From 5737032ac726d40d8b67630e4cab5335b694095e Mon Sep 17 00:00:00 2001 From: Vladimir Popov Date: Fri, 9 Apr 2021 15:58:08 +0700 Subject: [PATCH] Rework sandbox to use custom tokens/credentials Signed-off-by: Vladimir Popov --- .../chains/nsmgr/server_heal_test.go | 32 ++--- .../chains/nsmgr/server_test.go | 58 ++++---- .../chains/nsmgrproxy/server_test.go | 4 +- .../common/refresh/client_test.go | 6 +- pkg/tools/sandbox/builder.go | 125 +++++++++++------- pkg/tools/sandbox/grpc_utils.go | 10 +- pkg/tools/sandbox/insecure_tc.go | 54 ++++++++ pkg/tools/sandbox/node.go | 41 +++--- pkg/tools/sandbox/types.go | 14 +- pkg/tools/sandbox/utils.go | 63 +++------ 10 files changed, 239 insertions(+), 168 deletions(-) create mode 100644 pkg/tools/sandbox/insecure_tc.go diff --git a/pkg/networkservice/chains/nsmgr/server_heal_test.go b/pkg/networkservice/chains/nsmgr/server_heal_test.go index 0e44b824c..101db7fae 100644 --- a/pkg/networkservice/chains/nsmgr/server_heal_test.go +++ b/pkg/networkservice/chains/nsmgr/server_heal_test.go @@ -100,7 +100,7 @@ func testNSMGRHealEndpoint(t *testing.T, nodeNum int, restored bool) { nseCtx, nseCtxCancel := context.WithTimeout(context.Background(), time.Second) defer nseCtxCancel() - nse := domain.Nodes[nodeNum].NewEndpoint(nseCtx, nseReg, sandbox.GenerateExpiringToken(time.Second), counter) + nse := domain.Nodes[nodeNum].NewEndpoint(nseCtx, nseReg, time.Second, counter) request := &networkservice.NetworkServiceRequest{ MechanismPreferences: []*networkservice.Mechanism{ @@ -113,7 +113,7 @@ func testNSMGRHealEndpoint(t *testing.T, nodeNum int, restored bool) { }, } - nsc := domain.Nodes[0].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain.Nodes[0].NewClient(ctx, sandbox.DefaultTokenTimeout) conn, err := nsc.Request(ctx, request.Clone()) require.NoError(t, err) @@ -134,7 +134,7 @@ func testNSMGRHealEndpoint(t *testing.T, nodeNum int, restored bool) { nseReg2.Name = nse.Name nseReg2.Url = nse.URL.String() } - domain.Nodes[nodeNum].NewEndpoint(ctx, nseReg2, sandbox.GenerateTestToken, counter) + domain.Nodes[nodeNum].NewEndpoint(ctx, nseReg2, sandbox.DefaultTokenTimeout, counter) if restored { require.Eventually(t, checkSecondRequestsReceived(func() int { @@ -225,7 +225,7 @@ func testNSMGRHealForwarder(t *testing.T, nodeNum int, restored bool) { } counter := &counterServer{} - domain.Nodes[1].NewEndpoint(ctx, nseReg, sandbox.GenerateTestToken, counter) + domain.Nodes[1].NewEndpoint(ctx, nseReg, sandbox.DefaultTokenTimeout, counter) request := &networkservice.NetworkServiceRequest{ MechanismPreferences: []*networkservice.Mechanism{ @@ -238,7 +238,7 @@ func testNSMGRHealForwarder(t *testing.T, nodeNum int, restored bool) { }, } - nsc := domain.Nodes[0].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain.Nodes[0].NewClient(ctx, sandbox.DefaultTokenTimeout) conn, err := nsc.Request(ctx, request.Clone()) require.NoError(t, err) @@ -258,7 +258,7 @@ func testNSMGRHealForwarder(t *testing.T, nodeNum int, restored bool) { forwarderReg.Name = forwarder.Name forwarderReg.Url = forwarder.URL.String() } - domain.Nodes[nodeNum].NewForwarder(ctx, forwarderReg, sandbox.GenerateTestToken) + domain.Nodes[nodeNum].NewForwarder(ctx, forwarderReg, sandbox.DefaultTokenTimeout) if restored { require.Eventually(t, checkSecondRequestsReceived(func() int { @@ -291,13 +291,13 @@ func testNSMGRHealForwarder(t *testing.T, nodeNum int, restored bool) { } func setupCancelableForwarderNode(ctx context.Context, node *sandbox.Node) (context.CancelFunc, *sandbox.EndpointEntry) { - node.NewNSMgr(ctx, sandbox.Name("nsmgr"), nil, sandbox.GenerateTestToken, nsmgr.NewServer) + node.NewNSMgr(ctx, sandbox.Name("nsmgr"), nil, sandbox.DefaultTokenTimeout, nsmgr.NewServer) forwarderCtx, forwarderCtxCancel := context.WithTimeout(ctx, time.Second) forwarder := node.NewForwarder(forwarderCtx, ®istry.NetworkServiceEndpoint{ Name: sandbox.Name("forwarder"), - }, sandbox.GenerateExpiringToken(time.Second)) + }, time.Second) return forwarderCtxCancel, forwarder } @@ -363,7 +363,7 @@ func testNSMGRHealNSMgr(t *testing.T, nodeNum int, restored bool) { } counter := &counterServer{} - domain.Nodes[1].NewEndpoint(ctx, nseReg, sandbox.GenerateTestToken, counter) + domain.Nodes[1].NewEndpoint(ctx, nseReg, sandbox.DefaultTokenTimeout, counter) request := &networkservice.NetworkServiceRequest{ MechanismPreferences: []*networkservice.Mechanism{ @@ -376,7 +376,7 @@ func testNSMGRHealNSMgr(t *testing.T, nodeNum int, restored bool) { }, } - nsc := domain.Nodes[0].