constellation/internal/grpc/dialer/dialer_test.go

/*
Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only
*/

package dialer

import (
	"context"
	"testing"

	"github.com/edgelesssys/constellation/v2/internal/atls"
	"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
	"github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials"
	"github.com/edgelesssys/constellation/v2/internal/grpc/testdialer"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"go.uber.org/goleak"
	"google.golang.org/grpc"
	"google.golang.org/grpc/interop/grpc_testing"
)

func TestMain(m *testing.M) {
	goleak.VerifyTestMain(m)
}

func TestDial(t *testing.T) {
	testCases := map[string]struct {
		tls     bool
		dialFn  func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error)
		wantErr bool
	}{
		"Dial with tls on server works": {
			tls: true,
			dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) {
				return dialer.Dial(ctx, target)
			},
		},
		"Dial without tls on server fails": {
			dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) {
				return dialer.Dial(ctx, target)
			},
			wantErr: true,
		},
		"DialNoVerify with tls on server works": {
			tls: true,
			dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) {
				return dialer.DialNoVerify(ctx, target)
			},
		},
		"DialNoVerify without tls on server fails": {
			dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) {
				return dialer.DialNoVerify(ctx, target)
			},
			wantErr: true,
		},
		"DialInsecure without tls on server works": {
			dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) {
				return dialer.DialInsecure(ctx, target)
			},
		},
		"DialInsecure with tls on server fails": {
			tls: true,
			dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) {
				return dialer.DialInsecure(ctx, target)
			},
			wantErr: true,
		},
	}

	for name, tc := range testCases {
		t.Run(name, func(t *testing.T) {
			assert := assert.New(t)
			require := require.New(t)

			netDialer := testdialer.NewBufconnDialer()
			dialer := New(nil, atls.NewFakeValidator(variant.Dummy{}), netDialer)
			server := newServer(variant.Dummy{}, tc.tls)
			api := &testAPI{}
			grpc_testing.RegisterTestServiceServer(server, api)
			go server.Serve(netDialer.GetListener("192.0.2.1:1234"))
			defer server.Stop()
			conn, err := tc.dialFn(dialer, context.Background(), "192.0.2.1:1234")
			require.NoError(err)
			defer conn.Close()

			client := grpc_testing.NewTestServiceClient(conn)
			_, err = client.EmptyCall(context.Background(), &grpc_testing.Empty{})

			if tc.wantErr {
				assert.Error(err)
				return
			}
			require.NoError(err)
		})
	}
}

func newServer(oid variant.Getter, tls bool) *grpc.Server {
	if tls {
		creds := atlscredentials.New(atls.NewFakeIssuer(oid), nil)
		return grpc.NewServer(grpc.Creds(creds))
	}
	return grpc.NewServer()
}

type testAPI struct {
	grpc_testing.UnimplementedTestServiceServer
}

func (s *testAPI) EmptyCall(_ context.Context, _ *grpc_testing.Empty) (*grpc_testing.Empty, error) {
	return &grpc_testing.Empty{}, nil
}
add license headers sed -i '1i/\nCopyright (c) Edgeless Systems GmbH\n\nSPDX-License-Identifier: AGPL-3.0-only\n/\n' `grep -rL --include='*.go' 'DO NOT EDIT'` gofumpt -w . 2022-09-05 07:06:08 +00:00			`/*`
			`Copyright (c) Edgeless Systems GmbH`

			`SPDX-License-Identifier: AGPL-3.0-only`
			`*/`

Dynamic grpc client credentials (#204) * Add an aTLS wrapper for grpc credentials * Move grpc dialers to internal and use aTLS grpc credentials Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-13 09:40:27 +00:00			`package dialer`
extract shared grpcutil dialer from pubapi Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-04-28 07:49:15 +00:00
			`import (`
			`"context"`
			`"testing"`

Upgrade go module to v2 2022-09-21 11:47:57 +00:00			`"github.com/edgelesssys/constellation/v2/internal/atls"`
attestation: add `awsSEVSNP` as new variant (#1900) * variant: move into internal/attestation * attesation: move aws attesation into subfolder nitrotpm * config: add aws-sev-snp variant * cli: add tf option to enable AWS SNP For now the implementations in aws/nitrotpm and aws/snp are identical. They both contain the aws/nitrotpm impl. A separate commit will add the actual attestation logic. 2023-06-09 13:41:02 +00:00			`"github.com/edgelesssys/constellation/v2/internal/attestation/variant"`
Upgrade go module to v2 2022-09-21 11:47:57 +00:00			`"github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials"`
			`"github.com/edgelesssys/constellation/v2/internal/grpc/testdialer"`
extract shared grpcutil dialer from pubapi Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-04-28 07:49:15 +00:00			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
Add goleak to all tests (#227) * Run goleak as part of all tests We are already using goleak in various tests. This commit adds a TestMain to all remaining tests and calls goleak.VerifyTestMain in them. * Add goleak to debugd/deploy package and fix bug. * Run go mod tidy * Fix integration tests * Move goleak invocation for mount integration test * Ignore leak in state integration tests Co-authored-by: Fabian Kammel <fk@edgelss.systems> 2022-06-30 13:24:36 +00:00			`"go.uber.org/goleak"`
extract shared grpcutil dialer from pubapi Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-04-28 07:49:15 +00:00			`"google.golang.org/grpc"`
deps: update Google SDK (#1748) * deps: update Google SDK * deps: fix grpc_testing import * deps: update pseudo version tool hashes --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-05-16 16:13:17 +00:00			`"google.golang.org/grpc/interop/grpc_testing"`
extract shared grpcutil dialer from pubapi Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-04-28 07:49:15 +00:00			`)`

