(t *testing.T)
| 650 | } |
| 651 | |
| 652 | func (s) TestFileWatcher_RecoversFromReloadFailure(t *testing.T) { |
| 653 | valid1 := authzTests["DeniesRPCMatchInDenyAndAllow"] |
| 654 | file := createTmpPolicyFile(t, "recovers_from_reload_failure", []byte(valid1.authzPolicy)) |
| 655 | i, _ := authz.NewFileWatcher(file, 100*time.Millisecond) |
| 656 | defer i.Close() |
| 657 | |
| 658 | stub := &stubserver.StubServer{ |
| 659 | UnaryCallF: func(context.Context, *testpb.SimpleRequest) (*testpb.SimpleResponse, error) { |
| 660 | return &testpb.SimpleResponse{}, nil |
| 661 | }, |
| 662 | S: grpc.NewServer(grpc.ChainUnaryInterceptor(i.UnaryInterceptor)), |
| 663 | } |
| 664 | stubserver.StartTestService(t, stub) |
| 665 | defer stub.Stop() |
| 666 | |
| 667 | // Establish a connection to the server. |
| 668 | cc, err := grpc.NewClient(stub.Address, grpc.WithTransportCredentials(insecure.NewCredentials())) |
| 669 | if err != nil { |
| 670 | t.Fatalf("grpc.NewClient(%v) failed: %v", stub.Address, err) |
| 671 | } |
| 672 | defer cc.Close() |
| 673 | client := testgrpc.NewTestServiceClient(cc) |
| 674 | |
| 675 | ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) |
| 676 | defer cancel() |
| 677 | |
| 678 | // Verifying authorization decision. |
| 679 | _, err = client.UnaryCall(ctx, &testpb.SimpleRequest{}) |
| 680 | if got := status.Convert(err); got.Code() != valid1.wantStatus.Code() || got.Message() != valid1.wantStatus.Message() { |
| 681 | t.Fatalf("client.UnaryCall(_, _) = %v; want = %v", got.Err(), valid1.wantStatus.Err()) |
| 682 | } |
| 683 | |
| 684 | // Skips the invalid policy update, and continues to use the valid policy. |
| 685 | if err := os.WriteFile(file, []byte("{}"), os.ModePerm); err != nil { |
| 686 | t.Fatalf("os.WriteFile(%q) failed: %v", file, err) |
| 687 | } |
| 688 | |
| 689 | // Wait 120 ms for background go routine to read updated files. |
| 690 | time.Sleep(120 * time.Millisecond) |
| 691 | |
| 692 | // Verifying authorization decision. |
| 693 | _, err = client.UnaryCall(ctx, &testpb.SimpleRequest{}) |
| 694 | if got := status.Convert(err); got.Code() != valid1.wantStatus.Code() || got.Message() != valid1.wantStatus.Message() { |
| 695 | t.Fatalf("client.UnaryCall(_, _) = %v; want = %v", got.Err(), valid1.wantStatus.Err()) |
| 696 | } |
| 697 | |
| 698 | // Rewrite the file with a different valid authorization policy. |
| 699 | valid2 := authzTests["AllowsRPCEmptyDenyMatchInAllow"] |
| 700 | if err := os.WriteFile(file, []byte(valid2.authzPolicy), os.ModePerm); err != nil { |
| 701 | t.Fatalf("os.WriteFile(%q) failed: %v", file, err) |
| 702 | } |
| 703 | |
| 704 | // Verifying authorization decision. |
| 705 | if got := retryUntil(ctx, client, valid2.wantStatus); got != nil { |
| 706 | t.Fatalf("client.UnaryCall(_, _) = %v; want = %v", got, valid2.wantStatus.Err()) |
| 707 | } |
| 708 | } |
nothing calls this directly
no test coverage detected