test/xds/xds_client_federation_test.go - third_party/github.com/grpc/grpc-go - Git at Google

 /*
  *
  * Copyright 2021 gRPC authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  */

 package xds_test

 import (
 	"context"
 	"fmt"
 	"strings"
 	"testing"

 	"github.com/google/uuid"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/internal"
 	"google.golang.org/grpc/internal/envconfig"
 	"google.golang.org/grpc/internal/testutils/xds/bootstrap"
 	"google.golang.org/grpc/internal/testutils/xds/e2e"
 	"google.golang.org/grpc/resolver"
 	"google.golang.org/grpc/status"

 	v3clusterpb "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
 	v3endpointpb "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
 	v3listenerpb "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	v3routepb "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
 	testgrpc "google.golang.org/grpc/test/grpc_testing"
 	testpb "google.golang.org/grpc/test/grpc_testing"
 )

 // TestClientSideFederation tests that federation is supported.
 //
 // In this test, some xDS responses contain resource names in another authority
 // (in the new resource name style):
 // - LDS: old style, no authority (default authority)
 // - RDS: new style, in a different authority
 // - CDS: old style, no authority (default authority)
 // - EDS: new style, in a different authority
 func (s) TestClientSideFederation(t *testing.T) {
 	oldXDSFederation := envconfig.XDSFederation
 	envconfig.XDSFederation = true
 	defer func() { envconfig.XDSFederation = oldXDSFederation }()

 	// Start a management server as the default authority.
 	serverDefaultAuth, err := e2e.StartManagementServer(e2e.ManagementServerOptions{})
 	if err != nil {
 		t.Fatalf("Failed to spin up the xDS management server: %v", err)
 	}
 	t.Cleanup(serverDefaultAuth.Stop)

 	// Start another management server as the other authority.
 	const nonDefaultAuth = "non-default-auth"
 	serverAnotherAuth, err := e2e.StartManagementServer(e2e.ManagementServerOptions{})
 	if err != nil {
 		t.Fatalf("Failed to spin up the xDS management server: %v", err)
 	}
 	t.Cleanup(serverAnotherAuth.Stop)

 	// Create a bootstrap file in a temporary directory.
 	nodeID := uuid.New().String()
 	bootstrapContents, err := bootstrap.Contents(bootstrap.Options{
 		Version:                            bootstrap.TransportV3,
 		NodeID:                             nodeID,
 		ServerURI:                          serverDefaultAuth.Address,
 		ServerListenerResourceNameTemplate: e2e.ServerListenerResourceNameTemplate,
 		// Specify the address of the non-default authority.
 		Authorities: map[string]string{nonDefaultAuth: serverAnotherAuth.Address},
 	})
 	if err != nil {
 		t.Fatalf("Failed to create bootstrap file: %v", err)
 	}

 	resolverBuilder := internal.NewXDSResolverWithConfigForTesting.(func([]byte) (resolver.Builder, error))
 	resolver, err := resolverBuilder(bootstrapContents)
 	if err != nil {
 		t.Fatalf("Failed to create xDS resolver for testing: %v", err)
 	}
 	port, cleanup := startTestService(t, nil)
 	defer cleanup()

 	const serviceName = "my-service-client-side-xds"
 	// LDS is old style name.
 	ldsName := serviceName
 	// RDS is new style, with the non default authority.
 	rdsName := fmt.Sprintf("xdstp://%s/envoy.config.route.v3.RouteConfiguration/%s", nonDefaultAuth, "route-"+serviceName)
 	// CDS is old style name.
 	cdsName := "cluster-" + serviceName
 	// EDS is new style, with the non default authority.
 	edsName := fmt.Sprintf("xdstp://%s/envoy.config.route.v3.ClusterLoadAssignment/%s", nonDefaultAuth, "endpoints-"+serviceName)