Add goleak to all tests (#227) * Run goleak as part of all tests We are already using goleak in various tests. This commit adds a TestMain to all remaining tests and calls goleak.VerifyTestMain in them. * Add goleak to debugd/deploy package and fix bug. * Run go mod tidy * Fix integration tests * Move goleak invocation for mount integration test * Ignore leak in state integration tests Co-authored-by: Fabian Kammel <fk@edgelss.systems> 2022-06-30 13:24:36 +00:00			`func TestMain(m *testing.M) {`
			`goleak.VerifyTestMain(m)`
			`}`

extract shared grpcutil dialer from pubapi Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-04-28 07:49:15 +00:00			`func TestDial(t *testing.T) {`
			`testCases := map[string]struct {`
			`tls bool`
			`dialFn func(dialer Dialer, ctx context.Context, target string) (grpc.ClientConn, error)`
			`wantErr bool`
			`}{`
			`"Dial with tls on server works": {`
			`tls: true,`
			`dialFn: func(dialer Dialer, ctx context.Context, target string) (grpc.ClientConn, error) {`
			`return dialer.Dial(ctx, target)`
			`},`
			`},`
			`"Dial without tls on server fails": {`
			`dialFn: func(dialer Dialer, ctx context.Context, target string) (grpc.ClientConn, error) {`
			`return dialer.Dial(ctx, target)`
			`},`
			`wantErr: true,`
			`},`
			`"DialNoVerify with tls on server works": {`
			`tls: true,`
			`dialFn: func(dialer Dialer, ctx context.Context, target string) (grpc.ClientConn, error) {`
			`return dialer.DialNoVerify(ctx, target)`
			`},`
			`},`
			`"DialNoVerify without tls on server fails": {`
			`dialFn: func(dialer Dialer, ctx context.Context, target string) (grpc.ClientConn, error) {`
			`return dialer.DialNoVerify(ctx, target)`
			`},`
			`wantErr: true,`
			`},`
			`"DialInsecure without tls on server works": {`
			`dialFn: func(dialer Dialer, ctx context.Context, target string) (grpc.ClientConn, error) {`
			`return dialer.DialInsecure(ctx, target)`
			`},`
			`},`
			`"DialInsecure with tls on server fails": {`
			`tls: true,`
			`dialFn: func(dialer Dialer, ctx context.Context, target string) (grpc.ClientConn, error) {`
			`return dialer.DialInsecure(ctx, target)`
			`},`
			`wantErr: true,`
			`},`
			`}`

			`for name, tc := range testCases {`
			`t.Run(name, func(t *testing.T) {`
			`assert := assert.New(t)`
			`require := require.New(t)`

			`netDialer := testdialer.NewBufconnDialer()`
internal: refactor oid package to variant package (#1538) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2023-03-29 07:30:13 +00:00			`dialer := New(nil, atls.NewFakeValidator(variant.Dummy{}), netDialer)`
			`server := newServer(variant.Dummy{}, tc.tls)`
extract shared grpcutil dialer from pubapi Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-04-28 07:49:15 +00:00			`api := &testAPI{}`
			`grpc_testing.RegisterTestServiceServer(server, api)`
			`go server.Serve(netDialer.GetListener("192.0.2.1:1234"))`
			`defer server.Stop()`
			`conn, err := tc.dialFn(dialer, context.Background(), "192.0.2.1:1234")`
			`require.NoError(err)`
			`defer conn.Close()`

			`client := grpc_testing.NewTestServiceClient(conn)`
			`_, err = client.EmptyCall(context.Background(), &grpc_testing.Empty{})`

			`if tc.wantErr {`
			`assert.Error(err)`
			`return`
			`}`
			`require.NoError(err)`
			`})`
			`}`
			`}`

internal: refactor oid package to variant package (#1538) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2023-03-29 07:30:13 +00:00			`func newServer(oid variant.Getter, tls bool) *grpc.Server {`
extract shared grpcutil dialer from pubapi Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-04-28 07:49:15 +00:00			`if tls {`
Move aTLS fakes into atls package 2022-06-15 13:58:23 +00:00			`creds := atlscredentials.New(atls.NewFakeIssuer(oid), nil)`
Dynamic grpc client credentials (#204) * Add an aTLS wrapper for grpc credentials * Move grpc dialers to internal and use aTLS grpc credentials Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-13 09:40:27 +00:00			`return grpc.NewServer(grpc.Creds(creds))`
extract shared grpcutil dialer from pubapi Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-04-28 07:49:15 +00:00			`}`
			`return grpc.NewServer()`
			`}`

			`type testAPI struct {`
			`grpc_testing.UnimplementedTestServiceServer`
			`}`

go: remove unused parameters Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-03-20 10:03:36 +00:00			`func (s testAPI) EmptyCall(_ context.Context, _ grpc_testing.Empty) (*grpc_testing.Empty, error) {`
extract shared grpcutil dialer from pubapi Signed-off-by: Malte Poll <mp@edgeless.systems> 2022-04-28 07:49:15 +00:00			`return &grpc_testing.Empty{}, nil`
			`}`