MCPcopy
hub / github.com/grpc/grpc-go / TestControlChannelCredsFailure

Method TestControlChannelCredsFailure

balancer/rls/control_channel_test.go:391–444  ·  view source on GitHub ↗

TestControlChannelCredsFailure tests creation of the control channel with different credentials, which are expected to fail.

(t *testing.T)

Source from the content-addressed store, hash-verified

389// TestControlChannelCredsFailure tests creation of the control channel with
390// different credentials, which are expected to fail.
391func (s) TestControlChannelCredsFailure(t *testing.T) {
392 serverCreds := makeTLSCreds(t, "x509/server1_cert.pem", "x509/server1_key.pem", "x509/client_ca_cert.pem")
393 clientCreds := makeTLSCreds(t, "x509/client1_cert.pem", "x509/client1_key.pem", "x509/server_ca_cert.pem")
394
395 tests := []struct {
396 name string
397 sopts []grpc.ServerOption
398 bopts balancer.BuildOptions
399 wantCode codes.Code
400 wantErrRegex *regexp.Regexp
401 }{
402 {
403 name: "transport creds authority mismatch",
404 sopts: []grpc.ServerOption{grpc.Creds(serverCreds)},
405 bopts: balancer.BuildOptions{
406 DialCreds: clientCreds,
407 Authority: "authority-mismatch",
408 },
409 wantCode: codes.Unavailable,
410 wantErrRegex: regexp.MustCompile(`transport: authentication handshake failed: .* \*\.test\.example\.com.*authority-mismatch`),
411 },
412 {
413 name: "transport creds handshake failure",
414 sopts: nil, // server expects insecure connection
415 bopts: balancer.BuildOptions{
416 DialCreds: clientCreds,
417 Authority: "x.test.example.com",
418 },
419 wantCode: codes.Unavailable,
420 wantErrRegex: regexp.MustCompile("transport: authentication handshake failed: .*"),
421 },
422 {
423 name: "call creds mismatch",
424 sopts: []grpc.ServerOption{
425 grpc.Creds(serverCreds),
426 grpc.UnaryInterceptor(callCredsValidatingServerInterceptor), // server expects call creds
427 },
428 bopts: balancer.BuildOptions{
429 CredsBundle: &testCredsBundle{
430 transportCreds: clientCreds,
431 callCreds: &testPerRPCCredentials{}, // sends no call creds
432 },
433 Authority: "x.test.example.com",
434 },
435 wantCode: codes.PermissionDenied,
436 wantErrRegex: regexp.MustCompile("didn't find call creds"),
437 },
438 }
439 for _, test := range tests {
440 t.Run(test.name, func(t *testing.T) {
441 testControlChannelCredsFailure(t, test.sopts, test.bopts, test.wantCode, test.wantErrRegex)
442 })
443 }
444}
445
446type unsupportedCredsBundle struct {
447 credentials.Bundle

Callers

nothing calls this directly

Calls 4

CredsFunction · 0.92
UnaryInterceptorFunction · 0.92
makeTLSCredsFunction · 0.70

Tested by

no test coverage detected