Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

84 lines
2.2 KiB

package middleware
import (
"net"
"testing"
"github.com/stretchr/testify/require"
"google.golang.org/grpc/credentials"
)
type fakeTransportCredentials struct {
credentials.TransportCredentials
callback func(conn net.Conn) (net.Conn, credentials.AuthInfo, error)
}
func (f fakeTransportCredentials) ServerHandshake(conn net.Conn) (net.Conn, credentials.AuthInfo, error) {
return f.callback(conn)
}
func TestGRPCMiddleware_optionalTransportCredentials_ServerHandshake(t *testing.T) {
plainConn := LabelledConn{protocol: ProtocolPlaintext}
tlsConn := LabelledConn{protocol: ProtocolTLS}
tests := []struct {
name string
conn net.Conn
callback func(conn net.Conn) (net.Conn, credentials.AuthInfo, error)
expectConn net.Conn
expectAuthInfo credentials.AuthInfo
expectErr string
}{
{
name: "plaintext_noop",
conn: plainConn,
expectConn: plainConn,
expectAuthInfo: nil,
},
{
name: "tls_with_missing_auth",
conn: tlsConn,
callback: func(conn net.Conn) (net.Conn, credentials.AuthInfo, error) {
return conn, nil, nil
},
expectConn: nil,
expectAuthInfo: nil,
expectErr: "missing auth info after handshake",
},
{
name: "tls_success",
conn: tlsConn,
callback: func(conn net.Conn) (net.Conn, credentials.AuthInfo, error) {
return conn, credentials.TLSInfo{}, nil
},
expectConn: tlsConn,
expectAuthInfo: credentials.TLSInfo{},
expectErr: "",
},
{
name: "invalid_protocol",
conn: LabelledConn{protocol: -1},
expectConn: nil,
expectAuthInfo: nil,
expectErr: "invalid protocol for grpc connection",
},
}
for _, tc := range tests {
t.Run(tc.name, func(t *testing.T) {
creds := optionalTransportCredentials{
TransportCredentials: fakeTransportCredentials{
callback: tc.callback,
},
}
conn, authInfo, err := creds.ServerHandshake(tc.conn)
require.Equal(t, tc.expectConn, conn)
require.Equal(t, tc.expectAuthInfo, authInfo)
if tc.expectErr == "" {
require.NoError(t, err)
} else {
require.Error(t, err)
require.Contains(t, err.Error(), tc.expectErr)
}
})
}
}