config_load_check_tool should validate file-based dynamic resources (CDS, LDS, RDS)

[hnimtadd]

Title: Support file-base dynamic resource validation inside the config_load_check_tool

Description:

The config_load_check_tool currently only validates the bootstrap configuration and checks that file paths exist for dynamic resources, but does not validate the actual content of file-based dynamic resource configurations (CDS, LDS, RDS). This leaves a gap in configuration validation where invalid dynamic resources can only be caught at runtime.

Current Behavior

When validating a bootstrap configuration with file-based dynamic resources:

dynamic_resources:
  cds_config:
    resource_api_version: V3
    path_config_source:
      path: /etc/envoy/cluster.yaml
  lds_config:
    resource_api_version: V3
    path_config_source:
      path: /etc/envoy/listener.yaml

This tool will:

• Validate the bootstrap configuration structure
• Check that /etc/envoy/cluster.yaml and /etc/envoy/listener.yaml exist
• NOT validate the content of these files
• NOT validate RDS configurations referenced by listeners
  This means configuration errors in dynamic resource files are only discovered when Envoy starts and attempts to load them.

Expected Behavior:

The config_load_check_tool should:

• Load and validate file-based CDS configurations
• Load and validate file-based LDS configurations
• Extract RDS references from listeners and validate those files

Would you prefer this as an enhancement to the existing tool or a separate validation mode?

[agrawroh]

cc @markdroth Thoughts on this? I think it does make sense to have it as part of the same tool but maybe a different mode.

[yanavlasov]

The validation mode can be enhanced to support the use case that you need. However it is a fairly significant effort.