 	// Split resources, put LDS/CDS in the default authority, and put RDS/EDS in
 	// the other authority.
 	resourcesDefault := e2e.UpdateOptions{
 		NodeID: nodeID,
 		// This has only LDS and CDS.
 		Listeners:      []*v3listenerpb.Listener{e2e.DefaultClientListener(ldsName, rdsName)},
 		Clusters:       []*v3clusterpb.Cluster{e2e.DefaultCluster(cdsName, edsName, e2e.SecurityLevelNone)},
 		SkipValidation: true,
 	}
 	resourcesAnother := e2e.UpdateOptions{
 		NodeID: nodeID,
 		// This has only RDS and EDS.
 		Routes:         []*v3routepb.RouteConfiguration{e2e.DefaultRouteConfig(rdsName, ldsName, cdsName)},
 		Endpoints:      []*v3endpointpb.ClusterLoadAssignment{e2e.DefaultEndpoint(edsName, "localhost", []uint32{port})},
 		SkipValidation: true,
 	}

 	ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
 	defer cancel()
 	// This has only LDS and CDS.
 	if err := serverDefaultAuth.Update(ctx, resourcesDefault); err != nil {
 		t.Fatal(err)
 	}
 	// This has only RDS and EDS.
 	if err := serverAnotherAuth.Update(ctx, resourcesAnother); err != nil {
 		t.Fatal(err)
 	}

 	// Create a ClientConn and make a successful RPC.
 	cc, err := grpc.Dial(fmt.Sprintf("xds:///%s", serviceName), grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithResolvers(resolver))
 	if err != nil {
 		t.Fatalf("failed to dial local test server: %v", err)
 	}
 	defer cc.Close()

 	client := testgrpc.NewTestServiceClient(cc)
 	if _, err := client.EmptyCall(ctx, &testpb.Empty{}, grpc.WaitForReady(true)); err != nil {
 		t.Fatalf("rpc EmptyCall() failed: %v", err)
 	}
 }

 // TestFederation_UnknownAuthorityInDialTarget tests the case where a ClientConn
 // is created with a dial target containing an authority which is not specified
 // in the bootstrap configuration. The test verifies that RPCs on the ClientConn
 // fail with an appropriate error.
 func (s) TestFederation_UnknownAuthorityInDialTarget(t *testing.T) {
 	oldXDSFederation := envconfig.XDSFederation
 	envconfig.XDSFederation = true
 	defer func() { envconfig.XDSFederation = oldXDSFederation }()

 	// Setting up the management server is not *really* required for this test
 	// case. All we need is a bootstrap configuration which does not contain the
 	// authority mentioned in the dial target. But setting up the management
 	// server and actually making an RPC ensures that the xDS client is
 	// configured properly, and when we dial with an unknown authority in the
 	// next step, we can be sure that the error we receive is legitimate.
 	managementServer, nodeID, _, resolver, cleanup1 := e2e.SetupManagementServer(t, e2e.ManagementServerOptions{})
 	defer cleanup1()

 	port, cleanup2 := startTestService(t, nil)
 	defer cleanup2()

 	const serviceName = "my-service-client-side-xds"
 	resources := e2e.DefaultClientResources(e2e.ResourceParams{
 		DialTarget: serviceName,
 		NodeID:     nodeID,
 		Host:       "localhost",
 		Port:       port,
 		SecLevel:   e2e.SecurityLevelNone,
 	})
 	ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
 	defer cancel()
 	if err := managementServer.Update(ctx, resources); err != nil {
 		t.Fatal(err)
 	}

