credentials: add end-to-end tests for JWT call credentials behavior #8818
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #8818 +/- ##
==========================================
- Coverage 83.22% 83.16% -0.06%
==========================================
Files 417 414 -3
Lines 32920 32751 -169
==========================================
- Hits 27397 27239 -158
+ Misses 4110 4094 -16
- Partials 1413 1418 +5 🚀 New features to boost your workflow:
|
iamrajiv
changed the title
iamrajiv
changed the title
Pranjali-2501
left a comment
Pranjali-2501
left a comment
There was a problem hiding this comment.
@iamrajiv , Thank you for taking the initiative to add the tests.
Pranjali-2501
changed the title
Signed-off-by: iamrajiv <[email protected]>
Pranjali-2501
left a comment
Pranjali-2501
left a comment
There was a problem hiding this comment.
The test looks good to me. I have minor nits.
Signed-off-by: iamrajiv <[email protected]>
|
@easwars , assigning it to you for second review. |
|
@iamrajiv I'm sorry. I just realized that some of my comments are in direct contradiction to some of the previous comments made as part of the review process and now you are having to do double work. |
|
No worries at all, @easwars! I appreciate the thorough review. The feedback to split into focused tests makes sense it's much cleaner and easier to debug now. Thanks for taking the time to review! |
easwars
left a comment
easwars
left a comment
There was a problem hiding this comment.
Changes look good to me. Just a bunch of minor nits this time around.
| @@ -0,0 +1,271 @@ | |||
| /* | |||
| * | |||
| * Copyright 2025 gRPC authors. | |||
There was a problem hiding this comment.
Nit: This needs to 2026 now.
| ctx, cancel := context.WithTimeout(context.Background(), defaultTestTimeout) | ||
| defer cancel() | ||
|
|
||
| client := testgrpc.NewTestServiceClient(cc) |
There was a problem hiding this comment.
Nit: Please consider defining a const wantErr = "cannot send secure credentials on an insecure connection". That way, the subsequent conditional statement and the error string will be shorter and easier to read.
|
|
||
| client := testgrpc.NewTestServiceClient(cc) | ||
| _, err = client.EmptyCall(ctx, &testpb.Empty{}, grpc.PerRPCCredentials(jwtCreds)) | ||
|
|
| } | ||
| defer ss.Stop() | ||
|
|
||
| _, err = grpc.NewClient(ss.Address, |
There was a problem hiding this comment.
Please don't break up lines this way. Please see the "Line length" section of the style guide: cannot send secure credentials on an insecure connection
This line is short enough to be on a single line. In other places where we have to pass a lot of dial options, we usually define a slice of dial options right before the call to NewClient and pass that slice to it.
| grpc.WithTransportCredentials(insecure.NewCredentials()), | ||
| grpc.WithPerRPCCredentials(jwtCreds), | ||
| ) | ||
|
|
There was a problem hiding this comment.
Nit: Same here. Nix newline.
| t.Fatalf("Failed to create client TLS credentials: %v", err) | ||
| } | ||
|
|
||
| cc, err := grpc.NewClient(ss.Address, |
There was a problem hiding this comment.
Same here too about being on a single line.
There was a problem hiding this comment.
This file doesn't seem to have any code changes, but the file mode has been changed. Could you please revert the file mode changes. Thanks.
4 participants
This adds e2e style tests to verify that when JWT call credentials (which require transport security) are used with an insecure transport, the RPC fails with a meaningful error as expected per gRFC A97.
Fixes #8635
RELEASE NOTES: none