sds_api.addUpdateCallback([&secret_callback]() { - secret_callback.onAddOrUpdateSecret(); - return absl::OkStatus(); - }); + auto handle = sds_api.addUpdateCallback( + [&secret_callback]() { return secret_callback.onAddOrUpdateSecret(); }); std::string yaml = R"EOF( @@ -222,10 +220,8 @@ class TlsCertificateSdsRotationApiTest : public testing::TestWithParam, []() {}, mock_dispatcher_, *api_); init_manager_.add(*sds_api_->initTarget()); initialize(); - handle_ = sds_api_->addUpdateCallback([this]() { - secret_callback_.onAddOrUpdateSecret(); - return absl::OkStatus(); - }); + handle_ = + sds_api_->addUpdateCallback([this]() { return secret_callback_.onAddOrUpdateSecret(); }); } void onConfigUpdate(const std::string& cert_value, const std::string& key_value) { @@ -296,10 +292,8 @@ class CertificateValidationContextSdsRotationApiTest : public testing::TestWithP []() {}, mock_dispatcher_, *api_); init_manager_.add(*sds_api_->initTarget()); initialize(); - handle_ = sds_api_->addUpdateCallback([this]() { - secret_callback_.onAddOrUpdateSecret(); - return absl::OkStatus(); - }); + handle_ = + sds_api_->addUpdateCallback([this]() { return secret_callback_.onAddOrUpdateSecret(); }); } void onConfigUpdate(const std::string& trusted_ca_path, const std::string& trusted_ca_value, @@ -584,10 +578,8 @@ TEST_F(SdsApiTest, DeltaUpdateSuccess) { init_manager_.add(*sds_api.initTarget()); NiceMock secret_callback; - auto handle = sds_api.addUpdateCallback([&secret_callback]() { - secret_callback.onAddOrUpdateSecret(); - return absl::OkStatus(); - }); + auto handle = sds_api.addUpdateCallback( + [&secret_callback]() { return secret_callback.onAddOrUpdateSecret(); }); std::string yaml = R"EOF( @@ -629,10 +621,8 @@ TEST_F(SdsApiTest, DynamicCertificateValidationContextUpdateSuccess) { init_manager_.add(*sds_api.initTarget()); NiceMock secret_callback; - auto handle = sds_api.addUpdateCallback([&secret_callback]() { - secret_callback.onAddOrUpdateSecret(); - return absl::OkStatus(); - }); + auto handle = sds_api.addUpdateCallback( + [&secret_callback]() { return secret_callback.onAddOrUpdateSecret(); }); std::string yaml = R"EOF( @@ -683,10 +673,8 @@ TEST_F(SdsApiTest, DefaultCertificateValidationContextTest) { init_manager_.add(*sds_api.initTarget()); NiceMock secret_callback; - auto handle = sds_api.addUpdateCallback([&secret_callback]() { - secret_callback.onAddOrUpdateSecret(); - return absl::OkStatus(); - }); + auto handle = sds_api.addUpdateCallback( + [&secret_callback]() { return secret_callback.onAddOrUpdateSecret(); }); NiceMock validation_callback; auto validation_handle = sds_api.addValidationCallback( [&validation_callback]( @@ -780,10 +768,8 @@ TEST_F(SdsApiTest, GenericSecretSdsApiTest) { init_manager_.add(*sds_api.initTarget()); NiceMock secret_callback; - auto handle = sds_api.addUpdateCallback([&secret_callback]() { - secret_callback.onAddOrUpdateSecret(); - return absl::OkStatus(); - }); + auto handle = sds_api.addUpdateCallback( + [&secret_callback]() { return secret_callback.onAddOrUpdateSecret(); }); NiceMock validation_callback; auto validation_handle = sds_api.addValidationCallback( [&validation_callback]( diff --git a/test/common/tls/context_impl_test.cc b/test/common/tls/context_impl_test.cc index faa1414733d7..6e8f28cddd36 100644 --- a/test/common/tls/context_impl_test.cc +++ b/test/common/tls/context_impl_test.cc @@ -972,8 +972,8 @@ TEST_F(SslServerContextImplTicketTest, TicketKeySdsNotReady) { // Set various callbacks to config. NiceMock secret_callback; server_context_config.setSecretUpdateCallback( - [&secret_callback]() { secret_callback.onAddOrUpdateSecret(); }); - server_context_config.setSecretUpdateCallback([]() {}); + [&secret_callback]() { return