xds/bootstrap: add testing support to generate config (#7326)

grpc · Jun 21, 2024 · f1b7f41 · f1b7f41
1 parent c441d42
commit f1b7f41
Show file tree

Hide file tree

Showing 64 changed files with 1,682 additions and 1,274 deletions.
diff --git a/admin/test/utils.go b/admin/test/utils.go
@@ -26,12 +26,10 @@ import (
 	"testing"
 	"time"
 
-	"github.com/google/uuid"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/admin"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials/insecure"
-	"google.golang.org/grpc/internal/testutils/xds/bootstrap"
 	"google.golang.org/grpc/status"
 
 	v3statusgrpc "github.com/envoyproxy/go-control-plane/envoy/service/status/v3"
@@ -54,16 +52,6 @@ type ExpectedStatusCodes struct {
 // RunRegisterTests makes a client, runs the RPCs, and compares the status
 // codes.
 func RunRegisterTests(t *testing.T, ec ExpectedStatusCodes) {
-	nodeID := uuid.New().String()
-	bootstrapCleanup, err := bootstrap.CreateFile(bootstrap.Options{
-		NodeID:    nodeID,
-		ServerURI: "no.need.for.a.server",
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer bootstrapCleanup()
-
 	lis, err := net.Listen("tcp", "localhost:0")
 	if err != nil {
 		t.Fatalf("cannot create listener: %v", err)

diff --git a/internal/testutils/xds/e2e/setup_certs.go → internal/testutils/tls_creds.go b/internal/testutils/xds/e2e/setup_certs.go → internal/testutils/tls_creds.go
@@ -1,6 +1,6 @@
 /*
  *
- * Copyright 2022 gRPC authors.
+ * Copyright 2024 gRPC authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -13,65 +13,20 @@
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- *
  */
 
-package e2e
+package testutils
 
 import (
 	"crypto/tls"
 	"crypto/x509"
-	"fmt"
 	"os"
-	"path"
 	"testing"
 
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/testdata"
 )
 
-const (
-	// Names of files inside tempdir, for certprovider plugin to watch.
-	certFile = "cert.pem"
-	keyFile  = "key.pem"
-	rootFile = "ca.pem"
-)
-
-func createTmpFile(src, dst string) error {
-	data, err := os.ReadFile(src)
-	if err != nil {
-		return fmt.Errorf("os.ReadFile(%q) failed: %v", src, err)
-	}
-	if err := os.WriteFile(dst, data, os.ModePerm); err != nil {
-		return fmt.Errorf("os.WriteFile(%q) failed: %v", dst, err)
-	}
-	return nil
-}
-
-// createTempDirWithFiles creates a temporary directory under the system default
-// tempDir with the given dirSuffix. It also reads from certSrc, keySrc and
-// rootSrc files are creates appropriate files under the newly create tempDir.
-// Returns the name of the created tempDir.
-func createTmpDirWithFiles(dirSuffix, certSrc, keySrc, rootSrc string) (string, error) {
-	// Create a temp directory. Passing an empty string for the first argument
-	// uses the system temp directory.
-	dir, err := os.MkdirTemp("", dirSuffix)
-	if err != nil {
-		return "", fmt.Errorf("os.MkdirTemp() failed: %v", err)
-	}
-
-	if err := createTmpFile(testdata.Path(certSrc), path.Join(dir, certFile)); err != nil {
-		return "", err
-	}
-	if err := createTmpFile(testdata.Path(keySrc), path.Join(dir, keyFile)); err != nil {
-		return "", err
-	}
-	if err := createTmpFile(testdata.Path(rootSrc), path.Join(dir, rootFile)); err != nil {
-		return "", err
-	}
-	return dir, nil
-}
-
 // CreateClientTLSCredentials creates client-side TLS transport credentials
 // using certificate and key files from testdata/x509 directory.
 func CreateClientTLSCredentials(t *testing.T) credentials.TransportCredentials {

diff --git a/internal/testutils/xds/bootstrap/bootstrap.go b/internal/testutils/xds/bootstrap/bootstrap.go
diff --git a/internal/testutils/xds/e2e/bootstrap.go b/internal/testutils/xds/e2e/bootstrap.go
@@ -21,6 +21,12 @@ package e2e
 import (
 	"encoding/json"
 	"fmt"
+	"os"
+	"path"
+	"testing"
+
+	"google.golang.org/grpc/internal/xds/bootstrap"
+	"google.golang.org/grpc/testdata"
 )
 