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain.Nodes[0].NewClient(ctx, sandbox.DefaultTokenTimeout) conn, err := nsc.Request(ctx, request.Clone()) require.NoError(t, err) @@ -390,7 +390,7 @@ func testNSMGRHealNSMgr(t *testing.T, nodeNum int, restored bool) { mgr := domain.Nodes[nodeNum].NSMgr require.Eventually(t, checkURLFree(mgr.URL), timeout, tick) - domain.Nodes[nodeNum].NewNSMgr(ctx, mgr.Name, mgr.URL, sandbox.GenerateTestToken, nsmgr.NewServer) + domain.Nodes[nodeNum].NewNSMgr(ctx, mgr.Name, mgr.URL, sandbox.DefaultTokenTimeout, nsmgr.NewServer) // TODO: https://github.com/networkservicemesh/sdk/issues/713 domain.Nodes[nodeNum].RegisterForwarder(ctx, forwarderReg) if nodeNum == 1 { @@ -401,7 +401,7 @@ func testNSMGRHealNSMgr(t *testing.T, nodeNum int, restored bool) { Name: "nse-2", NetworkServiceNames: []string{"ns"}, } - domain.Nodes[2].NewEndpoint(ctx, nseReg2, sandbox.GenerateTestToken, counter) + domain.Nodes[2].NewEndpoint(ctx, nseReg2, sandbox.DefaultTokenTimeout, counter) } if restored { @@ -437,12 +437,12 @@ func testNSMGRHealNSMgr(t *testing.T, nodeNum int, restored bool) { func setupCancellableNSMgrNode(ctx context.Context, node *sandbox.Node) (context.CancelFunc, *registry.NetworkServiceEndpoint) { nsmgrCtx, nsmgrCtxCancel := context.WithTimeout(ctx, time.Second) - node.NewNSMgr(nsmgrCtx, sandbox.Name("nsmgr"), nil, sandbox.GenerateExpiringToken(time.Second), nsmgr.NewServer) + node.NewNSMgr(nsmgrCtx, sandbox.Name("nsmgr"), nil, time.Second, nsmgr.NewServer) forwarderReg := ®istry.NetworkServiceEndpoint{ Name: sandbox.Name("forwarder"), } - node.NewForwarder(ctx, forwarderReg, sandbox.GenerateTestToken) + node.NewForwarder(ctx, forwarderReg, sandbox.DefaultTokenTimeout) return nsmgrCtxCancel, forwarderReg } @@ -466,7 +466,7 @@ func TestNSMGR_CloseHeal(t *testing.T) { nseCtx, nseCtxCancel := context.WithCancel(ctx) - domain.Nodes[0].NewEndpoint(nseCtx, nseReg, sandbox.GenerateTestToken) + domain.Nodes[0].NewEndpoint(nseCtx, nseReg, sandbox.DefaultTokenTimeout) request := &networkservice.NetworkServiceRequest{ MechanismPreferences: []*networkservice.Mechanism{ @@ -481,7 +481,7 @@ func TestNSMGR_CloseHeal(t *testing.T) { nscCtx, nscCtxCancel := context.WithCancel(ctx) - nsc := domain.Nodes[0].NewClient(nscCtx, sandbox.GenerateTestToken) + nsc := domain.Nodes[0].NewClient(nscCtx, sandbox.DefaultTokenTimeout) // 1. Request conn, err := nsc.Request(ctx, request.Clone()) diff --git a/pkg/networkservice/chains/nsmgr/server_test.go b/pkg/networkservice/chains/nsmgr/server_test.go index 88dd119c8..1c90e541d 100644 --- a/pkg/networkservice/chains/nsmgr/server_test.go +++ b/pkg/networkservice/chains/nsmgr/server_test.go @@ -80,9 +80,9 @@ func TestNSMGR_RemoteUsecase_Parallel(t *testing.T) { Name: "final-endpoint", NetworkServiceNames: []string{"my-service-remote"}, } - domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.GenerateTestToken, counter) + domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.DefaultTokenTimeout, counter) }() - nsc := domain.Nodes[1].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain.Nodes[1].NewClient(ctx, sandbox.DefaultTokenTimeout) conn, err := nsc.Request(ctx, request.Clone()) require.NoError(t, err) @@ -157,7 +157,7 @@ func TestNSMGR_SelectsRestartingEndpoint(t *testing.T) { }) // 3. Create client and request endpoint - nsc := domain.Nodes[0].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain.Nodes[0].NewClient(ctx, sandbox.DefaultTokenTimeout) conn, err := nsc.Request(ctx, request.Clone()) require.NoError(t, err) @@ -198,7 +198,7 @@ func TestNSMGR_RemoteUsecase_BusyEndpoints(t *testing.T) { Name: "final-endpoint-" + strconv.Itoa(id), NetworkServiceNames: []string{"my-service-remote"}, } - domain.Nodes[1].NewEndpoint(ctx, nseReg, sandbox.GenerateTestToken, newBusyEndpoint()) + domain.Nodes[1].NewEndpoint(ctx, nseReg, sandbox.DefaultTokenTimeout, newBusyEndpoint()) wg.Done() }(i) } @@ -209,9 +209,9 @@ func TestNSMGR_RemoteUsecase_BusyEndpoints(t *testing.T) { Name: "final-endpoint-3", NetworkServiceNames: []string{"my-service-remote"}, } - domain.Nodes[1].NewEndpoint(ctx, nseReg, sandbox.GenerateTestToken, counter) + domain.Nodes[1].NewEndpoint(ctx, nseReg, sandbox.DefaultTokenTimeout, counter) }() - nsc := domain.Nodes[0].