secret_callback.onAddOrUpdateSecret(); }); + server_context_config.setSecretUpdateCallback([]() { return absl::OkStatus(); }); } // Validate that client context config with static TLS ticket encryption keys is created @@ -1422,8 +1422,8 @@ TEST_F(ClientContextConfigImplTest, SecretNotReady) { // Set various callbacks to config. NiceMock secret_callback; client_context_config.setSecretUpdateCallback( - [&secret_callback]() { secret_callback.onAddOrUpdateSecret(); }); - client_context_config.setSecretUpdateCallback([]() {}); + [&secret_callback]() { return secret_callback.onAddOrUpdateSecret(); }); + client_context_config.setSecretUpdateCallback([]() { return absl::OkStatus(); }); } // Validate client context config supports SDS, and is marked as not ready if dynamic @@ -1453,8 +1453,8 @@ TEST_F(ClientContextConfigImplTest, ValidationContextNotReady) { // Set various callbacks to config. NiceMock secret_callback; client_context_config.setSecretUpdateCallback( - [&secret_callback]() { secret_callback.onAddOrUpdateSecret(); }); - client_context_config.setSecretUpdateCallback([]() {}); + [&secret_callback]() { return secret_callback.onAddOrUpdateSecret(); }); + client_context_config.setSecretUpdateCallback([]() { return absl::OkStatus(); }); } // Validate that client context config with static TLS certificates is created successfully. @@ -1858,8 +1858,8 @@ TEST_F(ServerContextConfigImplTest, SecretNotReady) { // Set various callbacks to config. NiceMock secret_callback; server_context_config.setSecretUpdateCallback( - [&secret_callback]() { secret_callback.onAddOrUpdateSecret(); }); - server_context_config.setSecretUpdateCallback([]() {}); + [&secret_callback]() { return secret_callback.onAddOrUpdateSecret(); }); + server_context_config.setSecretUpdateCallback([]() { return absl::OkStatus(); }); } // Validate server context config supports SDS, and is marked as not ready if dynamic @@ -1889,8 +1889,8 @@ TEST_F(ServerContextConfigImplTest, ValidationContextNotReady) { // Set various callbacks to config. NiceMock secret_callback; server_context_config.setSecretUpdateCallback( - [&secret_callback]() { secret_callback.onAddOrUpdateSecret(); }); - server_context_config.setSecretUpdateCallback([]() {}); + [&secret_callback]() { return secret_callback.onAddOrUpdateSecret(); }); + server_context_config.setSecretUpdateCallback([]() { return absl::OkStatus(); }); } // TlsCertificate messages must have a cert for servers. diff --git a/test/common/upstream/cluster_manager_impl_test.cc b/test/common/upstream/cluster_manager_impl_test.cc index 291a613cfc7e..753e522813aa 100644 --- a/test/common/upstream/cluster_manager_impl_test.cc +++ b/test/common/upstream/cluster_manager_impl_test.cc @@ -614,7 +614,7 @@ class AlpnTestConfigFactory : public Envoy::Extensions::TransportSockets::RawBuffer::UpstreamRawBufferSocketFactory { public: std::string name() const override { return "envoy.transport_sockets.alpn"; } - Network::UpstreamTransportSocketFactoryPtr + absl::StatusOr createTransportSocketFactory(const Protobuf::Message&, Server::Configuration::TransportSocketFactoryContext&) override { return std::make_unique(); diff --git a/test/common/upstream/hds_test.cc b/test/common/upstream/hds_test.cc index c58700be552a..a4967d6181d8 100644 --- a/test/common/upstream/hds_test.cc +++ b/test/common/upstream/hds_test.cc @@ -625,8 +625,10 @@ TEST_F(HdsTest, TestSocketContext) { std::make_unique(); // set socket_matcher object in test scope. - socket_matcher = std::make_unique( - params.cluster_.transport_socket_matches(), factory_context, socket_factory, *scope); + socket_matcher = + Envoy::Upstream::TransportSocketMatcherImpl::create( + params.cluster_.transport_socket_matches(), factory_context, socket_factory, *scope) + .value(); // But still use the fake cluster_info_. return cluster_info_; @@ -1114,8 +1116,10 @@ TEST_F(HdsTest, TestUpdateSocketContext) { std::make_unique(); // set socket_matcher object in test scope. - socket_matchers.push_back(std::make_unique( - params.cluster_.transport_socket_matches(), factory_context, socket_factory, *scope)); + socket_matchers.push_back( + Envoy::Upstream::TransportSocketMatcherImpl::create( + params.cluster_.transport_socket_matches(), factory_context, socket_factory, *scope) + .value()); // But still use the fake cluster_info_. return cluster_info_; diff --git a/test/common/upstream/transport_socket_matcher_test.cc b/test/common/upstream/transport_socket_matcher_test.cc index 8059fde3ef65..9d9de77d32bc 100644 --- a/test/common/upstream/transport_socket_matcher_test.cc +++ b/test/common/upstream/transport_socket_matcher_test.cc @@ -64,7 +64,7 @@ class FooTransportSocketFactory (const)); MOCK_METHOD(absl::string_view, defaultServerNameIndication, (), (const)); - Network::UpstreamTransportSocketFactoryPtr + absl::StatusOr createTransportSocketFactory(const Protobuf::Message& proto, Server::Configuration::TransportSocketFactoryContext&) override { const auto& node = dynamic_cast(proto); @@ -96,8 +96,9 @@ class TransportSocketMatcherTest : public testing::Test { auto transport_socket_match = matches.Add(); TestUtility::loadFromYaml(yaml, *transport_socket_match); } - matcher_ = std::make_unique(matches, mock_factory_context_, - mock_default_factory_, *stats_scope_); + matcher_ = TransportSocketMatcherImpl::create(matches, mock_factory_context_, + mock_default_factory_, *stats_scope_) + .value(); } void validate(const envoy::config::core::v3::Metadata& metadata, const std::string& expected) { diff --git a/test/extensions/transport_sockets/alts/alts_integration_test.cc b/test/extensions/transport_sockets/alts/alts_integration_test.cc index 22080ad3b0b2..17a2e56d4e74 100644 --- a/test/extensions/transport_sockets/alts/alts_integration_test.cc +++ b/test/extensions/transport_sockets/alts/alts_integration_test.cc @@ -390,7 +390,7 @@ class AltsIntegrationTestBase : public Event::TestUsingSimulatedTime, TestUtility::jsonConvert(alts_config, *config); ENVOY_LOG_MISC(info, "{}", config->DebugString()); - client_alts_ = factory.createTransportSocketFactory(*config, mock_factory_ctx); + client_alts_ = factory.createTransportSocketFactory(*config, mock_factory_ctx).value(); } void TearDown() override { diff --git a/test/extensions/transport_sockets/alts/config_test.cc b/test/extensions/transport_sockets/alts/config_test.cc index a848115facf8..53234510295a 100644 --- a/test/extensions/transport_sockets/alts/config_test.cc +++ b/test/extensions/transport_sockets/alts/config_test.cc @@ -31,7 +31,7 @@ TEST(UpstreamAltsConfigTest, CreateSocketFactory) { )EOF"; TestUtility::loadFromYaml(yaml, *config); - auto socket_factory = factory.createTransportSocketFactory(*config, factory_context); + auto socket_factory = factory.createTransportSocketFactory(*config, factory_context).value(); EXPECT_NE(nullptr, socket_factory); EXPECT_TRUE(socket_factory->implementsSecureTransport()); @@ -52,7 +52,7 @@ TEST(DownstreamAltsConfigTest, CreateSocketFactory) { )EOF"; TestUtility::loadFromYaml(yaml, *config); - auto socket_factory = factory.createTransportSocketFactory(*config, factory_context, {}); + auto socket_factory = factory.createTransportSocketFactory(*config, factory_context, {}).value(); EXPECT_NE(nullptr, socket_factory); EXPECT_TRUE(socket_factory->implementsSecureTransport()); diff --git a/test/extensions/transport_sockets/starttls/starttls_integration_test.cc b/test/extensions/transport_sockets/starttls/starttls_integration_test.cc index 01a27199c184..cebdd2437791 100644 --- a/test/extensions/transport_sockets/starttls/starttls_integration_test.cc +++ b/test/extensions/transport_sockets/starttls/starttls_integration_test.cc @@ -205,7 +205,7 @@ void StartTlsIntegrationTest::initialize() { auto factory = std::make_unique(); cleartext_context_ = Network::UpstreamTransportSocketFactoryPtr{ - factory->createTransportSocketFactory(*config, factory_context_)}; + factory->createTransportSocketFactory(*config, factory_context_).value()}; // Setup factories and contexts for tls transport socket. tls_context_manager_ = std::make_unique( diff --git a/test/extensions/transport_sockets/tcp_stats/tcp_stats_test.cc b/test/extensions/transport_sockets/tcp_stats/tcp_stats_test.cc index b9465639cb8f..a4c0b485a4dd 100644 --- a/test/extensions/transport_sockets/tcp_stats/tcp_stats_test.cc +++ b/test/extensions/transport_sockets/tcp_stats/tcp_stats_test.cc @@ -300,9 +300,9 @@ TEST(TcpStatsTest, ConfigErrorOnUnsupportedPlatform) { transport_socket_config.mutable_typed_config()->PackFrom(proto_config); auto& config_factory = Config::Utility::getAndCheckFactory< Server::Configuration::DownstreamTransportSocketConfigFactory>(transport_socket_config); - EXPECT_THROW_WITH_MESSAGE(config_factory.createTransportSocketFactory(proto_config, context, {}), - EnvoyException, - "envoy.transport_sockets.tcp_stats is not supported on this platform."); + EXPECT_THROW_WITH_MESSAGE( + config_factory.createTransportSocketFactory(proto_config, context, {}).value(), + EnvoyException, "envoy.transport_sockets.tcp_stats is not supported on this platform."); } } // namespace TcpStats diff --git a/test/integration/base_integration_test.cc b/test/integration/base_integration_test.cc index 4fd831a6d23a..5751d6957f44 100644 --- a/test/integration/base_integration_test.cc +++ b/test/integration/base_integration_test.cc @@ -166,7 +166,8 @@ BaseIntegrationTest::createUpstreamTlsContext(const FakeUpstreamConfig& upstream auto& config_factory = Config::Utility::getAndCheckFactoryByName< Server::Configuration::DownstreamTransportSocketConfigFactory>( "envoy.transport_sockets.quic"); - return config_factory.createTransportSocketFactory(quic_config, factory_context_, server_names); + return config_factory.createTransportSocketFactory(quic_config, factory_context_, server_names) + .value(); } } diff --git a/test/integration/quic_http_integration_test.cc b/test/integration/quic_http_integration_test.cc index 9d90bb044204..0a54b5cf5118 100644 --- a/test/integration/quic_http_integration_test.cc +++ b/test/integration/quic_http_integration_test.cc @@ -316,6 +316,7 @@ class QuicHttpIntegrationTestBase : public HttpIntegrationTest { Server::Configuration::UpstreamTransportSocketConfigFactory>(message); transport_socket_factory_.reset(static_cast( config_factory.createTransportSocketFactory(quic_transport_socket_config, context) + .value() .release())); ASSERT(transport_socket_factory_->clientContextConfig()); } diff --git a/test/integration/ssl_utility.cc b/test/integration/ssl_utility.cc index 56c92fa8b770..ea4f12e16e39 100644 --- a/test/integration/ssl_utility.cc +++ b/test/integration/ssl_utility.cc @@ -136,7 +136,8 @@ createUpstreamSslContext(ContextManager& context_manager, Api::Api& api, bool us auto& config_factory = Config::Utility::getAndCheckFactoryByName< Server::Configuration::DownstreamTransportSocketConfigFactory>( "envoy.transport_sockets.quic"); - return config_factory.createTransportSocketFactory(quic_config, mock_factory_ctx, server_names); + return