(t *testing.T)
| 602 | } |
| 603 | |
| 604 | func (s) TestFileWatcher_InvalidPolicySkipReload(t *testing.T) { |
| 605 | valid := authzTests["DeniesRPCMatchInDenyAndAllow"] |
| 606 | file := createTmpPolicyFile(t, "invalid_policy_skip_reload", []byte(valid.authzPolicy)) |
| 607 | i, _ := authz.NewFileWatcher(file, 20*time.Millisecond) |
| 608 | defer i.Close() |
| 609 | |
| 610 | stub := &stubserver.StubServer{ |
| 611 | UnaryCallF: func(context.Context, *testpb.SimpleRequest) (*testpb.SimpleResponse, error) { |
| 612 | return &testpb.SimpleResponse{}, nil |
| 613 | }, |
| 614 | // Start a gRPC server with gRPC authz unary server interceptors. |
| 615 | S: grpc.NewServer(grpc.ChainUnaryInterceptor(i.UnaryInterceptor)), |
| 616 | } |
| 617 | stubserver.StartTestService(t, stub) |
| 618 | defer stub.Stop() |
| 619 | |
| 620 | // Establish a connection to the server. |
| 621 | cc, err := grpc.NewClient(stub.Address, grpc.WithTransportCredentials(insecure.NewCredentials())) |
| 622 | if err != nil { |
| 623 | t.Fatalf("grpc.NewClient(%v) failed: %v", stub.Address, err) |
| 624 | } |
| 625 | defer cc.Close() |
| 626 | client := testgrpc.NewTestServiceClient(cc) |
| 627 | |
| 628 | ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) |
| 629 | defer cancel() |
| 630 | |
| 631 | // Verifying authorization decision. |
| 632 | _, err = client.UnaryCall(ctx, &testpb.SimpleRequest{}) |
| 633 | if got := status.Convert(err); got.Code() != valid.wantStatus.Code() || got.Message() != valid.wantStatus.Message() { |
| 634 | t.Fatalf("client.UnaryCall(_, _) = %v; want = %v", got.Err(), valid.wantStatus.Err()) |
| 635 | } |
| 636 | |
| 637 | // Skips the invalid policy update, and continues to use the valid policy. |
| 638 | if err := os.WriteFile(file, []byte("{}"), os.ModePerm); err != nil { |
| 639 | t.Fatalf("os.WriteFile(%q) failed: %v", file, err) |
| 640 | } |
| 641 | |
| 642 | // Wait 40 ms for background go routine to read updated files. |
| 643 | time.Sleep(40 * time.Millisecond) |
| 644 | |
| 645 | // Verifying authorization decision. |
| 646 | _, err = client.UnaryCall(ctx, &testpb.SimpleRequest{}) |
| 647 | if got := status.Convert(err); got.Code() != valid.wantStatus.Code() || got.Message() != valid.wantStatus.Message() { |
| 648 | t.Fatalf("client.UnaryCall(_, _) = %v; want = %v", got.Err(), valid.wantStatus.Err()) |
| 649 | } |
| 650 | } |
| 651 | |
| 652 | func (s) TestFileWatcher_RecoversFromReloadFailure(t *testing.T) { |
| 653 | valid1 := authzTests["DeniesRPCMatchInDenyAndAllow"] |
nothing calls this directly
no test coverage detected