diff --git a/CMakeLists.txt b/CMakeLists.txt index 3fcae603d42e7..00f7233800b1e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1242,6 +1242,7 @@ if(gRPC_BUILD_TESTS) endif() add_dependencies(buildtests_cxx load_config_test) add_dependencies(buildtests_cxx load_file_test) + add_dependencies(buildtests_cxx local_security_connector_test) if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_POSIX) add_dependencies(buildtests_cxx lock_free_event_test) endif() @@ -19926,6 +19927,57 @@ target_link_libraries(load_file_test ) +endif() +if(gRPC_BUILD_TESTS) + +add_executable(local_security_connector_test + test/core/security/local_security_connector_test.cc + test/core/test_util/cmdline.cc + test/core/test_util/fuzzer_util.cc + test/core/test_util/grpc_profiler.cc + test/core/test_util/histogram.cc + test/core/test_util/mock_endpoint.cc + test/core/test_util/parse_hexstring.cc + test/core/test_util/resolve_localhost_ip46.cc + test/core/test_util/slice_splitter.cc + test/core/test_util/tracer_util.cc +) +if(WIN32 AND MSVC) + if(BUILD_SHARED_LIBS) + target_compile_definitions(local_security_connector_test + PRIVATE + "GPR_DLL_IMPORTS" + "GRPC_DLL_IMPORTS" + ) + endif() +endif() +target_compile_features(local_security_connector_test PUBLIC cxx_std_14) +target_include_directories(local_security_connector_test + PRIVATE + ${CMAKE_CURRENT_SOURCE_DIR} + ${CMAKE_CURRENT_SOURCE_DIR}/include + ${_gRPC_ADDRESS_SORTING_INCLUDE_DIR} + ${_gRPC_RE2_INCLUDE_DIR} + ${_gRPC_SSL_INCLUDE_DIR} + ${_gRPC_UPB_GENERATED_DIR} + ${_gRPC_UPB_GRPC_GENERATED_DIR} + ${_gRPC_UPB_INCLUDE_DIR} + ${_gRPC_XXHASH_INCLUDE_DIR} + ${_gRPC_ZLIB_INCLUDE_DIR} + third_party/googletest/googletest/include + third_party/googletest/googletest + third_party/googletest/googlemock/include + third_party/googletest/googlemock + ${_gRPC_PROTO_GENS_DIR} +) + +target_link_libraries(local_security_connector_test + ${_gRPC_ALLTARGETS_LIBRARIES} + gtest + grpc_test_util +) + + endif() if(gRPC_BUILD_TESTS) if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_POSIX) diff --git a/build_autogenerated.yaml b/build_autogenerated.yaml index b68115b43c2b0..483e38026841e 100644 --- a/build_autogenerated.yaml +++ b/build_autogenerated.yaml @@ -13306,6 +13306,35 @@ targets: - gtest - grpc_test_util uses_polling: false +- name: local_security_connector_test + gtest: true + build: test + language: c++ + headers: + - test/core/test_util/cmdline.h + - test/core/test_util/evaluate_args_test_util.h + - test/core/test_util/fuzzer_util.h + - test/core/test_util/grpc_profiler.h + - test/core/test_util/histogram.h + - test/core/test_util/mock_endpoint.h + - test/core/test_util/parse_hexstring.h + - test/core/test_util/resolve_localhost_ip46.h + - test/core/test_util/slice_splitter.h + - test/core/test_util/tracer_util.h + src: + - test/core/security/local_security_connector_test.cc + - test/core/test_util/cmdline.cc + - test/core/test_util/fuzzer_util.cc + - test/core/test_util/grpc_profiler.cc + - test/core/test_util/histogram.cc + - test/core/test_util/mock_endpoint.cc + - test/core/test_util/parse_hexstring.cc + - test/core/test_util/resolve_localhost_ip46.cc + - test/core/test_util/slice_splitter.cc + - test/core/test_util/tracer_util.cc + deps: + - gtest + - grpc_test_util - name: lock_free_event_test gtest: true build: test diff --git a/src/core/BUILD b/src/core/BUILD index 2ffc92a5aeace..4af318d88ece0 100644 --- a/src/core/BUILD +++ b/src/core/BUILD @@ -4069,9 +4069,9 @@ grpc_cc_library( "//:promise", "//:ref_counted_ptr", "//:sockaddr_utils", - "//src/core:experiments", "//:tsi_base", "//:uri_parser", + "//src/core:experiments", ], ) diff --git a/src/core/lib/experiments/experiments.cc b/src/core/lib/experiments/experiments.cc index ac09af45819ac..70326c3782322 100644 --- a/src/core/lib/experiments/experiments.cc +++ b/src/core/lib/experiments/experiments.cc @@ -47,9 +47,6 @@ const char* const additional_constraints_event_engine_listener = "{}"; const char* const description_free_large_allocator = "If set, return all free bytes from a \042big\042 allocator"; const char* const additional_constraints_free_large_allocator = "{}"; -const char* const description_local_connector_secure = - "Local Security Connector uses TSI_PRIVACY_AND_INTEGRITY only for UDS."; -const char* const additional_constraints_local_connector_secure = "{}"; const char* const description_max_pings_wo_data_throttle = "Experiment to throttle pings to a period of 1 min when " "GRPC_ARG_HTTP2_MAX_PINGS_WITHOUT_DATA limit has reached (instead of " @@ -130,8 +127,6 @@ const ExperimentMetadata g_experiment_metadata[] = { additional_constraints_event_engine_listener, nullptr, 0, false, true}, {"free_large_allocator", description_free_large_allocator, additional_constraints_free_large_allocator, nullptr, 0, false, true}, - {"local_connector_secure", description_local_connector_secure, - additional_constraints_local_connector_secure, nullptr, 0, true, true}, {"max_pings_wo_data_throttle", description_max_pings_wo_data_throttle, additional_constraints_max_pings_wo_data_throttle, nullptr, 0, false, true}, @@ -202,9 +197,6 @@ const char* const additional_constraints_event_engine_listener = "{}"; const char* const description_free_large_allocator = "If set, return all free bytes from a \042big\042 allocator"; const char* const additional_constraints_free_large_allocator = "{}"; -const char* const description_local_connector_secure = - "Local Security Connector uses TSI_PRIVACY_AND_INTEGRITY only for UDS."; -const char* const additional_constraints_local_connector_secure = "{}"; const char* const description_max_pings_wo_data_throttle = "Experiment to throttle pings to a period of 1 min when " "GRPC_ARG_HTTP2_MAX_PINGS_WITHOUT_DATA limit has reached (instead of " @@ -285,8 +277,6 @@ const ExperimentMetadata g_experiment_metadata[] = { additional_constraints_event_engine_listener, nullptr, 0, true, true}, {"free_large_allocator", description_free_large_allocator, additional_constraints_free_large_allocator, nullptr, 0, false, true}, - {"local_connector_secure", description_local_connector_secure, - additional_constraints_local_connector_secure, nullptr, 0, true, true}, {"max_pings_wo_data_throttle", description_max_pings_wo_data_throttle, additional_constraints_max_pings_wo_data_throttle, nullptr, 0, false, true}, @@ -357,9 +347,6 @@ const char* const additional_constraints_event_engine_listener = "{}"; const char* const description_free_large_allocator = "If set, return all free bytes from a \042big\042 allocator"; const char* const additional_constraints_free_large_allocator = "{}"; -const char* const description_local_connector_secure = - "Local Security Connector uses TSI_PRIVACY_AND_INTEGRITY only for UDS."; -const char* const additional_constraints_local_connector_secure = "{}"; const char* const description_max_pings_wo_data_throttle = "Experiment to throttle pings to a period of 1 min when " "GRPC_ARG_HTTP2_MAX_PINGS_WITHOUT_DATA limit has reached (instead of " @@ -440,9 +427,7 @@ const ExperimentMetadata g_experiment_metadata[] = { additional_constraints_event_engine_listener, nullptr, 