 	// Create a ClientConn and make a successful RPC.
 	target := fmt.Sprintf("xds:///%s", serviceName)
 	cc, err := grpc.Dial(target, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithResolvers(resolver))
 	if err != nil {
 		t.Fatalf("Dialing target %q: %v", target, err)
 	}
 	defer cc.Close()
 	t.Log("Created ClientConn to test service")

 	client := testpb.NewTestServiceClient(cc)
 	if _, err := client.EmptyCall(ctx, &testpb.Empty{}); err != nil {
 		t.Fatalf("EmptyCall() RPC: %v", err)
 	}
 	t.Log("Successfully performed an EmptyCall RPC")

 	target = fmt.Sprintf("xds://unknown-authority/%s", serviceName)
 	t.Logf("Dialing target %q with unknown authority which is expected to fail", target)
 	const wantErr = `authority "unknown-authority" is not found in the bootstrap file`
 	_, err = grpc.Dial(target, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithResolvers(resolver))
 	if err == nil || !strings.Contains(err.Error(), wantErr) {
 		t.Fatalf("grpc.Dial(%q) returned %v, want: %s", target, err, wantErr)
 	}
 }

 // TestFederation_UnknownAuthorityInReceivedResponse tests the case where the
 // LDS resource associated with the dial target contains an RDS resource name
 // with an authority which is not specified in the bootstrap configuration. The
 // test verifies that RPCs fail with an appropriate error.
 func (s) TestFederation_UnknownAuthorityInReceivedResponse(t *testing.T) {
 	oldXDSFederation := envconfig.XDSFederation
 	envconfig.XDSFederation = true
 	defer func() { envconfig.XDSFederation = oldXDSFederation }()

 	mgmtServer, err := e2e.StartManagementServer(e2e.ManagementServerOptions{})
 	if err != nil {
 		t.Fatalf("Failed to spin up the xDS management server: %v", err)
 	}
 	defer mgmtServer.Stop()

 	nodeID := uuid.New().String()
 	bootstrapContents, err := bootstrap.Contents(bootstrap.Options{
 		Version:                            bootstrap.TransportV3,
 		NodeID:                             nodeID,
 		ServerURI:                          mgmtServer.Address,
 		ServerListenerResourceNameTemplate: e2e.ServerListenerResourceNameTemplate,
 	})
 	if err != nil {
 		t.Fatal(err)
 	}

 	resolverBuilder := internal.NewXDSResolverWithConfigForTesting.(func([]byte) (resolver.Builder, error))
 	resolver, err := resolverBuilder(bootstrapContents)
 	if err != nil {
 		t.Fatalf("Creating xDS resolver for testing: %v", err)
 	}

 	// LDS is old style name.
 	// RDS is new style, with an unknown authority.
 	const serviceName = "my-service-client-side-xds"
 	const unknownAuthority = "unknown-authority"
 	ldsName := serviceName
 	rdsName := fmt.Sprintf("xdstp://%s/envoy.config.route.v3.RouteConfiguration/%s", unknownAuthority, "route-"+serviceName)

 	resources := e2e.UpdateOptions{
 		NodeID:         nodeID,
 		Listeners:      []*v3listenerpb.Listener{e2e.DefaultClientListener(ldsName, rdsName)},
 		Routes:         []*v3routepb.RouteConfiguration{e2e.DefaultRouteConfig(rdsName, ldsName, "cluster-"+serviceName)},
 		SkipValidation: true, // This update has only LDS and RDS resources.
 	}
 	ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
 	defer cancel()
 	if err := mgmtServer.Update(ctx, resources); err != nil {
 		t.Fatal(err)
 	}

 	target := fmt.Sprintf("xds:///%s", serviceName)
 	cc, err := grpc.Dial(target, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithResolvers(resolver))
 	if err != nil {
 		t.Fatalf("Dialing target %q: %v", target, err)
 	}
 	defer cc.Close()
 	t.Log("Created ClientConn to test service")

 	client := testpb.NewTestServiceClient(cc)
 	_, err = client.EmptyCall(ctx, &testpb.Empty{})
 	if err == nil {
 		t.Fatal("EmptyCall RPC succeeded for target with unknown authority when expected to fail")
 	}
 	if got, want := status.Code(err), codes.Unavailable; got != want {
 		t.Fatalf("EmptyCall RPC returned status code: %v, want %v", got, want)
 	}
 	if wantErr := `failed to find authority "unknown-authority"`; !strings.Contains(err.Error(), wantErr) {
 		t.Fatalf("EmptyCall RPC returned error: %v, want %v", err, wantErr)
 	}
 }
	/*
	*
	* Copyright 2021 gRPC authors.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	*/

	package xds_test

	import (
	"context"
	"fmt"
	"strings"
	"testing"

