MCPcopy
hub / github.com/grpc/grpc-go / TestClientSideXDS_AutoHostSNI_LogicalDNS

Method TestClientSideXDS_AutoHostSNI_LogicalDNS

test/xds/xds_client_sni_test.go:771–851  ·  view source on GitHub ↗

Tests that when AutoHostSNI is enabled for a Logical DNS cluster, the SNI is resolved from the DNSHostName in the cluster configuration. It verifies that the TLS handshake succeeds when the DNSHostName matches the server's certificate SAN.

(t *testing.T)

Source from the content-addressed store, hash-verified

769// the TLS handshake succeeds when the DNSHostName matches the server's
770// certificate SAN.
771func (s) TestClientSideXDS_AutoHostSNI_LogicalDNS(t *testing.T) {
772 testutils.SetEnvConfig(t, &envconfig.XDSSNIEnabled, true)
773
774 // Spin up an xDS management server.
775 mgmtServer, nodeID, _, xdsResolver := setup.ManagementServerAndResolver(t)
776
777 // Create test backend
778 serverCreds := testutils.CreateServerTLSCredentials(t, tls.RequireAndVerifyClientCert)
779 server := stubserver.StartTestService(t, nil, grpc.Creds(serverCreds))
780 defer server.Stop()
781
782 // Replace DNS resolver with a manual resolver.
783 dnsR := manual.NewBuilderWithScheme("dns")
784 originalDNS := resolver.Get("dns")
785 resolver.Register(dnsR)
786 t.Cleanup(func() { resolver.Register(originalDNS) })
787
788 dnsR.UpdateState(resolver.State{Endpoints: []resolver.Endpoint{{Addresses: []resolver.Address{{Addr: server.Address}}}}})
789
790 // Configure client side xDS resources on the management server.
791 const serviceName = "my-service-client-side-xds"
792 const routeConfigName = "route-" + serviceName
793 const clusterName = "cluster-" + serviceName
794
795 listeners := []*v3listenerpb.Listener{e2e.DefaultClientListener(serviceName, routeConfigName)}
796 routes := []*v3routepb.RouteConfiguration{e2e.DefaultRouteConfig(routeConfigName, serviceName, clusterName)}
797
798 // Cluster of Type LogicalDNS. with DNSHostName set to match the server's cert
799 // SAN.
800 cluster := e2e.ClusterResourceWithOptions(e2e.ClusterOptions{
801 Type: e2e.ClusterTypeLogicalDNS,
802 ClusterName: clusterName,
803 DNSHostName: validSNI,
804 DNSPort: uint32(testutils.ParsePort(t, server.Address)),
805 SecurityLevel: e2e.SecurityLevelMTLS,
806 })
807 cluster.TransportSocket.ConfigType.(*v3corepb.TransportSocket_TypedConfig).TypedConfig = testutils.MarshalAny(t, &v3tlspb.UpstreamTlsContext{
808 AutoHostSni: true,
809 AutoSniSanValidation: true,
810 CommonTlsContext: &v3tlspb.CommonTlsContext{
811 ValidationContextType: &v3tlspb.CommonTlsContext_ValidationContextCertificateProviderInstance{
812 ValidationContextCertificateProviderInstance: &v3tlspb.CommonTlsContext_CertificateProviderInstance{
813 InstanceName: e2e.ClientSideCertProviderInstance,
814 },
815 },
816 TlsCertificateCertificateProviderInstance: &v3tlspb.CommonTlsContext_CertificateProviderInstance{
817 InstanceName: e2e.ClientSideCertProviderInstance,
818 },
819 },
820 })
821
822 resources := e2e.UpdateOptions{
823 NodeID: nodeID,
824 Listeners: listeners,
825 Routes: routes,
826 Clusters: []*v3clusterpb.Cluster{cluster},
827 }
828

Callers

nothing calls this directly

Calls 15

EmptyCallMethod · 0.95
SetEnvConfigFunction · 0.92
StartTestServiceFunction · 0.92
CredsFunction · 0.92
NewBuilderWithSchemeFunction · 0.92
GetFunction · 0.92
RegisterFunction · 0.92
DefaultClientListenerFunction · 0.92
DefaultRouteConfigFunction · 0.92

Tested by

no test coverage detected