MCPcopy
hub / github.com/grpc/grpc-go / Test_SPIFFE_Reloading

Method Test_SPIFFE_Reloading

internal/xds/bootstrap/tlscreds/bundle_ext_test.go:240–326  ·  view source on GitHub ↗

Test_SPIFFE_Reloading sets up a client and server. The client is configured to use a SPIFFE bundle map, and the server is configured to use TLS creds compatible with this bundle. A handshake is performed and connection is expected to be successful. Then we change the client's SPIFFE Bundle Map file

(t *testing.T)

Source from the content-addressed store, hash-verified

238// is performed and checked for failure, ensuring that gRPC is correctly using
239// the changed-on-disk bundle map.
240func (s) Test_SPIFFE_Reloading(t *testing.T) {
241 testutils.SetEnvConfig(t, &envconfig.XDSSPIFFEEnabled, true)
242 clientSPIFFEBundle, err := os.ReadFile(testdata.Path("spiffe_end2end/client_spiffebundle.json"))
243 if err != nil {
244 t.Fatalf("Failed to read test SPIFFE bundle: %v", err)
245 }
246
247 // Write CA certs to a temporary file so that we can modify it later.
248 spiffePath := t.TempDir() + "/client_spiffe.json"
249 if err = os.WriteFile(spiffePath, clientSPIFFEBundle, 0644); err != nil {
250 t.Fatalf("Failed to write test SPIFFE Bundle %v: %v", clientSPIFFEBundle, err)
251 }
252 cfg := fmt.Sprintf(`{
253 "spiffe_trust_bundle_map_file": "%s",
254 "refresh_interval": ".01s"
255 }`, spiffePath)
256 tlsBundle, stop, err := tlscreds.NewBundle([]byte(cfg))
257 if err != nil {
258 t.Fatalf("Failed to create TLS bundle: %v", err)
259 }
260 defer stop()
261
262 l, err := testutils.LocalTCPListener()
263 if err != nil {
264 t.Fatalf("testutils.LocalTCPListener() failed: %v", err)
265 }
266 lis := testutils.NewRestartableListener(l)
267 defer lis.Close()
268 ss := stubserver.StubServer{
269 Listener: lis,
270 EmptyCallF: func(context.Context, *testpb.Empty) (*testpb.Empty, error) { return &testpb.Empty{}, nil },
271 }
272
273 serverCredentials := grpc.Creds(testutils.CreateServerTLSCredentialsCompatibleWithSPIFFE(t, tls.NoClientCert))
274 server := stubserver.StartTestService(t, &ss, serverCredentials)
275
276 defer server.Stop()
277
278 conn, err := grpc.NewClient(
279 server.Address,
280 grpc.WithCredentialsBundle(tlsBundle),
281 grpc.WithAuthority("x.test.example.com"),
282 )
283 if err != nil {
284 t.Fatalf("grpc.NewClient(%q) failed: %v", server.Address, err)
285 }
286 defer conn.Close()
287
288 ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
289 defer cancel()
290
291 client := testgrpc.NewTestServiceClient(conn)
292 if _, err = client.EmptyCall(ctx, &testpb.Empty{}); err != nil {
293 t.Errorf("Error calling EmptyCall: %v", err)
294 }
295
296 // Setup the wrong bundle to be reloaded
297 wrongBundle, err := os.ReadFile(testdata.Path("spiffe_end2end/server_spiffebundle.json"))

Callers

nothing calls this directly

Calls 15

CloseMethod · 0.95
EmptyCallMethod · 0.95
StopMethod · 0.95
RestartMethod · 0.95
SetEnvConfigFunction · 0.92
PathFunction · 0.92
NewBundleFunction · 0.92
LocalTCPListenerFunction · 0.92
NewRestartableListenerFunction · 0.92
CredsFunction · 0.92
StartTestServiceFunction · 0.92

Tested by

no test coverage detected