google_mesh_ca_certificate_provider_factory_test.cc
Go to the documentation of this file.
1 //
2 //
3 // Copyright 2020 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18 
19 #include "src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h"
20 
21 #include <gmock/gmock.h>
22 #include <gtest/gtest.h>
23 
24 #include <grpc/grpc.h>
25 
26 #include "src/core/lib/gprpp/time.h"
27 #include "test/core/util/test_config.h"
28 
29 namespace grpc_core {
30 namespace testing {
31 namespace {
32 
33 TEST(GoogleMeshCaConfigTest, Basic) {
34  const char* json_str =
35  "{"
36  " \"server\": {"
37  " \"api_type\": \"GRPC\","
38  " \"grpc_services\": [{"
39  " \"google_grpc\": {"
40  " \"target_uri\": \"newmeshca.googleapis.com\","
41  " \"channel_credentials\": { \"google_default\": {}},"
42  " \"call_credentials\": [{"
43  " \"sts_service\": {"
44  " \"token_exchange_service_uri\": "
45  "\"newsecuretoken.googleapis.com\","
46  " \"resource\": \"newmeshca.googleapis.com\","
47  " \"audience\": \"newmeshca.googleapis.com\","
48  " \"scope\": "
49  "\"https://www.newgoogleapis.com/auth/cloud-platform\","
50  " \"requested_token_type\": "
51  "\"urn:ietf:params:oauth:token-type:jwt\","
52  " \"subject_token_path\": \"/etc/secret/sajwt.token\","
53  " \"subject_token_type\": "
54  "\"urn:ietf:params:oauth:token-type:jwt\","
55  " \"actor_token_path\": \"/etc/secret/sajwt.token\","
56  " \"actor_token_type\": "
57  "\"urn:ietf:params:oauth:token-type:jwt\""
58  " }"
59  " }]"
60  " },"
61  " \"timeout\": \"20s\""
62  " }]"
63  " },"
64  " \"certificate_lifetime\": \"400s\","
65  " \"renewal_grace_period\": \"100s\","
66  " \"key_type\": \"RSA\","
67  " \"key_size\": 1024,"
68  " \"location\": "
69  "\"https://container.googleapis.com/v1/project/test-project1/locations/"
70  "test-zone2/clusters/test-cluster3\""
71  "}";
72  grpc_error_handle error = GRPC_ERROR_NONE;
73  Json json = Json::Parse(json_str, &error);
74  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
75  auto config =
76  GoogleMeshCaCertificateProviderFactory::Config::Parse(json, &error);
77  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
78  EXPECT_EQ(config->endpoint(), "newmeshca.googleapis.com");
79  EXPECT_EQ(config->sts_config().token_exchange_service_uri,
80  "newsecuretoken.googleapis.com");
81  EXPECT_EQ(config->sts_config().resource, "newmeshca.googleapis.com");
82  EXPECT_EQ(config->sts_config().audience, "newmeshca.googleapis.com");
83  EXPECT_EQ(config->sts_config().scope,
84  "https://www.newgoogleapis.com/auth/cloud-platform");
85  EXPECT_EQ(config->sts_config().requested_token_type,
86  "urn:ietf:params:oauth:token-type:jwt");
87  EXPECT_EQ(config->sts_config().subject_token_path, "/etc/secret/sajwt.token");
88  EXPECT_EQ(config->sts_config().subject_token_type,
89  "urn:ietf:params:oauth:token-type:jwt");
90  EXPECT_EQ(config->sts_config().actor_token_path, "/etc/secret/sajwt.token");
91  EXPECT_EQ(config->sts_config().actor_token_type,
92  "urn:ietf:params:oauth:token-type:jwt");
93  EXPECT_EQ(config->timeout(), Duration::Seconds(20));
94  EXPECT_EQ(config->certificate_lifetime(), Duration::Seconds(400));
95  EXPECT_EQ(config->renewal_grace_period(), Duration::Seconds(100));
96  EXPECT_EQ(config->key_size(), 1024);
97  EXPECT_EQ(config->location(),
98  "https://container.googleapis.com/v1/project/test-project1/"
99  "locations/test-zone2/clusters/test-cluster3");
100 }
101 
102 TEST(GoogleMeshCaConfigTest, Defaults) {
103  const char* json_str =
104  "{"
105  " \"server\": {"
106  " \"api_type\": \"GRPC\","
107  " \"grpc_services\": [{"
108  " \"google_grpc\": {"
109  " \"call_credentials\": [{"
110  " \"sts_service\": {"
111  " \"scope\": "
112  "\"https://www.googleapis.com/auth/cloud-platform\","
113  " \"subject_token_path\": \"/etc/secret/sajwt.token\","
114  " \"subject_token_type\": "
115  "\"urn:ietf:params:oauth:token-type:jwt\""
116  " }"
