mirror of
https://github.com/grpc/grpc-node.git
synced 2025-12-08 18:23:54 +00:00
Add xds credentials tests
This commit is contained in:
Michael Lumish
parent
1ce0143220
commit
d8f4343958
@ -21,6 +21,10 @@ import * as mocha from 'gulp-mocha';
|
||||
import * as path from 'path';
|
||||
import * as execa from 'execa';
|
||||
import * as semver from 'semver';
|
||||
import { ncp } from 'ncp';
|
||||
import { promisify } from 'util';
|
||||
|
||||
const ncpP = promisify(ncp);
|
||||
|
||||
Error.stackTraceLimit = Infinity;
|
||||
|
||||
@ -60,6 +64,10 @@ const cleanAll = gulp.parallel(clean);
|
||||
*/
|
||||
const compile = checkTask(() => execNpmCommand('compile'));
|
||||
|
||||
const copyTestFixtures = checkTask(() =>
|
||||
ncpP(`${jsCoreDir}/test/fixtures`, `${outDir}/test/fixtures`)
|
||||
);
|
||||
|
||||
const runTests = checkTask(() => {
|
||||
process.env.GRPC_EXPERIMENTAL_XDS_FEDERATION = 'true';
|
||||
process.env.GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG = 'true';
|
||||
@ -71,7 +79,7 @@ const runTests = checkTask(() => {
|
||||
require: ['ts-node/register']}));
|
||||
});
|
||||
|
||||
const test = gulp.series(install, runTests);
|
||||
const test = gulp.series(install, copyTestFixtures, runTests);
|
||||
|
||||
export {
|
||||
install,
|
||||
|
||||
@ -41,6 +41,7 @@
|
||||
"@types/yargs": "^15.0.5",
|
||||
"find-free-ports": "^3.1.1",
|
||||
"gts": "^5.0.1",
|
||||
"ncp": "^2.0.0",
|
||||
"typescript": "^5.1.3",
|
||||
"yargs": "^15.4.1"
|
||||
},
|
||||
|
||||
15
packages/grpc-js-xds/test/fixtures/ca.pem
vendored
Normal file
15
packages/grpc-js-xds/test/fixtures/ca.pem
vendored
Normal file
@ -0,0 +1,15 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICSjCCAbOgAwIBAgIJAJHGGR4dGioHMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
|
||||
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
|
||||
aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnRlc3RjYTAeFw0xNDExMTEyMjMxMjla
|
||||
Fw0yNDExMDgyMjMxMjlaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
|
||||
YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMT
|
||||
BnRlc3RjYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwEDfBV5MYdlHVHJ7
|
||||
+L4nxrZy7mBfAVXpOc5vMYztssUI7mL2/iYujiIXM+weZYNTEpLdjyJdu7R5gGUu
|
||||
g1jSVK/EPHfc74O7AyZU34PNIP4Sh33N+/A5YexrNgJlPY+E3GdVYi4ldWJjgkAd
|
||||
Qah2PH5ACLrIIC6tRka9hcaBlIECAwEAAaMgMB4wDAYDVR0TBAUwAwEB/zAOBgNV
|
||||
HQ8BAf8EBAMCAgQwDQYJKoZIhvcNAQELBQADgYEAHzC7jdYlzAVmddi/gdAeKPau
|
||||
sPBG/C2HCWqHzpCUHcKuvMzDVkY/MP2o6JIW2DBbY64bO/FceExhjcykgaYtCH/m
|
||||
oIU63+CFOTtR7otyQAWHqXa7q4SbCDlG7DyRFxqG0txPtGvy12lgldA2+RgcigQG
|
||||
Dfcog5wrJytaQ6UA0wE=
|
||||
-----END CERTIFICATE-----
|
||||
16
packages/grpc-js-xds/test/fixtures/server1.key
vendored
Normal file
16
packages/grpc-js-xds/test/fixtures/server1.key
vendored
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAOHDFScoLCVJpYDD
|
||||
M4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1BgzkWF+slf
|
||||
3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd9N8YwbBY
|
||||
AckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAECgYAn7qGnM2vbjJNBm0VZCkOkTIWm
|
||||
V10okw7EPJrdL2mkre9NasghNXbE1y5zDshx5Nt3KsazKOxTT8d0Jwh/3KbaN+YY
|
||||
tTCbKGW0pXDRBhwUHRcuRzScjli8Rih5UOCiZkhefUTcRb6xIhZJuQy71tjaSy0p
|
||||
dHZRmYyBYO2YEQ8xoQJBAPrJPhMBkzmEYFtyIEqAxQ/o/A6E+E4w8i+KM7nQCK7q
|
||||
K4JXzyXVAjLfyBZWHGM2uro/fjqPggGD6QH1qXCkI4MCQQDmdKeb2TrKRh5BY1LR
|
||||
81aJGKcJ2XbcDu6wMZK4oqWbTX2KiYn9GB0woM6nSr/Y6iy1u145YzYxEV/iMwff
|
||||
DJULAkB8B2MnyzOg0pNFJqBJuH29bKCcHa8gHJzqXhNO5lAlEbMK95p/P2Wi+4Hd
|
||||
aiEIAF1BF326QJcvYKmwSmrORp85AkAlSNxRJ50OWrfMZnBgzVjDx3xG6KsFQVk2
|
||||
ol6VhqL6dFgKUORFUWBvnKSyhjJxurlPEahV6oo6+A+mPhFY8eUvAkAZQyTdupP3
|
||||
XEFQKctGz+9+gKkemDp7LBBMEMBXrGTLPhpEfcjv/7KPdnFHYmhYeBTBnuVmTVWe
|
||||
F98XJ7tIFfJq
