alts_util_test.cc
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2019 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #include <gtest/gtest.h>
20 
21 #include "upb/upb.hpp"
22 
23 #include <grpcpp/security/alts_context.h>
24 #include <grpcpp/security/alts_util.h>
25 #include <grpcpp/security/auth_context.h>
26 
27 #include "src/core/tsi/alts/handshaker/alts_tsi_handshaker.h"
28 #include "src/cpp/common/secure_auth_context.h"
29 #include "src/proto/grpc/gcp/altscontext.upb.h"
30 #include "test/core/util/test_config.h"
31 #include "test/cpp/util/string_ref_helper.h"
32 
33 namespace grpc {
34 namespace {
35 
36 TEST(AltsUtilTest, NullAuthContext) {
37  std::unique_ptr<experimental::AltsContext> alts_context =
38  experimental::GetAltsContextFromAuthContext(nullptr);
39  EXPECT_EQ(alts_context, nullptr);
40 }
41 
42 TEST(AltsUtilTest, EmptyAuthContext) {
43  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
44  grpc_core::MakeRefCounted<grpc_auth_context>(nullptr);
45  const std::shared_ptr<AuthContext> auth_context(
46  new SecureAuthContext(ctx.get()));
47  std::unique_ptr<experimental::AltsContext> alts_context =
48  experimental::GetAltsContextFromAuthContext(auth_context);
49  EXPECT_EQ(alts_context, nullptr);
50 }
51 
52 TEST(AltsUtilTest, AuthContextWithMoreThanOneAltsContext) {
53  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
54  grpc_core::MakeRefCounted<grpc_auth_context>(nullptr);
55  const std::shared_ptr<AuthContext> auth_context(
56  new SecureAuthContext(ctx.get()));
57  ctx.reset();
58  auth_context->AddProperty(TSI_ALTS_CONTEXT, "context1");
59  auth_context->AddProperty(TSI_ALTS_CONTEXT, "context2");
60  std::unique_ptr<experimental::AltsContext> alts_context =
61  experimental::GetAltsContextFromAuthContext(auth_context);
62  EXPECT_EQ(alts_context, nullptr);
63 }
64 
65 TEST(AltsUtilTest, AuthContextWithBadAltsContext) {
66  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
67  grpc_core::MakeRefCounted<grpc_auth_context>(nullptr);
68  const std::shared_ptr<AuthContext> auth_context(
69  new SecureAuthContext(ctx.get()));
70  ctx.reset();
71  auth_context->AddProperty(TSI_ALTS_CONTEXT,
72  "bad context string serialization");
73  std::unique_ptr<experimental::AltsContext> alts_context =
74  experimental::GetAltsContextFromAuthContext(auth_context);
75  EXPECT_EQ(alts_context, nullptr);
76 }
77 
78 TEST(AltsUtilTest, AuthContextWithGoodAltsContextWithoutRpcVersions) {
79  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
80  grpc_core::MakeRefCounted<grpc_auth_context>(nullptr);
81  const std::shared_ptr<AuthContext> auth_context(
82  new SecureAuthContext(ctx.get()));
83  ctx.reset();
84  std::string expected_ap("application protocol");
85  std::string expected_rp("record protocol");
86  std::string expected_peer("peer");
87  std::string expected_local("local");
88  std::string expected_peer_atrributes_key("peer");
89  std::string expected_peer_atrributes_value("attributes");
90  grpc_security_level expected_sl = GRPC_INTEGRITY_ONLY;
91  upb::Arena context_arena;
92  grpc_gcp_AltsContext* context = grpc_gcp_AltsContext_new(context_arena.ptr());
93  grpc_gcp_AltsContext_set_application_protocol(
94  context,
95  upb_StringView_FromDataAndSize(expected_ap.data(), expected_ap.length()));
96  grpc_gcp_AltsContext_set_record_protocol(
97  context,
98  upb_StringView_FromDataAndSize(expected_rp.data(), expected_rp.length()));
99  grpc_gcp_AltsContext_set_security_level(context, expected_sl);
100  grpc_gcp_AltsContext_set_peer_service_account(
101  context, upb_StringView_FromDataAndSize(expected_peer.data(),
102  expected_peer.length()));
103  grpc_gcp_AltsContext_set_local_service_account(
104  context, upb_StringView_FromDataAndSize(expected_local.data(),
105  expected_local.length()));
106  grpc_gcp_AltsContext_peer_attributes_set(
107  context,
