TestServerSideXDS_FileWatcherCerts is an e2e test which verifies xDS credentials with file watcher certificate provider. The following sequence of events happen as part of this test: - An xDS-enabled gRPC server is created and xDS credentials are configured. - xDS is enabled on the client by the us
(t *testing.T)
| 237 | // client and the server, pointing to the file watcher certificate provider. |
| 238 | // We verify both TLS and mTLS scenarios. |
| 239 | func (s) TestServerSideXDS_FileWatcherCerts(t *testing.T) { |
| 240 | tests := []struct { |
| 241 | name string |
| 242 | secLevel e2e.SecurityLevel |
| 243 | }{ |
| 244 | { |
| 245 | name: "tls", |
| 246 | secLevel: e2e.SecurityLevelTLS, |
| 247 | }, |
| 248 | { |
| 249 | name: "mtls", |
| 250 | secLevel: e2e.SecurityLevelMTLS, |
| 251 | }, |
| 252 | } |
| 253 | for _, test := range tests { |
| 254 | t.Run(test.name, func(t *testing.T) { |
| 255 | managementServer, nodeID, bootstrapContents, xdsResolver := setup.ManagementServerAndResolver(t) |
| 256 | lis, cleanup2 := setupGRPCServer(t, bootstrapContents) |
| 257 | defer cleanup2() |
| 258 | |
| 259 | // Grab the host and port of the server and create client side xDS |
| 260 | // resources corresponding to it. |
| 261 | host, port, err := hostPortFromListener(lis) |
| 262 | if err != nil { |
| 263 | t.Fatalf("failed to retrieve host and port of server: %v", err) |
| 264 | } |
| 265 | |
| 266 | // Create xDS resources to be consumed on the client side. This |
| 267 | // includes the listener, route configuration, cluster (with |
| 268 | // security configuration) and endpoint resources. |
| 269 | serviceName := "my-service-file-watcher-certs-" + test.name |
| 270 | resources := e2e.DefaultClientResources(e2e.ResourceParams{ |
| 271 | DialTarget: serviceName, |
| 272 | NodeID: nodeID, |
| 273 | Host: host, |
| 274 | Port: port, |
| 275 | SecLevel: test.secLevel, |
| 276 | }) |
| 277 | |
| 278 | // Create an inbound xDS listener resource for the server side that |
| 279 | // contains security configuration pointing to the file watcher |
| 280 | // plugin. |
| 281 | inboundLis := e2e.DefaultServerListener(host, port, test.secLevel, "routeName") |
| 282 | resources.Listeners = append(resources.Listeners, inboundLis) |
| 283 | |
| 284 | // Setup the management server with client and server resources. |
| 285 | ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout) |
| 286 | defer cancel() |
| 287 | if err := managementServer.Update(ctx, resources); err != nil { |
| 288 | t.Fatal(err) |
| 289 | } |
| 290 | |
| 291 | // Create client-side xDS credentials with an insecure fallback. |
| 292 | creds, err := xdscreds.NewClientCredentials(xdscreds.ClientOptions{ |
| 293 | FallbackCreds: insecure.NewCredentials(), |
| 294 | }) |
| 295 | if err != nil { |
| 296 | t.Fatal(err) |
nothing calls this directly
no test coverage detected