From 9c69a8aac84db87bd887f92d1d3de54467df7b44 Mon Sep 17 00:00:00 2001 From: wasim-nihal Date: Mon, 11 Nov 2024 16:33:53 +0530 Subject: [PATCH 1/3] [configtls] [config/configgrpc] Use configtls.NewDefaultClientConfig instead of manually creating struct. See: https://github.com/open-telemetry/opentelemetry-collector/issues/11383 Signed-off-by: wasim-nihal --- config/configgrpc/configgrpc_test.go | 167 +++++++++++---------------- 1 file changed, 67 insertions(+), 100 deletions(-) diff --git a/config/configgrpc/configgrpc_test.go b/config/configgrpc/configgrpc_test.go index 561df1f1dfe..251c5e1a307 100644 --- a/config/configgrpc/configgrpc_test.go +++ b/config/configgrpc/configgrpc_test.go @@ -102,11 +102,10 @@ func TestDefaultGrpcClientSettings(t *testing.T) { tt, err := componenttest.SetupTelemetry(componentID) require.NoError(t, err) t.Cleanup(func() { require.NoError(t, tt.Shutdown(context.Background())) }) - + clientConfig := configtls.NewDefaultClientConfig() + clientConfig.Insecure = true gcs := &ClientConfig{ - TLSSetting: configtls.ClientConfig{ - Insecure: true, - }, + TLSSetting: clientConfig, } opts, err := gcs.getGrpcDialOptions(context.Background(), componenttest.NewNopHost(), tt.TelemetrySettings(), []ToClientConnOption{}) require.NoError(t, err) @@ -117,11 +116,10 @@ func TestGrpcClientExtraOption(t *testing.T) { tt, err := componenttest.SetupTelemetry(componentID) require.NoError(t, err) t.Cleanup(func() { require.NoError(t, tt.Shutdown(context.Background())) }) - + clientConfig := configtls.NewDefaultClientConfig() + clientConfig.Insecure = true gcs := &ClientConfig{ - TLSSetting: configtls.ClientConfig{ - Insecure: true, - }, + TLSSetting: clientConfig, } extraOpt := grpc.WithUserAgent("test-agent") opts, err := gcs.getGrpcDialOptions( @@ -139,7 +137,8 @@ func TestAllGrpcClientSettings(t *testing.T) { tt, err := componenttest.SetupTelemetry(componentID) require.NoError(t, err) t.Cleanup(func() { require.NoError(t, tt.Shutdown(context.Background())) }) - + clientConfig := configtls.NewDefaultClientConfig() + clientConfig.Insecure = false tests := []struct { settings ClientConfig name string @@ -153,9 +152,7 @@ func TestAllGrpcClientSettings(t *testing.T) { }, Endpoint: "localhost:1234", Compression: configcompression.TypeGzip, - TLSSetting: configtls.ClientConfig{ - Insecure: false, - }, + TLSSetting: clientConfig, Keepalive: &KeepaliveClientConfig{ Time: time.Second, Timeout: time.Second, @@ -182,9 +179,7 @@ func TestAllGrpcClientSettings(t *testing.T) { }, Endpoint: "localhost:1234", Compression: configcompression.TypeSnappy, - TLSSetting: configtls.ClientConfig{ - Insecure: false, - }, + TLSSetting: clientConfig, Keepalive: &KeepaliveClientConfig{ Time: time.Second, Timeout: time.Second, @@ -211,9 +206,7 @@ func TestAllGrpcClientSettings(t *testing.T) { }, Endpoint: "localhost:1234", Compression: configcompression.TypeZstd, - TLSSetting: configtls.ClientConfig{ - Insecure: false, - }, + TLSSetting: clientConfig, Keepalive: &KeepaliveClientConfig{ Time: time.Second, Timeout: time.Second, @@ -375,15 +368,15 @@ func TestGrpcServerAuthSettings(t *testing.T) { } func TestGrpcClientConfigInvalidBalancer(t *testing.T) { + clientConfig := configtls.NewDefaultClientConfig() + clientConfig.Insecure = false settings := ClientConfig{ Headers: map[string]configopaque.String{ "test": "test", }, Endpoint: "localhost:1234", Compression: "gzip", - TLSSetting: configtls.ClientConfig{ - Insecure: false, - }, + TLSSetting: clientConfig, Keepalive: &KeepaliveClientConfig{ Time: time.Second, Timeout: time.Second, @@ -398,6 +391,15 @@ func TestGrpcClientConfigInvalidBalancer(t *testing.T) { } func TestGRPCClientSettingsError(t *testing.T) { + clientConfigCADoesntExist := configtls.NewDefaultClientConfig() + clientConfigCADoesntExist.Config = configtls.Config{ + CAFile: "/doesnt/exist", + } + clientConfigCADoesntExist.Insecure = false + clientConfigCADoesntExist.ServerName = "" + + clientConfigWithInsecure := configtls.NewDefaultClientConfig() + clientConfigWithInsecure.Insecure = true tests := []struct { settings ClientConfig err string @@ -409,14 +411,8 @@ func TestGRPCClientSettingsError(t *testing.T) { Headers: nil, Endpoint: "", Compression: "", - TLSSetting: configtls.ClientConfig{ - Config: configtls.Config{ - CAFile: "/doesnt/exist", - }, - Insecure: false, - ServerName: "", - }, - Keepalive: nil, + TLSSetting: clientConfigCADoesntExist, + Keepalive: nil, }, }, { @@ -425,14 +421,8 @@ func TestGRPCClientSettingsError(t *testing.T) { Headers: nil, Endpoint: "", Compression: "", - TLSSetting: configtls.ClientConfig{ - Config: configtls.Config{ - CertFile: "/doesnt/exist", - }, - Insecure: false, - ServerName: "", - }, - Keepalive: nil, + TLSSetting: clientConfigCADoesntExist, + Keepalive: nil, }, }, { @@ -454,10 +444,8 @@ func TestGRPCClientSettingsError(t *testing.T) { { err: "unsupported compression type \"zlib\"", settings: ClientConfig{ - Endpoint: "localhost:1234", - TLSSetting: configtls.ClientConfig{ - Insecure: true, - }, + Endpoint: "localhost:1234", + TLSSetting: clientConfigWithInsecure, Compression: "zlib", }, host: &mockHost{}, @@ -465,10 +453,8 @@ func TestGRPCClientSettingsError(t *testing.T) { { err: "unsupported compression type \"deflate\"", settings: ClientConfig{ - Endpoint: "localhost:1234", - TLSSetting: configtls.ClientConfig{ - Insecure: true, - }, + Endpoint: "localhost:1234", + TLSSetting: clientConfigWithInsecure, Compression: "deflate", }, host: &mockHost{}, @@ -476,10 +462,8 @@ func TestGRPCClientSettingsError(t *testing.T) { { err: "unsupported compression type \"bad\"", settings: ClientConfig{ - Endpoint: "localhost:1234", - TLSSetting: configtls.ClientConfig{ - Insecure: true, - }, + Endpoint: "localhost:1234", + TLSSetting: clientConfigWithInsecure, Compression: "bad", }, host: &mockHost{}, @@ -504,7 +488,7 @@ func TestUseSecure(t *testing.T) { Headers: nil, Endpoint: "", Compression: "", - TLSSetting: configtls.ClientConfig{}, + TLSSetting: configtls.NewDefaultClientConfig(), Keepalive: nil, } dialOpts, err := gcs.getGrpcDialOptions(context.Background(), componenttest.NewNopHost(), tt.TelemetrySettings(), []ToClientConnOption{}) @@ -632,6 +616,22 @@ func TestHttpReception(t *testing.T) { require.NoError(t, err) t.Cleanup(func() { require.NoError(t, tt.Shutdown(context.Background())) }) + clientConfigWithInsecure := configtls.NewDefaultClientConfig() + clientConfigWithInsecure.Insecure = true + + clientConfigWithCAFile := configtls.NewDefaultClientConfig() + clientConfigWithCAFile.Config = configtls.Config{ + CAFile: filepath.Join("testdata", "ca.crt"), + } + clientConfigWithCAFile.ServerName = "localhost" + + clientConfigWithCertAndKeyFile := configtls.NewDefaultClientConfig() + clientConfigWithCertAndKeyFile.Config = configtls.Config{ + CAFile: filepath.Join("testdata", "ca.crt"), + CertFile: filepath.Join("testdata", "client.crt"), + KeyFile: filepath.Join("testdata", "client.key"), + } + clientConfigWithCertAndKeyFile.ServerName = "localhost" tests := []struct { name string tlsServerCreds *configtls.ServerConfig @@ -641,9 +641,7 @@ func TestHttpReception(t *testing.T) { { name: "noTLS", tlsServerCreds: nil, - tlsClientCreds: &configtls.ClientConfig{ - Insecure: true, - }, + tlsClientCreds: &clientConfigWithInsecure, }, { name: "TLS", @@ -654,12 +652,7 @@ func TestHttpReception(t *testing.T) { KeyFile: filepath.Join("testdata", "server.key"), }, }, - tlsClientCreds: &configtls.ClientConfig{ - Config: configtls.Config{ - CAFile: filepath.Join("testdata", "ca.crt"), - }, - ServerName: "localhost", - }, + tlsClientCreds: &clientConfigWithCAFile, }, { name: "NoServerCertificates", @@ -668,13 +661,8 @@ func TestHttpReception(t *testing.T) { CAFile: filepath.Join("testdata", "ca.crt"), }, }, - tlsClientCreds: &configtls.ClientConfig{ - Config: configtls.Config{ - CAFile: filepath.Join("testdata", "ca.crt"), - }, - ServerName: "localhost", - }, - hasError: true, + tlsClientCreds: &clientConfigWithCAFile, + hasError: true, }, { name: "mTLS", @@ -686,14 +674,7 @@ func TestHttpReception(t *testing.T) { }, ClientCAFile: filepath.Join("testdata", "ca.crt"), }, - tlsClientCreds: &configtls.ClientConfig{ - Config: configtls.Config{ - CAFile: filepath.Join("testdata", "ca.crt"), - CertFile: filepath.Join("testdata", "client.crt"), - KeyFile: filepath.Join("testdata", "client.key"), - }, - ServerName: "localhost", - }, + tlsClientCreds: &clientConfigWithCertAndKeyFile, }, { name: "NoClientCertificate", @@ -705,13 +686,8 @@ func TestHttpReception(t *testing.T) { }, ClientCAFile: filepath.Join("testdata", "ca.crt"), }, - tlsClientCreds: &configtls.ClientConfig{ - Config: configtls.Config{ - CAFile: filepath.Join("testdata", "ca.crt"), - }, - ServerName: "localhost", - }, - hasError: true, + tlsClientCreds: &clientConfigWithCAFile, + hasError: true, }, { name: "WrongClientCA", @@ -723,15 +699,8 @@ func TestHttpReception(t *testing.T) { }, ClientCAFile: filepath.Join("testdata", "server.crt"), }, - tlsClientCreds: &configtls.ClientConfig{ - Config: configtls.Config{ - CAFile: filepath.Join("testdata", "ca.crt"), - CertFile: filepath.Join("testdata", "client.crt"), - KeyFile: filepath.Join("testdata", "client.key"), - }, - ServerName: "localhost", - }, - hasError: true, + tlsClientCreds: &clientConfigWithCertAndKeyFile, + hasError: true, }, } // prepare @@ -801,12 +770,11 @@ func TestReceiveOnUnixDomainSocket(t *testing.T) { go func() { _ = srv.Serve(ln) }() - + clientConfig := configtls.NewDefaultClientConfig() + clientConfig.Insecure = true gcs := &ClientConfig{ - Endpoint: "unix://" + ln.Addr().String(), - TLSSetting: configtls.ClientConfig{ - Insecure: true, - }, + Endpoint: "unix://" + ln.Addr().String(), + TLSSetting: clientConfig, } grpcClientConn, errClient := gcs.ToClientConn(context.Background(), componenttest.NewNopHost(), tt.TelemetrySettings()) require.NoError(t, errClient) @@ -979,7 +947,8 @@ func TestClientInfoInterceptors(t *testing.T) { t.Run(tt.name, func(t *testing.T) { mock := &grpcTraceServer{} var l net.Listener - + clientConfig := configtls.NewDefaultClientConfig() + clientConfig.Insecure = true // prepare the server { gss := &ServerConfig{ @@ -1005,10 +974,8 @@ func TestClientInfoInterceptors(t *testing.T) { // prepare the client and execute a RPC { gcs := &ClientConfig{ - Endpoint: l.Addr().String(), - TLSSetting: configtls.ClientConfig{ - Insecure: true, - }, + Endpoint: l.Addr().String(), + TLSSetting: clientConfig, } tel, err := componenttest.SetupTelemetry(componentID) From 3c85a19524f50259e23ad58e37a7d0517e15b09b Mon Sep 17 00:00:00 2001 From: wasim-nihal Date: Wed, 13 Nov 2024 15:48:11 +0530 Subject: [PATCH 2/3] addressed review comments and included configtls.NewDefaultConfig() and configtls.NewDefaultServerConfig() Signed-off-by: wasim-nihal --- config/configgrpc/configgrpc_test.go | 211 +++++++++++++-------------- 1 file changed, 98 insertions(+), 113 deletions(-) diff --git a/config/configgrpc/configgrpc_test.go b/config/configgrpc/configgrpc_test.go index 251c5e1a307..f67dc916582 100644 --- a/config/configgrpc/configgrpc_test.go +++ b/config/configgrpc/configgrpc_test.go @@ -102,10 +102,10 @@ func TestDefaultGrpcClientSettings(t *testing.T) { tt, err := componenttest.SetupTelemetry(componentID) require.NoError(t, err) t.Cleanup(func() { require.NoError(t, tt.Shutdown(context.Background())) }) - clientConfig := configtls.NewDefaultClientConfig() - clientConfig.Insecure = true + tlsClientConfig := configtls.NewDefaultClientConfig() + tlsClientConfig.Insecure = true gcs := &ClientConfig{ - TLSSetting: clientConfig, + TLSSetting: tlsClientConfig, } opts, err := gcs.getGrpcDialOptions(context.Background(), componenttest.NewNopHost(), tt.TelemetrySettings(), []ToClientConnOption{}) require.NoError(t, err) @@ -116,10 +116,10 @@ func TestGrpcClientExtraOption(t *testing.T) { tt, err := componenttest.SetupTelemetry(componentID) require.NoError(t, err) t.Cleanup(func() { require.NoError(t, tt.Shutdown(context.Background())) }) - clientConfig := configtls.NewDefaultClientConfig() - clientConfig.Insecure = true + tlsClientConfig := configtls.NewDefaultClientConfig() + tlsClientConfig.Insecure = true gcs := &ClientConfig{ - TLSSetting: clientConfig, + TLSSetting: tlsClientConfig, } extraOpt := grpc.WithUserAgent("test-agent") opts, err := gcs.getGrpcDialOptions( @@ -137,8 +137,7 @@ func TestAllGrpcClientSettings(t *testing.T) { tt, err := componenttest.SetupTelemetry(componentID) require.NoError(t, err) t.Cleanup(func() { require.NoError(t, tt.Shutdown(context.Background())) }) - clientConfig := configtls.NewDefaultClientConfig() - clientConfig.Insecure = false + tlsClientConfig := configtls.NewDefaultClientConfig() tests := []struct { settings ClientConfig name string @@ -152,7 +151,7 @@ func TestAllGrpcClientSettings(t *testing.T) { }, Endpoint: "localhost:1234", Compression: configcompression.TypeGzip, - TLSSetting: clientConfig, + TLSSetting: tlsClientConfig, Keepalive: &KeepaliveClientConfig{ Time: time.Second, Timeout: time.Second, @@ -179,7 +178,7 @@ func TestAllGrpcClientSettings(t *testing.T) { }, Endpoint: "localhost:1234", Compression: configcompression.TypeSnappy, - TLSSetting: clientConfig, + TLSSetting: tlsClientConfig, Keepalive: &KeepaliveClientConfig{ Time: time.Second, Timeout: time.Second, @@ -206,7 +205,7 @@ func TestAllGrpcClientSettings(t *testing.T) { }, Endpoint: "localhost:1234", Compression: configcompression.TypeZstd, - TLSSetting: clientConfig, + TLSSetting: tlsClientConfig, Keepalive: &KeepaliveClientConfig{ Time: time.Second, Timeout: time.Second, @@ -316,15 +315,13 @@ func TestGrpcServerValidate(t *testing.T) { } func TestAllGrpcServerSettingsExceptAuth(t *testing.T) { + tlsServerConfig := configtls.NewDefaultServerConfig() gss := &ServerConfig{ NetAddr: confignet.AddrConfig{ Endpoint: "localhost:1234", Transport: confignet.TransportTypeTCP, }, - TLSSetting: &configtls.ServerConfig{ - Config: configtls.Config{}, - ClientCAFile: "", - }, + TLSSetting: &tlsServerConfig, MaxRecvMsgSizeMiB: 1, MaxConcurrentStreams: 1024, ReadBufferSize: 1024, @@ -368,15 +365,14 @@ func TestGrpcServerAuthSettings(t *testing.T) { } func TestGrpcClientConfigInvalidBalancer(t *testing.T) { - clientConfig := configtls.NewDefaultClientConfig() - clientConfig.Insecure = false + tlsClientConfig := configtls.NewDefaultClientConfig() settings := ClientConfig{ Headers: map[string]configopaque.String{ "test": "test", }, Endpoint: "localhost:1234", Compression: "gzip", - TLSSetting: clientConfig, + TLSSetting: tlsClientConfig, Keepalive: &KeepaliveClientConfig{ Time: time.Second, Timeout: time.Second, @@ -391,15 +387,13 @@ func TestGrpcClientConfigInvalidBalancer(t *testing.T) { } func TestGRPCClientSettingsError(t *testing.T) { - clientConfigCADoesntExist := configtls.NewDefaultClientConfig() - clientConfigCADoesntExist.Config = configtls.Config{ - CAFile: "/doesnt/exist", - } - clientConfigCADoesntExist.Insecure = false - clientConfigCADoesntExist.ServerName = "" + tlsClientConfigCADoesntExist := configtls.NewDefaultClientConfig() + tlsConfig := configtls.NewDefaultConfig() + tlsConfig.CAFile = "/doesnt/exist" + tlsClientConfigCADoesntExist.Config = tlsConfig - clientConfigWithInsecure := configtls.NewDefaultClientConfig() - clientConfigWithInsecure.Insecure = true + tlsClientConfigWithInsecure := configtls.NewDefaultClientConfig() + tlsClientConfigWithInsecure.Insecure = true tests := []struct { settings ClientConfig err string @@ -411,7 +405,7 @@ func TestGRPCClientSettingsError(t *testing.T) { Headers: nil, Endpoint: "", Compression: "", - TLSSetting: clientConfigCADoesntExist, + TLSSetting: tlsClientConfigCADoesntExist, Keepalive: nil, }, }, @@ -421,7 +415,7 @@ func TestGRPCClientSettingsError(t *testing.T) { Headers: nil, Endpoint: "", Compression: "", - TLSSetting: clientConfigCADoesntExist, + TLSSetting: tlsClientConfigCADoesntExist, Keepalive: nil, }, }, @@ -445,7 +439,7 @@ func TestGRPCClientSettingsError(t *testing.T) { err: "unsupported compression type \"zlib\"", settings: ClientConfig{ Endpoint: "localhost:1234", - TLSSetting: clientConfigWithInsecure, + TLSSetting: tlsClientConfigWithInsecure, Compression: "zlib", }, host: &mockHost{}, @@ -454,7 +448,7 @@ func TestGRPCClientSettingsError(t *testing.T) { err: "unsupported compression type \"deflate\"", settings: ClientConfig{ Endpoint: "localhost:1234", - TLSSetting: clientConfigWithInsecure, + TLSSetting: tlsClientConfigWithInsecure, Compression: "deflate", }, host: &mockHost{}, @@ -463,7 +457,7 @@ func TestGRPCClientSettingsError(t *testing.T) { err: "unsupported compression type \"bad\"", settings: ClientConfig{ Endpoint: "localhost:1234", - TLSSetting: clientConfigWithInsecure, + TLSSetting: tlsClientConfigWithInsecure, Compression: "bad", }, host: &mockHost{}, @@ -547,6 +541,18 @@ func TestGRPCServerWarning(t *testing.T) { } func TestGRPCServerSettingsError(t *testing.T) { + tlsConfigCADoesntExist := configtls.NewDefaultConfig() + tlsConfigCADoesntExist.CAFile = "/doesnt/exist" + tlsServerConfigCADoesntExist := configtls.NewDefaultServerConfig() + tlsServerConfigCADoesntExist.Config = tlsConfigCADoesntExist + + tlsConfigCertDoesntExist := configtls.NewDefaultConfig() + tlsConfigCertDoesntExist.CertFile = "/doesnt/exist" + tlsServerConfigCertDoesntExist := configtls.NewDefaultServerConfig() + tlsServerConfigCertDoesntExist.Config = tlsConfigCertDoesntExist + + tlsServerConfigClientCADoesntExist := configtls.NewDefaultServerConfig() + tlsServerConfigClientCADoesntExist.ClientCAFile = "/doesnt/exist" tests := []struct { settings ServerConfig err string @@ -558,11 +564,7 @@ func TestGRPCServerSettingsError(t *testing.T) { Endpoint: "127.0.0.1:1234", Transport: confignet.TransportTypeTCP, }, - TLSSetting: &configtls.ServerConfig{ - Config: configtls.Config{ - CAFile: "/doesnt/exist", - }, - }, + TLSSetting: &tlsServerConfigCADoesntExist, }, }, { @@ -572,11 +574,7 @@ func TestGRPCServerSettingsError(t *testing.T) { Endpoint: "127.0.0.1:1234", Transport: confignet.TransportTypeTCP, }, - TLSSetting: &configtls.ServerConfig{ - Config: configtls.Config{ - CertFile: "/doesnt/exist", - }, - }, + TLSSetting: &tlsServerConfigCertDoesntExist, }, }, { @@ -586,9 +584,7 @@ func TestGRPCServerSettingsError(t *testing.T) { Endpoint: "127.0.0.1:1234", Transport: confignet.TransportTypeTCP, }, - TLSSetting: &configtls.ServerConfig{ - ClientCAFile: "/doesnt/exist", - }, + TLSSetting: &tlsServerConfigClientCADoesntExist, }, }, } @@ -616,22 +612,42 @@ func TestHttpReception(t *testing.T) { require.NoError(t, err) t.Cleanup(func() { require.NoError(t, tt.Shutdown(context.Background())) }) - clientConfigWithInsecure := configtls.NewDefaultClientConfig() - clientConfigWithInsecure.Insecure = true - - clientConfigWithCAFile := configtls.NewDefaultClientConfig() - clientConfigWithCAFile.Config = configtls.Config{ - CAFile: filepath.Join("testdata", "ca.crt"), - } - clientConfigWithCAFile.ServerName = "localhost" - - clientConfigWithCertAndKeyFile := configtls.NewDefaultClientConfig() - clientConfigWithCertAndKeyFile.Config = configtls.Config{ - CAFile: filepath.Join("testdata", "ca.crt"), - CertFile: filepath.Join("testdata", "client.crt"), - KeyFile: filepath.Join("testdata", "client.key"), - } - clientConfigWithCertAndKeyFile.ServerName = "localhost" + tlsClientConfigWithInsecure := configtls.NewDefaultClientConfig() + tlsClientConfigWithInsecure.Insecure = true + + tlsClientConfigWithCAFile := configtls.NewDefaultClientConfig() + tlsConfigWithCAFile := configtls.NewDefaultConfig() + tlsConfigWithCAFile.CAFile = filepath.Join("testdata", "ca.crt") + tlsClientConfigWithCAFile.Config = tlsConfigWithCAFile + tlsClientConfigWithCAFile.ServerName = "localhost" + + tlsClientConfigWithCerts := configtls.NewDefaultClientConfig() + tlsClientConfigWithCerts.ServerName = "localhost" + tlsConfig := configtls.NewDefaultConfig() + tlsConfig.CAFile = filepath.Join("testdata", "ca.crt") + tlsConfig.CertFile = filepath.Join("testdata", "client.crt") + tlsConfig.KeyFile = filepath.Join("testdata", "client.key") + tlsClientConfigWithCerts.Config = tlsConfig + + tlsServerConfigWithCerts := configtls.NewDefaultServerConfig() + tlsServerConfigWithCerts.Config.CAFile = filepath.Join("testdata", "ca.crt") + tlsServerConfigWithCerts.Config.CertFile = filepath.Join("testdata", "server.crt") + tlsServerConfigWithCerts.Config.KeyFile = filepath.Join("testdata", "server.key") + + tlsServerConfigWithCAFile := configtls.NewDefaultServerConfig() + tlsServerConfigWithCAFile.Config.CAFile = filepath.Join("testdata", "ca.crt") + + tlsServerConfigWithClientCAFile := configtls.NewDefaultServerConfig() + tlsServerConfigWithClientCAFile.Config.CAFile = filepath.Join("testdata", "ca.crt") + tlsServerConfigWithClientCAFile.Config.CertFile = filepath.Join("testdata", "server.crt") + tlsServerConfigWithClientCAFile.Config.KeyFile = filepath.Join("testdata", "server.key") + tlsServerConfigWithClientCAFile.ClientCAFile = filepath.Join("testdata", "ca.crt") + + tlsServerConfigWithWrongClientCAFile := configtls.NewDefaultServerConfig() + tlsServerConfigWithWrongClientCAFile.Config.CAFile = filepath.Join("testdata", "ca.crt") + tlsServerConfigWithWrongClientCAFile.Config.CertFile = filepath.Join("testdata", "server.crt") + tlsServerConfigWithWrongClientCAFile.Config.KeyFile = filepath.Join("testdata", "server.key") + tlsServerConfigWithWrongClientCAFile.ClientCAFile = filepath.Join("testdata", "server.crt") tests := []struct { name string tlsServerCreds *configtls.ServerConfig @@ -641,65 +657,34 @@ func TestHttpReception(t *testing.T) { { name: "noTLS", tlsServerCreds: nil, - tlsClientCreds: &clientConfigWithInsecure, + tlsClientCreds: &tlsClientConfigWithInsecure, }, { - name: "TLS", - tlsServerCreds: &configtls.ServerConfig{ - Config: configtls.Config{ - CAFile: filepath.Join("testdata", "ca.crt"), - CertFile: filepath.Join("testdata", "server.crt"), - KeyFile: filepath.Join("testdata", "server.key"), - }, - }, - tlsClientCreds: &clientConfigWithCAFile, + name: "TLS", + tlsServerCreds: &tlsServerConfigWithCerts, + tlsClientCreds: &tlsClientConfigWithCAFile, }, { - name: "NoServerCertificates", - tlsServerCreds: &configtls.ServerConfig{ - Config: configtls.Config{ - CAFile: filepath.Join("testdata", "ca.crt"), - }, - }, - tlsClientCreds: &clientConfigWithCAFile, + name: "NoServerCertificates", + tlsServerCreds: &tlsServerConfigWithCAFile, + tlsClientCreds: &tlsClientConfigWithCAFile, hasError: true, }, { - name: "mTLS", - tlsServerCreds: &configtls.ServerConfig{ - Config: configtls.Config{ - CAFile: filepath.Join("testdata", "ca.crt"), - CertFile: filepath.Join("testdata", "server.crt"), - KeyFile: filepath.Join("testdata", "server.key"), - }, - ClientCAFile: filepath.Join("testdata", "ca.crt"), - }, - tlsClientCreds: &clientConfigWithCertAndKeyFile, + name: "mTLS", + tlsServerCreds: &tlsServerConfigWithClientCAFile, + tlsClientCreds: &tlsClientConfigWithCerts, }, { - name: "NoClientCertificate", - tlsServerCreds: &configtls.ServerConfig{ - Config: configtls.Config{ - CAFile: filepath.Join("testdata", "ca.crt"), - CertFile: filepath.Join("testdata", "server.crt"), - KeyFile: filepath.Join("testdata", "server.key"), - }, - ClientCAFile: filepath.Join("testdata", "ca.crt"), - }, - tlsClientCreds: &clientConfigWithCAFile, + name: "NoClientCertificate", + tlsServerCreds: &tlsServerConfigWithClientCAFile, + tlsClientCreds: &tlsClientConfigWithCAFile, hasError: true, }, { - name: "WrongClientCA", - tlsServerCreds: &configtls.ServerConfig{ - Config: configtls.Config{ - CAFile: filepath.Join("testdata", "ca.crt"), - CertFile: filepath.Join("testdata", "server.crt"), - KeyFile: filepath.Join("testdata", "server.key"), - }, - ClientCAFile: filepath.Join("testdata", "server.crt"), - }, - tlsClientCreds: &clientConfigWithCertAndKeyFile, + name: "WrongClientCA", + tlsServerCreds: &tlsServerConfigWithWrongClientCAFile, + tlsClientCreds: &tlsClientConfigWithCerts, hasError: true, }, } @@ -770,11 +755,11 @@ func TestReceiveOnUnixDomainSocket(t *testing.T) { go func() { _ = srv.Serve(ln) }() - clientConfig := configtls.NewDefaultClientConfig() - clientConfig.Insecure = true + tlsClientConfig := configtls.NewDefaultClientConfig() + tlsClientConfig.Insecure = true gcs := &ClientConfig{ Endpoint: "unix://" + ln.Addr().String(), - TLSSetting: clientConfig, + TLSSetting: tlsClientConfig, } grpcClientConn, errClient := gcs.ToClientConn(context.Background(), componenttest.NewNopHost(), tt.TelemetrySettings()) require.NoError(t, errClient) @@ -947,8 +932,8 @@ func TestClientInfoInterceptors(t *testing.T) { t.Run(tt.name, func(t *testing.T) { mock := &grpcTraceServer{} var l net.Listener - clientConfig := configtls.NewDefaultClientConfig() - clientConfig.Insecure = true + tlsClientConfig := configtls.NewDefaultClientConfig() + tlsClientConfig.Insecure = true // prepare the server { gss := &ServerConfig{ @@ -975,7 +960,7 @@ func TestClientInfoInterceptors(t *testing.T) { { gcs := &ClientConfig{ Endpoint: l.Addr().String(), - TLSSetting: clientConfig, + TLSSetting: tlsClientConfig, } tel, err := componenttest.SetupTelemetry(componentID) From 7bd7379d6970e578826566e158833323b6ff65b6 Mon Sep 17 00:00:00 2001 From: wasim-nihal Date: Wed, 13 Nov 2024 17:45:36 +0530 Subject: [PATCH 3/3] addressed review comments Signed-off-by: wasim-nihal --- config/configgrpc/configgrpc_test.go | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/config/configgrpc/configgrpc_test.go b/config/configgrpc/configgrpc_test.go index f67dc916582..676ad0ce233 100644 --- a/config/configgrpc/configgrpc_test.go +++ b/config/configgrpc/configgrpc_test.go @@ -388,9 +388,14 @@ func TestGrpcClientConfigInvalidBalancer(t *testing.T) { func TestGRPCClientSettingsError(t *testing.T) { tlsClientConfigCADoesntExist := configtls.NewDefaultClientConfig() - tlsConfig := configtls.NewDefaultConfig() - tlsConfig.CAFile = "/doesnt/exist" - tlsClientConfigCADoesntExist.Config = tlsConfig + tlsConfigWithCAFile := configtls.NewDefaultConfig() + tlsConfigWithCAFile.CAFile = "/doesnt/exist" + tlsClientConfigCADoesntExist.Config = tlsConfigWithCAFile + + tlsClientConfigCertDoesntExist := configtls.NewDefaultClientConfig() + tlsConfigWithCertFile := configtls.NewDefaultConfig() + tlsConfigWithCertFile.CertFile = "/doesnt/exist" + tlsClientConfigCertDoesntExist.Config = tlsConfigWithCertFile tlsClientConfigWithInsecure := configtls.NewDefaultClientConfig() tlsClientConfigWithInsecure.Insecure = true @@ -415,7 +420,7 @@ func TestGRPCClientSettingsError(t *testing.T) { Headers: nil, Endpoint: "", Compression: "", - TLSSetting: tlsClientConfigCADoesntExist, + TLSSetting: tlsClientConfigCertDoesntExist, Keepalive: nil, }, },