config_factory.createTransportSocketFactory(quic_config, mock_factory_ctx, server_names) + .value(); } Network::DownstreamTransportSocketFactoryPtr createFakeUpstreamSslContext( diff --git a/test/integration/upstream_access_log_integration_test.cc b/test/integration/upstream_access_log_integration_test.cc index 2421578e8869..c4d6e02a19af 100644 --- a/test/integration/upstream_access_log_integration_test.cc +++ b/test/integration/upstream_access_log_integration_test.cc @@ -80,7 +80,7 @@ class SocketConfigFactory : public Server::Configuration::UpstreamTransportSocke return std::make_unique(); } - Network::UpstreamTransportSocketFactoryPtr createTransportSocketFactory( + absl::StatusOr createTransportSocketFactory( const Protobuf::Message& config, Server::Configuration::TransportSocketFactoryContext& context) override { const auto& outer_config = @@ -96,7 +96,7 @@ class SocketConfigFactory : public Server::Configuration::UpstreamTransportSocke context.messageValidationVisitor(), inner_config_factory); auto inner_transport_factory = - inner_config_factory.createTransportSocketFactory(*inner_factory_config, context); + inner_config_factory.createTransportSocketFactory(*inner_factory_config, context).value(); return std::make_unique(std::move(inner_transport_factory)); } }; diff --git a/test/integration/utility.cc b/test/integration/utility.cc index 85019c6f45c2..84c4915648f1 100644 --- a/test/integration/utility.cc +++ b/test/integration/utility.cc @@ -166,7 +166,7 @@ IntegrationUtil::createQuicUpstreamTransportSocketFactory(Api::Api& api, Stats:: message.mutable_typed_config()->PackFrom(quic_transport_socket_config); auto& config_factory = Config::Utility::getAndCheckFactory< Server::Configuration::UpstreamTransportSocketConfigFactory>(message); - return config_factory.createTransportSocketFactory(quic_transport_socket_config, context); + return config_factory.createTransportSocketFactory(quic_transport_socket_config, context).value(); } BufferingStreamDecoderPtr diff --git a/test/mocks/secret/mocks.h b/test/mocks/secret/mocks.h index e87cf0a95cee..70c5537af26e 100644 --- a/test/mocks/secret/mocks.h +++ b/test/mocks/secret/mocks.h @@ -62,7 +62,7 @@ class MockSecretCallbacks : public SecretCallbacks { public: MockSecretCallbacks(); ~MockSecretCallbacks() override; - MOCK_METHOD(void, onAddOrUpdateSecret, ()); + MOCK_METHOD(absl::Status, onAddOrUpdateSecret, ()); }; } // namespace Secret diff --git a/test/mocks/ssl/mocks.h b/test/mocks/ssl/mocks.h index 9aa51fdd9658..409b44858f8c 100644 --- a/test/mocks/ssl/mocks.h +++ b/test/mocks/ssl/mocks.h @@ -94,7 +94,7 @@ class MockClientContextConfig : public ClientContextConfig { MOCK_METHOD(unsigned, minProtocolVersion, (), (const)); MOCK_METHOD(unsigned, maxProtocolVersion, (), (const)); MOCK_METHOD(bool, isReady, (), (const)); - MOCK_METHOD(void, setSecretUpdateCallback, (std::function callback)); + MOCK_METHOD(void, setSecretUpdateCallback, (std::function callback)); MOCK_METHOD(Ssl::HandshakerFactoryCb, createHandshaker, (), (const, override)); MOCK_METHOD(Ssl::HandshakerCapabilities, capabilities, (), (const, override)); @@ -133,7 +133,7 @@ class MockServerContextConfig : public ServerContextConfig { MOCK_METHOD(unsigned, maxProtocolVersion, (), (const)); MOCK_METHOD(bool, isReady, (), (const)); MOCK_METHOD(absl::optional, sessionTimeout, (), (const)); - MOCK_METHOD(void, setSecretUpdateCallback, (std::function callback)); + MOCK_METHOD(void, setSecretUpdateCallback, (std::function callback)); MOCK_METHOD(Ssl::HandshakerFactoryCb, createHandshaker, (), (const, override)); MOCK_METHOD(Ssl::HandshakerCapabilities, capabilities, (), (const, override));