117  " }]"
118  " }"
119  " }]"
120  " },"
121  " \"location\": "
122  "\"https://container.googleapis.com/v1/project/test-project1/locations/"
123  "test-zone2/clusters/test-cluster3\""
124  "}";
125  grpc_error_handle error = GRPC_ERROR_NONE;
126  Json json = Json::Parse(json_str, &error);
127  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
128  auto config =
129  GoogleMeshCaCertificateProviderFactory::Config::Parse(json, &error);
130  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
131  EXPECT_EQ(config->endpoint(), "meshca.googleapis.com");
132  EXPECT_EQ(config->sts_config().token_exchange_service_uri,
133  "securetoken.googleapis.com");
134  EXPECT_EQ(config->sts_config().resource, "");
135  EXPECT_EQ(config->sts_config().audience, "");
136  EXPECT_EQ(config->sts_config().scope,
137  "https://www.googleapis.com/auth/cloud-platform");
138  EXPECT_EQ(config->sts_config().requested_token_type, "");
139  EXPECT_EQ(config->sts_config().subject_token_path, "/etc/secret/sajwt.token");
140  EXPECT_EQ(config->sts_config().subject_token_type,
141  "urn:ietf:params:oauth:token-type:jwt");
142  EXPECT_EQ(config->sts_config().actor_token_path, "");
143  EXPECT_EQ(config->sts_config().actor_token_type, "");
144  EXPECT_EQ(config->timeout(), Duration::Seconds(10));
145  EXPECT_EQ(config->certificate_lifetime(), Duration::Hours(24));
146  EXPECT_EQ(config->renewal_grace_period(), Duration::Hours(12));
147  EXPECT_EQ(config->key_size(), 2048);
148  EXPECT_EQ(config->location(),
149  "https://container.googleapis.com/v1/project/test-project1/"
150  "locations/test-zone2/clusters/test-cluster3");
151 }
152 
153 TEST(GoogleMeshCaConfigTest, WrongExpectedValues) {
154  const char* json_str =
155  "{"
156  " \"server\": {"
157  " \"api_type\": \"REST\","
158  " \"grpc_services\": [{"
159  " \"google_grpc\": {"
160  " \"call_credentials\": [{"
161  " \"sts_service\": {"
162  " \"scope\": "
163  "\"https://www.googleapis.com/auth/cloud-platform\","
164  " \"subject_token_path\": \"/etc/secret/sajwt.token\","
165  " \"subject_token_type\": "
166  "\"urn:ietf:params:oauth:token-type:jwt\""
167  " }"
168  " }]"
169  " }"
170  " }]"
171  " },"
172  " \"key_type\": \"DSA\","
173  " \"location\": "
174  "\"https://container.googleapis.com/v1/project/test-project1/locations/"
175  "test-zone2/clusters/test-cluster3\""
176  "}";
177  grpc_error_handle error = GRPC_ERROR_NONE;
178  Json json = Json::Parse(json_str, &error);
179  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
180  auto config =
181  GoogleMeshCaCertificateProviderFactory::Config::Parse(json, &error);
182  EXPECT_THAT(
183  grpc_error_std_string(error),
184  ::testing::ContainsRegex("field:api_type error:Only GRPC is supported.*"
185  "field:key_type error:Only RSA is supported"));
186  GRPC_ERROR_UNREF(error);
187 }
188 
189 TEST(GoogleMeshCaConfigTest, WrongTypes) {
190  const char* json_str =
191  "{"
192  " \"server\": {"
193  " \"api_type\": 123,"
194  " \"grpc_services\": [{"
195  " \"google_grpc\": {"
196  " \"target_uri\": 123,"
197  " \"call_credentials\": [{"
198  " \"sts_service\": {"
199  " \"token_exchange_service_uri\": 123,"
200  " \"resource\": 123,"
201  " \"audience\": 123,"
202  " \"scope\": 123,"
203  " \"requested_token_type\": 123,"
204  " \"subject_token_path\": 123,"
205  " \"subject_token_type\": 123,"
206  " \"actor_token_path\": 123,"
207  " \"actor_token_type\": 123"
208  " }"
209  " }]"
210  " },"
211  " \"timeout\": 20"
212  " }]"
213  " },"
214  " \"certificate_lifetime\": 400,"
215  " \"renewal_grace_period\": 100,"
216  " \"key_type\": 123,"
217  " \"key_size\": \"1024A\","
218  " \"location\": 123"
219  "}";
220  grpc_error_handle error = GRPC_ERROR_NONE;
221  Json json = Json::Parse(json_str, &error);
222  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
223  auto config =
224  GoogleMeshCaCertificateProviderFactory::Config::Parse(json, &error);