0, true, true}, {"free_large_allocator", description_free_large_allocator, additional_constraints_free_large_allocator, nullptr, 0, false, true}, - {"local_connector_secure", description_local_connector_secure, - additional_constraints_local_connector_secure, nullptr, 0, true, true}, - {"max_pings_wo_data_throttle", description_max_pings_wo_data_throttle, + {"max_pings_wo_data_throttle", description_max_pings_wo_data_throttle, additional_constraints_max_pings_wo_data_throttle, nullptr, 0, false, true}, {"monitoring_experiment", description_monitoring_experiment, diff --git a/src/core/lib/experiments/experiments.h b/src/core/lib/experiments/experiments.h index 1ed531840ee74..498557c511803 100644 --- a/src/core/lib/experiments/experiments.h +++ b/src/core/lib/experiments/experiments.h @@ -86,8 +86,6 @@ inline bool IsUnconstrainedMaxQuotaBufferSizeEnabled() { return false; } #define GRPC_EXPERIMENT_IS_INCLUDED_WORK_SERIALIZER_CLEARS_TIME_CACHE inline bool IsWorkSerializerClearsTimeCacheEnabled() { return true; } inline bool IsWorkSerializerDispatchEnabled() { return false; } -#define GRPC_EXPERIMENT_IS_LOCAL_CONNECTOR_SECURE -inline bool IsLocalConnectorSecure() { return false; } #elif defined(GPR_WINDOWS) #define GRPC_EXPERIMENT_IS_INCLUDED_CALL_STATUS_OVERRIDE_ON_CANCELLATION @@ -122,8 +120,6 @@ inline bool IsUnconstrainedMaxQuotaBufferSizeEnabled() { return false; } #define GRPC_EXPERIMENT_IS_INCLUDED_WORK_SERIALIZER_CLEARS_TIME_CACHE inline bool IsWorkSerializerClearsTimeCacheEnabled() { return true; } inline bool IsWorkSerializerDispatchEnabled() { return false; } -#define GRPC_EXPERIMENT_IS_LOCAL_CONNECTOR_SECURE -inline bool IsLocalConnectorSecure() { return false; } #else #define GRPC_EXPERIMENT_IS_INCLUDED_CALL_STATUS_OVERRIDE_ON_CANCELLATION @@ -157,8 +153,6 @@ inline bool IsUnconstrainedMaxQuotaBufferSizeEnabled() { return false; } #define GRPC_EXPERIMENT_IS_INCLUDED_WORK_SERIALIZER_CLEARS_TIME_CACHE inline bool IsWorkSerializerClearsTimeCacheEnabled() { return true; } inline bool IsWorkSerializerDispatchEnabled() { return false; } -#define GRPC_EXPERIMENT_IS_LOCAL_CONNECTOR_SECURE -inline bool IsLocalConnectorSecure() { return false; } #endif #else @@ -171,7 +165,6 @@ enum ExperimentIds { kExperimentIdEventEngineDns, kExperimentIdEventEngineListener, kExperimentIdFreeLargeAllocator, - kExperimentIdLocalConnectorSecure, kExperimentIdMaxPingsWoDataThrottle, kExperimentIdMonitoringExperiment, kExperimentIdMultiping, @@ -221,10 +214,6 @@ inline bool IsEventEngineListenerEnabled() { inline bool IsFreeLargeAllocatorEnabled() { return IsExperimentEnabled(); } -#define GRPC_EXPERIMENT_IS_LOCAL_CONNECTOR_SECURE -inline bool IsLocalConnectorSecureEnabled() { - return IsExperimentEnabled(); -} #define GRPC_EXPERIMENT_IS_INCLUDED_MAX_PINGS_WO_DATA_THROTTLE inline bool IsMaxPingsWoDataThrottleEnabled() { return IsExperimentEnabled(); diff --git a/src/core/lib/security/security_connector/local/local_security_connector.cc b/src/core/lib/security/security_connector/local/local_security_connector.cc index 9b5f52a70ddae..70f502399c3ac 100644 --- a/src/core/lib/security/security_connector/local/local_security_connector.cc +++ b/src/core/lib/security/security_connector/local/local_security_connector.cc @@ -149,7 +149,8 @@ void local_check_peer(tsi_peer peer, grpc_endpoint* ep, if (grpc_core::IsLocalConnectorSecureEnabled()) { switch (type) { case UDS: - security_level = tsi_security_level_to_string(TSI_PRIVACY_AND_INTEGRITY); + security_level = + tsi_security_level_to_string(TSI_PRIVACY_AND_INTEGRITY); break; default: security_level = tsi_security_level_to_string(TSI_SECURITY_NONE); diff --git a/src/python/grpcio_tests/tests/unit/_contextvars_propagation_test.py b/src/python/grpcio_tests/tests/unit/_contextvars_propagation_test.py index 1d2cb79db7716..36a971be68417 100644 --- a/src/python/grpcio_tests/tests/unit/_contextvars_propagation_test.py +++ b/src/python/grpcio_tests/tests/unit/_contextvars_propagation_test.py @@ -119,7 +119,9 @@ def test_propagation_to_auth_plugin(self): composite_credentials = grpc.composite_channel_credentials( local_credentials, call_credentials ) - with grpc.secure_channel(f"unix:{uds_path}", composite_credentials) as channel: + with grpc.secure_channel( + f"unix:{uds_path}", composite_credentials + ) as channel: stub = channel.unary_unary( grpc._common.fully_qualified_method( _SERVICE_NAME, _UNARY_UNARY diff --git a/test/core/end2end/end2end_tests.h b/test/core/end2end/end2end_tests.h index 8472b61e696eb..e664062a17ab2 100644 --- a/test/core/end2end/end2end_tests.h +++ b/test/core/end2end/end2end_tests.h @@ -684,9 +684,9 @@ class CoreEnd2endTestRegistry { GTEST_SKIP() << "Disabled for initial v3 testing"; \ } -#define SKIP_IF_LOCAL_CREDS() \ +#define SKIP_IF_LOCAL_CREDS() \ if (GetParam()->feature_mask & FEATURE_MASK_IS_LOCAL_CREDS) { \ - GTEST_SKIP() << "Disabled for Local TCP Connection"; \ + GTEST_SKIP() << "Disabled for Local TCP Connection"; \ } #define CORE_END2END_TEST(suite, name) \ diff --git a/test/core/end2end/tests/call_creds.cc b/test/core/end2end/tests/call_creds.cc index f07268f0f6c60..2fb1e8eb067f7 100644 --- a/test/core/end2end/tests/call_creds.cc +++ b/test/core/end2end/tests/call_creds.cc @@ -264,7 +264,7 @@ CORE_END2END_TEST(PerCallCredsOnInsecureTest, } CORE_END2END_TEST(PerCallCredsTest, RequestResponseWithPayloadAndCallCreds) { - if (grpc_core::IsLocalConnectorSecureEnabled()) { + if (IsLocalConnectorSecureEnabled()) { SKIP_IF_LOCAL_CREDS(); } TestRequestResponseWithPayloadAndCallCreds(*this, true); @@ -272,7 +272,7 @@ CORE_END2END_TEST(PerCallCredsTest, RequestResponseWithPayloadAndCallCreds) { CORE_END2END_TEST(PerCallCredsTest, RequestResponseWithPayloadAndOverriddenCallCreds) { - if (grpc_core::IsLocalConnectorSecureEnabled()) { + if (IsLocalConnectorSecureEnabled()) { SKIP_IF_LOCAL_CREDS(); } TestRequestResponseWithPayloadAndOverriddenCallCreds(*this, true); diff --git a/test/core/security/local_security_connector_test.cc b/test/core/security/local_security_connector_test.cc index c3a0b2a8c4090..a6c14c7871ab8 100644 --- a/test/core/security/local_security_connector_test.cc +++ b/test/core/security/local_security_connector_test.cc @@ -18,53 +18,40 @@ #include +#include + +#include "src/core/client_channel/client_channel_filter.h" #include "src/core/lib/security/context/security_context.h" #include "src/core/tsi/transport_security.h" #include "test/core/test_util/test_config.h" -#include "src/core/client_channel/client_channel_filter.h" -#include "include/grpc/impl/grpc_types.h" namespace grpc_core { namespace testing { namespace { -absl::string_view GetLocalUnixAddress(grpc_endpoint* /*ep*/) { - return "unix:"; -} +absl::string_view GetLocalUnixAddress(grpc_endpoint* /*ep*/) { return "unix:"; } -const grpc_endpoint_vtable kUnixEndpointVtable = {nullptr, - nullptr, - nullptr, - nullptr, - nullptr, - nullptr, - nullptr, - GetLocalUnixAddress, - nullptr, - nullptr}; +const grpc_endpoint_vtable kUnixEndpointVtable = { + nullptr, nullptr, nullptr, nullptr, + nullptr, nullptr, nullptr, GetLocalUnixAddress, + nullptr, nullptr}; absl::string_view