xds: Changes to XdsClient Watcher APIs #12446
Conversation
kannanjgithub
left a comment
kannanjgithub
left a comment
There was a problem hiding this comment.
Sending what I could review today.
| * Called to deliver a transient error that should not affect the watcher's use of any | ||
| * previously received resource. | ||
| * | ||
| * <p>Note that we expect that the implementer to: |
There was a problem hiding this comment.
I think this comment now applies to both methods since both methods take Status argument now.
There was a problem hiding this comment.
We can remove it from the method's Javadoc as you have put in the class' Javadoc.
| type, resource); | ||
| respTimer = null; | ||
| onAbsent(null, activeCpc.getServerInfo()); | ||
| respTimer = null; |
There was a problem hiding this comment.
Why swap the order of these statements?
There was a problem hiding this comment.
The original code was setting respTimer = null before calling onAbsent(), which caused the timeout context to be lost, resulting in a generic "does not exist" error.
The original for onAbsent method did not have a check for if (respTimer == null). It only looked at the serverInfo.resourceTimerIsTransientError() flag to decide between calling watcher.onError() or watcher.onResourceDoesNotExist(). It could not distinguish between a timeout and other "not found" conditions.
| logger.log(XdsLogLevel.WARNING, "No working fallback XDS Servers found from {0}", | ||
| activeCpClient.getServerInfo().target()); | ||
| activeCpc.getServerInfo().target()); | ||
| } |
There was a problem hiding this comment.
The changes above here seem unnecessary?
| executor.execute(() -> { | ||
| try { | ||
| notifyWatcher(watcher, data); | ||
| watcher.onResourceChanged(update); // Call the new method |
There was a problem hiding this comment.
Remove the comment as we are passing StatusOr argument.
| continue; | ||
| } | ||
| if (subscriber.hasResult()) { | ||
| subscriber.onError(status, null); // This will become an onAmbientError |
There was a problem hiding this comment.
As the handling to call either onDataChanged or onAmbientError happens in ResourceSubscriber.onError, why not simply call it? You are only calling if subscriber.hasResult() is true. What if when it is false? Previously the onError was getting called in that case but not now.
| * Called to deliver a transient error that should not affect the watcher's use of any | ||
| * previously received resource. | ||
| * | ||
| * <p>Note that we expect that the implementer to: |
There was a problem hiding this comment.
We can remove it from the method's Javadoc as you have put in the class' Javadoc.
| if (!Objects.equals(oldData, data)) { | ||
| for (ResourceWatcher<T> watcher : watchers.keySet()) { | ||
| StatusOr<T> update = StatusOr.fromValue(data); | ||
| for (Map.Entry<ResourceWatcher<T>, Executor> entry : watchers.entrySet()) { |
There was a problem hiding this comment.
Why change from iterating the keySet to iterating the entrySet? There is nothing wrong with it but it seems like an unnecessary change.
Can keep the executor inlined like before as well.
There was a problem hiding this comment.
Yeah, I did that intentionally because my intention for changing to entrySet was to avoid the extra lookup for each key to get executor below. But yeah this change is unnecessary, I'll revert back.
|
|
||
| Status status; | ||
| if (respTimer == null) { | ||
| status = Status.NOT_FOUND.withDescription("Resource " + resource + " does not exist"); |
There was a problem hiding this comment.
For resource deletions, if fail_on_data_error is false, we should not be setting data = null; and should be calling onAmbientError(NOT_FOUND). lastError should also be set to NOT_FOUND so both the data and the last error are available for replay for new watchers.
Only for fail_on_data_error true we should drop the resource (data = null;) and call onResourceChanged.
There was a problem hiding this comment.
fail_on_data_error is a server feature that needs to be added. In this PR we are focusing only on Changes to XdsClient Watcher APIs as stated in the PR description as well.
| for (Map<String, ResourceSubscriber<? extends ResourceUpdate>> subscriberMap : | ||
| resourceSubscribers.values()) { | ||
| for (ResourceSubscriber<? extends ResourceUpdate> subscriber : subscriberMap.values()) { | ||
| if (subscriber.hasResult() || !authoritiesForClosedCpc.contains(subscriber.authority)) { |
There was a problem hiding this comment.
Why remove subscriber.hasResult()?
There was a problem hiding this comment.
