grpc
/
grpc-java
mirror of https://github.com/grpc/grpc-java.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

xds: fix broken references to MeshCa proto objects (#7304)

This commit is contained in:
sanjaypujare 2020-08-07 17:09:24 -07:00 committed by GitHub
parent 65e7ffc788
commit 93b1830838
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
xds/src/main/java/io/grpc/xds/internal/certprovider/MeshCaCertificateProvider.java
View File

@ -31,8 +31,9 @@ import com.google.auth.oauth2.GoogleCredentials;
import com.google.common.annotations.VisibleForTesting; import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableList;
import com.google.protobuf.Duration; import com.google.protobuf.Duration;
import google.security.meshca.v1.MeshCertificateServiceGrpc; import com.google.security.meshca.v1.MeshCertificateRequest;
import google.security.meshca.v1.Meshca; import com.google.security.meshca.v1.MeshCertificateResponse;
import com.google.security.meshca.v1.MeshCertificateServiceGrpc;
import io.grpc.CallOptions; import io.grpc.CallOptions;
import io.grpc.Channel; import io.grpc.Channel;
import io.grpc.ClientCall; import io.grpc.ClientCall;
@ -213,8 +214,8 @@ final class MeshCaCertificateProvider extends CertificateProvider {
String reqId, String reqId,
Duration duration, Duration duration,
String csr) { String csr) {
Meshca.MeshCertificateRequest request = MeshCertificateRequest request =
Meshca.MeshCertificateRequest.newBuilder() MeshCertificateRequest.newBuilder()
.setValidity(duration) .setValidity(duration)
.setCsr(csr) .setCsr(csr)
.setRequestId(reqId) .setRequestId(reqId)
@ -224,7 +225,7 @@ final class MeshCaCertificateProvider extends CertificateProvider {
Throwable lastException = null; Throwable lastException = null;
for (int i = 0; i <= maxRetryAttempts; i++) { for (int i = 0; i <= maxRetryAttempts; i++) {
try { try {
Meshca.MeshCertificateResponse response = MeshCertificateResponse response =
stub.withDeadlineAfter(rpcTimeoutMillis, TimeUnit.MILLISECONDS) stub.withDeadlineAfter(rpcTimeoutMillis, TimeUnit.MILLISECONDS)
.createCertificate(request); .createCertificate(request);
return getX509CertificatesFromResponse(response); return getX509CertificatesFromResponse(response);
@ -326,7 +327,7 @@ final class MeshCaCertificateProvider extends CertificateProvider {
} }
private List<X509Certificate> getX509CertificatesFromResponse( private List<X509Certificate> getX509CertificatesFromResponse(
Meshca.MeshCertificateResponse response) throws CertificateException, IOException { MeshCertificateResponse response) throws CertificateException, IOException {
List<String> certChain = response.getCertChainList(); List<String> certChain = response.getCertChainList();
List<X509Certificate> x509Chain = new ArrayList<>(certChain.size()); List<X509Certificate> x509Chain = new ArrayList<>(certChain.size());
for (String certString : certChain) { for (String certString : certChain) {

19
xds/src/test/java/io/grpc/xds/internal/certprovider/MeshCaCertificateProviderTest.java
View File

