|
|
|
@ -25,6 +25,7 @@ |
|
|
|
|
|
|
|
|
|
#include <grpc/grpc.h> |
|
|
|
|
|
|
|
|
|
#include "src/core/lib/gprpp/status_helper.h" |
|
|
|
|
#include "src/core/lib/iomgr/error.h" |
|
|
|
|
#include "src/core/lib/security/security_connector/ssl_utils.h" |
|
|
|
|
#include "test/core/util/test_config.h" |
|
|
|
@ -147,16 +148,16 @@ TEST( |
|
|
|
|
"identity", absl::nullopt, GRPC_ERROR_CREATE(kIdentityErrorMessage)); |
|
|
|
|
EXPECT_EQ(watcher->root_certs(), kRootCert2); |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2()); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->root_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->root_cert_error()), |
|
|
|
|
::testing::HasSubstr(kRootErrorMessage)); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->identity_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr(kIdentityErrorMessage)); |
|
|
|
|
// Send an update for root certs. Test that the root cert error is reset.
|
|
|
|
|
root_cert_distributor->SetKeyMaterials("root", kRootCert1, absl::nullopt); |
|
|
|
|
EXPECT_EQ(watcher->root_certs(), kRootCert1); |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2()); |
|
|
|
|
EXPECT_EQ(watcher->root_cert_error(), absl::OkStatus()); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->identity_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr(kIdentityErrorMessage)); |
|
|
|
|
// Send an update for identity certs. Test that the identity cert error is
|
|
|
|
|
// reset.
|
|
|
|
@ -213,16 +214,16 @@ TEST(XdsCertificateProviderTest, |
|
|
|
|
"test", absl::nullopt, GRPC_ERROR_CREATE(kIdentityErrorMessage)); |
|
|
|
|
EXPECT_EQ(watcher->root_certs(), kRootCert2); |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2()); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->root_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->root_cert_error()), |
|
|
|
|
::testing::HasSubstr(kRootErrorMessage)); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->identity_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr(kIdentityErrorMessage)); |
|
|
|
|
// Send an update for root certs. Test that the root cert error is reset.
|
|
|
|
|
root_cert_distributor->SetKeyMaterials("test", kRootCert1, absl::nullopt); |
|
|
|
|
EXPECT_EQ(watcher->root_certs(), kRootCert1); |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2()); |
|
|
|
|
EXPECT_EQ(watcher->root_cert_error(), absl::OkStatus()); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->identity_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr(kIdentityErrorMessage)); |
|
|
|
|
// Send an update for identity certs. Test that the identity cert error is
|
|
|
|
|
// reset.
|
|
|
|
@ -276,7 +277,7 @@ TEST(XdsCertificateProviderTest, |
|
|
|
|
GRPC_ERROR_CREATE(kRootErrorMessage)); |
|
|
|
|
EXPECT_EQ(watcher->root_certs(), kRootCert2); |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2()); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->root_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->root_cert_error()), |
|
|
|
|
::testing::HasSubstr(kRootErrorMessage)); |
|
|
|
|
EXPECT_EQ(watcher->identity_cert_error(), absl::OkStatus()); |
|
|
|
|
distributor->SetErrorForCert("identity", |
|
|
|
@ -284,16 +285,16 @@ TEST(XdsCertificateProviderTest, |
|
|
|
|
GRPC_ERROR_CREATE(kIdentityErrorMessage)); |
|
|
|
|
EXPECT_EQ(watcher->root_certs(), kRootCert2); |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2()); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->root_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->root_cert_error()), |
|
|
|
|
::testing::HasSubstr(kRootErrorMessage)); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->identity_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr(kIdentityErrorMessage)); |
|
|
|
|
// Send an update for root
|
|
|
|
|
distributor->SetKeyMaterials("root", kRootCert1, MakeKeyCertPairsType1()); |
|
|
|
|
EXPECT_EQ(watcher->root_certs(), kRootCert1); |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2()); |
|
|
|
|
EXPECT_EQ(watcher->root_cert_error(), absl::OkStatus()); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->identity_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr(kIdentityErrorMessage)); |
|
|
|
|
// Send an update for identity
|
|
|
|
|
distributor->SetKeyMaterials("identity", kRootCert2, MakeKeyCertPairsType1()); |
|
|
|
@ -339,7 +340,7 @@ TEST(XdsCertificateProviderTest, |
|
|
|
|
absl::nullopt); |
|
|
|
|
EXPECT_EQ(watcher->root_certs(), kRootCert2); |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2()); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->root_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->root_cert_error()), |
|
|
|
|
::testing::HasSubstr(kRootErrorMessage)); |
|
|
|
|
EXPECT_EQ(watcher->identity_cert_error(), absl::OkStatus()); |