GetLocalTcpAddress(grpc_endpoint* /*ep*/) { return "ipv4:127.0.0.1:12667"; } -const grpc_endpoint_vtable kTcpEndpointVtable = {nullptr, - nullptr, - nullptr, - nullptr, - nullptr, - nullptr, - nullptr, - GetLocalTcpAddress, - nullptr, - nullptr}; +const grpc_endpoint_vtable kTcpEndpointVtable = { + nullptr, nullptr, nullptr, nullptr, + nullptr, nullptr, nullptr, GetLocalTcpAddress, + nullptr, nullptr}; void CheckSecurityLevelForServer(grpc_local_connect_type connect_type, - tsi_security_level level, - grpc_endpoint ep) { - grpc_server_credentials* server_creds = grpc_local_server_credentials_create(connect_type); + tsi_security_level level, grpc_endpoint ep) { + grpc_server_credentials* server_creds = + grpc_local_server_credentials_create(connect_type); ChannelArgs args; - RefCountedPtr connector = server_creds-> - create_security_connector(args); + RefCountedPtr connector = + server_creds->create_security_connector(args); ASSERT_NE(connector, nullptr); tsi_peer peer; CHECK(tsi_construct_peer(0, &peer) == TSI_OK); @@ -82,14 +69,14 @@ void CheckSecurityLevelForServer(grpc_local_connect_type connect_type, grpc_server_credentials_release(server_creds); } -static void CheckSecurityLevelForChannel(grpc_local_connect_type connect_type, - tsi_security_level level, - grpc_endpoint ep) { - grpc_channel_credentials* channel_creds = grpc_local_credentials_create(connect_type); +void CheckSecurityLevelForChannel(grpc_local_connect_type connect_type, + tsi_security_level level, grpc_endpoint ep) { + grpc_channel_credentials* channel_creds = + grpc_local_credentials_create(connect_type); ChannelArgs args; - args = args.Set((char*) GRPC_ARG_SERVER_URI, (char*) "unix:"); - RefCountedPtr connector = channel_creds-> - create_security_connector(nullptr, "unix:", &args); + args = args.Set((char*)GRPC_ARG_SERVER_URI, (char*)"unix:"); + RefCountedPtr connector = + channel_creds->create_security_connector(nullptr, "unix:", &args); ASSERT_NE(connector, nullptr); tsi_peer peer; CHECK(tsi_construct_peer(0, &peer) == TSI_OK); @@ -115,7 +102,9 @@ TEST(LocalSecurityConnectorTest, CheckSecurityLevelOfUdsConnectionServer) { } TEST(LocalSecurityConnectorTest, SecurityLevelOfTcpConnectionServer) { - if (!grpc_core::IsLocalConnectorSecureEnabled()) {return;} + if (!IsLocalConnectorSecureEnabled()) { + return; + } grpc_endpoint ep; ep.vtable = &kTcpEndpointVtable; CheckSecurityLevelForServer(LOCAL_TCP, TSI_SECURITY_NONE, ep); @@ -128,7 +117,9 @@ TEST(LocalSecurityConnectorTest, CheckSecurityLevelOfUdsConnectionChannel) { } TEST(LocalSecurityConnectorTest, SecurityLevelOfTcpConnectionChannel) { - if (!grpc_core::IsLocalConnectorSecureEnabled()) {return;} + if (!IsLocalConnectorSecureEnabled()) { + return; + } grpc_endpoint ep; ep.vtable = &kTcpEndpointVtable; CheckSecurityLevelForChannel(LOCAL_TCP, TSI_SECURITY_NONE, ep); diff --git a/tools/run_tests/generated/tests.json b/tools/run_tests/generated/tests.json index b1539ab9fff52..4f914307028b9 100644 --- a/tools/run_tests/generated/tests.json +++ b/tools/run_tests/generated/tests.json @@ -5929,6 +5929,30 @@ ], "uses_polling": false }, + { + "args": [], + "benchmark": false, + "ci_platforms": [ + "linux", + "mac", + "posix", + "windows" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [], + "flaky": false, + "gtest": true, + "language": "c++", + "name": "local_security_connector_test", + "platforms": [ + "linux", + "mac", + "posix", + "windows" + ], + "uses_polling": true + }, { "args": [ "--benchmark_min_time=0.001s"