 // DefaultFileWatcherConfig is a helper function to create a default certificate
@@ -37,3 +43,88 @@ func DefaultFileWatcherConfig(certPath, keyPath, caPath string) json.RawMessage
 			}
 		}`, certPath, keyPath, caPath))
 }
+
+// DefaultBootstrapContents creates a default bootstrap configuration with the
+// given node ID and server URI. It also creates certificate provider
+// configuration and sets the listener resource name template to be used on the
+// server side.
+func DefaultBootstrapContents(t *testing.T, nodeID, serverURI string) []byte {
+	t.Helper()
+
+	// Create a directory to hold certs and key files used on the server side.
+	serverDir, err := createTmpDirWithCerts("testServerSideXDS*", "x509/server1_cert.pem", "x509/server1_key.pem", "x509/client_ca_cert.pem")
+	if err != nil {
+		t.Fatalf("Failed to create bootstrap configuration: %v", err)
+	}
+
+	// Create a directory to hold certs and key files used on the client side.
+	clientDir, err := createTmpDirWithCerts("testClientSideXDS*", "x509/client1_cert.pem", "x509/client1_key.pem", "x509/server_ca_cert.pem")
+	if err != nil {
+		t.Fatalf("Failed to create bootstrap configuration: %v", err)
+	}
+
+	// Create certificate providers section of the bootstrap config with entries
+	// for both the client and server sides.
+	cpc := map[string]json.RawMessage{
+		ServerSideCertProviderInstance: DefaultFileWatcherConfig(path.Join(serverDir, certFile), path.Join(serverDir, keyFile), path.Join(serverDir, rootFile)),
+		ClientSideCertProviderInstance: DefaultFileWatcherConfig(path.Join(clientDir, certFile), path.Join(clientDir, keyFile), path.Join(clientDir, rootFile)),
+	}
+
+	// Create the bootstrap configuration.
+	bs, err := bootstrap.NewContentsForTesting(bootstrap.ConfigOptionsForTesting{
+		Servers: []json.RawMessage{[]byte(fmt.Sprintf(`{
+			"server_uri": "passthrough:///%s",
+			"channel_creds": [{"type": "insecure"}]
+		}`, serverURI))},
+		NodeID:                             nodeID,
+		CertificateProviders:               cpc,
+		ServerListenerResourceNameTemplate: ServerListenerResourceNameTemplate,
+	})
+	if err != nil {
+		t.Fatalf("Failed to create bootstrap configuration: %v", err)
+	}
+	return bs
+}
+
+const (
+	// Names of files inside tempdir, for certprovider plugin to watch.
+	certFile = "cert.pem"
+	keyFile  = "key.pem"
+	rootFile = "ca.pem"
+)
+
+func createTmpFile(src, dst string) error {
+	data, err := os.ReadFile(src)
+	if err != nil {
+		return fmt.Errorf("os.ReadFile(%q) failed: %v", src, err)
+	}
+	if err := os.WriteFile(dst, data, os.ModePerm); err != nil {
+		return fmt.Errorf("os.WriteFile(%q) failed: %v", dst, err)
+	}
+	return nil
+}
+
+// createTmpDirWithCerts creates a temporary directory under the system default
+// tempDir with the given dirPattern. It also reads from certSrc, keySrc and
+// rootSrc files and creates appropriate files under the newly create tempDir.
+// Returns the path of the created tempDir if successful, and an error
+// otherwise.
+func createTmpDirWithCerts(dirPattern, certSrc, keySrc, rootSrc string) (string, error) {
+	// Create a temp directory. Passing an empty string for the first argument
+	// uses the system temp directory.
+	dir, err := os.MkdirTemp("", dirPattern)
+	if err != nil {
+		return "", fmt.Errorf("os.MkdirTemp() failed: %v", err)
+	}
+
+	if err := createTmpFile(testdata.Path(certSrc), path.Join(dir, certFile)); err != nil {
+		return "", err
+	}
+	if err := createTmpFile(testdata.Path(keySrc), path.Join(dir, keyFile)); err != nil {
+		return "", err
+	}
+	if err := createTmpFile(testdata.Path(rootSrc), path.Join(dir, rootFile)); err != nil {
+		return "", err
+	}
+	return dir, nil
+}