MCPcopy
hub / github.com/grpc/grpc-go / Test_MTLS_SPIFFE

Method Test_MTLS_SPIFFE

internal/xds/bootstrap/tlscreds/bundle_ext_test.go:361–407  ·  view source on GitHub ↗

Test_MTLS_SPIFFE configures a client and server. The server has a certificate chain that is compatible with the client's configured SPIFFE bundle map. An MTLS connection is attempted between the two and checked for success.

(t *testing.T)

Source from the content-addressed store, hash-verified

359// chain that is compatible with the client's configured SPIFFE bundle map. An
360// MTLS connection is attempted between the two and checked for success.
361func (s) Test_MTLS_SPIFFE(t *testing.T) {
362 testutils.SetEnvConfig(t, &envconfig.XDSSPIFFEEnabled, true)
363 tests := []struct {
364 name string
365 serverOption grpc.ServerOption
366 }{
367 {
368 name: "MTLS SPIFFE",
369 serverOption: grpc.Creds(testutils.CreateServerTLSCredentialsCompatibleWithSPIFFE(t, tls.RequireAndVerifyClientCert)),
370 },
371 {
372 name: "MTLS SPIFFE Chain",
373 serverOption: grpc.Creds(testutils.CreateServerTLSCredentialsCompatibleWithSPIFFEChain(t, tls.RequireAndVerifyClientCert)),
374 },
375 }
376 for _, tc := range tests {
377 t.Run(tc.name, func(t *testing.T) {
378 s := stubserver.StartTestService(t, nil, tc.serverOption)
379 defer s.Stop()
380
381 cfg := fmt.Sprintf(`{
382 "certificate_file": "%s",
383 "private_key_file": "%s",
384 "spiffe_trust_bundle_map_file": "%s"
385}`,
386 testdata.Path("spiffe_end2end/client_spiffe.pem"),
387 testdata.Path("spiffe_end2end/client.key"),
388 testdata.Path("spiffe_end2end/client_spiffebundle.json"))
389 tlsBundle, stop, err := tlscreds.NewBundle([]byte(cfg))
390 if err != nil {
391 t.Fatalf("Failed to create TLS bundle: %v", err)
392 }
393 defer stop()
394 conn, err := grpc.NewClient(s.Address, grpc.WithCredentialsBundle(tlsBundle), grpc.WithAuthority("x.test.example.com"))
395 if err != nil {
396 t.Fatalf("Error dialing: %v", err)
397 }
398 defer conn.Close()
399 client := testgrpc.NewTestServiceClient(conn)
400 ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
401 defer cancel()
402 if _, err = client.EmptyCall(ctx, &testpb.Empty{}); err != nil {
403 t.Errorf("EmptyCall(): got error %v when expected to succeed", err)
404 }
405 })
406 }
407}
408
409// Test_MTLS_SPIFFE_FlagDisabled configures a client and server. The server has
410// a certificate chain that is compatible with the client's configured SPIFFE

Callers

nothing calls this directly

Calls 15

EmptyCallMethod · 0.95
SetEnvConfigFunction · 0.92
CredsFunction · 0.92
StartTestServiceFunction · 0.92
PathFunction · 0.92
NewBundleFunction · 0.92
NewClientFunction · 0.92
WithCredentialsBundleFunction · 0.92
WithAuthorityFunction · 0.92
StopMethod · 0.65

Tested by

no test coverage detected