xds v3

tools/run_tests/xds_test_driver/bin/run_channelz.py

@@ -95,6 +95,7 @@ def main(argv):
         rpc_host=_CLIENT_RPC_HOST.value)
 
     with test_client, test_server:
+        test_client.wait_for_active_server_channel()
         client_socket: Socket = test_client.get_client_socket_with_test_server()
         server_socket: Socket = test_server.get_server_socket_matching_client(
             client_socket)

tools/run_tests/xds_test_driver/framework/infrastructure/traffic_director.py

@@ -276,7 +276,7 @@ class TrafficDirectorSecureManager(TrafficDirectorManager):
     SERVER_TLS_POLICY_NAME = "server-tls-policy"
     CLIENT_TLS_POLICY_NAME = "client-tls-policy"
     ENDPOINT_CONFIG_SELECTOR_NAME = "endpoint-config-selector"
-    GRPC_ENDPOINT_TARGET_URI = "unix:/var/cert/node-agent.0"
+    CERTIFICATE_PROVIDER_INSTANCE = "google_cloud_private_spiffe"
 
     def __init__(
             self,
@@ -349,17 +349,14 @@ class TrafficDirectorSecureManager(TrafficDirectorManager):
                 'policy. Skipping creation', name)
             return
 
-        grpc_endpoint = {
-            "grpcEndpoint": {
-                "targetUri": self.GRPC_ENDPOINT_TARGET_URI
-            }
-        }
-
+        certificate_provider = self._get_certificate_provider()
         policy = {}
         if tls:
-            policy["serverCertificate"] = grpc_endpoint
+            policy["serverCertificate"] = certificate_provider
         if mtls:
-            policy["mtlsPolicy"] = {"clientValidationCa": [grpc_endpoint]}
+            policy["mtlsPolicy"] = {
+                "clientValidationCa": [certificate_provider],
+            }
 
         self.netsec.create_server_tls_policy(name, policy)
         self.server_tls_policy = self.netsec.get_server_tls_policy(name)
@@ -431,17 +428,12 @@ class TrafficDirectorSecureManager(TrafficDirectorManager):
                 'policy. Skipping creation', name)
             return
 
-        grpc_endpoint = {
-            "grpcEndpoint": {
-                "targetUri": self.GRPC_ENDPOINT_TARGET_URI
-            }
-        }
-
+        certificate_provider = self._get_certificate_provider()
         policy = {}
         if tls:
-            policy["serverValidationCa"] = [grpc_endpoint]
+            policy["serverValidationCa"] = [certificate_provider]
         if mtls:
-            policy["clientCertificate"] = grpc_endpoint
+            policy["clientCertificate"] = certificate_provider
 
         self.netsec.create_client_tls_policy(name, policy)
         self.client_tls_policy = self.netsec.get_client_tls_policy(name)
@@ -484,3 +476,11 @@ class TrafficDirectorSecureManager(TrafficDirectorManager):
                     'subjectAltNames': [server_spiffe]
                 }
             })
+
+    @classmethod
+    def _get_certificate_provider(cls):
+        return {
+            "certificateProviderInstance": {
+                "pluginInstance": cls.CERTIFICATE_PROVIDER_INSTANCE,
+            },
+        }

tools/run_tests/xds_test_driver/kubernetes-manifests/client-secure.deployment.yaml

@@ -36,7 +36,7 @@ spec:
             value: "/tmp/grpc-xds/td-grpc-bootstrap.json"
           - name: GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT
             value: "true"
-          - name: GRPC_XDS_CERT_INSTANCE_OVERRIDE
+          - name: GRPC_XDS_EXPERIMENTAL_V3_SUPPORT
             value: "true"
         volumeMounts:
           - mountPath: /tmp/grpc-xds/
@@ -59,6 +59,7 @@ spec:
           args:
             - "--output=/tmp/bootstrap/td-grpc-bootstrap.json"
             - "--vpc-network-name=${network_name}"
+            - "--include-v3-features-experimental"
             - "--include-psm-security-experimental"
           resources:
             limits:

tools/run_tests/xds_test_driver/kubernetes-manifests/server-secure.deployment.yaml

@@ -34,7 +34,7 @@ spec:
             value: "/tmp/grpc-xds/td-grpc-bootstrap.json"
           - name: GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT
             value: "true"
-          - name: GRPC_XDS_CERT_INSTANCE_OVERRIDE
+          - name: GRPC_XDS_EXPERIMENTAL_V3_SUPPORT
             value: "true"
         volumeMounts:
           - mountPath: /tmp/grpc-xds/
@@ -57,6 +57,7 @@ spec:
           args:
             - "--output=/tmp/bootstrap/td-grpc-bootstrap.json"
             - "--vpc-network-name=${network_name}"
+            - "--include-v3-features-experimental"
             - "--include-psm-security-experimental"
             - "--node-metadata-experimental=app=${namespace_name}-${deployment_name}"
           resources: