adding server_feature in bootstrap config

Author: Pranjali-2501

internal/xds/bootstrap/bootstrap.go

@@ -43,6 +43,7 @@ import (
 
 const (
 	serverFeaturesIgnoreResourceDeletion = "ignore_resource_deletion"
+	serverFeatureTrustedXDSServer        = "trusted_xds_server"
 	gRPCUserAgentName                    = "gRPC Go"
 	clientFeatureNoOverprovisioning      = "envoy.lb.does_not_support_overprovisioning"
 	clientFeatureResourceWrapper         = "xds.config.resource-in-sotw"
@@ -211,6 +212,18 @@ func (sc *ServerConfig) ServerFeaturesIgnoreResourceDeletion() bool {
 	return false
 }
 
+// ServerFeaturesTrustedXDSServer returns true if this server is trusted,
+// and gRPC should accept security-config-affecting fields from the server
+// as described in gRFC A81.
+func (sc *ServerConfig) ServerFeaturesTrustedXDSServer() bool {
+	for _, sf := range sc.serverFeatures {
+		if sf == serverFeatureTrustedXDSServer {
+			return true
+		}
+	}
+	return false
+}
+
 // SelectedCreds returns the selected credentials configuration for
 // communicating with this server.
 func (sc *ServerConfig) SelectedCreds() ChannelCreds {

internal/xds/bootstrap/bootstrap_test.go

@@ -196,6 +196,22 @@ var (
 				"server_features" : ["ignore_resource_deletion", "xds_v3"]
 			}]
 		}`,
+		"serverSupportsTrustedXDSServer": `
+		{
+			"node": {
+				"id": "ENVOY_NODE_ID",
+				"metadata": {
+				    "TRAFFICDIRECTOR_GRPC_HOSTNAME": "trafficdirector"
+			    }
+			},
+			"xds_servers" : [{
+				"server_uri": "trafficdirector.googleapis.com:443",
+				"channel_creds": [
+					{ "type": "google_default" }
+				],
+				"server_features" : ["trusted_xds_server", "xds_v3"]
+			}]
+		}`,
 	}
 	metadata = &structpb.Struct{
 		Fields: map[string]*structpb.Value{
@@ -267,6 +283,16 @@ var (
 		node: v3Node,
 		clientDefaultListenerResourceNameTemplate: "%s",
 	}
+	configWithGoogleDefaultCredsAndTrustedXDSServer = &Config{
+		xDSServers: []*ServerConfig{{
+			serverURI:      "trafficdirector.googleapis.com:443",
+			channelCreds:   []ChannelCreds{{Type: "google_default"}},
+			serverFeatures: []string{"trusted_xds_server", "xds_v3"},
+			selectedCreds:  ChannelCreds{Type: "google_default"},
+		}},
+		node: v3Node,
+		clientDefaultListenerResourceNameTemplate: "%s",
+	}
 	configWithGoogleDefaultCredsAndNoServerFeatures = &Config{
 		xDSServers: []*ServerConfig{{
 			serverURI:     "trafficdirector.googleapis.com:443",
@@ -432,6 +458,7 @@ func (s) TestGetConfiguration_Success(t *testing.T) {
 		{"goodBootstrap", configWithGoogleDefaultCredsAndV3},
 		{"multipleXDSServers", configWithMultipleServers},
 		{"serverSupportsIgnoreResourceDeletion", configWithGoogleDefaultCredsAndIgnoreResourceDeletion},
+		{"serverSupportsTrustedXDSServer", configWithGoogleDefaultCredsAndTrustedXDSServer},
 	}
 
 	for _, test := range tests {