[gnSI][Certz] Add tests for certz cases.

[morrowc]

Build a basic set of tests for the gnsi.certz() RPC set.
Built with a basic prompt to the robot:

  Review the TEST_INFO.md file in pr: https://github.com/openconfig/featureprofiles/pull/5420,
  in the gnsiCertzTests branch build a set of tests for tests described in
  feature/gnsi/certz/tests/client_certificates/README.md Prepare 1 PR, as always:  1) gofmt all code, 2) goimports all code,
  make sure all test code builds and passes tests.

Robot reports in the walk-through:

        Created a new Go test file to implement  Certz-1  tests. The implementation is based on the existing           
        server_certificates_test.go  template, as mTLS verification is symmetric and uses the same underlying helper   
        functions from  setup_service.go .
        
        Key features of the implementation:
        
        • Certz-1.1 (Positive Tests): Verifies successful mTLS connections using matching client and server            
        certificates from the same CA. It covers permutations of 1, 2, 10, 1000, and 20000 CAs (RSA and ECDSA).        
        • Certz-1.2 (Negative Tests): Verifies that mismatched CA configurations (e.g., client cert from  ca-01  and   
        trust bundle from  ca-02  on DUT) result in failed connections.
        • Formatting: The code has been fully formatted using  gofmt  and  goimports .

[OpenConfigBot]

Pull Request Functional Test Report for #5429 / 9c71c2d

Virtual Devices

Device	Test	Test Documentation	Job	Raw Log
Arista cEOS		Certz-1: gNSI Client Certificate Tests	756b0df4	Log
Cisco 8000E		Certz-1: gNSI Client Certificate Tests	86211d9d	Log
Cisco XRd		Certz-1: gNSI Client Certificate Tests	73143ccc	Log
Juniper ncPTX		Certz-1: gNSI Client Certificate Tests	fa47d071	Log
Nokia SR Linux		Certz-1: gNSI Client Certificate Tests	dacae2fe	Log
Openconfig Lemming		Certz-1: gNSI Client Certificate Tests	bc06101c	Log

Hardware Devices

Device	Test	Test Documentation	Raw Log
Arista 7808		Certz-1: gNSI Client Certificate Tests
Cisco 8808		Certz-1: gNSI Client Certificate Tests
Juniper PTX10008		Certz-1: gNSI Client Certificate Tests
Nokia 7250 IXR-10e		Certz-1: gNSI Client Certificate Tests

Help

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request establishes a foundational test suite for the gnsi.certz() RPC, focusing on client certificate validation. It systematically tests various mTLS connection scenarios, ensuring that both correctly configured and misconfigured client certificates behave as expected across different CA scales and key algorithms. This enhances the robustness and reliability of the gnsi.certz() service by providing thorough coverage of its certificate handling capabilities.

Highlights

• New Test Suite for gnsi.certz(): Introduced a comprehensive set of tests specifically for the gnsi.certz() RPC service.
• Positive mTLS Connection Tests (Certz-1.1): Validated successful mTLS connections using matching client and server certificates from the same CA, covering permutations of 1, 2, 10, 1000, and 20000 CAs with both RSA and ECDSA key types.
• Negative mTLS Connection Tests (Certz-1.2): Verified that mismatched CA configurations (e.g., client cert from one CA and trust bundle from another) correctly result in failed connections.
• Code Structure and Formatting: The new test file was built using an existing template and formatted with gofmt and goimports.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new test suite for GNSI certz client certificates, covering various CA configurations and key types (RSA/ECDSA). The review feedback identifies several critical and high-severity issues: a scoping bug where gRPC clients are overwritten and closed prematurely in subtests, a logic error in certificate mismatch validation, and an insufficient timeout for large-scale key generation. Additionally, the reviewer recommends using t.Cleanup for reliable resource management and t.Fatalf for immediate termination upon setup failures to align with testing best practices.

[morrowc]

I think the various robot reviews are all satisfied at this point