From ce82ed3cef83500c72b91609215bef6cf71102df Mon Sep 17 00:00:00 2001 From: Kuat Yessenov Date: Thu, 15 Feb 2024 18:38:30 +0000 Subject: [PATCH] add test Change-Id: Ic71b4df34e21a4939b4d0cca01812564e5e1c91a Signed-off-by: Kuat Yessenov --- test/common/grpc/BUILD | 1 + .../grpc/grpc_client_integration_test.cc | 24 +++++++++++++++++ .../grpc_client_integration_test_harness.h | 27 ++++++++++++++++++- 3 files changed, 51 insertions(+), 1 deletion(-) diff --git a/test/common/grpc/BUILD b/test/common/grpc/BUILD index a40a85d8fb8b..cbf20b2ab3c4 100644 --- a/test/common/grpc/BUILD +++ b/test/common/grpc/BUILD @@ -179,6 +179,7 @@ envoy_cc_test( ":grpc_client_integration_test_harness_lib", "//source/common/grpc:async_client_lib", "//source/extensions/grpc_credentials/example:config", + "//test/test_common:test_runtime_lib", ] + envoy_select_google_grpc(["//source/common/grpc:google_async_client_lib"]), ) diff --git a/test/common/grpc/grpc_client_integration_test.cc b/test/common/grpc/grpc_client_integration_test.cc index 8cf420e1e1a1..3010d3ca6fae 100644 --- a/test/common/grpc/grpc_client_integration_test.cc +++ b/test/common/grpc/grpc_client_integration_test.cc @@ -3,6 +3,8 @@ #include "source/common/grpc/google_async_client_impl.h" +#include "test/test_common/test_runtime.h" + #endif #include "test/common/grpc/grpc_client_integration_test_harness.h" @@ -484,6 +486,8 @@ INSTANTIATE_TEST_SUITE_P(SslIpVersionsClientType, GrpcSslClientIntegrationTest, // Validate that a simple request-reply unary RPC works with SSL. TEST_P(GrpcSslClientIntegrationTest, BasicSslRequest) { + TestScopedRuntime scoped_runtime; + scoped_runtime.mergeValues({{"envoy.reloadable_features.google_grpc_disable_tls_13", "true"}}); initialize(); auto request = createRequest(empty_metadata_); request->sendReply(); @@ -499,6 +503,26 @@ TEST_P(GrpcSslClientIntegrationTest, BasicSslRequestWithClientCert) { dispatcher_helper_.runDispatcher(); } +// Validate TLS version mismatch between the client and the server. +TEST_P(GrpcSslClientIntegrationTest, BasicSslRequestHandshakeFailure) { + TestScopedRuntime scoped_runtime; + scoped_runtime.mergeValues({{"envoy.reloadable_features.google_grpc_disable_tls_13", "true"}}); + use_client_tls_12_ = true; + use_server_tls_13_ = true; + initialize(); + auto request = createRequest(empty_metadata_, false); + FakeRawConnectionPtr fake_connection; + ASSERT_TRUE(fake_upstream_->waitForRawConnection(fake_connection)); + dispatcher_helper_.dispatcher_.run(Event::Dispatcher::RunType::NonBlock); + if (fake_connection->connected()) { + ASSERT_TRUE(fake_connection->waitForDisconnect()); + } + EXPECT_CALL(*request->child_span_, + setTag(Eq(Tracing::Tags::get().Status), Eq(Tracing::Tags::get().Canceled))); + EXPECT_CALL(*request->child_span_, finishSpan()); + request->grpc_request_->cancel(); +} + #ifdef ENVOY_GOOGLE_GRPC // AccessToken credential validation tests. class GrpcAccessTokenClientIntegrationTest : public GrpcSslClientIntegrationTest { diff --git a/test/common/grpc/grpc_client_integration_test_harness.h b/test/common/grpc/grpc_client_integration_test_harness.h index 8b5a9c444227..eb5bef436ae6 100644 --- a/test/common/grpc/grpc_client_integration_test_harness.h +++ b/test/common/grpc/grpc_client_integration_test_harness.h @@ -394,7 +394,8 @@ class GrpcClientIntegrationTest : public GrpcClientIntegrationParamTest { virtual void expectExtraHeaders(FakeStream&) {} - HelloworldRequestPtr createRequest(const TestMetadata& initial_metadata) { + HelloworldRequestPtr createRequest(const TestMetadata& initial_metadata, + bool expect_upstream_request = true) { auto request = std::make_unique(dispatcher_helper_); EXPECT_CALL(*request, onCreateInitialMetadata(_)) .WillOnce(Invoke([&initial_metadata](Http::HeaderMap& headers) { @@ -417,15 +418,22 @@ class GrpcClientIntegrationTest : public GrpcClientIntegrationParamTest { setTag(Eq(Tracing::Tags::get().Component), Eq(Tracing::Tags::get().Proxy))); EXPECT_CALL(*request->child_span_, injectContext(_, _)); + Http::AsyncClient::RequestOptions options; + options.setTimeout(std::chrono::milliseconds(1000)); request->grpc_request_ = grpc_client_->send(*method_descriptor_, request_msg, *request, active_span, Http::AsyncClient::RequestOptions()); EXPECT_NE(request->grpc_request_, nullptr); + if (!expect_upstream_request) { + return request; + } + if (!fake_connection_) { AssertionResult result = fake_upstream_->waitForHttpConnection(*dispatcher_, fake_connection_); RELEASE_ASSERT(result, result.message()); } + fake_streams_.emplace_back(); AssertionResult result = fake_connection_->waitForNewStream(*dispatcher_, fake_streams_.back()); RELEASE_ASSERT(result, result.message()); @@ -556,6 +564,14 @@ class GrpcSslClientIntegrationTest : public GrpcClientIntegrationTest { tls_cert->mutable_private_key()->set_filename( TestEnvironment::runfilesPath("test/config/integration/certs/clientkey.pem")); } + if (use_client_tls_12_) { + auto* tls_params = common_tls_context->mutable_tls_params(); + tls_params->set_tls_minimum_protocol_version( + envoy::extensions::transport_sockets::tls::v3::TlsParameters::TLSv1_2); + tls_params->set_tls_maximum_protocol_version( + envoy::extensions::transport_sockets::tls::v3::TlsParameters::TLSv1_2); + } + auto cfg = std::make_unique( tls_context, factory_context_); @@ -587,6 +603,13 @@ class GrpcSslClientIntegrationTest : public GrpcClientIntegrationTest { validation_context->mutable_trusted_ca()->set_filename( TestEnvironment::runfilesPath("test/config/integration/certs/cacert.pem")); } + if (use_server_tls_13_) { + auto* tls_params = common_tls_context->mutable_tls_params(); + tls_params->set_tls_minimum_protocol_version( + envoy::extensions::transport_sockets::tls::v3::TlsParameters::TLSv1_3); + tls_params->set_tls_maximum_protocol_version( + envoy::extensions::transport_sockets::tls::v3::TlsParameters::TLSv1_3); + } auto cfg = std::make_unique( tls_context, factory_context_); @@ -598,6 +621,8 @@ class GrpcSslClientIntegrationTest : public GrpcClientIntegrationTest { } bool use_client_cert_{}; + bool use_client_tls_12_{false}; + bool use_server_tls_13_{false}; testing::NiceMock factory_context_; };