@ -37,8 +37,9 @@ import com.google.auth.oauth2.AccessToken;
import com.google.auth.oauth2.GoogleCredentials; import com.google.auth.oauth2.GoogleCredentials;
import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableList;
import com.google.common.util.concurrent.MoreExecutors; import com.google.common.util.concurrent.MoreExecutors;
import google.security.meshca.v1.MeshCertificateServiceGrpc; import com.google.security.meshca.v1.MeshCertificateRequest;
import google.security.meshca.v1.Meshca; import com.google.security.meshca.v1.MeshCertificateResponse;
import com.google.security.meshca.v1.MeshCertificateServiceGrpc;
import io.grpc.Context; import io.grpc.Context;
import io.grpc.ManagedChannel; import io.grpc.ManagedChannel;
import io.grpc.Metadata; import io.grpc.Metadata;
@ -52,6 +53,7 @@ import io.grpc.inprocess.InProcessChannelBuilder;
import io.grpc.inprocess.InProcessServerBuilder; import io.grpc.inprocess.InProcessServerBuilder;
import io.grpc.internal.BackoffPolicy; import io.grpc.internal.BackoffPolicy;
import io.grpc.internal.TimeProvider; import io.grpc.internal.TimeProvider;
import io.grpc.stub.StreamObserver;
import io.grpc.testing.GrpcCleanupRule; import io.grpc.testing.GrpcCleanupRule;
import io.grpc.xds.internal.certprovider.CertificateProvider.DistributorWatcher; import io.grpc.xds.internal.certprovider.CertificateProvider.DistributorWatcher;
import io.grpc.xds.internal.sds.CommonTlsContextTestsUtil; import io.grpc.xds.internal.sds.CommonTlsContextTestsUtil;
@ -149,7 +151,7 @@ public class MeshCaCertificateProviderTest {
} }
} }
private final Queue<Meshca.MeshCertificateRequest> receivedRequests = new ArrayDeque<>(); private final Queue<MeshCertificateRequest> receivedRequests = new ArrayDeque<>();
private final Queue<String> receivedStsCreds = new ArrayDeque<>(); private final Queue<String> receivedStsCreds = new ArrayDeque<>();
private final Queue<String> receivedZoneValues = new ArrayDeque<>(); private final Queue<String> receivedZoneValues = new ArrayDeque<>();
private final Queue<ResponseToSend> responsesToSend = new ArrayDeque<>(); private final Queue<ResponseToSend> responsesToSend = new ArrayDeque<>();
@ -189,9 +191,8 @@ public class MeshCaCertificateProviderTest {
@Override @Override
public void createCertificate( public void createCertificate(
google.security.meshca.v1.Meshca.MeshCertificateRequest request, MeshCertificateRequest request,
io.grpc.stub.StreamObserver<google.security.meshca.v1.Meshca.MeshCertificateResponse> StreamObserver<MeshCertificateResponse> responseObserver) {
responseObserver) {
assertThat(callEnded.get()).isTrue(); // ensure previous call was ended assertThat(callEnded.get()).isTrue(); // ensure previous call was ended
callEnded.set(false); callEnded.set(false);
Context.current() Context.current()
@ -209,8 +210,8 @@ public class MeshCaCertificateProviderTest {
responseObserver.onError(response.getThrowable()); responseObserver.onError(response.getThrowable());
} else if (response instanceof ResponseList) { } else if (response instanceof ResponseList) {
List<String> certChainInResponse = response.getList(); List<String> certChainInResponse = response.getList();
Meshca.MeshCertificateResponse responseToSend = MeshCertificateResponse responseToSend =
Meshca.MeshCertificateResponse.newBuilder() MeshCertificateResponse.newBuilder()
.addAllCertChain(certChainInResponse) .addAllCertChain(certChainInResponse)
.build(); .build();
responseObserver.onNext(responseToSend); responseObserver.onNext(responseToSend);
@ -331,7 +332,7 @@ public class MeshCaCertificateProviderTest {
.when(timeService) .when(timeService)
.schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS)); .schedule(any(Runnable.class), any(Long.TYPE), eq(TimeUnit.SECONDS));
provider.refreshCertificate(); provider.refreshCertificate();
Meshca.MeshCertificateRequest receivedReq = receivedRequests.poll(); MeshCertificateRequest receivedReq = receivedRequests.poll();
assertThat(receivedReq.getValidity().getSeconds()).isEqualTo(TimeUnit.HOURS.toSeconds(9L)); assertThat(receivedReq.getValidity().getSeconds()).isEqualTo(TimeUnit.HOURS.toSeconds(9L));
// cannot decode CSR: just check the PEM format delimiters // cannot decode CSR: just check the PEM format delimiters
String csr = receivedReq.getCsr(); String csr = receivedReq.getCsr();