Add support for explicit wildcard resource

source/common/config/BUILD

@@ -400,6 +400,7 @@ envoy_cc_library(
     hdrs = ["watch_map.h"],
     deps = [
         ":decoded_resource_lib",
+        ":utility_lib",
         ":xds_resource_lib",
         "//envoy/config:subscription_interface",
         "//source/common/common:assert_lib",

source/common/config/delta_subscription_state.h

@@ -22,11 +22,59 @@ namespace Config {
 // There can be multiple DeltaSubscriptionStates active. They will always all be
 // blissfully unaware of each other's existence, even when their messages are
 // being multiplexed together by ADS.
+//
+// There are two scenarios which affect how DeltaSubscriptionState manages the resources. First
+// scenario is when we are subscribed to a wildcard resource, and other scenario is when we are not.
+//
+// Delta subscription state also divides the resources it cached into three categories: requested,
+// wildcard and ambiguous.
+//
+// The "requested" category is for resources that we have explicitly asked for (either through the
+// initial set of resources or through the on-demand mechanism). Resources in this category are in
+// one of two states: "complete" and "waiting for server".
+//
+// "Complete" resources are resources about which the server sent us the information we need (for
+// now - just resource version).
+//
+// The "waiting for server" state is either for resources that we have just requested, but we still
+// didn't receive any version information from the server, or for the "complete" resources that,
+// according to the server, are gone, but we are still interested in them - in such case we strip
+// the information from the resource.
+//
+// The "wildcard" category is for resources that we are not explicitly interested in, but we are
+// indirectly interested through the subscription to the wildcard resource.
+//
+// The "ambiguous" category is for resources that we stopped being interested in, but we may still
+// be interested indirectly through the wildcard subscription - resources in these category are
+// "waiting" for the config server to confirm their status.
+//
+// Please refer to drawings (non-wildcard-resource-state-machine.png and
+// (wildcard-resource-state-machine.png) for visual depictions of the resource state machine.
+//
+// In the "no wildcard subscription" scenario all the cached resources should be in the "requested"
+// category. Resources are added to the category upon the explicit request and dropped when we
+// explicitly unsubscribe from it. Transitions between "complete" and "waiting for server" happen
+// when we receive messages from the server - if a resource in the message is in "added resources"
+// list (thus contains version information), the resource becomes "complete". If the resource in the
+// message is in "removed resources" list, it changes into the "waiting for server" state. If a
+// server sends us a resource that we didn't request, it's going to be ignored.
+//
+// In the "wildcard subscription" scenario, "requested" category is the same as in "no wildcard
+// subscription" scenario, with one exception - the unsubscribed "complete" resource is not removed
+// from the cache, but it's moved to the "ambiguous" resources instead. At this point we are waiting
+// for the server to tell us that this resource should be either moved to the "wildcard" resources,
+// or dropped. Resources in "wildcard" category are only added there or dropped from there by the
+// server. Resources from both "wildcard" and "ambiguous" categories can become "requested"
+// "complete" resources if we subscribe to them again.
+//
+// The delta subscription state transitions between the two scenarios depending on whether we are
+// subscribed to wildcard resource or not. Nothing special happens when we transition from "no
+// wildcard subscription" to "wildcard subscription" scenario, but when transitioning in the other
+// direction, we drop all the resources in "wildcard" and "ambiguous" categories.
 class DeltaSubscriptionState : public Logger::Loggable<Logger::Id::config> {
 public:
   DeltaSubscriptionState(std::string type_url, UntypedConfigUpdateCallbacks& watch_map,
-                         const LocalInfo::LocalInfo& local_info, Event::Dispatcher& dispatcher,
-                         const bool wildcard);
+                         const LocalInfo::LocalInfo& local_info, Event::Dispatcher& dispatcher);
 
   // Update which resources we're interested in subscribing to.
   void updateSubscriptionInterest(const absl::flat_hash_set<std::string>& cur_added,
@@ -60,15 +108,21 @@ class DeltaSubscriptionState : public Logger::Loggable<Logger::Id::config> {
 
   class ResourceState {
   public:
-    ResourceState(const envoy::service::discovery::v3::Resource& resource)
-        : version_(resource.version()) {}
-
     // Builds a ResourceState in the waitingForServer state.
     ResourceState() = default;
+    // Builds a ResourceState with a specific version
+    ResourceState(absl::string_view version) : version_(version) {}
+    // Self-documenting alias of default constructor.
+    static ResourceState waitingForServer() { return ResourceState(); }
+    // Self-documenting alias of constructor with version.
+    static ResourceState withVersion(absl::string_view version) { return ResourceState(version); }
 
     // If true, we currently have no version of this resource - we are waiting for the server to
     // provide us with one.
-    bool waitingForServer() const { return version_ == absl::nullopt; }
+    bool isWaitingForServer() const { return version_ == absl::nullopt; }
+
+    void setAsWaitingForServer() { version_ = absl::nullopt; }
+    void setVersion(absl::string_view version) { version_ = std::string(version); }
 
     // Must not be called if waitingForServer() == true.
     std::string version() const {
@@ -80,36 +134,37 @@ class DeltaSubscriptionState : public Logger::Loggable<Logger::Id::config> {
     absl::optional<std::string> version_;
   };
 
-  // Use these helpers to ensure resource_state_ and resource_names_ get updated together.
-  void addResourceState(const envoy::service::discovery::v3::Resource& resource);
-  void setResourceWaitingForServer(const std::string& resource_name);
-  void removeResourceState(const std::string& resource_name);
+  void addResourceStateFromServer(const envoy::service::discovery::v3::Resource& resource);
+  OptRef<ResourceState> getRequestedResourceState(absl::string_view resource_name);
+  OptRef<const ResourceState> getRequestedResourceState(absl::string_view resource_name) const;
 
