mirror of https://github.com/grpc/grpc-go.git
277 lines
11 KiB
Go
277 lines
11 KiB
Go
/*
|
|
*
|
|
* Copyright 2021 gRPC authors.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
*/
|
|
|
|
package xds_test
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/google/uuid"
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/credentials/insecure"
|
|
"google.golang.org/grpc/internal"
|
|
"google.golang.org/grpc/internal/envconfig"
|
|
"google.golang.org/grpc/internal/testutils/xds/bootstrap"
|
|
"google.golang.org/grpc/internal/testutils/xds/e2e"
|
|
"google.golang.org/grpc/resolver"
|
|
"google.golang.org/grpc/status"
|
|
|
|
v3clusterpb "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
|
|
v3endpointpb "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
|
|
v3listenerpb "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
|
|
v3routepb "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
|
|
testgrpc "google.golang.org/grpc/test/grpc_testing"
|
|
testpb "google.golang.org/grpc/test/grpc_testing"
|
|
)
|
|
|
|
// TestClientSideFederation tests that federation is supported.
|
|
//
|
|
// In this test, some xDS responses contain resource names in another authority
|
|
// (in the new resource name style):
|
|
// - LDS: old style, no authority (default authority)
|
|
// - RDS: new style, in a different authority
|
|
// - CDS: old style, no authority (default authority)
|
|
// - EDS: new style, in a different authority
|
|
func (s) TestClientSideFederation(t *testing.T) {
|
|
oldXDSFederation := envconfig.XDSFederation
|
|
envconfig.XDSFederation = true
|
|
defer func() { envconfig.XDSFederation = oldXDSFederation }()
|
|
|
|
// Start a management server as the default authority.
|
|
serverDefaultAuth, err := e2e.StartManagementServer(e2e.ManagementServerOptions{})
|
|
if err != nil {
|
|
t.Fatalf("Failed to spin up the xDS management server: %v", err)
|
|
}
|
|
t.Cleanup(serverDefaultAuth.Stop)
|
|
|
|
// Start another management server as the other authority.
|
|
const nonDefaultAuth = "non-default-auth"
|
|
serverAnotherAuth, err := e2e.StartManagementServer(e2e.ManagementServerOptions{})
|
|
if err != nil {
|
|
t.Fatalf("Failed to spin up the xDS management server: %v", err)
|
|
}
|
|
t.Cleanup(serverAnotherAuth.Stop)
|
|
|
|
// Create a bootstrap file in a temporary directory.
|
|
nodeID := uuid.New().String()
|
|
bootstrapContents, err := bootstrap.Contents(bootstrap.Options{
|
|
Version: bootstrap.TransportV3,
|
|
NodeID: nodeID,
|
|
ServerURI: serverDefaultAuth.Address,
|
|
ServerListenerResourceNameTemplate: e2e.ServerListenerResourceNameTemplate,
|
|
// Specify the address of the non-default authority.
|
|
Authorities: map[string]string{nonDefaultAuth: serverAnotherAuth.Address},
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("Failed to create bootstrap file: %v", err)
|
|
}
|
|
|
|
resolverBuilder := internal.NewXDSResolverWithConfigForTesting.(func([]byte) (resolver.Builder, error))
|
|
resolver, err := resolverBuilder(bootstrapContents)
|
|
if err != nil {
|
|
t.Fatalf("Failed to create xDS resolver for testing: %v", err)
|
|
}
|
|
port, cleanup := startTestService(t, nil)
|
|
defer cleanup()
|
|
|
|
const serviceName = "my-service-client-side-xds"
|
|
// LDS is old style name.
|
|
ldsName := serviceName
|
|
// RDS is new style, with the non default authority.
|
|
rdsName := fmt.Sprintf("xdstp://%s/envoy.config.route.v3.RouteConfiguration/%s", nonDefaultAuth, "route-"+serviceName)
|
|
// CDS is old style name.
|
|
cdsName := "cluster-" + serviceName
|
|
// EDS is new style, with the non default authority.
|
|
edsName := fmt.Sprintf("xdstp://%s/envoy.config.route.v3.ClusterLoadAssignment/%s", nonDefaultAuth, "endpoints-"+serviceName)
|
|
|
|
// Split resources, put LDS/CDS in the default authority, and put RDS/EDS in
|
|
// the other authority.