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain.Nodes[0].NewClient(ctx, sandbox.DefaultTokenTimeout) conn, err := nsc.Request(ctx, request.Clone()) require.NoError(t, err) @@ -248,7 +248,7 @@ func TestNSMGR_RemoteUsecase(t *testing.T) { } counter := &counterServer{} - domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.GenerateTestToken, counter) + domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.DefaultTokenTimeout, counter) request := &networkservice.NetworkServiceRequest{ MechanismPreferences: []*networkservice.Mechanism{ @@ -261,7 +261,7 @@ func TestNSMGR_RemoteUsecase(t *testing.T) { }, } - nsc := domain.Nodes[1].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain.Nodes[1].NewClient(ctx, sandbox.DefaultTokenTimeout) conn, err := nsc.Request(ctx, request.Clone()) require.NoError(t, err) @@ -306,9 +306,9 @@ func TestNSMGR_ConnectToDeadNSE(t *testing.T) { counter := &counterServer{} nseCtx, killNse := context.WithCancel(ctx) - domain.Nodes[0].NewEndpoint(nseCtx, nseReg, sandbox.GenerateTestToken, counter) + domain.Nodes[0].NewEndpoint(nseCtx, nseReg, sandbox.DefaultTokenTimeout, counter) - nsc := domain.Nodes[0].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain.Nodes[0].NewClient(ctx, sandbox.DefaultTokenTimeout) request := &networkservice.NetworkServiceRequest{ MechanismPreferences: []*networkservice.Mechanism{ @@ -355,9 +355,9 @@ func TestNSMGR_LocalUsecase(t *testing.T) { } counter := &counterServer{} - domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.GenerateTestToken, counter) + domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.DefaultTokenTimeout, counter) - nsc := domain.Nodes[0].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain.Nodes[0].NewClient(ctx, sandbox.DefaultTokenTimeout) request := &networkservice.NetworkServiceRequest{ MechanismPreferences: []*networkservice.Mechanism{ @@ -417,7 +417,7 @@ func TestNSMGR_PassThroughRemote(t *testing.T) { sandbox.NewCrossConnectClientFactory( newPassTroughClient(fmt.Sprintf("my-service-remote-%v", i-1)), kernel.NewClient()), - connect.WithDialOptions(sandbox.DefaultDialOptions(sandbox.GenerateTestToken)...), + connect.WithDialOptions(sandbox.DefaultDialOptions(sandbox.DefaultTokenTimeout)...), ), ), } @@ -426,10 +426,10 @@ func TestNSMGR_PassThroughRemote(t *testing.T) { Name: fmt.Sprintf("endpoint-%v", i), NetworkServiceNames: []string{fmt.Sprintf("my-service-remote-%v", i)}, } - domain.Nodes[i].NewEndpoint(ctx, nseReg, sandbox.GenerateTestToken, additionalFunctionality...) + domain.Nodes[i].NewEndpoint(ctx, nseReg, sandbox.DefaultTokenTimeout, additionalFunctionality...) } - nsc := domain.Nodes[nodesCount-1].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain.Nodes[nodesCount-1].NewClient(ctx, sandbox.DefaultTokenTimeout) request := &networkservice.NetworkServiceRequest{ MechanismPreferences: []*networkservice.Mechanism{ @@ -473,7 +473,7 @@ func TestNSMGR_PassThroughLocal(t *testing.T) { sandbox.NewCrossConnectClientFactory( newPassTroughClient(fmt.Sprintf("my-service-remote-%v", i-1)), kernel.NewClient()), - connect.WithDialOptions(sandbox.DefaultDialOptions(sandbox.GenerateTestToken)...), + connect.WithDialOptions(sandbox.DefaultDialOptions(sandbox.DefaultTokenTimeout)...), ), ), } @@ -482,10 +482,10 @@ func TestNSMGR_PassThroughLocal(t *testing.T) { Name: fmt.Sprintf("endpoint-%v", i), NetworkServiceNames: []string{fmt.Sprintf("my-service-remote-%v", i)}, } - domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.GenerateTestToken, additionalFunctionality...) + domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.DefaultTokenTimeout, additionalFunctionality...) } - nsc := domain.Nodes[0].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain.Nodes[0].NewClient(ctx, sandbox.DefaultTokenTimeout) request := &networkservice.NetworkServiceRequest{ MechanismPreferences: []*networkservice.Mechanism{ @@ -517,7 +517,7 @@ func TestNSMGR_ShouldCorrectlyAddForwardersWithSameNames(t *testing.T) { SetNodesCount(1). SetRegistryProxySupplier(nil). SetNodeSetup(func(ctx context.Context, node *sandbox.Node, _ int) { - node.NewNSMgr(ctx, sandbox.Name("nsmgr"), nil, sandbox.GenerateTestToken, nsmgr.NewServer) + node.NewNSMgr(ctx, sandbox.Name("nsmgr"), nil, sandbox.DefaultTokenTimeout, nsmgr.NewServer) }). SetRegistryExpiryDuration(sandbox.RegistryExpiryDuration). Build() @@ -533,13 +533,13 @@ func TestNSMGR_ShouldCorrectlyAddForwardersWithSameNames(t *testing.T) { // 1. Add forwarders forwarder1Reg := forwarderReg.Clone() - domain.Nodes[0].NewForwarder(ctx, forwarder1Reg, sandbox.GenerateTestToken) + domain.Nodes[0].NewForwarder(ctx, forwarder1Reg, sandbox.DefaultTokenTimeout) forwarder2Reg := forwarderReg.Clone() - domain.Nodes[0].NewForwarder(ctx, forwarder2Reg, sandbox.GenerateTestToken) + domain.Nodes[0].NewForwarder(ctx, forwarder2Reg, sandbox.DefaultTokenTimeout) forwarder3Reg := forwarderReg.Clone() - domain.Nodes[0].NewForwarder(ctx, forwarder3Reg, sandbox.GenerateTestToken) + domain.Nodes[0].NewForwarder(ctx, forwarder3Reg, sandbox.DefaultTokenTimeout) // 2. Wait for refresh <-time.After(sandbox.RegistryExpiryDuration) @@ -578,16 +578,16 @@ func TestNSMGR_ShouldCorrectlyAddEndpointsWithSameNames(t *testing.T) { Name: "endpoint", } - nsc := domain.Nodes[0].