Handle missing filter_chain_match differently, plus other fixes

packages/grpc-js-xds/src/server.ts

@@ -289,6 +289,7 @@ class ListenerConfig {
   handleConnection(socket: net.Socket) {
     const matchingFilter = selectMostSpecificallyMatchingFilter(this.filterChainEntries, socket) ?? this.defaultFilterChain;
     if (!matchingFilter) {
+      trace('Rejecting connection from ' + socket.remoteAddress + ': No filter matched');
       socket.destroy();
       return;
     }
@@ -456,7 +457,19 @@ class BoundPortEntry {
 
 function normalizeFilterChainMatch(filterChainMatch: FilterChainMatch__Output | null): NormalizedFilterChainMatch[] {
   if (!filterChainMatch) {
-    return [];
+    filterChainMatch = {
+      address_suffix: '',
+      application_protocols: [],
+      destination_port: null,
+      direct_source_prefix_ranges: [],
+      prefix_ranges: [],
+      server_names: [],
+      source_ports: [],
+      source_prefix_ranges: [],
+      source_type: 'ANY',
+      suffix_len: null,
+      transport_protocol: 'raw_buffer'
+    };
   }
   if (filterChainMatch.destination_port) {
     return [];

packages/grpc-js-xds/src/xds-dependency-manager.ts

@@ -362,6 +362,7 @@ export class XdsDependencyManager {
       onResourceChanged: (update: Listener__Output) => {
         if (!update.api_listener) {
           this.trace('Received Listener resource not usable on client');
+          this.handleListenerDoesNotExist();
           return;
         }
         this.latestListener = update;
@@ -405,15 +406,7 @@ export class XdsDependencyManager {
       },
       onResourceDoesNotExist: () => {
         this.trace('Resolution error: LDS resource does not exist');
-        if (this.latestRouteConfigName) {
-          this.trace('RDS.cancelWatch(' + this.latestRouteConfigName + '): LDS resource does not exist');
-          RouteConfigurationResourceType.cancelWatch(this.xdsClient, this.latestRouteConfigName, this.rdsWatcher);
-          this.latestRouteConfigName = null;
-          this.latestRouteConfiguration = null;
-          this.clusterRoots = [];
-          this.pruneOrphanClusters();
-        }
-        this.watcher.onResourceDoesNotExist(`Listener ${listenerResourceName}`);
+        this.handleListenerDoesNotExist();
       }
     });
     this.rdsWatcher = new Watcher<RouteConfiguration__Output>({
@@ -439,6 +432,19 @@ export class XdsDependencyManager {
     trace('[' + this.listenerResourceName + '] ' + text);
   }
 
+  private handleListenerDoesNotExist() {
+    if (this.latestRouteConfigName) {
+      this.trace('RDS.cancelWatch(' + this.latestRouteConfigName + '): LDS resource does not exist');
+      RouteConfigurationResourceType.cancelWatch(this.xdsClient, this.latestRouteConfigName, this.rdsWatcher);
+      this.latestRouteConfigName = null;
+      this.latestRouteConfiguration = null;
+      this.clusterRoots = [];
+      this.pruneOrphanClusters();
+    }
+    this.watcher.onResourceDoesNotExist(`Listener ${this.listenerResourceName}`);
+
+  }
+
   private maybeSendUpdate() {
     if (!this.latestListener) {
       this.trace('Not sending update: no Listener update received');

packages/grpc-js/src/channel-credentials.ts

@@ -339,7 +339,7 @@ class CertificateProviderChannelCredentialsImpl extends ChannelCredentials {
     constructor(private parent: CertificateProviderChannelCredentialsImpl, private channelTarget: GrpcUri, private options: ChannelOptions, private callCredentials: CallCredentials) {}
 
     connect(socket: Socket): Promise<SecureConnectResult> {
-      return new Promise(async (resolve, reject) => {
+      return new Promise((resolve, reject) => {
         const secureContext = this.parent.getLatestSecureContext();
         if (!secureContext) {
           reject(new Error('Failed to load credentials'));