|
|
resourcesDefault := e2e.UpdateOptions{
|
|
NodeID: nodeID,
|
|
// This has only LDS and CDS.
|
|
Listeners: []*v3listenerpb.Listener{e2e.DefaultClientListener(ldsName, rdsName)},
|
|
Clusters: []*v3clusterpb.Cluster{e2e.DefaultCluster(cdsName, edsName, e2e.SecurityLevelNone)},
|
|
SkipValidation: true,
|
|
}
|
|
resourcesAnother := e2e.UpdateOptions{
|
|
NodeID: nodeID,
|
|
// This has only RDS and EDS.
|
|
Routes: []*v3routepb.RouteConfiguration{e2e.DefaultRouteConfig(rdsName, ldsName, cdsName)},
|
|
Endpoints: []*v3endpointpb.ClusterLoadAssignment{e2e.DefaultEndpoint(edsName, "localhost", []uint32{port})},
|
|
SkipValidation: true,
|
|
}
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
|
|
defer cancel()
|
|
// This has only LDS and CDS.
|
|
if err := serverDefaultAuth.Update(ctx, resourcesDefault); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
// This has only RDS and EDS.
|
|
if err := serverAnotherAuth.Update(ctx, resourcesAnother); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// Create a ClientConn and make a successful RPC.
|
|
cc, err := grpc.Dial(fmt.Sprintf("xds:///%s", serviceName), grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithResolvers(resolver))
|
|
if err != nil {
|
|
t.Fatalf("failed to dial local test server: %v", err)
|
|
}
|
|
defer cc.Close()
|
|
|
|
client := testgrpc.NewTestServiceClient(cc)
|
|
if _, err := client.EmptyCall(ctx, &testpb.Empty{}, grpc.WaitForReady(true)); err != nil {
|
|
t.Fatalf("rpc EmptyCall() failed: %v", err)
|
|
}
|
|
}
|
|
|
|
// TestFederation_UnknownAuthorityInDialTarget tests the case where a ClientConn
|
|
// is created with a dial target containing an authority which is not specified
|
|
// in the bootstrap configuration. The test verifies that RPCs on the ClientConn
|
|
// fail with an appropriate error.
|
|
func (s) TestFederation_UnknownAuthorityInDialTarget(t *testing.T) {
|
|
oldXDSFederation := envconfig.XDSFederation
|
|
envconfig.XDSFederation = true
|
|
defer func() { envconfig.XDSFederation = oldXDSFederation }()
|
|
|
|
// Setting up the management server is not *really* required for this test
|
|
// case. All we need is a bootstrap configuration which does not contain the
|
|
// authority mentioned in the dial target. But setting up the management
|
|
// server and actually making an RPC ensures that the xDS client is
|
|
// configured properly, and when we dial with an unknown authority in the
|
|
// next step, we can be sure that the error we receive is legitimate.
|
|
managementServer, nodeID, _, resolver, cleanup1 := e2e.SetupManagementServer(t, e2e.ManagementServerOptions{})
|
|
defer cleanup1()
|
|
|
|
port, cleanup2 := startTestService(t, nil)
|
|
defer cleanup2()
|
|
|
|
const serviceName = "my-service-client-side-xds"
|
|
resources := e2e.DefaultClientResources(e2e.ResourceParams{
|
|
DialTarget: serviceName,
|
|
NodeID: nodeID,
|
|
Host: "localhost",
|
|
Port: port,
|
|
SecLevel: e2e.SecurityLevelNone,
|
|
})
|
|
ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
|
|
defer cancel()
|
|
if err := managementServer.Update(ctx, resources); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// Create a ClientConn and make a successful RPC.
