mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-29 09:26:17 -05:00
8f21972aec
* variant: move into internal/attestation * attesation: move aws attesation into subfolder nitrotpm * config: add aws-sev-snp variant * cli: add tf option to enable AWS SNP For now the implementations in aws/nitrotpm and aws/snp are identical. They both contain the aws/nitrotpm impl. A separate commit will add the actual attestation logic.
115 lines
3.2 KiB
Go
115 lines
3.2 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package dialer
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/atls"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
|
|
"github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials"
|
|
"github.com/edgelesssys/constellation/v2/internal/grpc/testdialer"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
"go.uber.org/goleak"
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/interop/grpc_testing"
|
|
)
|
|
|
|
func TestMain(m *testing.M) {
|
|
goleak.VerifyTestMain(m)
|
|
}
|
|
|
|
func TestDial(t *testing.T) {
|
|
testCases := map[string]struct {
|
|
tls bool
|
|
dialFn func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error)
|
|
wantErr bool
|
|
}{
|
|
"Dial with tls on server works": {
|
|
tls: true,
|
|
dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) {
|
|
return dialer.Dial(ctx, target)
|
|
},
|
|
},
|
|
"Dial without tls on server fails": {
|
|
dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) {
|
|
return dialer.Dial(ctx, target)
|
|
},
|
|
wantErr: true,
|
|
},
|
|
"DialNoVerify with tls on server works": {
|
|
tls: true,
|
|
dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) {
|
|
return dialer.DialNoVerify(ctx, target)
|
|
},
|
|
},
|
|
"DialNoVerify without tls on server fails": {
|
|
dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) {
|
|
return dialer.DialNoVerify(ctx, target)
|
|
},
|
|
wantErr: true,
|
|
},
|
|
"DialInsecure without tls on server works": {
|
|
dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) {
|
|
return dialer.DialInsecure(ctx, target)
|
|
},
|
|
},
|
|
"DialInsecure with tls on server fails": {
|
|
tls: true,
|
|
dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) {
|
|
return dialer.DialInsecure(ctx, target)
|
|
},
|
|
wantErr: true,
|
|
},
|
|
}
|
|
|
|
for name, tc := range testCases {
|
|
t.Run(name, func(t *testing.T) {
|
|
assert := assert.New(t)
|
|
require := require.New(t)
|
|
|
|
netDialer := testdialer.NewBufconnDialer()
|
|
dialer := New(nil, atls.NewFakeValidator(variant.Dummy{}), netDialer)
|
|
server := newServer(variant.Dummy{}, tc.tls)
|
|
api := &testAPI{}
|
|
grpc_testing.RegisterTestServiceServer(server, api)
|
|
go server.Serve(netDialer.GetListener("192.0.2.1:1234"))
|
|
defer server.Stop()
|
|
conn, err := tc.dialFn(dialer, context.Background(), "192.0.2.1:1234")
|
|
require.NoError(err)
|
|
defer conn.Close()
|
|
|
|
client := grpc_testing.NewTestServiceClient(conn)
|
|
_, err = client.EmptyCall(context.Background(), &grpc_testing.Empty{})
|
|
|
|
if tc.wantErr {
|
|
assert.Error(err)
|
|
return
|
|
}
|
|
require.NoError(err)
|
|
})
|
|
}
|
|
}
|
|
|
|
func newServer(oid variant.Getter, tls bool) *grpc.Server {
|
|
if tls {
|
|
creds := atlscredentials.New(atls.NewFakeIssuer(oid), nil)
|
|
return grpc.NewServer(grpc.Creds(creds))
|
|
}
|
|
return grpc.NewServer()
|
|
}
|
|
|
|
type testAPI struct {
|
|
grpc_testing.UnimplementedTestServiceServer
|
|
}
|
|
|
|
func (s *testAPI) EmptyCall(_ context.Context, _ *grpc_testing.Empty) (*grpc_testing.Empty, error) {
|
|
return &grpc_testing.Empty{}, nil
|
|
}
|