|
|
|
|
// Set error for identity
|
|
|
|
@ -347,16 +348,16 @@ TEST(XdsCertificateProviderTest, |
|
|
|
|
GRPC_ERROR_CREATE(kIdentityErrorMessage)); |
|
|
|
|
EXPECT_EQ(watcher->root_certs(), kRootCert2); |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2()); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->root_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->root_cert_error()), |
|
|
|
|
::testing::HasSubstr(kRootErrorMessage)); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->identity_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr(kIdentityErrorMessage)); |
|
|
|
|
// Send an update for root
|
|
|
|
|
distributor->SetKeyMaterials("", kRootCert1, absl::nullopt); |
|
|
|
|
EXPECT_EQ(watcher->root_certs(), kRootCert1); |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2()); |
|
|
|
|
EXPECT_EQ(watcher->root_cert_error(), absl::OkStatus()); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->identity_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr(kIdentityErrorMessage)); |
|
|
|
|
// Send an update for identity
|
|
|
|
|
distributor->SetKeyMaterials("", absl::nullopt, MakeKeyCertPairsType1()); |
|
|
|
@ -376,11 +377,11 @@ TEST(XdsCertificateProviderTest, SwapOutDistributorsMultipleTimes) { |
|
|
|
|
// Initially there are no certificate providers.
|
|
|
|
|
EXPECT_EQ(watcher->root_certs(), absl::nullopt); |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), absl::nullopt); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->root_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->root_cert_error()), |
|
|
|
|
::testing::HasSubstr( |
|
|
|
|
"No certificate provider available for root certificates")); |
|
|
|
|
EXPECT_THAT( |
|
|
|
|
grpc_error_std_string(watcher->identity_cert_error()), |
|
|
|
|
StatusToString(watcher->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr( |
|
|
|
|
"No certificate provider available for identity certificates")); |
|
|
|
|
// Update root cert distributor.
|
|
|
|
@ -389,7 +390,7 @@ TEST(XdsCertificateProviderTest, SwapOutDistributorsMultipleTimes) { |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), absl::nullopt); |
|
|
|
|
EXPECT_EQ(watcher->root_cert_error(), absl::OkStatus()); |
|
|
|
|
EXPECT_THAT( |
|
|
|
|
grpc_error_std_string(watcher->identity_cert_error()), |
|
|
|
|
StatusToString(watcher->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr( |
|
|
|
|
"No certificate provider available for identity certificates")); |
|
|
|
|
// Update identity cert distributor
|
|
|
|
@ -409,9 +410,9 @@ TEST(XdsCertificateProviderTest, SwapOutDistributorsMultipleTimes) { |
|
|
|
|
GRPC_ERROR_CREATE(kIdentityErrorMessage)); |
|
|
|
|
EXPECT_EQ(watcher->root_certs(), kRootCert2); |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2()); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->root_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->root_cert_error()), |
|
|
|
|
::testing::HasSubstr(kRootErrorMessage)); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->identity_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr(kIdentityErrorMessage)); |
|
|
|
|
// Send an update again
|
|
|
|
|
distributor->SetKeyMaterials("", kRootCert1, MakeKeyCertPairsType1()); |
|
|
|
@ -424,7 +425,7 @@ TEST(XdsCertificateProviderTest, SwapOutDistributorsMultipleTimes) { |
|
|
|
|
distributor->SetKeyMaterials("", kRootCert2, MakeKeyCertPairsType2()); |
|
|
|
|
EXPECT_EQ(watcher->root_certs(), kRootCert1); // not updated
|
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2()); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->root_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->root_cert_error()), |
|
|
|
|
::testing::HasSubstr( |
|
|
|
|
"No certificate provider available for root certificates")); |
|
|
|
|
EXPECT_EQ(watcher->identity_cert_error(), absl::OkStatus()); |
|
|
|
@ -433,11 +434,11 @@ TEST(XdsCertificateProviderTest, SwapOutDistributorsMultipleTimes) { |
|
|
|
|
distributor->SetKeyMaterials("", kRootCert1, MakeKeyCertPairsType1()); |
|
|
|
|
EXPECT_EQ(watcher->root_certs(), kRootCert1); |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2()); // not updated
|
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->root_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->root_cert_error()), |
|
|
|
|
::testing::HasSubstr( |
|
|
|
|
"No certificate provider available for root certificates")); |
|
|
|
|
EXPECT_THAT( |
|
|
|
|
grpc_error_std_string(watcher->identity_cert_error()), |
|
|
|
|
StatusToString(watcher->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr( |
|
|
|
|
"No certificate provider available for identity certificates")); |
|
|
|
|
// Change certificate names being watched, without any certificate updates.