The if (subscriber.hasResult()) check prevented subscribers without a cached resource from being notified of stream errors. By removing it, we now correctly call onError for all subscribers, and the onError method itself handles the logic of whether to call onResourceChanged or onAmbientError.
| private StatusOr<T> data; | ||
| @Nullable | ||
| @SuppressWarnings("unused") | ||
| private Status ambientError; |
There was a problem hiding this comment.
Will there be a separate PR for propagating this to the data plane rpc error?
| } | ||
|
|
||
| if (!pendingRds.isEmpty()) { | ||
| // filter chain state has not yet been applied to filterChainSelectorManager and there |
There was a problem hiding this comment.
Restore this comment.
|
Note: The failing test log shown here in github Actions is not failing in local even after clean run/build. |
| } | ||
|
|
||
| Status newStatus = status; | ||
| if (responseReceived) { |
There was a problem hiding this comment.
Are these changes from grfc A88?
There was a problem hiding this comment.
The previous logic would incorrectly treat any stream error as Status.OK if a response had already been received. This would have prevented us from ever calling the new onAmbientError callback for these transient failures.
This new implementation ensures that all stream failures are correctly propagated, which then allows XdsClientImpl to decide whether to call onResourceChanged or onAmbientError as defined in gRFC A88.
There was a problem hiding this comment.
(Continuing reply here, previous reply sent from email landed on the main thread.)
The question is whether the definition of a transient error has changed w.r.t. a resource already received on the ADS stream or not. C-core also ignores error statuses when a resource has already been received and this results in watchers getting error notifications only if no resource has been received.
And since the XdsClient restarts the ADS stream upon termination, the next occurrence of the error status will get handled as an error on the restarted stream.
|
Why is it incorrect? A88 does not say it is modifying the A57 ADS stream
error handling behavior after a response is received, A88 only mentions
cases where no response was received on the ADS stream and the stream was
terminated.
…On Mon, Nov 24, 2025 at 11:44 AM MV Shiva ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In xds/src/main/java/io/grpc/xds/client/ControlPlaneClient.java
<#12446 (comment)>:
> @@ -453,44 +453,29 @@ private void handleRpcStreamClosed(Status status) {
stopwatch.reset();
}
- Status newStatus = status;
- if (responseReceived) {
The previous logic would incorrectly treat any stream error as Status.OK
if a response had already been received. This would have prevented us from
ever calling the new onAmbientError callback for these transient failures.
This new implementation ensures that all stream failures are correctly
propagated, which then allows XdsClientImpl to decide whether to call
onResourceChanged or onAmbientError as defined in gRFC A88.
—
Reply to this email directly, view it on GitHub
<#12446 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHB2YHA3EQ6BWCHDQ3P2LMT36KO4VAVCNFSM6AAAAACKKR4ZPSVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZTIOJYGQ3DGNJUGE>
.
You are receiving this because your review was requested.Message ID:
***@***.***>
|
|
The purpose of gRFC A88 is to introduce onAmbientError to notify watchers of transient errors without them having to drop their cached data. If the underlying ControlPlaneClient hides the error and reports Status.OK, then XdsClientImpl would never know a transient failure occurred and would therefore never be able to call onAmbientError on the watchers. This would completely break this new mechanism. |
|
|
||
| ControlPlaneClient activeCpClient = getActiveCpc(subscriber.authority); | ||
| if (cpcToUse != activeCpClient) { | ||
| addCpcToAuthority(subscriber.authority, cpcToUse); // makes it active |
There was a problem hiding this comment.
Add the comment back.
| notifyWatcher(watcher, savedData); | ||
| watcher.onResourceChanged(StatusOr.fromValue(savedData)); | ||
| if (savedError != null) { | ||
| watcher.onAmbientError(savedError); |
There was a problem hiding this comment.
This statement is not tested.
| } | ||
|
|
||
| Status newStatus = status; | ||
| if (responseReceived) { |
There was a problem hiding this comment.
(Continuing reply here, previous reply sent from email landed on the main thread.)
The question is whether the definition of a transient error has changed w.r.t. a resource already received on the ADS stream or not. C-core also ignores error statuses when a resource has already been received and this results in watchers getting error notifications only if no resource has been received.
And since the XdsClient restarts the ADS stream upon termination, the next occurrence of the error status will get handled as an error on the restarted stream.
|
Note: I added a TODO in |
This above code block was the initial fix for the failing fallback test that was mentioned above. The solution is to restructure the logic in the
|
2 participants
Implements https://github.com/grpc/proposal/blob/master/A88-xds-data-error-handling.md#a88-xds-data-error-handling