Skip to content

feat(ssl): added timeout option#5475

Merged
soloio-bulldozer[bot] merged 1 commit intokgateway-dev:masterfrom
gunnar-solo:add-tls-timeout
Oct 19, 2021
Merged

feat(ssl): added timeout option#5475
soloio-bulldozer[bot] merged 1 commit intokgateway-dev:masterfrom
gunnar-solo:add-tls-timeout

Conversation

@gunnar-solo
Copy link
Copy Markdown
Contributor

@gunnar-solo gunnar-solo commented Oct 14, 2021
edited
Loading

closes solo-io#5438

Description

Passthrough functionality for "TLS handshake timeout"--added new proto option to ssl.proto: transport_socket_connect_timeout

Context

Envoy has supported this for a bit, and this PR will allow gloo-edge to support the functionality as well.

Checklist:

  • I included a concise, user-facing changelog (for details, see https://github.com/solo-io/go-utils/tree/master/changelogutils) which references the issue that is resolved.
  • If I updated APIs (our protos) or helm values, I ran make -B install-go-tools generated-code to ensure there will be no code diff
  • I followed guidelines laid out in the Gloo Edge contribution guide
  • I opened a draft PR or added the work in progress label if my PR is not ready for review
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works

BOT NOTES:
resolves solo-io#5438

@gunnar-solo gunnar-solo force-pushed the add-tls-timeout branch 2 times, most recently from d27dc4e to 7699185 Compare October 15, 2021 13:46
@solo-changelog-bot
Copy link
Copy Markdown

solo-changelog-bot Bot commented Oct 15, 2021

Issues linked to changelog:
solo-io#5438

sam-heilbron
sam-heilbron reviewed Oct 15, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@sam-heilbron sam-heilbron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Small question and ask

Comment thread projects/gloo/api/v1/ssl.proto
// If present and nonzero, the amount of time to allow incoming connections to complete any
// transport socket negotiations. If this expires before the transport reports connection
// establishment, the connection is summarily closed.
google.protobuf.Duration transport_socket_connect_timeout = 10;
Copy link
Copy Markdown
Contributor

@sam-heilbron sam-heilbron Oct 15, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this field is 0, what is the default behavior?

Copy link
Copy Markdown
Contributor Author

@gunnar-solo gunnar-solo Oct 15, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Default behavior appears to be this: https://github.com/envoyproxy/envoy/blob/d142c9d55ae9aab34e9924aa25f20bd27635e060/source/server/listener_manager_impl.cc#L949

Comment thread projects/gloo/pkg/translator/listener.go
@gunnar-solo gunnar-solo force-pushed the add-tls-timeout branch 2 times, most recently from 618022d to bb1d369 Compare October 18, 2021 12:27
@gunnar-solo gunnar-solo marked this pull request as ready for review October 18, 2021 12:39
@gunnar-solo gunnar-solo requested a review from a team as a code owner October 18, 2021 12:39
sam-heilbron
sam-heilbron requested changes Oct 18, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@sam-heilbron sam-heilbron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small comment about the unit test, but the rest looks good!

Comment thread projects/gloo/pkg/plugins/tcp/plugin_test.go
@gunnar-solo
feat(ssl): added timeout option
f0b24e2 
passthrough functionality for "TLS handshake timeout".  Envoy has supported this [for a bit](envoyproxy/envoy#13610), and this
PR will allow gloo-edge to support the functionality as well.

[Referenced Documentation Here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener_components.proto#config-listener-v3-filterchain)

closes solo-io#5438
elcasteel
elcasteel approved these changes Oct 19, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@elcasteel elcasteel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
FYI Github will squash commits before merging so you don't need to rebase and it's a little easier for reviewers to see the history of comments being addressed if you maintain the original commit history.

@soloio-bulldozer soloio-bulldozer Bot merged commit 28712c8 into kgateway-dev:master Oct 19, 2021
@gunnar-solo gunnar-solo deleted the add-tls-timeout branch October 19, 2021 16:48
@nfuden nfuden mentioned this pull request Nov 14, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sam-heilbron sam-heilbron sam-heilbron approved these changes

+1 more reviewer

@elcasteel elcasteel elcasteel approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

make TLS handshake timeout configurable

3 participants

@gunnar-solo @elcasteel @sam-heilbron