adding server_feature in bootstrap config

Author: Pranjali-2501

internal/xds/bootstrap/bootstrap.go

@@ -44,6 +44,7 @@ import (
 
 const (
 	serverFeaturesIgnoreResourceDeletion = "ignore_resource_deletion"
+	serverFeatureTrustedXDSServer        = "trusted_xds_server"
 	gRPCUserAgentName                    = "gRPC Go"
 	clientFeatureNoOverprovisioning      = "envoy.lb.does_not_support_overprovisioning"
 	clientFeatureResourceWrapper         = "xds.config.resource-in-sotw"
@@ -256,6 +257,18 @@ func (sc *ServerConfig) ServerFeaturesIgnoreResourceDeletion() bool {
 	return false
 }
 
+// ServerFeaturesTrustedXDSServer returns true if this server is trusted,
+// and gRPC should accept security-config-affecting fields from the server
+// as described in gRFC A81.
+func (sc *ServerConfig) ServerFeaturesTrustedXDSServer() bool {
+	for _, sf := range sc.serverFeatures {
+		if sf == serverFeatureTrustedXDSServer {
+			return true
+		}
+	}
+	return false
+}
+
 // SelectedChannelCreds returns the selected credentials configuration for
 // communicating with this server.
 func (sc *ServerConfig) SelectedChannelCreds() ChannelCreds {

internal/xds/bootstrap/bootstrap_test.go

@@ -267,6 +267,22 @@ var (
 				"server_features" : ["xds_v3"]
 			}]
 		}`,
+		"serverSupportsTrustedXDSServer": `
+		{
+			"node": {
+				"id": "ENVOY_NODE_ID",
+				"metadata": {
+				    "TRAFFICDIRECTOR_GRPC_HOSTNAME": "trafficdirector"
+			    }
+			},
+			"xds_servers" : [{
+				"server_uri": "trafficdirector.googleapis.com:443",
+				"channel_creds": [
+					{ "type": "google_default" }
+				],
+				"server_features" : ["trusted_xds_server", "xds_v3"]
+			}]
+		}`,
 	}
 	metadata = &structpb.Struct{
 		Fields: map[string]*structpb.Value{
@@ -338,6 +354,16 @@ var (
 		node: v3Node,
 		clientDefaultListenerResourceNameTemplate: "%s",
 	}
+	configWithGoogleDefaultCredsAndTrustedXDSServer = &Config{
+		xDSServers: []*ServerConfig{{
+			serverURI:      	  "trafficdirector.googleapis.com:443",
+			channelCreds:   	  []ChannelCreds{{Type: "google_default"}},
+			serverFeatures: 	  []string{"trusted_xds_server", "xds_v3"},
+			selectedChannelCreds: ChannelCreds{Type: "google_default"},
+		}},
+		node: v3Node,
+		clientDefaultListenerResourceNameTemplate: "%s",
+	}
 	configWithGoogleDefaultCredsAndNoServerFeatures = &Config{
 		xDSServers: []*ServerConfig{{
 			serverURI:            "trafficdirector.googleapis.com:443",
@@ -539,6 +565,7 @@ func (s) TestGetConfiguration_Success(t *testing.T) {
 		{"goodBootstrap", configWithGoogleDefaultCredsAndV3},
 		{"multipleXDSServers", configWithMultipleServers},
 		{"serverSupportsIgnoreResourceDeletion", configWithGoogleDefaultCredsAndIgnoreResourceDeletion},
+		{"serverSupportsTrustedXDSServer", configWithGoogleDefaultCredsAndTrustedXDSServer},
 		{"istioStyleInsecureWithoutCallCreds", configWithIstioStyleNoCallCreds},
 	}