Add ut

Signed-off-by: Jian Qiu <[email protected]>

Author: qiujian16

pkg/cloudevents/server/grpc/authn/mtls_test.go

@@ -0,0 +1,65 @@
+package authn
+
+import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/peer"
+	"testing"
+)
+
+func TestMtlsAuthenticator(t *testing.T) {
+	tests := []struct {
+		name     string
+		authInfo credentials.TLSInfo
+		valid    bool
+	}{
+		{
+			name:     "no info",
+			authInfo: credentials.TLSInfo{},
+			valid:    false,
+		},
+		{
+			name: "nil chain",
+			authInfo: credentials.TLSInfo{
+				State: tls.ConnectionState{
+					VerifiedChains: [][]*x509.Certificate{nil},
+				},
+			},
+			valid: false,
+		},
+		{
+			name: "valid chain",
+			authInfo: credentials.TLSInfo{
+				State: tls.ConnectionState{
+					VerifiedChains: [][]*x509.Certificate{
+						{
+							{
+								Subject: pkix.Name{},
+							},
+						},
+					},
+				},
+			},
+			valid: true,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			p := &peer.Peer{
+				AuthInfo: test.authInfo,
+			}
+			ctx := peer.NewContext(context.Background(), p)
+			authenticator := MtlsAuthenticator{}
+			_, err := authenticator.Authenticate(ctx)
+			if test.valid && err != nil {
+				t.Errorf("authenticator.Authenticate() = %v", err)
+			} else if !test.valid && err == nil {
+				t.Errorf("authenticator.Authenticate() = %v, wanted error", err)
+			}
+		})
+	}
+}

pkg/cloudevents/server/grpc/authn/token_test.go

@@ -0,0 +1,73 @@
+package authn
+
+import (
+	"context"
+	"fmt"
+	"google.golang.org/grpc/metadata"
+	authenticationv1 "k8s.io/api/authentication/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/kubernetes/fake"
+	clienttesting "k8s.io/client-go/testing"
+	"testing"
+)
+
+func TestTokenAuthenticator(t *testing.T) {
+	tests := []struct {
+		name     string
+		metadata metadata.MD
+		token    string
+		valid    bool
+	}{
+		{
+			name:     "no authorization field",
+			metadata: metadata.MD{},
+			valid:    false,
+		},
+		{
+			name: "token is not correct",
+			metadata: metadata.MD{
+				"Authorization": []string{"Bearer foo"},
+			},
+			token: "bar",
+			valid: false,
+		},
+		{
+			name: "authorization header is set",
+			metadata: metadata.MD{
+				"Authorization": []string{"Bearer foo"},
+			},
+			token: "foo",
+			valid: true,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			ctx := metadata.NewIncomingContext(context.Background(), test.metadata)
+			client := fake.NewClientset()
+			client.PrependReactor("create", "tokenreviews", func(action clienttesting.Action) (handled bool, ret runtime.Object, err error) {
+				createAction := action.(clienttesting.CreateAction)
+				tr, ok := createAction.GetObject().(*authenticationv1.TokenReview)
+				if !ok {
+					return false, nil, fmt.Errorf("not a TokenReview")
+				}
+				if tr.Spec.Token != test.token {
+					return false, nil, fmt.Errorf("invalid token")
+				}
+				tr.Status = authenticationv1.TokenReviewStatus{Authenticated: true}
+				return true, tr, nil
+			})
+			authenticator := NewTokenAuthenticator(client)
+			_, err := authenticator.Authenticate(ctx)
+			if test.valid {
+				if err != nil {
+					t.Errorf("authenticator.Authenticate() = %v", err)
+				}
+
+			}
+			if !test.valid && err == nil {
+				t.Errorf("authenticator.Authenticate() = %v, wanted error", err)
+			}
+		})
+	}
+}

…oudevents/server/grpc/options/optoins.go …oudevents/server/grpc/options/options.gopkg/cloudevents/server/grpc/options/optoins.go renamed to pkg/cloudevents/server/grpc/options/options.go pkg/cloudevents/server/grpc/options/optoins.go renamed to pkg/cloudevents/server/grpc/options/options.go

@@ -25,22 +25,34 @@ type GRPCServerOptions struct {
 }
 
 func NewGRPCServerOptions() *GRPCServerOptions {
-	return &GRPCServerOptions{}
+	return &GRPCServerOptions{
+		ServerBindPort:        "8090",
+		MaxConcurrentStreams:  math.MaxUint32,
+		MaxReceiveMessageSize: 1024 * 1024 * 4,
+		MaxSendMessageSize:    math.MaxInt32,
+		ConnectionTimeout:     120 * time.Second,
+		MaxConnectionAge:      time.Duration(math.MaxInt64),
+		ClientMinPingInterval: 5 * time.Second,
+		ServerPingInterval:    30 * time.Second,
+		ServerPingTimeout:     10 * time.Second,
+		WriteBufferSize:       32 * 1024,
+		ReadBufferSize:        32 * 1024,
+	}
 }
 
