mirror of https://github.com/grpc/grpc-go.git
168 lines
4.6 KiB
Go
168 lines
4.6 KiB
Go
//go:build linux || windows
|
|
// +build linux windows
|
|
|
|
/*
|
|
*
|
|
* Copyright 2018 gRPC authors.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
*/
|
|
|
|
package alts
|
|
|
|
import (
|
|
"context"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"google.golang.org/grpc/codes"
|
|
altspb "google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp"
|
|
"google.golang.org/grpc/peer"
|
|
"google.golang.org/grpc/status"
|
|
)
|
|
|
|
const (
|
|
testServiceAccount1 = "service_account1"
|
|
testServiceAccount2 = "service_account2"
|
|
testServiceAccount3 = "service_account3"
|
|
|
|
defaultTestTimeout = 10 * time.Second
|
|
)
|
|
|
|
func (s) TestAuthInfoFromContext(t *testing.T) {
|
|
ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
|
|
defer cancel()
|
|
altsAuthInfo := &fakeALTSAuthInfo{}
|
|
p := &peer.Peer{
|
|
AuthInfo: altsAuthInfo,
|
|
}
|
|
for _, tc := range []struct {
|
|
desc string
|
|
ctx context.Context
|
|
success bool
|
|
out AuthInfo
|
|
}{
|
|
{
|
|
"working case",
|
|
peer.NewContext(ctx, p),
|
|
true,
|
|
altsAuthInfo,
|
|
},
|
|
} {
|
|
authInfo, err := AuthInfoFromContext(tc.ctx)
|
|
if got, want := (err == nil), tc.success; got != want {
|
|
t.Errorf("%v: AuthInfoFromContext(_)=(err=nil)=%v, want %v", tc.desc, got, want)
|
|
}
|
|
if got, want := authInfo, tc.out; got != want {
|
|
t.Errorf("%v:, AuthInfoFromContext(_)=(%v, _), want (%v, _)", tc.desc, got, want)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (s) TestAuthInfoFromPeer(t *testing.T) {
|
|
altsAuthInfo := &fakeALTSAuthInfo{}
|
|
p := &peer.Peer{
|
|
AuthInfo: altsAuthInfo,
|
|
}
|
|
for _, tc := range []struct {
|
|
desc string
|
|
p *peer.Peer
|
|
success bool
|
|
out AuthInfo
|
|
}{
|
|
{
|
|
"working case",
|
|
p,
|
|
true,
|
|
altsAuthInfo,
|
|
},
|
|
} {
|
|
authInfo, err := AuthInfoFromPeer(tc.p)
|
|
if got, want := (err == nil), tc.success; got != want {
|
|
t.Errorf("%v: AuthInfoFromPeer(_)=(err=nil)=%v, want %v", tc.desc, got, want)
|
|
}
|
|
if got, want := authInfo, tc.out; got != want {
|
|
t.Errorf("%v:, AuthInfoFromPeer(_)=(%v, _), want (%v, _)", tc.desc, got, want)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (s) TestClientAuthorizationCheck(t *testing.T) {
|
|
ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
|
|
defer cancel()
|
|
altsAuthInfo := &fakeALTSAuthInfo{testServiceAccount1}
|
|
p := &peer.Peer{
|
|
AuthInfo: altsAuthInfo,
|
|
}
|
|
for _, tc := range []struct {
|
|
desc string
|
|
ctx context.Context
|
|
expectedServiceAccounts []string
|
|
success bool
|
|
code codes.Code
|
|
}{
|
|
{
|
|
"working case",
|
|
peer.NewContext(ctx, p),
|
|
[]string{testServiceAccount1, testServiceAccount2},
|
|
true,
|
|
codes.OK, // err is nil, code is OK.
|
|
},
|
|
{
|
|
"working case (case ignored)",
|
|
peer.NewContext(ctx, p),
|
|
[]string{strings.ToUpper(testServiceAccount1), testServiceAccount2},
|
|
true,
|
|
codes.OK, // err is nil, code is OK.
|
|
},
|
|
{
|
|
"context does not have AuthInfo",
|
|
ctx,
|
|
[]string{testServiceAccount1, testServiceAccount2},
|
|
false,
|
|
codes.PermissionDenied,
|
|
},
|
|
{
|
|
"unauthorized client",
|
|
peer.NewContext(ctx, p),
|
|
[]string{testServiceAccount2, testServiceAccount3},
|
|
false,
|
|
codes.PermissionDenied,
|
|
},
|
|
} {
|
|
err := ClientAuthorizationCheck(tc.ctx, tc.expectedServiceAccounts)
|
|
if got, want := (err == nil), tc.success; got != want {
|
|
t.Errorf("%v: ClientAuthorizationCheck(_, %v)=(err=nil)=%v, want %v", tc.desc, tc.expectedServiceAccounts, got, want)
|
|
}
|
|
if got, want := status.Code(err), tc.code; got != want {
|
|
t.Errorf("%v: ClientAuthorizationCheck(_, %v).Code=%v, want %v", tc.desc, tc.expectedServiceAccounts, got, want)
|
|
}
|
|
}
|
|
}
|
|
|
|
type fakeALTSAuthInfo struct {
|
|
peerServiceAccount string
|
|
}
|
|
|
|
func (*fakeALTSAuthInfo) AuthType() string { return "" }
|
|
func (*fakeALTSAuthInfo) ApplicationProtocol() string { return "" }
|
|
func (*fakeALTSAuthInfo) RecordProtocol() string { return "" }
|
|
func (*fakeALTSAuthInfo) SecurityLevel() altspb.SecurityLevel {
|
|
return altspb.SecurityLevel_SECURITY_NONE
|
|
}
|
|
func (f *fakeALTSAuthInfo) PeerServiceAccount() string { return f.peerServiceAccount }
|
|
func (*fakeALTSAuthInfo) LocalServiceAccount() string { return "" }
|
|
func (*fakeALTSAuthInfo) PeerRPCVersions() *altspb.RpcProtocolVersions { return nil }
|