	"github.com/google/uuid"
	"google.golang.org/grpc"
	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/credentials/insecure"
	"google.golang.org/grpc/internal"
	"google.golang.org/grpc/internal/envconfig"
	"google.golang.org/grpc/internal/testutils/xds/bootstrap"
	"google.golang.org/grpc/internal/testutils/xds/e2e"
	"google.golang.org/grpc/resolver"
	"google.golang.org/grpc/status"

	v3clusterpb "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
	v3endpointpb "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"
	v3listenerpb "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
	v3routepb "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
	testgrpc "google.golang.org/grpc/test/grpc_testing"
	testpb "google.golang.org/grpc/test/grpc_testing"
	)

	// TestClientSideFederation tests that federation is supported.
	//
	// In this test, some xDS responses contain resource names in another authority
	// (in the new resource name style):
	// - LDS: old style, no authority (default authority)
	// - RDS: new style, in a different authority
	// - CDS: old style, no authority (default authority)
	// - EDS: new style, in a different authority
	func (s) TestClientSideFederation(t *testing.T) {
	oldXDSFederation := envconfig.XDSFederation
	envconfig.XDSFederation = true
	defer func() { envconfig.XDSFederation = oldXDSFederation }()

	// Start a management server as the default authority.
	serverDefaultAuth, err := e2e.StartManagementServer(e2e.ManagementServerOptions{})
	if err != nil {
	t.Fatalf("Failed to spin up the xDS management server: %v", err)
	}
	t.Cleanup(serverDefaultAuth.Stop)

	// Start another management server as the other authority.
	const nonDefaultAuth = "non-default-auth"
	serverAnotherAuth, err := e2e.StartManagementServer(e2e.ManagementServerOptions{})
	if err != nil {
	t.Fatalf("Failed to spin up the xDS management server: %v", err)
	}
	t.Cleanup(serverAnotherAuth.Stop)

	// Create a bootstrap file in a temporary directory.
	nodeID := uuid.New().String()
	bootstrapContents, err := bootstrap.Contents(bootstrap.Options{
	Version: bootstrap.TransportV3,
	NodeID: nodeID,
	ServerURI: serverDefaultAuth.Address,
	ServerListenerResourceNameTemplate: e2e.ServerListenerResourceNameTemplate,
	// Specify the address of the non-default authority.
	Authorities: map[string]string{nonDefaultAuth: serverAnotherAuth.Address},
	})
	if err != nil {
	t.Fatalf("Failed to create bootstrap file: %v", err)
	}

	resolverBuilder := internal.NewXDSResolverWithConfigForTesting.(func([]byte) (resolver.Builder, error))
	resolver, err := resolverBuilder(bootstrapContents)
	if err != nil {
	t.Fatalf("Failed to create xDS resolver for testing: %v", err)
	}
	port, cleanup := startTestService(t, nil)
	defer cleanup()

	const serviceName = "my-service-client-side-xds"
	// LDS is old style name.
	ldsName := serviceName
	// RDS is new style, with the non default authority.
	rdsName := fmt.Sprintf("xdstp://%s/envoy.config.route.v3.RouteConfiguration/%s", nonDefaultAuth, "route-"+serviceName)
	// CDS is old style name.
	cdsName := "cluster-" + serviceName
	// EDS is new style, with the non default authority.
	edsName := fmt.Sprintf("xdstp://%s/envoy.config.route.v3.ClusterLoadAssignment/%s", nonDefaultAuth, "endpoints-"+serviceName)

