From ca62c6b92c334f52c7e48b7cbf624f3b877fb092 Mon Sep 17 00:00:00 2001 From: lyuxuan Date: Fri, 30 Nov 2018 06:01:10 +0800 Subject: [PATCH] channelz: fix GetSecurityValue function name. (#2450) --- credentials/credentials.go | 4 +- test/channelz_test.go | 80 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+), 2 deletions(-) diff --git a/credentials/credentials.go b/credentials/credentials.go index 078ba91ab2a3..a851560456b4 100644 --- a/credentials/credentials.go +++ b/credentials/credentials.go @@ -139,8 +139,8 @@ func (t TLSInfo) AuthType() string { return "tls" } -// GetChannelzSecurityValue returns security info requested by channelz. -func (t TLSInfo) GetChannelzSecurityValue() ChannelzSecurityValue { +// GetSecurityValue returns security info requested by channelz. +func (t TLSInfo) GetSecurityValue() ChannelzSecurityValue { v := &TLSChannelzSecurityValue{ StandardName: cipherSuiteLookup[t.State.CipherSuite], } diff --git a/test/channelz_test.go b/test/channelz_test.go index 5d8920776869..9a5abfe6a8f2 100644 --- a/test/channelz_test.go +++ b/test/channelz_test.go @@ -20,8 +20,10 @@ package test import ( "context" + "crypto/tls" "fmt" "net" + "reflect" "sync" "testing" "time" @@ -32,6 +34,7 @@ import ( "google.golang.org/grpc/balancer/roundrobin" "google.golang.org/grpc/codes" "google.golang.org/grpc/connectivity" + "google.golang.org/grpc/credentials" "google.golang.org/grpc/internal/channelz" "google.golang.org/grpc/internal/leakcheck" "google.golang.org/grpc/keepalive" @@ -39,6 +42,7 @@ import ( "google.golang.org/grpc/resolver/manual" "google.golang.org/grpc/status" testpb "google.golang.org/grpc/test/grpc_testing" + "google.golang.org/grpc/testdata" ) func (te *test) startServers(ts testpb.TestServiceServer, num int) { @@ -1196,6 +1200,82 @@ func TestCZServerSocketMetricsKeepAlive(t *testing.T) { } } +var cipherSuites = []string{ + "TLS_RSA_WITH_RC4_128_SHA", + "TLS_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_RSA_WITH_AES_128_CBC_SHA", + "TLS_RSA_WITH_AES_256_CBC_SHA", + "TLS_RSA_WITH_AES_128_GCM_SHA256", + "TLS_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", + "TLS_FALLBACK_SCSV", + "TLS_RSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", +} + +func TestCZSocketGetSecurityValueTLS(t *testing.T) { + defer leakcheck.Check(t) + channelz.NewChannelzStorage() + e := tcpTLSRREnv + te := newTest(t, e) + te.startServer(&testServer{security: e.security}) + defer te.tearDown() + te.clientConn() + if err := verifyResultWithDelay(func() (bool, error) { + tchan, _ := channelz.GetTopChannels(0) + if len(tchan) != 1 { + return false, fmt.Errorf("there should only be one top channel, not %d", len(tchan)) + } + if len(tchan[0].SubChans) != 1 { + return false, fmt.Errorf("there should only be one subchannel under top channel %d, not %d", tchan[0].ID, len(tchan[0].SubChans)) + } + var id int64 + for id = range tchan[0].SubChans { + break + } + sc := channelz.GetSubChannel(id) + if sc == nil { + return false, fmt.Errorf("there should only be one socket under subchannel %d, not 0", id) + } + if len(sc.Sockets) != 1 { + return false, fmt.Errorf("there should only be one socket under subchannel %d, not %d", sc.ID, len(sc.Sockets)) + } + for id = range sc.Sockets { + break + } + skt := channelz.GetSocket(id) + cert, _ := tls.LoadX509KeyPair(testdata.Path("server1.pem"), testdata.Path("server1.key")) + securityVal, ok := skt.SocketData.Security.(*credentials.TLSChannelzSecurityValue) + if !ok { + return false, fmt.Errorf("the SocketData.Security is of type: %T, want: *credentials.TLSChannelzSecurityValue", skt.SocketData.Security) + } + if !reflect.DeepEqual(securityVal.RemoteCertificate, cert.Certificate[0]) { + return false, fmt.Errorf("SocketData.Security.RemoteCertificate got: %v, want: %v", securityVal.RemoteCertificate, cert.Certificate[0]) + } + for _, v := range cipherSuites { + if v == securityVal.StandardName { + return true, nil + } + } + return false, fmt.Errorf("SocketData.Security.StandardName got: %v, want it to be one of %v ", securityVal.StandardName, cipherSuites) + }); err != nil { + t.Fatal(err) + } +} + func TestCZChannelTraceCreationDeletion(t *testing.T) { defer leakcheck.Check(t) channelz.NewChannelzStorage()