 func (o *GRPCServerOptions) AddFlags(flags *pflag.FlagSet) {
-	flags.StringVar(&o.ServerBindPort, "grpc-server-bindport", "8090", "gPRC server bind port")
-	flags.Uint32Var(&o.MaxConcurrentStreams, "grpc-max-concurrent-streams", math.MaxUint32, "gPRC max concurrent streams")
-	flags.IntVar(&o.MaxReceiveMessageSize, "grpc-max-receive-message-size", 1024*1024*4, "gPRC max receive message size")
-	flags.IntVar(&o.MaxSendMessageSize, "grpc-max-send-message-size", math.MaxInt32, "gPRC max send message size")
-	flags.DurationVar(&o.ConnectionTimeout, "grpc-connection-timeout", 120*time.Second, "gPRC connection timeout")
-	flags.DurationVar(&o.MaxConnectionAge, "grpc-max-connection-age", time.Duration(math.MaxInt64), "A duration for the maximum amount of time connection may exist before closing")
-	flags.DurationVar(&o.ClientMinPingInterval, "grpc-client-min-ping-interval", 5*time.Second, "Server will terminate the connection if the client pings more than once within this duration")
-	flags.DurationVar(&o.ServerPingInterval, "grpc-server-ping-interval", 30*time.Second, "Duration after which the server pings the client if no activity is detected")
-	flags.DurationVar(&o.ServerPingTimeout, "grpc-server-ping-timeout", 10*time.Second, "Duration the client waits for a response after sending a keepalive ping")
-	flags.BoolVar(&o.PermitPingWithoutStream, "permit-ping-without-stream", false, "Allow keepalive pings even when there are no active streams")
-	flags.IntVar(&o.WriteBufferSize, "grpc-write-buffer-size", 32*1024, "gPRC write buffer size")
-	flags.IntVar(&o.ReadBufferSize, "grpc-read-buffer-size", 32*1024, "gPRC read buffer size")
+	flags.StringVar(&o.ServerBindPort, "grpc-server-bindport", o.ServerBindPort, "gPRC server bind port")
+	flags.Uint32Var(&o.MaxConcurrentStreams, "grpc-max-concurrent-streams", o.MaxConcurrentStreams, "gPRC max concurrent streams")
+	flags.IntVar(&o.MaxReceiveMessageSize, "grpc-max-receive-message-size", o.MaxReceiveMessageSize, "gPRC max receive message size")
+	flags.IntVar(&o.MaxSendMessageSize, "grpc-max-send-message-size", o.MaxSendMessageSize, "gPRC max send message size")
+	flags.DurationVar(&o.ConnectionTimeout, "grpc-connection-timeout", o.ConnectionTimeout, "gPRC connection timeout")
+	flags.DurationVar(&o.MaxConnectionAge, "grpc-max-connection-age", o.MaxConnectionAge, "A duration for the maximum amount of time connection may exist before closing")
+	flags.DurationVar(&o.ClientMinPingInterval, "grpc-client-min-ping-interval", o.ClientMinPingInterval, "Server will terminate the connection if the client pings more than once within this duration")
+	flags.DurationVar(&o.ServerPingInterval, "grpc-server-ping-interval", o.ServerPingInterval, "Duration after which the server pings the client if no activity is detected")
+	flags.DurationVar(&o.ServerPingTimeout, "grpc-server-ping-timeout", o.ServerPingTimeout, "Duration the client waits for a response after sending a keepalive ping")
+	flags.BoolVar(&o.PermitPingWithoutStream, "permit-ping-without-stream", o.PermitPingWithoutStream, "Allow keepalive pings even when there are no active streams")
+	flags.IntVar(&o.WriteBufferSize, "grpc-write-buffer-size", o.WriteBufferSize, "gPRC write buffer size")
+	flags.IntVar(&o.ReadBufferSize, "grpc-read-buffer-size", o.ReadBufferSize, "gPRC read buffer size")
 	flags.StringVar(&o.TLSCertFile, "grpc-tls-cert-file", "", "The path to the tls.crt file")
 	flags.StringVar(&o.TLSKeyFile, "grpc-tls-key-file", "", "The path to the tls.key file")
 	flags.StringVar(&o.ClientCAFile, "grpc-client-ca-file", "", "The path to the client ca file, must specify if using mtls authentication type")

pkg/cloudevents/server/grpc/options/server_test.go

@@ -0,0 +1,24 @@
+package options
+
+import (
+	"context"
+	"open-cluster-management.io/sdk-go/pkg/cloudevents/server/grpc/authn"
+	"testing"
+)
+
+type testHook struct{}
+
+func (h *testHook) Run(ctx context.Context) {}
+
+func TestRunServer(t *testing.T) {
+	opt := NewGRPCServerOptions()
+	server := NewServer(opt).WithAuthenticator(authn.NewMtlsAuthenticator()).WithPreStartHooks(&testHook{})
+	ctx, cancel := context.WithCancel(context.Background())
+	go func() {
+		err := server.Run(ctx)
+		if err != nil {
+			t.Errorf("server run error: %v", err)
+		}
+		cancel()
+	}()
+}