	// Split resources, put LDS/CDS in the default authority, and put RDS/EDS in
	// the other authority.
	resourcesDefault := e2e.UpdateOptions{
	NodeID: nodeID,
	// This has only LDS and CDS.
	Listeners: []*v3listenerpb.Listener{e2e.DefaultClientListener(ldsName, rdsName)},
	Clusters: []*v3clusterpb.Cluster{e2e.DefaultCluster(cdsName, edsName, e2e.SecurityLevelNone)},
	SkipValidation: true,
	}
	resourcesAnother := e2e.UpdateOptions{
	NodeID: nodeID,
	// This has only RDS and EDS.
	Routes: []*v3routepb.RouteConfiguration{e2e.DefaultRouteConfig(rdsName, ldsName, cdsName)},
	Endpoints: []*v3endpointpb.ClusterLoadAssignment{e2e.DefaultEndpoint(edsName, "localhost", []uint32{port})},
	SkipValidation: true,
	}

	ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
	defer cancel()
	// This has only LDS and CDS.
	if err := serverDefaultAuth.Update(ctx, resourcesDefault); err != nil {
	t.Fatal(err)
	}
	// This has only RDS and EDS.
	if err := serverAnotherAuth.Update(ctx, resourcesAnother); err != nil {
	t.Fatal(err)
	}

	// Create a ClientConn and make a successful RPC.
	cc, err := grpc.Dial(fmt.Sprintf("xds:///%s", serviceName), grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithResolvers(resolver))
	if err != nil {
	t.Fatalf("failed to dial local test server: %v", err)
	}
	defer cc.Close()

	client := testgrpc.NewTestServiceClient(cc)
	if _, err := client.EmptyCall(ctx, &testpb.Empty{}, grpc.WaitForReady(true)); err != nil {
	t.Fatalf("rpc EmptyCall() failed: %v", err)
	}
	}

	// TestFederation_UnknownAuthorityInDialTarget tests the case where a ClientConn
	// is created with a dial target containing an authority which is not specified
	// in the bootstrap configuration. The test verifies that RPCs on the ClientConn
	// fail with an appropriate error.
	func (s) TestFederation_UnknownAuthorityInDialTarget(t *testing.T) {
	oldXDSFederation := envconfig.XDSFederation
	envconfig.XDSFederation = true
	defer func() { envconfig.XDSFederation = oldXDSFederation }()

	// Setting up the management server is not really required for this test
	// case. All we need is a bootstrap configuration which does not contain the
	// authority mentioned in the dial target. But setting up the management
	// server and actually making an RPC ensures that the xDS client is
	// configured properly, and when we dial with an unknown authority in the
	// next step, we can be sure that the error we receive is legitimate.
	managementServer, nodeID, _, resolver, cleanup1 := e2e.SetupManagementServer(t, e2e.ManagementServerOptions{})
	defer cleanup1()

	port, cleanup2 := startTestService(t, nil)
	defer cleanup2()

	const serviceName = "my-service-client-side-xds"
	resources := e2e.DefaultClientResources(e2e.ResourceParams{
	DialTarget: serviceName,
	NodeID: nodeID,
	Host: "localhost",
	Port: port,
	SecLevel: e2e.SecurityLevelNone,
	})
	ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
	defer cancel()
	if err := managementServer.Update(ctx, resources); err != nil {
	t.Fatal(err)
	}