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain.Nodes[0].NewClient(ctx, sandbox.DefaultTokenTimeout) // 1. Add endpoints nse1Reg := nseReg.Clone() nse1Reg.NetworkServiceNames = []string{"service-1"} - domain.Nodes[0].NewEndpoint(ctx, nse1Reg, sandbox.GenerateTestToken) + domain.Nodes[0].NewEndpoint(ctx, nse1Reg, sandbox.DefaultTokenTimeout) nse2Reg := nseReg.Clone() nse2Reg.NetworkServiceNames = []string{"service-2"} - domain.Nodes[0].NewEndpoint(ctx, nse2Reg, sandbox.GenerateTestToken) + domain.Nodes[0].NewEndpoint(ctx, nse2Reg, sandbox.DefaultTokenTimeout) // 2. Wait for refresh <-time.After(sandbox.RegistryExpiryDuration) @@ -653,9 +653,9 @@ func testNSEAndClient( ctx, cancel := context.WithCancel(ctx) defer cancel() - domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.GenerateTestToken) + domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.DefaultTokenTimeout) - nsc := domain.Nodes[0].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain.Nodes[0].NewClient(ctx, sandbox.DefaultTokenTimeout) conn, err := nsc.Request(ctx, &networkservice.NetworkServiceRequest{ MechanismPreferences: []*networkservice.Mechanism{ @@ -799,9 +799,9 @@ func TestNSMGR_LocalUsecaseNoURL(t *testing.T) { } counter := &counterServer{} - domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.GenerateTestToken, counter) + domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.DefaultTokenTimeout, counter) - nsc := domain.Nodes[0].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain.Nodes[0].NewClient(ctx, sandbox.DefaultTokenTimeout) request := &networkservice.NetworkServiceRequest{ MechanismPreferences: []*networkservice.Mechanism{ diff --git a/pkg/networkservice/chains/nsmgrproxy/server_test.go b/pkg/networkservice/chains/nsmgrproxy/server_test.go index 83d9f85c2..2bd2bd75a 100644 --- a/pkg/networkservice/chains/nsmgrproxy/server_test.go +++ b/pkg/networkservice/chains/nsmgrproxy/server_test.go @@ -59,9 +59,9 @@ func TestNSMGR_InterdomainUseCase(t *testing.T) { NetworkServiceNames: []string{"my-service-interdomain"}, } - domain2.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.GenerateTestToken) + domain2.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.DefaultTokenTimeout) - nsc := domain1.Nodes[0].NewClient(ctx, sandbox.GenerateTestToken) + nsc := domain1.Nodes[0].NewClient(ctx, sandbox.DefaultTokenTimeout) request := &networkservice.NetworkServiceRequest{ MechanismPreferences: []*networkservice.Mechanism{ diff --git a/pkg/networkservice/common/refresh/client_test.go b/pkg/networkservice/common/refresh/client_test.go index 421e45041..c9a88a65f 100644 --- a/pkg/networkservice/common/refresh/client_test.go +++ b/pkg/networkservice/common/refresh/client_test.go @@ -206,7 +206,6 @@ func TestRefreshClient_Sandbox(t *testing.T) { domain := sandbox.NewBuilder(ctx, t). SetNodesCount(2). SetRegistryProxySupplier(nil). - SetTokenGenerateFunc(sandbox.GenerateTestToken). Build() nseReg := ®istry.NetworkServiceEndpoint{ @@ -215,10 +214,9 @@ func TestRefreshClient_Sandbox(t *testing.T) { } refreshSrv := newRefreshTesterServer(t, sandboxMinDuration, sandboxExpireTimeout) - domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.GenerateTestToken, refreshSrv) + domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.DefaultTokenTimeout, refreshSrv) - nscTokenGenerator := sandbox.GenerateExpiringToken(sandboxExpireTimeout) - nsc := domain.Nodes[1].NewClient(ctx, nscTokenGenerator) + nsc := domain.Nodes[1].NewClient(ctx, sandboxExpireTimeout) refreshSrv.beforeRequest("test-conn") _, err := nsc.Request(ctx, mkRequest("test-conn", nil)) diff --git a/pkg/tools/sandbox/builder.go b/pkg/tools/sandbox/builder.go index f0f01097f..3c9de22f6 100644 --- a/pkg/tools/sandbox/builder.go +++ b/pkg/tools/sandbox/builder.go @@ -36,7 +36,6 @@ import ( "github.com/networkservicemesh/sdk/pkg/registry/common/dnsresolve" "github.com/networkservicemesh/sdk/pkg/tools/grpcutils" "github.com/networkservicemesh/sdk/pkg/tools/log" - "github.com/networkservicemesh/sdk/pkg/tools/token" ) // Builder implements builder pattern for building NSM Domain @@ -52,9 +51,13 @@ type Builder struct { supplyRegistryProxy SupplyRegistryProxyFunc setupNode SetupNodeFunc + supplyURL supplyURLFunc + supplyServerTC SupplyTransportCredentialsFunc + supplyClientTC SupplyTransportCredentialsFunc + supplyTokenGenerator SupplyTokenGeneratorFunc + dnsDomainName string dnsResolver dnsresolve.Resolver - generateTokenFunc token.GeneratorFunc registryExpiryDuration time.Duration useUnixSockets bool @@ -72,9 +75,12 @@ func NewBuilder(ctx context.Context, t *testing.T) *Builder { supplyNSMgrProxy: nsmgrproxy.NewServer, supplyRegistry: memory.NewServer, supplyRegistryProxy: proxydns.NewServer, + supplyURL: supplyTCPURL(t), + supplyServerTC: newInsecureTC, + supplyClientTC: newInsecureTC, + supplyTokenGenerator: GenerateExpiringToken, dnsDomainName: "cluster.local", dnsResolver: net.DefaultResolver, - generateTokenFunc: GenerateTestToken, registryExpiryDuration: time.Minute, } @@ -135,9 +141,21 @@ func (b *Builder) SetDNSResolver(d dnsresolve.Resolver) *Builder { return b } -// SetTokenGenerateFunc sets function for the token generation -func (b *Builder) SetTokenGenerateFunc(f token.GeneratorFunc) *Builder { - b.generateTokenFunc = f +// SetServerTransportCredentialsSupplier replaces default server transport credentials supplier to custom func +func (b *Builder) SetServerTransportCredentialsSupplier(f SupplyTransportCredentialsFunc) *Builder { + b.supplyServerTC = f + return b +} + +// SetClientTransportCredentialsSupplier replaces default client transport credentials supplier to custom func +func (b *Builder) SetClientTransportCredentialsSupplier(f SupplyTransportCredentialsFunc) *Builder { + b.supplyClientTC = f + return b +} + +// SetTokenGeneratorSupplier replaces default token generator supplier to custom func +func (b *Builder) SetTokenGeneratorSupplier(f SupplyTokenGeneratorFunc) *Builder { + b.supplyTokenGenerator = f return b } @@ -151,17 +169,32 @@ func (b *Builder) SetRegistryExpiryDuration(registryExpiryDuration time.Duration func (b *Builder) UseUnixSockets() *Builder { require.NotEqual(b.t, "windows", runtime.GOOS, "Unix sockets are not available for windows") + sockPath, err := ioutil.TempDir(os.TempDir(), "nsm-domain-temp") + require.NoError(b.t, err) + + go func() { + <-b.ctx.Done() + _ = os.RemoveAll(sockPath) + }() + b.nodesCount = 1 b.supplyNSMgrProxy = nil b.supplyRegistry = nil b.supplyRegistryProxy = nil + b.supplyURL = supplyUnixURL(sockPath, new(int)) b.useUnixSockets = true + return b } // Build builds Domain and Supplier func (b *Builder) Build() *Domain { - b.domain = new(Domain) + b.domain = &Domain{ + supplyURL: b.supplyURL, + supplyTokenGenerator: b.supplyTokenGenerator, + supplyServerTC: b.supplyServerTC, + supplyClientTC: b.supplyClientTC, + } if b.useUnixSockets { msg := "Unix sockets are available only for local tests with no external registry" @@ -169,18 +202,6 @@ func (b *Builder) Build() *Domain { require.Nil(b.t, b.supplyNSMgrProxy, msg) require.Nil(b.t, b.supplyRegistry, msg) require.Nil(b.t, b.supplyRegistryProxy, msg) - - sockPath, err := ioutil.TempDir(os.TempDir(), "nsm-domain-temp") - require.NoError(b.t, err) - - go func() { - <-b.ctx.Done() - _ = os.RemoveAll(sockPath) - }() - - b.domain.supplyURL = b.supplyUnixAddress(sockPath, new(int)) - } else { - b.domain.supplyURL = b.supplyTCPAddress() } b.newNSMgrProxy() @@ -193,38 +214,20 @@ func (b *Builder) Build() *Domain { return b.domain } -func (b *Builder) supplyUnixAddress(sockPath string, usedAddress *int) func(prefix string) *url.URL { - return func(prefix string) *url.URL { - defer func() { *usedAddress++ }() - return &url.URL{ - Scheme: "unix", - Path: fmt.Sprintf("%s/%s_%d.sock", sockPath, prefix, *usedAddress), - } - } -} - -func (b *Builder) supplyTCPAddress() func(prefix string) *url.URL { - return func(_ string) *url.URL { - l, err := net.Listen("tcp", "127.0.0.1:0") - require.NoError(b.t, err) - defer func() { _ = l.Close() }() - - return grpcutils.AddressToURL(l.Addr()) - } -} - func (b *Builder) newNSMgrProxy() { if b.supplyRegistryProxy == nil { return } + tokenGenerator := b.supplyTokenGenerator(DefaultTokenTimeout) + name := Name("nsmgr-proxy") - mgr := b.supplyNSMgrProxy(b.ctx, b.generateTokenFunc, + mgr := b.supplyNSMgrProxy(b.ctx, tokenGenerator, nsmgrproxy.WithName(name), - nsmgrproxy.WithDialOptions(DefaultDialOptions(b.generateTokenFunc)...)) - serveURL := b.domain.supplyURL("nsmgr-proxy") + nsmgrproxy.WithDialOptions(DefaultSecureDialOptions(b.supplyClientTC(), tokenGenerator)...)) + serveURL := b.supplyURL("nsmgr-proxy") - serve(b.ctx, b.t, serveURL, mgr.Register) + serve(b.ctx, b.t, serveURL, b.supplyServerTC(), mgr.Register) log.FromContext(b.ctx).Infof("Started listening NSMgr proxy %v on: %v", name, serveURL) @@ -246,10 +249,12 @@ func (b *Builder) newRegistryProxy() { nsmgrProxyURL = b.domain.NSMgrProxy.URL } - registryProxy := b.supplyRegistryProxy(b.ctx, b.dnsResolver, b.dnsDomainName, nsmgrProxyURL, DefaultDialOptions(b.generateTokenFunc)...) - serveURL := b.domain.supplyURL("reg-proxy") + tokenGenerator := b.supplyTokenGenerator(DefaultTokenTimeout) - serve(b.ctx, b.t, serveURL, registryProxy.Register) + registryProxy := b.supplyRegistryProxy(b.ctx, b.dnsResolver, b.dnsDomainName, nsmgrProxyURL, DefaultSecureDialOptions(b.supplyClientTC(), tokenGenerator)...) + serveURL := b.supplyURL("reg-proxy") + + serve(b.ctx, b.t, serveURL, b.supplyServerTC(), registryProxy.Register) log.FromContext(b.ctx).Infof("Started listening registry-proxy-dns on: %v", serveURL) @@ -269,10 +274,12 @@ func (b *Builder) newRegistry() { registryProxyURL = b.domain.RegistryProxy.URL } - registry := b.supplyRegistry(b.ctx, b.registryExpiryDuration, registryProxyURL, DefaultDialOptions(b.generateTokenFunc)...) - serveURL := b.domain.supplyURL("reg") + tokenGenerator := b.supplyTokenGenerator(DefaultTokenTimeout) + + registry := b.supplyRegistry(b.ctx, b.registryExpiryDuration, registryProxyURL, DefaultSecureDialOptions(b.supplyClientTC(), tokenGenerator)...) + serveURL := b.supplyURL("reg") - serve(b.ctx, b.t, serveURL, registry.Register) + serve(b.ctx, b.t, serveURL, b.supplyServerTC(), registry.Register) log.FromContext(b.ctx).Infof("Started listening Registry on: %v", serveURL) @@ -294,3 +301,23 @@ func (b *Builder) newNode(nodeNum int) { b.domain.Nodes = append(b.domain.Nodes, node) } + +func supplyTCPURL(t *testing.T) supplyURLFunc { + return func(_ string) *url.URL { + l, err := net.Listen("tcp", "127.0.0.1:0") + require.NoError(t, err) + defer func() { _ = l.Close() }() + + return grpcutils.AddressToURL(l.Addr()) + } +} + +func supplyUnixURL(sockPath string, usedAddress *int) supplyURLFunc { + return func(prefix string) *url.URL { + defer func() { *usedAddress++ }() + return &url.URL{ + Scheme: "unix", + Path: fmt.Sprintf("%s/%s_%d.sock", sockPath, prefix, *usedAddress), + } + } +} diff --git a/pkg/tools/sandbox/grpc_utils.go b/pkg/tools/sandbox/grpc_utils.go index af0a0e8b5..7189fb6c6 100644 --- a/pkg/tools/sandbox/grpc_utils.go +++ b/pkg/tools/sandbox/grpc_utils.go @@ -23,7 +23,7 @@ import ( "github.com/stretchr/testify/require" "google.golang.org/grpc" - "google.golang.org/grpc/credentials/insecure" + "google.golang.org/grpc/credentials" "github.com/networkservicemesh/sdk/pkg/tools/grpcutils" "github.com/networkservicemesh/sdk/pkg/tools/log" @@ -31,9 +31,9 @@ import ( "github.com/networkservicemesh/sdk/pkg/tools/token" ) -func serve(ctx context.Context, t *testing.T, u *url.URL, register func(server *grpc.Server)) { +func serve(ctx context.Context, t *testing.T, u *url.URL, serverTC credentials.TransportCredentials, register func(server *grpc.Server)) { server := grpc.NewServer(append([]grpc.ServerOption{ - grpc.Creds(grpcfdTransportCredentials(insecure.NewCredentials())), + grpc.Creds(grpcfdTransportCredentials(serverTC)), }, opentracing.WithTracing()...)...) register(server) @@ -49,8 +49,8 @@ func serve(ctx context.Context, t *testing.T, u *url.URL, register func(server * }() } -func dial(ctx context.Context, t *testing.T, u *url.URL, tokenGenerator token.GeneratorFunc) *grpc.ClientConn { - cc, err := grpc.DialContext(ctx, grpcutils.URLToTarget(u), DefaultDialOptions(tokenGenerator)...) +func dial(ctx context.Context, t *testing.T, u *url.URL, clientTC credentials.TransportCredentials, tokenGenerator token.GeneratorFunc) *grpc.ClientConn { + cc, err := grpc.DialContext(ctx, grpcutils.URLToTarget(u), DefaultSecureDialOptions(clientTC, tokenGenerator)...) require.NoError(t, err) go func() { diff --git a/pkg/tools/sandbox/insecure_tc.go b/pkg/tools/sandbox/insecure_tc.go new file mode 100644 index 000000000..97d63559e --- /dev/null +++ b/pkg/tools/sandbox/insecure_tc.go @@ -0,0 +1,54 @@ +// Copyright (c) 2020-2021 Doc.ai and/or its