|
||||
-----END PRIVATE KEY-----
|
||||
16
packages/grpc-js-xds/test/fixtures/server1.pem
vendored
Normal file
16
packages/grpc-js-xds/test/fixtures/server1.pem
vendored
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICnDCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJBVTET
|
||||
MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ
|
||||
dHkgTHRkMQ8wDQYDVQQDEwZ0ZXN0Y2EwHhcNMTUxMTA0MDIyMDI0WhcNMjUxMTAx
|
||||
MDIyMDI0WjBlMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNV
|
||||
BAcTB0NoaWNhZ28xFTATBgNVBAoTDEV4YW1wbGUsIENvLjEaMBgGA1UEAxQRKi50
|
||||
ZXN0Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHDFSco
|
||||
LCVJpYDDM4HYtIdV6Ake/sMNaaKdODjDMsux/4tDydlumN+fm+AjPEK5GHhGn1Bg
|
||||
zkWF+slf3BxhrA/8dNsnunstVA7ZBgA/5qQxMfGAq4wHNVX77fBZOgp9VlSMVfyd
|
||||
9N8YwbBYAckOeUQadTi2X1S6OgJXgQ0m3MWhAgMBAAGjazBpMAkGA1UdEwQCMAAw
|
||||
CwYDVR0PBAQDAgXgME8GA1UdEQRIMEaCECoudGVzdC5nb29nbGUuZnKCGHdhdGVy
|
||||
em9vaS50ZXN0Lmdvb2dsZS5iZYISKi50ZXN0LnlvdXR1YmUuY29thwTAqAEDMA0G
|
||||
CSqGSIb3DQEBCwUAA4GBAJFXVifQNub1LUP4JlnX5lXNlo8FxZ2a12AFQs+bzoJ6
|
||||
hM044EDjqyxUqSbVePK0ni3w1fHQB5rY9yYC5f8G7aqqTY1QOhoUk8ZTSTRpnkTh
|
||||
y4jjdvTZeLDVBlueZUTDRmy2feY5aZIU18vFDK08dTG0A87pppuv1LNIR3loveU8
|
||||
-----END CERTIFICATE-----
|
||||
112
packages/grpc-js-xds/test/test-xds-credentials.ts
Normal file
112
packages/grpc-js-xds/test/test-xds-credentials.ts
Normal file
@ -0,0 +1,112 @@
|
||||
/*
|
||||
* Copyright 2024 gRPC authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
*/
|
||||
|
||||
import * as assert from 'assert';
|
||||
import { createBackends } from './backend';
|
||||
import { FakeEdsCluster, FakeRouteGroup, FakeServerRoute } from './framework';
|
||||
import { ControlPlaneServer } from './xds-server';
|
||||
import { XdsTestClient } from './client';
|
||||
import { XdsServerCredentials } from '../src';
|
||||
import { credentials, ServerCredentials } from '@grpc/grpc-js';
|
||||
import { readFileSync } from 'fs';
|
||||
import * as path from 'path';
|
||||
import { Listener } from '../src/generated/envoy/config/listener/v3/Listener';
|
||||
import { DownstreamTlsContext } from '../src/generated/envoy/extensions/transport_sockets/tls/v3/DownstreamTlsContext';
|
||||
import { AnyExtension } from '@grpc/proto-loader';
|
||||
import { DOWNSTREAM_TLS_CONTEXT_TYPE_URL } from '../src/resources';
|
||||
|
||||
const ca = readFileSync(path.join(__dirname, 'fixtures', 'ca.pem'));
|
||||
const key = readFileSync(path.join(__dirname, 'fixtures', 'server1.key'));
|
||||
const cert = readFileSync(path.join(__dirname, 'fixtures', 'server1.pem'));
|
||||
|
||||
describe('Server xDS Credentials', () => {
|
||||
let xdsServer: ControlPlaneServer;
|
||||
let client: XdsTestClient;
|
||||
beforeEach(done => {
|
||||
xdsServer = new ControlPlaneServer();
|
||||
xdsServer.startServer(error => {
|
||||
done(error);
|
||||
});
|
||||
});
|
||||
afterEach(() => {
|
||||
client?.close();
|
||||
xdsServer?.shutdownServer();
|
||||
});
|
||||
it('Should use fallback credentials when certificate providers are not configured', async () => {
|
||||
const [backend] = await createBackends(1, true, new XdsServerCredentials(ServerCredentials.createInsecure()));
|
||||
const serverRoute = new FakeServerRoute(backend.getPort(), 'serverRoute');
|
||||
xdsServer.setRdsResource(serverRoute.getRouteConfiguration());
|
||||
xdsServer.setLdsResource(serverRoute.getListener());
|
||||
xdsServer.addResponseListener((typeUrl, responseState) => {
|
||||
if (responseState.state === 'NACKED') {
|
||||
client?.stopCalls();
|
||||
assert.fail(`Client NACKED ${typeUrl} resource with message ${responseState.errorMessage}`);
|
||||
}
|
||||
});
|
||||
const cluster = new FakeEdsCluster('cluster1', 'endpoint1', [{backends: [backend], locality:{region: 'region1'}}]);