|
|
target := fmt.Sprintf("xds:///%s", serviceName)
|
|
cc, err := grpc.Dial(target, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithResolvers(resolver))
|
|
if err != nil {
|
|
t.Fatalf("Dialing target %q: %v", target, err)
|
|
}
|
|
defer cc.Close()
|
|
t.Log("Created ClientConn to test service")
|
|
|
|
client := testpb.NewTestServiceClient(cc)
|
|
if _, err := client.EmptyCall(ctx, &testpb.Empty{}); err != nil {
|
|
t.Fatalf("EmptyCall() RPC: %v", err)
|
|
}
|
|
t.Log("Successfully performed an EmptyCall RPC")
|
|
|
|
target = fmt.Sprintf("xds://unknown-authority/%s", serviceName)
|
|
t.Logf("Dialing target %q with unknown authority which is expected to fail", target)
|
|
const wantErr = `authority "unknown-authority" is not found in the bootstrap file`
|
|
_, err = grpc.Dial(target, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithResolvers(resolver))
|
|
if err == nil || !strings.Contains(err.Error(), wantErr) {
|
|
t.Fatalf("grpc.Dial(%q) returned %v, want: %s", target, err, wantErr)
|
|
}
|
|
}
|
|
|
|
// TestFederation_UnknownAuthorityInReceivedResponse tests the case where the
|
|
// LDS resource associated with the dial target contains an RDS resource name
|
|
// with an authority which is not specified in the bootstrap configuration. The
|
|
// test verifies that RPCs fail with an appropriate error.
|
|
func (s) TestFederation_UnknownAuthorityInReceivedResponse(t *testing.T) {
|
|
oldXDSFederation := envconfig.XDSFederation
|
|
envconfig.XDSFederation = true
|
|
defer func() { envconfig.XDSFederation = oldXDSFederation }()
|
|
|
|
mgmtServer, err := e2e.StartManagementServer(e2e.ManagementServerOptions{})
|
|
if err != nil {
|
|
t.Fatalf("Failed to spin up the xDS management server: %v", err)
|
|
}
|
|
defer mgmtServer.Stop()
|
|
|
|
nodeID := uuid.New().String()
|
|
bootstrapContents, err := bootstrap.Contents(bootstrap.Options{
|
|
Version: bootstrap.TransportV3,
|
|
NodeID: nodeID,
|
|
ServerURI: mgmtServer.Address,
|
|
ServerListenerResourceNameTemplate: e2e.ServerListenerResourceNameTemplate,
|
|
})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
resolverBuilder := internal.NewXDSResolverWithConfigForTesting.(func([]byte) (resolver.Builder, error))
|
|
resolver, err := resolverBuilder(bootstrapContents)
|
|
if err != nil {
|
|
t.Fatalf("Creating xDS resolver for testing: %v", err)
|
|
}
|
|
|
|
// LDS is old style name.
|
|
// RDS is new style, with an unknown authority.
|
|
const serviceName = "my-service-client-side-xds"
|
|
const unknownAuthority = "unknown-authority"
|
|
ldsName := serviceName
|
|
rdsName := fmt.Sprintf("xdstp://%s/envoy.config.route.v3.RouteConfiguration/%s", unknownAuthority, "route-"+serviceName)
|
|
|
|
resources := e2e.UpdateOptions{
|
|
NodeID: nodeID,
|
|
Listeners: []*v3listenerpb.Listener{e2e.DefaultClientListener(ldsName, rdsName)},
|
|
Routes: []*v3routepb.RouteConfiguration{e2e.DefaultRouteConfig(rdsName, ldsName, "cluster-"+serviceName)},
|
|
SkipValidation: true, // This update has only LDS and RDS resources.
|
|
}
|
|
ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
|
|
defer cancel()
|
|
if err := mgmtServer.Update(ctx, resources); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
target := fmt.Sprintf("xds:///%s", serviceName)
|
|
cc, err := grpc.Dial(target, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithResolvers(resolver))
|
|
if err != nil {
|
|
t.Fatalf("Dialing target %q: %v", target, err)
|
|
}
|
|
defer cc.Close()
|
|
t.Log("Created ClientConn to test service")
|
|
|
|
client := testpb.NewTestServiceClient(cc)
|
|
_, err = client.EmptyCall(ctx, &testpb.Empty{})
|
|
if err == nil {
|
|
t.Fatal("EmptyCall RPC succeeded for target with unknown authority when expected to fail")
|
|
}
|
|
if got, want := status.Code(err), codes.Unavailable; got != want {
|
|
t.Fatalf("EmptyCall RPC returned status code: %v, want %v", got, want)
|
|
}
|
|
if wantErr := `failed to find authority "unknown-authority"`; !strings.Contains(err.Error(), wantErr) {
|
|
t.Fatalf("EmptyCall RPC returned error: %v, want %v", err, wantErr)
|
|
}
|
|
}
|