http_11_proxy: Make inner transport_socket config optional (envoyprox…

…y#36414)

http_11_proxy: Make inner transport_socket config optional

Given that the top-level
[Cluster.transport_socket](https://github.com/envoyproxy/envoy/blob/1a153166a6d1e9336ee8982d1a00ba98655c9d39/api/envoy/config/cluster/v3/cluster.proto#L1099)
field is optional and defaults to plaintext, this should also be
optional. gRPC is adding support for this transport socket, but they do
not have a `raw_buffer` to explicitly configure. See
grpc/proposal#455 (comment) for
additional context.

Risk Level: Low.
Testing: Existing tests.
Docs Changes: n/a
Release Notes: Done.

---------

Signed-off-by: Tony Allen <[email protected]>

api/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto

@@ -5,7 +5,6 @@ package envoy.extensions.transport_sockets.http_11_proxy.v3;
 import "envoy/config/core/v3/base.proto";
 
 import "udpa/annotations/status.proto";
-import "validate/validate.proto";
 
 option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.http_11_proxy.v3";
 option java_outer_classname = "UpstreamHttp11ConnectProto";
@@ -34,6 +33,6 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // proxy address in ``config::core::v3::Address`` format.
 //
 message Http11ProxyUpstreamTransport {
-  // The underlying transport socket being wrapped.
-  config.core.v3.TransportSocket transport_socket = 1 [(validate.rules).message = {required: true}];
+  // The underlying transport socket being wrapped. Defaults to plaintext (raw_buffer) if unset.
+  config.core.v3.TransportSocket transport_socket = 1;
 }

changelogs/current.yaml

@@ -105,6 +105,9 @@ minor_behavior_changes:
     Connect the QUIC UDP client connection sockets before use and sockets will only bind if
     the local address is specified. This behavior change can be reverted by setting the
     ``envoy_reloadable_features_quic_connect_client_udp_sockets`` runtime flag to ``false``.
+- area: http_11_proxy
+  change: |
+    Make the inner ``transport_socket`` field optional in the proto configuration.
 - area: conn_handler
   change: |
     Enhanced listener filter chain execution to include the case that listener filter has maxReadBytes() of 0,

test/extensions/transport_sockets/http_11_proxy/connect_integration_test.cc

@@ -74,7 +74,7 @@ name: envoy.clusters.dynamic_forward_proxy
           bootstrap.mutable_static_resources()->mutable_clusters(0)->mutable_transport_socket();
       envoy::config::core::v3::TransportSocket inner_socket;
       inner_socket.CopyFrom(*transport_socket);
-      if (inner_socket.name().empty()) {
+      if (set_inner_transport_socket_ && inner_socket.name().empty()) {
         inner_socket.set_name("envoy.transport_sockets.raw_buffer");
       }
       transport_socket->set_name("envoy.transport_sockets.http_11_proxy");
@@ -135,12 +135,28 @@ name: envoy.clusters.dynamic_forward_proxy
   }
   bool use_alpn_ = false;
   bool try_http3_ = false;
+
+  // If true, we'll explicitly set the inner "transport_socket" field to raw buffer if it is not
+  // configured.
+  bool set_inner_transport_socket_ = true;
 };
 
 INSTANTIATE_TEST_SUITE_P(IpVersions, Http11ConnectHttpIntegrationTest,
                          testing::ValuesIn(TestEnvironment::getIpVersionsForTest()),
                          TestUtility::ipTestParamsToString);
 
+// Test that request/response is successful via plaintext if the inner transport socket is not set.
+TEST_P(Http11ConnectHttpIntegrationTest, NoInnerTransportSocketSet) {
+  set_inner_transport_socket_ = false;
+  initialize();
+
+  codec_client_ = makeHttpConnection(lookupPort("http"));
+  auto response =
+      sendRequestAndWaitForResponse(default_request_headers_, 0, default_response_headers_, 0);
+  ASSERT_TRUE(response->complete());
+  EXPECT_EQ("200", response->headers().getStatusValue());
+}
+
 // Test that with no connect-proxy header, the transport socket is a no-op.
 TEST_P(Http11ConnectHttpIntegrationTest, NoHeader) {
   initialize();