	// Create a ClientConn and make a successful RPC.
	target := fmt.Sprintf("xds:///%s", serviceName)
	cc, err := grpc.Dial(target, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithResolvers(resolver))
	if err != nil {
	t.Fatalf("Dialing target %q: %v", target, err)
	}
	defer cc.Close()
	t.Log("Created ClientConn to test service")

	client := testpb.NewTestServiceClient(cc)
	if _, err := client.EmptyCall(ctx, &testpb.Empty{}); err != nil {
	t.Fatalf("EmptyCall() RPC: %v", err)
	}
	t.Log("Successfully performed an EmptyCall RPC")

	target = fmt.Sprintf("xds://unknown-authority/%s", serviceName)
	t.Logf("Dialing target %q with unknown authority which is expected to fail", target)
	const wantErr = `authority "unknown-authority" is not found in the bootstrap file`
	_, err = grpc.Dial(target, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithResolvers(resolver))
	if err == nil \|\| !strings.Contains(err.Error(), wantErr) {
	t.Fatalf("grpc.Dial(%q) returned %v, want: %s", target, err, wantErr)
	}
	}

	// TestFederation_UnknownAuthorityInReceivedResponse tests the case where the
	// LDS resource associated with the dial target contains an RDS resource name
	// with an authority which is not specified in the bootstrap configuration. The
	// test verifies that RPCs fail with an appropriate error.
	func (s) TestFederation_UnknownAuthorityInReceivedResponse(t *testing.T) {
	oldXDSFederation := envconfig.XDSFederation
	envconfig.XDSFederation = true
	defer func() { envconfig.XDSFederation = oldXDSFederation }()

	mgmtServer, err := e2e.StartManagementServer(e2e.ManagementServerOptions{})
	if err != nil {
	t.Fatalf("Failed to spin up the xDS management server: %v", err)
	}
	defer mgmtServer.Stop()

	nodeID := uuid.New().String()
	bootstrapContents, err := bootstrap.Contents(bootstrap.Options{
	Version: bootstrap.TransportV3,
	NodeID: nodeID,
	ServerURI: mgmtServer.Address,
	ServerListenerResourceNameTemplate: e2e.ServerListenerResourceNameTemplate,
	})
	if err != nil {
	t.Fatal(err)
	}

	resolverBuilder := internal.NewXDSResolverWithConfigForTesting.(func([]byte) (resolver.Builder, error))
	resolver, err := resolverBuilder(bootstrapContents)
	if err != nil {
	t.Fatalf("Creating xDS resolver for testing: %v", err)
	}

	// LDS is old style name.
	// RDS is new style, with an unknown authority.
	const serviceName = "my-service-client-side-xds"
	const unknownAuthority = "unknown-authority"
	ldsName := serviceName
	rdsName := fmt.Sprintf("xdstp://%s/envoy.config.route.v3.RouteConfiguration/%s", unknownAuthority, "route-"+serviceName)

	resources := e2e.UpdateOptions{
	NodeID: nodeID,
	Listeners: []*v3listenerpb.Listener{e2e.DefaultClientListener(ldsName, rdsName)},
	Routes: []*v3routepb.RouteConfiguration{e2e.DefaultRouteConfig(rdsName, ldsName, "cluster-"+serviceName)},
	SkipValidation: true, // This update has only LDS and RDS resources.
	}
	ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout)
	defer cancel()
	if err := mgmtServer.Update(ctx, resources); err != nil {
	t.Fatal(err)
	}

	target := fmt.Sprintf("xds:///%s", serviceName)
	cc, err := grpc.Dial(target, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithResolvers(resolver))
	if err != nil {
	t.Fatalf("Dialing target %q: %v", target, err)
	}
	defer cc.Close()
	t.Log("Created ClientConn to test service")

	client := testpb.NewTestServiceClient(cc)
	_, err = client.EmptyCall(ctx, &testpb.Empty{})
	if err == nil {
	t.Fatal("EmptyCall RPC succeeded for target with unknown authority when expected to fail")
	}
	if got, want := status.Code(err), codes.Unavailable; got != want {
	t.Fatalf("EmptyCall RPC returned status code: %v, want %v", got, want)
	}
	if wantErr := `failed to find authority "unknown-authority"`; !strings.Contains(err.Error(), wantErr) {
	t.Fatalf("EmptyCall RPC returned error: %v, want %v", err, wantErr)
	}
	}