108  upb_StringView_FromDataAndSize(expected_peer_atrributes_key.data(),
109  expected_peer_atrributes_key.length()),
110  upb_StringView_FromDataAndSize(expected_peer_atrributes_value.data(),
111  expected_peer_atrributes_value.length()),
112  context_arena.ptr());
113  size_t serialized_ctx_length;
114  char* serialized_ctx = grpc_gcp_AltsContext_serialize(
115  context, context_arena.ptr(), &serialized_ctx_length);
116  EXPECT_NE(serialized_ctx, nullptr);
117  auth_context->AddProperty(TSI_ALTS_CONTEXT,
118  string(serialized_ctx, serialized_ctx_length));
119  std::unique_ptr<experimental::AltsContext> alts_context =
120  experimental::GetAltsContextFromAuthContext(auth_context);
121  EXPECT_NE(alts_context, nullptr);
122  EXPECT_EQ(expected_ap, alts_context->application_protocol());
123  EXPECT_EQ(expected_rp, alts_context->record_protocol());
124  EXPECT_EQ(expected_peer, alts_context->peer_service_account());
125  EXPECT_EQ(expected_local, alts_context->local_service_account());
126  EXPECT_EQ(expected_sl, alts_context->security_level());
127  // all rpc versions should be 0 if not set
128  experimental::AltsContext::RpcProtocolVersions rpc_protocol_versions =
129  alts_context->peer_rpc_versions();
130  EXPECT_EQ(0, rpc_protocol_versions.max_rpc_version.major_version);
131  EXPECT_EQ(0, rpc_protocol_versions.max_rpc_version.minor_version);
132  EXPECT_EQ(0, rpc_protocol_versions.min_rpc_version.major_version);
133  EXPECT_EQ(0, rpc_protocol_versions.min_rpc_version.minor_version);
134  EXPECT_EQ(expected_peer_atrributes_value,
135  alts_context->peer_attributes().at(expected_peer_atrributes_key));
136 }
137 
138 TEST(AltsUtilTest, AuthContextWithGoodAltsContext) {
139  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
140  grpc_core::MakeRefCounted<grpc_auth_context>(nullptr);
141  const std::shared_ptr<AuthContext> auth_context(
142  new SecureAuthContext(ctx.get()));
143  ctx.reset();
144  upb::Arena context_arena;
145  grpc_gcp_AltsContext* context = grpc_gcp_AltsContext_new(context_arena.ptr());
146  upb::Arena versions_arena;
147  grpc_gcp_RpcProtocolVersions* versions =
148  grpc_gcp_RpcProtocolVersions_new(versions_arena.ptr());
149  upb::Arena max_major_version_arena;
150  grpc_gcp_RpcProtocolVersions_Version* version =
151  grpc_gcp_RpcProtocolVersions_Version_new(max_major_version_arena.ptr());
152  grpc_gcp_RpcProtocolVersions_Version_set_major(version, 10);
153  grpc_gcp_RpcProtocolVersions_set_max_rpc_version(versions, version);
154  grpc_gcp_AltsContext_set_peer_rpc_versions(context, versions);
155  size_t serialized_ctx_length;
156  char* serialized_ctx = grpc_gcp_AltsContext_serialize(
157  context, context_arena.ptr(), &serialized_ctx_length);
158  EXPECT_NE(serialized_ctx, nullptr);
159  auth_context->AddProperty(TSI_ALTS_CONTEXT,
160  string(serialized_ctx, serialized_ctx_length));
161  std::unique_ptr<experimental::AltsContext> alts_context =
162  experimental::GetAltsContextFromAuthContext(auth_context);
163  EXPECT_NE(alts_context, nullptr);
164  EXPECT_EQ("", alts_context->application_protocol());
165  EXPECT_EQ("", alts_context->record_protocol());
166  EXPECT_EQ("", alts_context->peer_service_account());
167  EXPECT_EQ("", alts_context->local_service_account());
168  EXPECT_EQ(GRPC_SECURITY_NONE, alts_context->security_level());
169  experimental::AltsContext::RpcProtocolVersions rpc_protocol_versions =
170  alts_context->peer_rpc_versions();
171  EXPECT_EQ(10, rpc_protocol_versions.max_rpc_version.major_version);
172  EXPECT_EQ(0, rpc_protocol_versions.max_rpc_version.minor_version);
173  EXPECT_EQ(0, rpc_protocol_versions.min_rpc_version.major_version);
174  EXPECT_EQ(0, rpc_protocol_versions.min_rpc_version.minor_version);
175 }
176 
177 TEST(AltsUtilTest, AltsClientAuthzCheck) {
178  // AltsClientAuthzCheck function should return a permission denied error on
179  // the bad_auth_context, whose internal ALTS context does not exist
