xds/bootstrap: add trusted_xds_server server feature

[Pranjali-2501]

This PR implements the Bootstrap config changes for gRFC A81.

Authority rewriting is a security-sensitive feature that should only be enabled when the xDS server is explicitly trusted to provide such configuration. gRFC A81 specifies that this trust is indicated by adding trusted_xds_server to the server_features list for a given server in the bootstrap file.

RELEASE NOTES: None

[codecov]

Codecov Report

❌ Patch coverage is 0% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.27%. Comparing base (c45d8e6) to head (a421a01).

Files with missing lines	Patch %	Lines
internal/xds/bootstrap/bootstrap.go	0.00%	5 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #8692      +/-   ##
==========================================
- Coverage   83.42%   83.27%   -0.16%     
==========================================
  Files         416      416              
  Lines       32303    32308       +5     
==========================================
- Hits        26948    26903      -45     
- Misses       3993     4026      +33     
- Partials     1362     1379      +17     

Files with missing lines	Coverage Δ
internal/xds/bootstrap/bootstrap.go	65.15% <0.00%> (-1.01%)	⬇️

... and 25 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[easwars]

The generic xDS client's configuration can be found here:

grpc-go/internal/xds/clients/xdsclient/xdsconfig.go

Line 75 in 7472d57

type ServerConfig struct {

We need to propagate this newly added server feature to the generic xDS client as well. In order to do that, we need to do the following:

• Either of the following:
  • Add a new field named TrustedXDSServer in the above mentioned ServerConfig struct, or
  • Add a new field named ServerFeatures which is of type []ServerFeature and remove the existing IgnoreResourceDeletion, or
  • Add a new field named ServerFeatures which is of type map[ServerFeature]bool which is the idiomatic way of representing a Set in Go. Again, remove the existing IgnoreResourceDeletion field.
  • I would prefer going with the second or the third approach since there is already a comment there saying IgnoreResourceDeletion will be removed in favor of two new fields when A88 is implemented. Instead of adding one field per server feature, we could instead have a container to store the server features.
• Add a method in the ServerConfig struct of the generic xDS client to check if a server feature exists. This could be something like:

func (s *ServerConfig) SupportsServerFeature(feature ServerFeature) bool { ... }

• Introduce exported constants for the supported server features in the generic xDS client. This could be internal/xds/clients/xdsclient/xdsconfig.go. Something like:

type ServerFeature int
const (
	ServerFeatureIgnoreResourceDeletion ServerFeature = iota
	ServerFeatureTrustedXDSServer
)

• Remove the existing direct reference to IgnoreResourceDeletion here:

  grpc-go/internal/xds/clients/xdsclient/authority.go

  Line 473 in 7472d57

  if serverConfig.IgnoreResourceDeletion {

  and replace it with a call to serverConfig.SupportsServerFeature(ServerFeatureIgnoreResourceDeletion)
• Add logic to populate the server features in the generic xDS client config here:

  grpc-go/internal/xds/xdsclient/clientimpl.go

  Line 166 in 7472d57

  func buildXDSClientConfig(config *bootstrap.Config, metricsRecorder estats.MetricsRecorder, target string, watchExpiryTimeout time.Duration) (xdsclient.Config, error) {

  • While you are here, you could also refactor the code a little to pull out the common logic to from an internal server config to an external (or generic) server config. That code is currently repeated twice. If you could pull it out into a separate function, that would be nicer
• Update tests