225  EXPECT_THAT(
226  grpc_error_std_string(error),
227  ::testing::ContainsRegex(
228  "field:server.*field:api_type error:type should be STRING.*"
229  "field:grpc_services.*field:google_grpc.*field:target_uri "
230  "error:type should be STRING.*"
231  "field:call_credentials.*field:sts_service.*field:token_exchange_"
232  "service_uri error:type should be STRING.*"
233  "field:resource error:type should be STRING.*"
234  "field:audience error:type should be STRING.*"
235  "field:scope error:type should be STRING.*"
236  "field:requested_token_type error:type should be STRING.*"
237  "field:subject_token_path error:type should be STRING.*"
238  "field:subject_token_type error:type should be STRING.*"
239  "field:actor_token_path error:type should be STRING.*"
240  "field:actor_token_type error:type should be STRING.*"
241  "field:timeout error:type should be STRING of the form given by "
242  "google.proto.Duration.*"
243  "field:certificate_lifetime error:type should be STRING of the form "
244  "given by google.proto.Duration.*"
245  "field:renewal_grace_period error:type should be STRING of the form "
246  "given by google.proto.Duration..*"
247  "field:key_type error:type should be STRING.*"
248  "field:key_size error:failed to parse.*"
249  "field:location error:type should be STRING"));
250  GRPC_ERROR_UNREF(error);
251 }
252 
253 TEST(GoogleMeshCaConfigTest, GrpcServicesNotAnArray) {
254  const char* json_str =
255  "{"
256  " \"server\": {"
257  " \"api_type\": \"GRPC\","
258  " \"grpc_services\": 123"
259  " },"
260  " \"location\": "
261  "\"https://container.googleapis.com/v1/project/test-project1/locations/"
262  "test-zone2/clusters/test-cluster3\""
263  "}";
264  grpc_error_handle error = GRPC_ERROR_NONE;
265  Json json = Json::Parse(json_str, &error);
266  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
267  auto config =
268  GoogleMeshCaCertificateProviderFactory::Config::Parse(json, &error);
269  EXPECT_THAT(
270  grpc_error_std_string(error),
271  ::testing::ContainsRegex(
272  "field:server.*field:grpc_services error:type should be ARRAY"));
273  GRPC_ERROR_UNREF(error);
274 }
275 
276 TEST(GoogleMeshCaConfigTest, GoogleGrpcNotAnObject) {
277  const char* json_str =
278  "{"
279  " \"server\": {"
280  " \"api_type\": \"GRPC\","
281  " \"grpc_services\": [{"
282  " \"google_grpc\": 123"
283  " }]"
284  " },"
285  " \"location\": "
286  "\"https://container.googleapis.com/v1/project/test-project1/locations/"
287  "test-zone2/clusters/test-cluster3\""
288  "}";
289  grpc_error_handle error = GRPC_ERROR_NONE;
290  Json json = Json::Parse(json_str, &error);
291  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
292  auto config =
293  GoogleMeshCaCertificateProviderFactory::Config::Parse(json, &error);
294  EXPECT_THAT(
295  grpc_error_std_string(error),
296  ::testing::ContainsRegex("field:server.*field:grpc_services.*field:"
297  "google_grpc error:type should be OBJECT"));
298  GRPC_ERROR_UNREF(error);
299 }
300 
301 TEST(GoogleMeshCaConfigTest, CallCredentialsNotAnArray) {
302  const char* json_str =
303  "{"
304  " \"server\": {"
305  " \"api_type\": \"GRPC\","
306  " \"grpc_services\": [{"
307  " \"google_grpc\": {"
308  " \"call_credentials\": 123"
309  " }"
310  " }]"
311  " },"
312  " \"location\": "
313  "\"https://container.googleapis.com/v1/project/test-project1/locations/"
314  "test-zone2/clusters/test-cluster3\""
315  "}";
316  grpc_error_handle error = GRPC_ERROR_NONE;
317  Json json = Json::Parse(json_str, &error);
318  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
319  auto config =
320  GoogleMeshCaCertificateProviderFactory::Config::Parse(json, &error);
321  EXPECT_THAT(grpc_error_std_string(error),
322  ::testing::ContainsRegex(
323  "field:server.*field:grpc_services.*field:google_grpc.*"
324  "field:call_credentials error:type should be ARRAY"));