180  const std::shared_ptr<AuthContext> bad_auth_context(
181  new SecureAuthContext(nullptr));
182  std::vector<std::string> service_accounts{"client"};
183  grpc::Status status =
184  experimental::AltsClientAuthzCheck(bad_auth_context, service_accounts);
185  EXPECT_EQ(grpc::StatusCode::PERMISSION_DENIED, status.error_code());
186  // AltsClientAuthzCheck function should function normally when the peer name
187  // in ALTS context is listed in service_accounts
188  grpc_core::RefCountedPtr<grpc_auth_context> ctx =
189  grpc_core::MakeRefCounted<grpc_auth_context>(nullptr);
190  const std::shared_ptr<AuthContext> auth_context(
191  new SecureAuthContext(ctx.get()));
192  ctx.reset();
193  std::string peer("good_client");
194  std::vector<std::string> good_service_accounts{"good_client",
195  "good_client_1"};
196  std::vector<std::string> bad_service_accounts{"bad_client", "bad_client_1"};
197  upb::Arena context_arena;
198  grpc_gcp_AltsContext* context = grpc_gcp_AltsContext_new(context_arena.ptr());
199  grpc_gcp_AltsContext_set_peer_service_account(
200  context, upb_StringView_FromDataAndSize(peer.data(), peer.length()));
201  size_t serialized_ctx_length;
202  char* serialized_ctx = grpc_gcp_AltsContext_serialize(
203  context, context_arena.ptr(), &serialized_ctx_length);
204  EXPECT_NE(serialized_ctx, nullptr);
205  auth_context->AddProperty(TSI_ALTS_CONTEXT,
206  string(serialized_ctx, serialized_ctx_length));
207  grpc::Status good_status =
208  experimental::AltsClientAuthzCheck(auth_context, good_service_accounts);
209  EXPECT_TRUE(good_status.ok());
210  grpc::Status bad_status =
211  experimental::AltsClientAuthzCheck(auth_context, bad_service_accounts);
212  EXPECT_EQ(grpc::StatusCode::PERMISSION_DENIED, bad_status.error_code());
213 }
214 
215 } // namespace
216 } // namespace grpc
217 
218 int main(int argc, char** argv) {
219  grpc::testing::TestEnvironment env(&argc, argv);
220  ::testing::InitGoogleTest(&argc, argv);
221  return RUN_ALL_TESTS();
222 }
altscontext.upb.h
grpc::status
auto status
Definition: cpp/client/credentials_test.cc:200
grpc_gcp_RpcProtocolVersions_Version
struct grpc_gcp_RpcProtocolVersions_Version grpc_gcp_RpcProtocolVersions_Version
Definition: transport_security_common.upb.h:26
ctx
Definition: benchmark-async.c:30
generate.env
env
Definition: generate.py:37
grpc_gcp_AltsContext_set_security_level
UPB_INLINE void grpc_gcp_AltsContext_set_security_level(grpc_gcp_AltsContext *msg, int32_t value)
Definition: altscontext.upb.h:126
grpc_gcp_RpcProtocolVersions_Version_new
UPB_INLINE grpc_gcp_RpcProtocolVersions_Version * grpc_gcp_RpcProtocolVersions_Version_new(upb_Arena *arena)
Definition: transport_security_common.upb.h:117
grpc
Definition: grpcpp/alarm.h:33
grpc::experimental::AltsClientAuthzCheck
grpc::Status AltsClientAuthzCheck(const std::shared_ptr< const AuthContext > &auth_context, const std::vector< std::string > &expected_service_accounts)
Definition: alts_util.cc:69
grpc::Status::ok
bool ok() const
Is the status OK?
Definition: include/grpcpp/impl/codegen/status.h:126
alts_tsi_handshaker.h
testing::internal::string
::std::string string
Definition: bloaty/third_party/protobuf/third_party/googletest/googletest/include/gtest/internal/gtest-port.h:881
grpc_gcp_AltsContext_new
UPB_INLINE grpc_gcp_AltsContext * grpc_gcp_AltsContext_new(upb_Arena *arena)
Definition: altscontext.upb.h:36
secure_auth_context.h
grpc_gcp_RpcProtocolVersions_new
UPB_INLINE grpc_gcp_RpcProtocolVersions * grpc_gcp_RpcProtocolVersions_new(upb_Arena *arena)
Definition: transport_security_common.upb.h:40
version
Definition: version.py:1
grpc::EXPECT_TRUE
EXPECT_TRUE(status.ok())
alts_context.h
main
int main(int argc, char **argv)
Definition: alts_util_test.cc:218
GRPC_SECURITY_NONE
@ GRPC_SECURITY_NONE
Definition: grpc_security_constants.h:133
grpc_core::RefCountedPtr< grpc_auth_context >
