TestServerSideXDS_Fallback is an e2e test which verifies xDS credentials fallback functionality. The following sequence of events happen as part of this test: - An xDS-enabled gRPC server is created and xDS credentials are configured. - xDS is enabled on the client by the use of the xds:/// scheme,
(t *testing.T)
| 171 | // the client and the server. This results in both of them using the |
| 172 | // configured fallback credentials (which is insecure creds in this case). |
| 173 | func (s) TestServerSideXDS_Fallback(t *testing.T) { |
| 174 | managementServer, nodeID, bootstrapContents, xdsResolver := setup.ManagementServerAndResolver(t) |
| 175 | |
| 176 | lis, cleanup2 := setupGRPCServer(t, bootstrapContents) |
| 177 | defer cleanup2() |
| 178 | |
| 179 | // Grab the host and port of the server and create client side xDS resources |
| 180 | // corresponding to it. This contains default resources with no security |
| 181 | // configuration in the Cluster resources. |
| 182 | host, port, err := hostPortFromListener(lis) |
| 183 | if err != nil { |
| 184 | t.Fatalf("failed to retrieve host and port of server: %v", err) |
| 185 | } |
| 186 | const serviceName = "my-service-fallback" |
| 187 | resources := e2e.DefaultClientResources(e2e.ResourceParams{ |
| 188 | DialTarget: serviceName, |
| 189 | NodeID: nodeID, |
| 190 | Host: host, |
| 191 | Port: port, |
| 192 | SecLevel: e2e.SecurityLevelNone, |
| 193 | }) |
| 194 | |
| 195 | // Create an inbound xDS listener resource for the server side that does not |
| 196 | // contain any security configuration. This should force the server-side |
| 197 | // xdsCredentials to use fallback. |
| 198 | inboundLis := e2e.DefaultServerListener(host, port, e2e.SecurityLevelNone, "routeName") |
| 199 | resources.Listeners = append(resources.Listeners, inboundLis) |
| 200 | |
| 201 | // Setup the management server with client and server-side resources. |
| 202 | ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout) |
| 203 | defer cancel() |
| 204 | if err := managementServer.Update(ctx, resources); err != nil { |
| 205 | t.Fatal(err) |
| 206 | } |
| 207 | |
| 208 | // Create client-side xDS credentials with an insecure fallback. |
| 209 | creds, err := xdscreds.NewClientCredentials(xdscreds.ClientOptions{ |
| 210 | FallbackCreds: insecure.NewCredentials(), |
| 211 | }) |
| 212 | if err != nil { |
| 213 | t.Fatal(err) |
| 214 | } |
| 215 | |
| 216 | // Create a ClientConn with the xds scheme and make a successful RPC. |
| 217 | cc, err := grpc.NewClient(fmt.Sprintf("xds:///%s", serviceName), grpc.WithTransportCredentials(creds), grpc.WithResolvers(xdsResolver)) |
| 218 | if err != nil { |
| 219 | t.Fatalf("failed to create a client for server: %v", err) |
| 220 | } |
| 221 | defer cc.Close() |
| 222 | |
| 223 | client := testgrpc.NewTestServiceClient(cc) |
| 224 | if _, err := client.EmptyCall(ctx, &testpb.Empty{}, grpc.WaitForReady(true)); err != nil { |
| 225 | t.Errorf("rpc EmptyCall() failed: %v", err) |
| 226 | } |
| 227 | } |
| 228 | |
| 229 | // TestServerSideXDS_FileWatcherCerts is an e2e test which verifies xDS |
| 230 | // credentials with file watcher certificate provider. |
nothing calls this directly
no test coverage detected