Add pipe address support for xDS endpoints

[jrhee17]

Subset of #6700

Motivation

Envoy's xDS API allows cluster endpoints to be addressed either via socket_address (host:port) or pipe (Unix domain socket path). XdsEndpointUtil previously called getSocketAddress() unconditionally, so any xDS configuration with a pipe: address — whether for a backend cluster or for the control plane itself (e.g. Istio's SDS server) — would silently return an empty address or produce a confusing error.

Modifications

convertToEndpoint now checks address.hasPipe() before falling through to getSocketAddress(). Pipe endpoints are converted to DomainSocketAddress and returned as a proper Endpoint with all the usual xDS attributes. strictDnsEndpointGroup raises UnsupportedOperationException early if a STRICT_DNS cluster endpoint uses a pipe address, since DNS resolution over a Unix socket is not meaningful.
at secrets are fetched and mTLS to the backend succeeds end-to-end.

Result

• address.pipe is now supported

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds support for domain socket (pipe) endpoints in xDS client endpoint conversion with a runtime guard rejecting pipes for STRICT_DNS clusters. Introduces comprehensive integration tests validating pipe routing, error handling, and mTLS communication over domain sockets.

Changes

Cohort / File(s)	Summary
Integration Test Suite it/xds-client/src/test/java/com/linecorp/armeria/xds/it/PipeEndpointTest.java	New test class validating pipe endpoint functionality across three scenarios: success-path routing via pipe address, failure-path verification that STRICT_DNS clusters reject pipes with UnsupportedOperationException, and mTLS communication over domain sockets with SDS secret delivery.
Endpoint Conversion Logic xds/src/main/java/com/linecorp/armeria/xds/client/endpoint/XdsEndpointUtil.java	Enhanced to read core.v3.Address from LbEndpoint and handle pipe addresses: adds STRICT_DNS guard rejecting pipes, converts pipe paths to DomainSocketAddress endpoints while preserving endpoint attributes and weights, maintains existing hostname/IP behavior for non-pipe addresses.

Sequence Diagram(s)

sequenceDiagram
    participant Client as HTTP Client
    participant Preprocessor as XdsHttpPreprocessor
    participant Converter as XdsEndpointUtil
    participant XDS as xDS Control Plane
    participant Backend as Backend Server<br/>(Domain Socket)

    Client->>Preprocessor: GET /hello (with xDS config)
    Preprocessor->>XDS: Query listener/cluster config
    XDS-->>Preprocessor: Return cluster with pipe endpoint
    Preprocessor->>Converter: Convert Envoy endpoint
    alt Pipe Address Detected
        Converter->>Converter: Extract pipe path
        Converter->>Converter: Create DomainSocketAddress
        Converter-->>Preprocessor: Return pipe endpoint with attributes
    else Non-Pipe Address
        Converter->>Converter: Extract SocketAddress
        Converter-->>Preprocessor: Return standard endpoint
    end
    Preprocessor->>Backend: Route request via domain socket
    Backend-->>Preprocessor: HTTP 200 (body: "world")
    Preprocessor-->>Client: HTTP 200 (body: "world")

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A pipe endpoint hops through the sockets so fast,
No TCP tricks, domain domains will last!
Strict DNS says "nay!" with a guard standing tall,
While mTLS whispers flow through it all. ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Add pipe address support for xDS endpoints' clearly and specifically describes the main feature added by the pull request.
Description check	✅ Passed	The pull request description clearly explains the motivation (pipe address support in Envoy's xDS API), modifications made to XdsEndpointUtil, and the expected result.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 41.17647% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 73.95%. Comparing base (8150425) to head (427b9fe).
⚠️ Report is 423 commits behind head on main.

Files with missing lines	Patch %	Lines
...p/armeria/xds/client/endpoint/XdsEndpointUtil.java	41.17%	8 Missing and 2 partials ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #6708      +/-   ##
============================================
- Coverage     74.46%   73.95%   -0.52%     
- Complexity    22234    24044    +1810     
============================================
  Files          1963     2171     +208     
  Lines         82437    90245    +7808     
  Branches      10764    11836    +1072     
============================================
+ Hits          61385    66737    +5352     
- Misses        15918    17905    +1987     
- Partials       5134     5603     +469     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🔍 Build Scan® (commit: 427b9fe)

Job name	Status	Build Scan®
build-ubicloud-standard-16-jdk-8	✅	https://ge.armeria.dev/s/yxmcq55k65xy2
build-ubicloud-standard-16-jdk-25	✅	https://ge.armeria.dev/s/crgedczv2dd5u
build-ubicloud-standard-16-jdk-21-snapshot-blockhound	✅	https://ge.armeria.dev/s/uxbbjdc24j7cg

[minwoox]

👍 👍 👍

[jrhee17]

Gentle ping in case this PR was forgotten @ikhoon 🙇

[ikhoon]

Sorry for the late review. I thought I reviewed this PR. 😅