Google Git
Sign in
fuchsia / third_party / github.com / grpc / grpc-go / 644142cbf33fa50a55c5e7925804fe959ba67300 / . / credentials / alts / utils_test.go
blob: f0ab2377c9530297fab9a7087a4297e0cc7496f8 [file] [log] [blame]
/*
*
* Copyright 2018 gRPC authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package alts
import (
"context"
"io"
"os"
"strings"
"testing"
"google.golang.org/grpc/codes"
altspb "google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp"
"google.golang.org/grpc/peer"
"google.golang.org/grpc/status"
)
const (
testServiceAccount1 = "service_account1"
testServiceAccount2 = "service_account2"
testServiceAccount3 = "service_account3"
)
func setupManufacturerReader(testOS string, reader func() (io.Reader, error)) func() {
tmpOS := runningOS
tmpReader := manufacturerReader
// Set test OS and reader function.
runningOS = testOS
manufacturerReader = reader
return func() {
runningOS = tmpOS
manufacturerReader = tmpReader
}
}
func setup(testOS string, testReader io.Reader) func() {
reader := func() (io.Reader, error) {
return testReader, nil
}
return setupManufacturerReader(testOS, reader)
}
func setupError(testOS string, err error) func() {
reader := func() (io.Reader, error) {
return nil, err
}
return setupManufacturerReader(testOS, reader)
}
func (s) TestIsRunningOnGCP(t *testing.T) {
for _, tc := range []struct {
description string
testOS string
testReader io.Reader
out bool
}{
// Linux tests.
{"linux: not a GCP platform", "linux", strings.NewReader("not GCP"), false},
{"Linux: GCP platform (Google)", "linux", strings.NewReader("Google"), true},
{"Linux: GCP platform (Google Compute Engine)", "linux", strings.NewReader("Google Compute Engine"), true},
{"Linux: GCP platform (Google Compute Engine) with extra spaces", "linux", strings.NewReader(" Google Compute Engine "), true},
// Windows tests.
{"windows: not a GCP platform", "windows", strings.NewReader("not GCP"), false},
{"windows: GCP platform (Google)", "windows", strings.NewReader("Google"), true},
{"windows: GCP platform (Google) with extra spaces", "windows", strings.NewReader(" Google "), true},
} {
reverseFunc := setup(tc.testOS, tc.testReader)
if got, want := isRunningOnGCP(), tc.out; got != want {
t.Errorf("%v: isRunningOnGCP()=%v, want %v", tc.description, got, want)
}
reverseFunc()
}
}
func (s) TestIsRunningOnGCPNoProductNameFile(t *testing.T) {
reverseFunc := setupError("linux", os.ErrNotExist)
if isRunningOnGCP() {
t.Errorf("ErrNotExist: isRunningOnGCP()=true, want false")
}
reverseFunc()
}
func (s) TestAuthInfoFromContext(t *testing.T) {
ctx := context.Background()
altsAuthInfo := &fakeALTSAuthInfo{}
p := &peer.Peer{
AuthInfo: altsAuthInfo,
}
for _, tc := range []struct {
desc string
ctx context.Context
success bool
out AuthInfo
}{
{
"working case",
peer.NewContext(ctx, p),
true,
altsAuthInfo,
},
} {
authInfo, err := AuthInfoFromContext(tc.ctx)
if got, want := (err == nil), tc.success; got != want {
t.Errorf("%v: AuthInfoFromContext(_)=(err=nil)=%v, want %v", tc.desc, got, want)
}
if got, want := authInfo, tc.out; got != want {
t.Errorf("%v:, AuthInfoFromContext(_)=(%v, _), want (%v, _)", tc.desc, got, want)
}
}
}
func (s) TestAuthInfoFromPeer(t *testing.T) {
altsAuthInfo := &fakeALTSAuthInfo{}
p := &peer.Peer{
AuthInfo: altsAuthInfo,
}
for _, tc := range []struct {
desc string
p *peer.Peer
success bool
out AuthInfo
}{
{
"working case",
p,
true,
altsAuthInfo,
},
} {
authInfo, err := AuthInfoFromPeer(tc.p)
if got, want := (err == nil), tc.success; got != want {
t.Errorf("%v: AuthInfoFromPeer(_)=(err=nil)=%v, want %v", tc.desc, got, want)
}
if got, want := authInfo, tc.out; got != want {
t.Errorf("%v:, AuthInfoFromPeer(_)=(%v, _), want (%v, _)", tc.desc, got, want)
}
}
}
func (s) TestClientAuthorizationCheck(t *testing.T) {
ctx := context.Background()
altsAuthInfo := &fakeALTSAuthInfo{testServiceAccount1}
p := &peer.Peer{
AuthInfo: altsAuthInfo,
}
for _, tc := range []struct {
desc string
ctx context.Context
expectedServiceAccounts []string
success bool
code codes.Code
}{
{
"working case",
peer.NewContext(ctx, p),
[]string{testServiceAccount1, testServiceAccount2},
true,
codes.OK, // err is nil, code is OK.
},
{
"context does not have AuthInfo",
ctx,
[]string{testServiceAccount1, testServiceAccount2},
false,
codes.PermissionDenied,
},
{
"unauthorized client",
peer.NewContext(ctx, p),
[]string{testServiceAccount2, testServiceAccount3},
false,
codes.PermissionDenied,
},
} {
err := ClientAuthorizationCheck(tc.ctx, tc.expectedServiceAccounts)
if got, want := (err == nil), tc.success; got != want {
t.Errorf("%v: ClientAuthorizationCheck(_, %v)=(err=nil)=%v, want %v", tc.desc, tc.expectedServiceAccounts, got, want)
}
if got, want := status.Code(err), tc.code; got != want {
t.Errorf("%v: ClientAuthorizationCheck(_, %v).Code=%v, want %v", tc.desc, tc.expectedServiceAccounts, got, want)
}
}
}
type fakeALTSAuthInfo struct {
peerServiceAccount string
}
func (*fakeALTSAuthInfo) AuthType() string { return "" }
func (*fakeALTSAuthInfo) ApplicationProtocol() string { return "" }
func (*fakeALTSAuthInfo) RecordProtocol() string { return "" }
func (*fakeALTSAuthInfo) SecurityLevel() altspb.SecurityLevel {
return altspb.SecurityLevel_SECURITY_NONE
}
func (f *fakeALTSAuthInfo) PeerServiceAccount() string { return f.peerServiceAccount }
func (*fakeALTSAuthInfo) LocalServiceAccount() string { return "" }
func (*fakeALTSAuthInfo) PeerRPCVersions() *altspb.RpcProtocolVersions { return nil }