-  void populateDiscoveryRequest(envoy::service::discovery::v3::DeltaDiscoveryResponse& request);
+  bool isInitialRequestForLegacyWildcard();
 
   // A map from resource name to per-resource version. The keys of this map are exactly the resource
   // names we are currently interested in. Those in the waitingForServer state currently don't have
   // any version for that resource: we need to inform the server if we lose interest in them, but we
   // also need to *not* include them in the initial_resource_versions map upon a reconnect.
-  absl::node_hash_map<std::string, ResourceState> resource_state_;
+  absl::node_hash_map<std::string, ResourceState> requested_resource_state_;
+  // A map from resource name to per-resource version. The keys of this map are resource names we
+  // have received as a part of the wildcard subscription.
+  absl::node_hash_map<std::string, std::string> wildcard_resource_state_;
+  // Used for storing resources that we lost interest in, but could
+  // also be a part of wildcard subscription.
+  absl::node_hash_map<std::string, std::string> ambiguous_resource_state_;
 
   // Not all xDS resources supports heartbeats due to there being specific information encoded in
   // an empty response, which is indistinguishable from a heartbeat in some cases. For now we just
   // disable heartbeats for these resources (currently only VHDS).
   const bool supports_heartbeats_;
   TtlManager ttl_;
-  // The keys of resource_versions_. Only tracked separately because std::map does not provide an
-  // iterator into just its keys.
-  absl::flat_hash_set<std::string> resource_names_;
 
   const std::string type_url_;
-  // Is the subscription is for a wildcard request.
-  const bool wildcard_;
   UntypedConfigUpdateCallbacks& watch_map_;
   const LocalInfo::LocalInfo& local_info_;
   Event::Dispatcher& dispatcher_;
   std::chrono::milliseconds init_fetch_timeout_;
 
+  bool in_initial_legacy_wildcard_{true};
   bool any_request_sent_yet_in_current_stream_{};
   bool must_send_discovery_request_{};
 

source/common/config/new_grpc_mux_impl.cc

@@ -158,7 +158,7 @@ GrpcMuxWatchPtr NewGrpcMuxImpl::addWatch(const std::string& type_url,
   auto entry = subscriptions_.find(type_url);
   if (entry == subscriptions_.end()) {
     // We don't yet have a subscription for type_url! Make one!
-    addSubscription(type_url, options.use_namespace_matching_, resources.empty());
+    addSubscription(type_url, options.use_namespace_matching_);
     return addWatch(type_url, resources, callbacks, resource_decoder, options);
   }
 
@@ -230,11 +230,10 @@ void NewGrpcMuxImpl::removeWatch(const std::string& type_url, Watch* watch) {
   entry->second->watch_map_.removeWatch(watch);
 }
 
-void NewGrpcMuxImpl::addSubscription(const std::string& type_url, const bool use_namespace_matching,
-                                     const bool wildcard) {
-  subscriptions_.emplace(type_url, std::make_unique<SubscriptionStuff>(type_url, local_info_,
-                                                                       use_namespace_matching,
-                                                                       dispatcher_, wildcard));
+void NewGrpcMuxImpl::addSubscription(const std::string& type_url,
+                                     const bool use_namespace_matching) {
+  subscriptions_.emplace(type_url, std::make_unique<SubscriptionStuff>(
+                                       type_url, local_info_, use_namespace_matching, dispatcher_));
   subscription_ordering_.emplace_back(type_url);
 }
 

source/common/config/new_grpc_mux_impl.h

@@ -81,10 +81,9 @@ class NewGrpcMuxImpl
 
   struct SubscriptionStuff {
     SubscriptionStuff(const std::string& type_url, const LocalInfo::LocalInfo& local_info,
-                      const bool use_namespace_matching, Event::Dispatcher& dispatcher,
-                      const bool wildcard)
+                      const bool use_namespace_matching, Event::Dispatcher& dispatcher)
         : watch_map_(use_namespace_matching),
-          sub_state_(type_url, watch_map_, local_info, dispatcher, wildcard) {}
+          sub_state_(type_url, watch_map_, local_info, dispatcher) {}
 
     WatchMap watch_map_;
     DeltaSubscriptionState sub_state_;
@@ -138,8 +137,7 @@ class NewGrpcMuxImpl
                    const SubscriptionOptions& options);
 
   // Adds a subscription for the type_url to the subscriptions map and order list.
-  void addSubscription(const std::string& type_url, bool use_namespace_matching,
-                       const bool wildcard);
+  void addSubscription(const std::string& type_url, bool use_namespace_matching);
 
   void trySendDiscoveryRequests();
 

source/common/config/utility.h

@@ -35,6 +35,8 @@
 namespace Envoy {
 namespace Config {
 
+constexpr absl::string_view Wildcard = "*";
+
 /**
  * Constant Api Type Values, used by envoy::config::core::v3::ApiConfigSource.
  */

source/common/config/watch_map.cc

@@ -5,6 +5,7 @@
 #include "source/common/common/cleanup.h"
 #include "source/common/common/utility.h"
 #include "source/common/config/decoded_resource_impl.h"
+#include "source/common/config/utility.h"
 #include "source/common/config/xds_resource.h"
 
 namespace Envoy {
@@ -49,7 +50,7 @@ void WatchMap::removeDeferredWatches() {
 AddedRemoved
 WatchMap::updateWatchInterest(Watch* watch,
                               const absl::flat_hash_set<std::string>& update_to_these_names) {
-  if (update_to_these_names.empty()) {
+  if (update_to_these_names.empty() || update_to_these_names.contains(Wildcard)) {
     wildcard_watches_.insert(watch);
   } else {
     wildcard_watches_.erase(watch);