EXPECT_NE
#define EXPECT_NE(val1, val2)
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:2028
grpc.StatusCode.PERMISSION_DENIED
tuple PERMISSION_DENIED
Definition: src/python/grpcio/grpc/__init__.py:268
grpc_gcp_AltsContext_set_peer_rpc_versions
UPB_INLINE void grpc_gcp_AltsContext_set_peer_rpc_versions(grpc_gcp_AltsContext *msg, struct grpc_gcp_RpcProtocolVersions *value)
Definition: altscontext.upb.h:135
grpc_gcp_AltsContext
struct grpc_gcp_AltsContext grpc_gcp_AltsContext
Definition: altscontext.upb.h:25
GRPC_INTEGRITY_ONLY
@ GRPC_INTEGRITY_ONLY
Definition: grpc_security_constants.h:134
grpc_gcp_AltsContext_peer_attributes_set
UPB_INLINE bool grpc_gcp_AltsContext_peer_attributes_set(grpc_gcp_AltsContext *msg, upb_StringView key, upb_StringView val, upb_Arena *a)
Definition: altscontext.upb.h:149
RUN_ALL_TESTS
int RUN_ALL_TESTS() GTEST_MUST_USE_RESULT_
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:2471
grpc_gcp_RpcProtocolVersions
struct grpc_gcp_RpcProtocolVersions grpc_gcp_RpcProtocolVersions
Definition: transport_security_common.upb.h:25
grpc_gcp_AltsContext_serialize
UPB_INLINE char * grpc_gcp_AltsContext_serialize(const grpc_gcp_AltsContext *msg, upb_Arena *arena, size_t *len)
Definition: altscontext.upb.h:58
grpc_gcp_RpcProtocolVersions_set_max_rpc_version
UPB_INLINE void grpc_gcp_RpcProtocolVersions_set_max_rpc_version(grpc_gcp_RpcProtocolVersions *msg, grpc_gcp_RpcProtocolVersions_Version *value)
Definition: transport_security_common.upb.h:88
grpc_gcp_AltsContext_set_peer_service_account
UPB_INLINE void grpc_gcp_AltsContext_set_peer_service_account(grpc_gcp_AltsContext *msg, upb_StringView value)
Definition: altscontext.upb.h:129
test_config.h
upb::Arena::ptr
upb_Arena * ptr()
Definition: upb.hpp:76
upb::Arena
Definition: upb.hpp:68
grpc_security_level
grpc_security_level
Definition: grpc_security_constants.h:131
testing::InitGoogleTest
GTEST_API_ void InitGoogleTest(int *argc, char **argv)
Definition: bloaty/third_party/googletest/googletest/src/gtest.cc:6106
grpc::experimental::GetAltsContextFromAuthContext
std::unique_ptr< AltsContext > GetAltsContextFromAuthContext(const std::shared_ptr< const AuthContext > &auth_context)
Definition: alts_util.cc:42
upb.hpp
grpc_gcp_AltsContext_set_local_service_account
UPB_INLINE void grpc_gcp_AltsContext_set_local_service_account(grpc_gcp_AltsContext *msg, upb_StringView value)
Definition: altscontext.upb.h:132
grpc::TEST
TEST(CredentialsTest, StsCredentialsOptionsFromEnv)
Definition: cpp/client/credentials_test.cc:229
grpc::testing::TestEnvironment
Definition: test/core/util/test_config.h:54
upb_StringView_FromDataAndSize
UPB_INLINE upb_StringView upb_StringView_FromDataAndSize(const char *data, size_t size)
Definition: upb/upb/upb.h:77
grpc::Status
Definition: include/grpcpp/impl/codegen/status.h:35
grpc_gcp_RpcProtocolVersions_Version_set_major
UPB_INLINE void grpc_gcp_RpcProtocolVersions_Version_set_major(grpc_gcp_RpcProtocolVersions_Version *msg, uint32_t value)
Definition: transport_security_common.upb.h:159
grpc::EXPECT_EQ
EXPECT_EQ(grpc::StatusCode::INVALID_ARGUMENT, status.error_code())
alts_util.h
grpc::Status::error_code
StatusCode error_code() const
Return the instance's error code.
Definition: include/grpcpp/impl/codegen/status.h:118
context
grpc::ClientContext context
Definition: istio_echo_server_lib.cc:61
TSI_ALTS_CONTEXT
#define TSI_ALTS_CONTEXT
Definition: alts_tsi_handshaker.h:37
auth_context.h
grpc_gcp_AltsContext_set_application_protocol
UPB_INLINE void grpc_gcp_AltsContext_set_application_protocol(grpc_gcp_AltsContext *msg, upb_StringView value)
Definition: altscontext.upb.h:120
string_ref_helper.h
grpc_gcp_AltsContext_set_record_protocol
UPB_INLINE void grpc_gcp_AltsContext_set_record_protocol(grpc_gcp_AltsContext *msg, upb_StringView value)
Definition: altscontext.upb.h:123

grpc
Author(s):
autogenerated on Fri May 16 2025 02:57:41