325  GRPC_ERROR_UNREF(error);
326 }
327 
328 TEST(GoogleMeshCaConfigTest, StsServiceNotAnObject) {
329  const char* json_str =
330  "{"
331  " \"server\": {"
332  " \"api_type\": \"GRPC\","
333  " \"grpc_services\": [{"
334  " \"google_grpc\": {"
335  " \"call_credentials\": [{"
336  " \"sts_service\": 123"
337  " }]"
338  " }"
339  " }]"
340  " },"
341  " \"location\": "
342  "\"https://container.googleapis.com/v1/project/test-project1/locations/"
343  "test-zone2/clusters/test-cluster3\""
344  "}";
345  grpc_error_handle error = GRPC_ERROR_NONE;
346  Json json = Json::Parse(json_str, &error);
347  ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
348  auto config =
349  GoogleMeshCaCertificateProviderFactory::Config::Parse(json, &error);
350  EXPECT_THAT(
351  grpc_error_std_string(error),
352  ::testing::ContainsRegex(
353  "field:server.*field:grpc_services.*field:google_grpc.*field:"
354  "call_credentials.*field:sts_service error:type should be OBJECT"));
355  GRPC_ERROR_UNREF(error);
356 }
357 
358 } // namespace
359 } // namespace testing
360 } // namespace grpc_core
361 
362 int main(int argc, char** argv) {
363  ::testing::InitGoogleTest(&argc, argv);
364  grpc::testing::TestEnvironment env(&argc, argv);
365  grpc_init();
366  auto result = RUN_ALL_TESTS();
367  grpc_shutdown();
368  return result;
369 }
grpc_core::Duration::Hours
static constexpr Duration Hours(int64_t hours)
Definition: src/core/lib/gprpp/time.h:143
_gevent_test_main.result
result
Definition: _gevent_test_main.py:96
testing
Definition: aws_request_signer_test.cc:25
testing::ContainsRegex
PolymorphicMatcher< internal::MatchesRegexMatcher > ContainsRegex(const internal::RE *regex)
Definition: cares/cares/test/gmock-1.8.0/gmock/gmock.h:8835
GRPC_ERROR_NONE
#define GRPC_ERROR_NONE
Definition: error.h:234
generate.env
env
Definition: generate.py:37
EXPECT_THAT
#define EXPECT_THAT(value, matcher)
grpc_core
Definition: call_metric_recorder.h:31
error
grpc_error_handle error
Definition: retry_filter.cc:499
EXPECT_EQ
#define EXPECT_EQ(a, b)
Definition: iomgr/time_averaged_stats_test.cc:27
grpc_core::GoogleMeshCaCertificateProviderFactory::Config::Parse
static RefCountedPtr< Config > Parse(const Json &config_json, grpc_error_handle *error)
Definition: google_mesh_ca_certificate_provider_factory.cc:190
Json
JSON (JavaScript Object Notation).
Definition: third_party/bloaty/third_party/protobuf/conformance/third_party/jsoncpp/json.h:227
grpc.h
google_mesh_ca_certificate_provider_factory.h
time.h
RUN_ALL_TESTS
int RUN_ALL_TESTS() GTEST_MUST_USE_RESULT_
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:2471
grpc_core::Json::Parse
static Json Parse(absl::string_view json_str, grpc_error_handle *error)
Definition: json_reader.cc:899
test_config.h
main
int main(int argc, char **argv)
Definition: google_mesh_ca_certificate_provider_factory_test.cc:362
testing::InitGoogleTest
GTEST_API_ void InitGoogleTest(int *argc, char **argv)
Definition: bloaty/third_party/googletest/googletest/src/gtest.cc:6106
grpc_error_std_string
std::string grpc_error_std_string(grpc_error_handle error)
Definition: error.cc:944
grpc::testing::TestEnvironment
Definition: test/core/util/test_config.h:54
grpc_core::Duration::Seconds
static constexpr Duration Seconds(int64_t seconds)
Definition: src/core/lib/gprpp/time.h:151
GRPC_ERROR_UNREF
#define GRPC_ERROR_UNREF(err)
Definition: error.h:262
config_s
Definition: bloaty/third_party/zlib/deflate.c:120
grpc_core::testing::TEST
TEST(ServiceConfigParserTest, DoubleRegistration)
Definition: service_config_test.cc:448
grpc_init
GRPCAPI void grpc_init(void)
Definition: init.cc:146
grpc_error
Definition: error_internal.h:42
grpc_shutdown
GRPCAPI void grpc_shutdown(void)
Definition: init.cc:209
ASSERT_EQ
#define ASSERT_EQ(val1, val2)
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:2056

grpc
Author(s):
autogenerated on Fri May 16 2025 02:58:39