TestControlChannelCredsFailure tests creation of the control channel with different credentials, which are expected to fail.
(t *testing.T)
| 389 | // TestControlChannelCredsFailure tests creation of the control channel with |
| 390 | // different credentials, which are expected to fail. |
| 391 | func (s) TestControlChannelCredsFailure(t *testing.T) { |
| 392 | serverCreds := makeTLSCreds(t, "x509/server1_cert.pem", "x509/server1_key.pem", "x509/client_ca_cert.pem") |
| 393 | clientCreds := makeTLSCreds(t, "x509/client1_cert.pem", "x509/client1_key.pem", "x509/server_ca_cert.pem") |
| 394 | |
| 395 | tests := []struct { |
| 396 | name string |
| 397 | sopts []grpc.ServerOption |
| 398 | bopts balancer.BuildOptions |
| 399 | wantCode codes.Code |
| 400 | wantErrRegex *regexp.Regexp |
| 401 | }{ |
| 402 | { |
| 403 | name: "transport creds authority mismatch", |
| 404 | sopts: []grpc.ServerOption{grpc.Creds(serverCreds)}, |
| 405 | bopts: balancer.BuildOptions{ |
| 406 | DialCreds: clientCreds, |
| 407 | Authority: "authority-mismatch", |
| 408 | }, |
| 409 | wantCode: codes.Unavailable, |
| 410 | wantErrRegex: regexp.MustCompile(`transport: authentication handshake failed: .* \*\.test\.example\.com.*authority-mismatch`), |
| 411 | }, |
| 412 | { |
| 413 | name: "transport creds handshake failure", |
| 414 | sopts: nil, // server expects insecure connection |
| 415 | bopts: balancer.BuildOptions{ |
| 416 | DialCreds: clientCreds, |
| 417 | Authority: "x.test.example.com", |
| 418 | }, |
| 419 | wantCode: codes.Unavailable, |
| 420 | wantErrRegex: regexp.MustCompile("transport: authentication handshake failed: .*"), |
| 421 | }, |
| 422 | { |
| 423 | name: "call creds mismatch", |
| 424 | sopts: []grpc.ServerOption{ |
| 425 | grpc.Creds(serverCreds), |
| 426 | grpc.UnaryInterceptor(callCredsValidatingServerInterceptor), // server expects call creds |
| 427 | }, |
| 428 | bopts: balancer.BuildOptions{ |
| 429 | CredsBundle: &testCredsBundle{ |
| 430 | transportCreds: clientCreds, |
| 431 | callCreds: &testPerRPCCredentials{}, // sends no call creds |
| 432 | }, |
| 433 | Authority: "x.test.example.com", |
| 434 | }, |
| 435 | wantCode: codes.PermissionDenied, |
| 436 | wantErrRegex: regexp.MustCompile("didn't find call creds"), |
| 437 | }, |
| 438 | } |
| 439 | for _, test := range tests { |
| 440 | t.Run(test.name, func(t *testing.T) { |
| 441 | testControlChannelCredsFailure(t, test.sopts, test.bopts, test.wantCode, test.wantErrRegex) |
| 442 | }) |
| 443 | } |
| 444 | } |
| 445 | |
| 446 | type unsupportedCredsBundle struct { |
| 447 | credentials.Bundle |
nothing calls this directly
no test coverage detected