|
|
|
|
@ -445,11 +446,11 @@ TEST(XdsCertificateProviderTest, SwapOutDistributorsMultipleTimes) { |
|
|
|
|
provider.UpdateIdentityCertNameAndDistributor("", "identity", distributor); |
|
|
|
|
EXPECT_EQ(watcher->root_certs(), kRootCert1); |
|
|
|
|
EXPECT_EQ(watcher->key_cert_pairs(), MakeKeyCertPairsType2()); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->root_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->root_cert_error()), |
|
|
|
|
::testing::HasSubstr( |
|
|
|
|
"No certificate provider available for root certificates")); |
|
|
|
|
EXPECT_THAT( |
|
|
|
|
grpc_error_std_string(watcher->identity_cert_error()), |
|
|
|
|
StatusToString(watcher->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr( |
|
|
|
|
"No certificate provider available for identity certificates")); |
|
|
|
|
// Send out certificate updates.
|
|
|
|
@ -501,11 +502,11 @@ TEST(XdsCertificateProviderTest, MultipleCertNames) { |
|
|
|
|
std::unique_ptr<TestCertificatesWatcher>(watcher1), "test1", "test1"); |
|
|
|
|
EXPECT_EQ(watcher1->root_certs(), absl::nullopt); |
|
|
|
|
EXPECT_EQ(watcher1->key_cert_pairs(), absl::nullopt); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher1->root_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher1->root_cert_error()), |
|
|
|
|
::testing::HasSubstr( |
|
|
|
|
"No certificate provider available for root certificates")); |
|
|
|
|
EXPECT_THAT( |
|
|
|
|
grpc_error_std_string(watcher1->identity_cert_error()), |
|
|
|
|
StatusToString(watcher1->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr( |
|
|
|
|
"No certificate provider available for identity certificates")); |
|
|
|
|
// Add distributor for "test1". This will return data to the watcher.
|
|
|
|
@ -549,11 +550,11 @@ TEST(XdsCertificateProviderTest, UnknownCertName) { |
|
|
|
|
auto* watcher = new TestCertificatesWatcher; |
|
|
|
|
provider.distributor()->WatchTlsCertificates( |
|
|
|
|
std::unique_ptr<TestCertificatesWatcher>(watcher), "test", "test"); |
|
|
|
|
EXPECT_THAT(grpc_error_std_string(watcher->root_cert_error()), |
|
|
|
|
EXPECT_THAT(StatusToString(watcher->root_cert_error()), |
|
|
|
|
::testing::HasSubstr( |
|
|
|
|
"No certificate provider available for root certificates")); |
|
|
|
|
EXPECT_THAT( |
|
|
|
|
grpc_error_std_string(watcher->identity_cert_error()), |
|
|
|
|
StatusToString(watcher->identity_cert_error()), |
|
|
|
|
::testing::HasSubstr( |
|
|
|
|
"No certificate provider available for identity certificates")); |
|
|
|
|
} |
|
|
|
|