|
||||
const routeGroup = new FakeRouteGroup('listener1', 'route1', [{cluster: cluster}]);
|
||||
await routeGroup.startAllBackends(xdsServer);
|
||||
xdsServer.setEdsResource(cluster.getEndpointConfig());
|
||||
xdsServer.setCdsResource(cluster.getClusterConfig());
|
||||
xdsServer.setRdsResource(routeGroup.getRouteConfiguration());
|
||||
xdsServer.setLdsResource(routeGroup.getListener());
|
||||
client = XdsTestClient.createFromServer('listener1', xdsServer, credentials.createInsecure());
|
||||
const error = await client.sendOneCallAsync();
|
||||
assert.strictEqual(error, null);
|
||||
});
|
||||
it('Should use the identity certificate when configured', async () => {
|
||||
const [backend] = await createBackends(1, true, new XdsServerCredentials(ServerCredentials.createInsecure()));
|
||||
const downstreamTlsContext: DownstreamTlsContext & AnyExtension = {
|
||||
'@type': DOWNSTREAM_TLS_CONTEXT_TYPE_URL,
|
||||
common_tls_context: {
|
||||
tls_certificate_provider_instance: {
|
||||
instance_name: 'test_certificates'
|
||||
}
|
||||
}
|
||||
}
|
||||
const baseServerListener: Listener = {
|
||||
default_filter_chain: {
|
||||
filter_chain_match: {
|
||||
source_type: 'SAME_IP_OR_LOOPBACK'
|
||||
},
|
||||
transport_socket: {
|
||||
name: 'envoy.transport_sockets.tls',
|
||||
typed_config: downstreamTlsContext
|
||||
}
|
||||
}
|
||||
}
|
||||
const serverRoute = new FakeServerRoute(backend.getPort(), 'serverRoute', baseServerListener);
|
||||
xdsServer.setRdsResource(serverRoute.getRouteConfiguration());
|
||||
xdsServer.setLdsResource(serverRoute.getListener());
|
||||
xdsServer.addResponseListener((typeUrl, responseState) => {
|
||||
if (responseState.state === 'NACKED') {
|
||||
client?.stopCalls();
|
||||
assert.fail(`Client NACKED ${typeUrl} resource with message ${responseState.errorMessage}`);
|
||||
}
|
||||
});
|
||||
const cluster = new FakeEdsCluster('cluster1', 'endpoint1', [{backends: [backend], locality:{region: 'region1'}}]);
|
||||
const routeGroup = new FakeRouteGroup('listener1', 'route1', [{cluster: cluster}]);
|
||||
await routeGroup.startAllBackends(xdsServer);
|
||||
xdsServer.setEdsResource(cluster.getEndpointConfig());
|
||||
xdsServer.setCdsResource(cluster.getClusterConfig());
|
||||
xdsServer.setRdsResource(routeGroup.getRouteConfiguration());
|
||||
xdsServer.setLdsResource(routeGroup.getListener());
|
||||
client = XdsTestClient.createFromServer('listener1', xdsServer, credentials.createSsl(ca));
|
||||
const error = await client.sendOneCallAsync();
|
||||
assert.strictEqual(error, null);
|
||||
});
|
||||
});
|
||||
@ -31,6 +31,7 @@ import * as adsTypes from '../src/generated/ads';
|
||||
import * as lrsTypes from '../src/generated/lrs';
|
||||
import { LoadStatsRequest__Output } from "../src/generated/envoy/service/load_stats/v3/LoadStatsRequest";
|
||||
import { LoadStatsResponse } from "../src/generated/envoy/service/load_stats/v3/LoadStatsResponse";
|
||||
import * as path from 'path';
|
||||
|
||||
const TRACER_NAME = 'control_plane_server';
|
||||
|
||||
@ -367,7 +368,18 @@ export class ControlPlaneServer {
|
||||
id: 'test',
|
||||
locality: {}
|
||||
},
|
||||
server_listener_resource_name_template: '%s'
|
||||
server_listener_resource_name_template: '%s',
|
||||
certificate_providers: {
|
||||
test_certificates: {
|
||||
plugin_name: 'file_watcher',
|
||||
config: {
|
||||
certificate_file: path.join(__dirname, 'fixtures', 'server1.pem'),
|
||||
private_key_file: path.join(__dirname, 'fixtures', 'server1.key'),
|
||||
ca_certificate_file: path.join(__dirname, 'fixtures', 'ca.pem'),
|
||||
refresh_interval: '60s'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return JSON.stringify(bootstrapInfo);
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user