MCPcopy
hub / github.com/grpc/grpc-go / TestClientSideXDS_AutoHostSNI

Method TestClientSideXDS_AutoHostSNI

test/xds/xds_client_sni_test.go:200–297  ·  view source on GitHub ↗

Tests that when AutoHostSNI is enabled, the endpoint's hostname is used for the ServerName even though SNI is specified. It verifies that the TLS handshake and subsequent RPC succeed because the resolved SNI i.e. the hostname matches the server's certificate SAN.

(t *testing.T)

Source from the content-addressed store, hash-verified

198// handshake and subsequent RPC succeed because the resolved SNI i.e. the
199// hostname matches the server's certificate SAN.
200func (s) TestClientSideXDS_AutoHostSNI(t *testing.T) {
201 testutils.SetEnvConfig(t, &envconfig.XDSSNIEnabled, true)
202
203 // Spin up an xDS management server.
204 mgmtServer, nodeID, _, xdsResolver := setup.ManagementServerAndResolver(t)
205
206 // Create test backend
207 serverCreds := testutils.CreateServerTLSCredentials(t, tls.RequireAndVerifyClientCert)
208 server := stubserver.StartTestService(t, nil, grpc.Creds(serverCreds))
209 defer server.Stop()
210
211 // Configure client side xDS resources on the management server.
212 const serviceName = "my-service-client-side-xds"
213 const routeConfigName = "route-" + serviceName
214 const clusterName = "cluster-" + serviceName
215 const endpointName = "endpoint-" + serviceName
216
217 listeners := []*v3listenerpb.Listener{e2e.DefaultClientListener(serviceName, routeConfigName)}
218 routes := []*v3routepb.RouteConfiguration{e2e.DefaultRouteConfig(routeConfigName, serviceName, clusterName)}
219
220 // Configure the cluster with AutoHostSni and AutoSniSanValidation set to
221 // true with a invalid SNI.
222 cluster := e2e.DefaultCluster(clusterName, endpointName, e2e.SecurityLevelMTLS)
223 cluster.TransportSocket = &v3corepb.TransportSocket{
224 Name: "envoy.transport_sockets.tls",
225 ConfigType: &v3corepb.TransportSocket_TypedConfig{
226 TypedConfig: testutils.MarshalAny(t, &v3tlspb.UpstreamTlsContext{
227 AutoHostSni: true,
228 AutoSniSanValidation: true,
229 Sni: "wrong.sni.domain",
230 CommonTlsContext: &v3tlspb.CommonTlsContext{
231 ValidationContextType: &v3tlspb.CommonTlsContext_ValidationContextCertificateProviderInstance{
232 ValidationContextCertificateProviderInstance: &v3tlspb.CommonTlsContext_CertificateProviderInstance{
233 InstanceName: e2e.ClientSideCertProviderInstance,
234 CertificateName: "root",
235 },
236 },
237 TlsCertificateCertificateProviderInstance: &v3tlspb.CommonTlsContext_CertificateProviderInstance{
238 InstanceName: e2e.ClientSideCertProviderInstance,
239 CertificateName: "identity",
240 },
241 },
242 }),
243 },
244 }
245
246 // Endpoints configuring Hostname to the defaultTestCertSAN to verify
247 // AutoHostSni usage.
248 endpoints := []*v3endpointpb.ClusterLoadAssignment{
249 e2e.EndpointResourceWithOptions(e2e.EndpointOptions{
250 ClusterName: endpointName,
251 Host: "localhost",
252 Localities: []e2e.LocalityOptions{{
253 Weight: 1,
254 Backends: []e2e.BackendOptions{{
255 Ports: []uint32{testutils.ParsePort(t, server.Address)},
256 Hostname: validSNI,
257 }},

Callers

nothing calls this directly

Calls 15

EmptyCallMethod · 0.95
SetEnvConfigFunction · 0.92
StartTestServiceFunction · 0.92
CredsFunction · 0.92
DefaultClientListenerFunction · 0.92
DefaultRouteConfigFunction · 0.92
DefaultClusterFunction · 0.92
MarshalAnyFunction · 0.92
ParsePortFunction · 0.92

Tested by

no test coverage detected