affiliates. +// +// SPDX-License-Identifier: Apache-2.0 +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at: +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package sandbox + +import ( + "context" + "net" + + "google.golang.org/grpc/credentials" + "google.golang.org/grpc/credentials/insecure" +) + +type insecureTC struct { + credentials.TransportCredentials +} + +func newInsecureTC() credentials.TransportCredentials { + return &insecureTC{ + TransportCredentials: insecure.NewCredentials(), + } +} + +func (insecureTC) ClientHandshake(_ context.Context, _ string, conn net.Conn) (net.Conn, credentials.AuthInfo, error) { + return conn, info{credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity}}, nil +} + +func (insecureTC) ServerHandshake(conn net.Conn) (net.Conn, credentials.AuthInfo, error) { + return conn, info{credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity}}, nil +} + +// info contains the auth information for an insecure connection. +// It implements the AuthInfo interface. +type info struct { + credentials.CommonAuthInfo +} + +// AuthType returns the type of info as a string. +func (info) AuthType() string { + return "insecure" +} diff --git a/pkg/tools/sandbox/node.go b/pkg/tools/sandbox/node.go index 71ea9d20e..c5fa8856a 100644 --- a/pkg/tools/sandbox/node.go +++ b/pkg/tools/sandbox/node.go @@ -20,6 +20,7 @@ import ( "context" "net/url" "testing" + "time" "github.com/networkservicemesh/api/pkg/api/networkservice" "github.com/networkservicemesh/api/pkg/api/networkservice/payload" @@ -56,21 +57,24 @@ func (n *Node) NewNSMgr( ctx context.Context, name string, serveURL *url.URL, - generatorFunc token.GeneratorFunc, + tokenTimeout time.Duration, supplyNSMgr SupplyNSMgrFunc, ) *NSMgrEntry { if serveURL == nil { serveURL = n.domain.supplyURL("nsmgr") } + clientTC := n.domain.supplyClientTC() // NSMgr -> (...) + tokenGenerator := n.domain.supplyTokenGenerator(tokenTimeout) + options := []nsmgr.Option{ nsmgr.WithName(name), nsmgr.WithAuthorizeServer(authorize.NewServer(authorize.Any())), - nsmgr.WithDialOptions(DefaultDialOptions(generatorFunc)...), + nsmgr.WithDialOptions(DefaultSecureDialOptions(clientTC, tokenGenerator)...), } if n.domain.Registry != nil { - registryCC := dial(ctx, n.t, n.domain.Registry.URL, generatorFunc) + registryCC := dial(ctx, n.t, n.domain.Registry.URL, clientTC, tokenGenerator) options = append(options, nsmgr.WithRegistryClientConn(registryCC)) } @@ -79,13 +83,13 @@ func (n *Node) NewNSMgr( } entry := &NSMgrEntry{ - Nsmgr: supplyNSMgr(ctx, generatorFunc, options...), + Nsmgr: supplyNSMgr(ctx, tokenGenerator, options...), Name: name, URL: serveURL, } - serve(ctx, n.t, serveURL, entry.Register) - cc := dial(ctx, n.t, serveURL, generatorFunc) + serve(ctx, n.t, serveURL, n.domain.supplyServerTC(), entry.Register) + cc := dial(ctx, n.t, serveURL, n.domain.supplyClientTC(), tokenGenerator) // (...) -> NSMgr log.FromContext(ctx).Infof("Started listening NSMgr %s on %s", name, serveURL.String()) @@ -101,13 +105,16 @@ func (n *Node) NewNSMgr( func (n *Node) NewForwarder( ctx context.Context, nse *registryapi.NetworkServiceEndpoint, - generatorFunc token.GeneratorFunc, + tokenTimeout time.Duration, additionalFunctionality ...networkservice.NetworkServiceServer, ) *EndpointEntry { if nse.Url == "" { nse.Url = n.domain.supplyURL("forwarder").String() } + clientTC := n.domain.supplyClientTC() + tokenGenerator := n.domain.supplyTokenGenerator(tokenTimeout) + entry := new(EndpointEntry) additionalFunctionality = append(additionalFunctionality, clienturl.NewServer(n.NSMgr.URL), @@ -116,11 +123,11 @@ func (n *Node) NewForwarder( client.NewCrossConnectClientFactory( client.WithName(nse.Name), ), - connect.WithDialOptions(DefaultDialOptions(generatorFunc)...), + connect.WithDialOptions(DefaultSecureDialOptions(clientTC, tokenGenerator)...), ), ) - *entry = *n.newEndpoint(ctx, nse, generatorFunc, n.ForwarderRegistryClient, additionalFunctionality...) + *entry = *n.newEndpoint(ctx, nse, tokenGenerator, n.ForwarderRegistryClient, additionalFunctionality...) return entry } @@ -129,25 +136,27 @@ func (n *Node) NewForwarder( func (n *Node) NewEndpoint( ctx context.Context, nse *registryapi.NetworkServiceEndpoint, - generatorFunc token.GeneratorFunc, + tokenTimeout time.Duration, additionalFunctionality ...networkservice.NetworkServiceServer, ) *EndpointEntry { if nse.Url == "" { nse.Url = n.domain.supplyURL("nse").String() } - return n.newEndpoint(ctx, nse, generatorFunc, n.EndpointRegistryClient, additionalFunctionality...) + tokenGenerator := n.domain.supplyTokenGenerator(tokenTimeout) + + return n.newEndpoint(ctx, nse, tokenGenerator, n.EndpointRegistryClient, additionalFunctionality...) } func (n *Node) newEndpoint( ctx context.Context, nse *registryapi.NetworkServiceEndpoint, - generatorFunc token.GeneratorFunc, + tokenGenerator token.GeneratorFunc, registryClient registryapi.NetworkServiceEndpointRegistryClient, additionalFunctionality ...networkservice.NetworkServiceServer, ) *EndpointEntry { name := nse.Name - entry := endpoint.NewServer(ctx, generatorFunc, + entry := endpoint.NewServer(ctx, tokenGenerator, endpoint.WithName(name), endpoint.WithAdditionalFunctionality(additionalFunctionality...), ) @@ -155,7 +164,7 @@ func (n *Node) newEndpoint( serveURL, err := url.Parse(nse.Url) require.NoError(n.t, err) - serve(ctx, n.t, serveURL, entry.Register) + serve(ctx, n.t, serveURL, n.domain.supplyServerTC(), entry.Register) n.registerEndpoint(ctx, nse, registryClient) @@ -201,12 +210,12 @@ func (n *Node) registerEndpoint( // NewClient starts a new client and connects it to the node NSMgr func (n *Node) NewClient( ctx context.Context, - generatorFunc token.GeneratorFunc, + tokenTimeout time.Duration, additionalFunctionality ...networkservice.NetworkServiceClient, ) networkservice.NetworkServiceClient { return client.NewClient( ctx, - dial(ctx, n.t, n.NSMgr.URL, generatorFunc), + dial(ctx, n.t, n.NSMgr.URL, n.domain.supplyClientTC(), n.domain.supplyTokenGenerator(tokenTimeout)), client.WithAuthorizeClient(authorize.NewClient(authorize.Any())), client.WithAdditionalFunctionality(additionalFunctionality...), ) diff --git a/pkg/tools/sandbox/types.go b/pkg/tools/sandbox/types.go index 680c8ff54..ac88f52d8 100644 --- a/pkg/tools/sandbox/types.go +++ b/pkg/tools/sandbox/types.go @@ -22,6 +22,7 @@ import ( "time" "google.golang.org/grpc" + "google.golang.org/grpc/credentials" "github.com/networkservicemesh/sdk/pkg/networkservice/chains/endpoint" "github.com/networkservicemesh/sdk/pkg/networkservice/chains/nsmgr" @@ -46,6 +47,14 @@ type SupplyRegistryProxyFunc func(ctx context.Context, dnsResolver dnsresolve.Re // SetupNodeFunc setups each node on Builder.Build() stage type SetupNodeFunc func(ctx context.Context, node *Node, i int) +type supplyURLFunc func(prefix string) *url.URL + +// SupplyTokenGeneratorFunc supplies token generator func +type SupplyTokenGeneratorFunc func(timeout time.Duration) token.GeneratorFunc + +// SupplyTransportCredentialsFunc supplies transport credentials +type SupplyTransportCredentialsFunc func() credentials.TransportCredentials + // RegistryEntry is pair of registry.Registry and url.URL type RegistryEntry struct { registry.Registry @@ -73,7 +82,10 @@ type Domain struct { Registry *RegistryEntry RegistryProxy *RegistryEntry - supplyURL func(prefix string) *url.URL + supplyURL supplyURLFunc + supplyServerTC SupplyTransportCredentialsFunc + supplyClientTC SupplyTransportCredentialsFunc + supplyTokenGenerator SupplyTokenGeneratorFunc } // NodeConfig keeps custom node configuration parameters diff --git a/pkg/tools/sandbox/utils.go b/pkg/tools/sandbox/utils.go index 2daeae70d..548af9644 100644 --- a/pkg/tools/sandbox/utils.go +++ b/pkg/tools/sandbox/utils.go @@ -23,58 +23,26 @@ import ( "github.com/edwarnicke/grpcfd" "github.com/google/uuid" + "github.com/networkservicemesh/api/pkg/api/networkservice" registryapi "github.com/networkservicemesh/api/pkg/api/registry" "google.golang.org/grpc" "google.golang.org/grpc/credentials" - "google.golang.org/grpc/credentials/insecure" - - "github.com/networkservicemesh/api/pkg/api/networkservice" "github.com/networkservicemesh/sdk/pkg/networkservice/chains/client" "github.com/networkservicemesh/sdk/pkg/tools/opentracing" "github.com/networkservicemesh/sdk/pkg/tools/token" ) -// RegistryExpiryDuration is a duration that should be used for expire tests -const RegistryExpiryDuration = time.Second - -type insecurePerRPCCredentials struct { - credentials.PerRPCCredentials -} - -func (i *insecurePerRPCCredentials) RequireTransportSecurity() bool { - return false -} - -// WithInsecureRPCCredentials makes passed call option with credentials.PerRPCCredentials insecure. -func WithInsecureRPCCredentials() grpc.DialOption { - return grpc.WithChainUnaryInterceptor(func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error { - for i := len(opts) - 1; i > -1; i-- { - if v, ok := opts[i].(grpc.PerRPCCredsCallOption); ok { - opts = append(opts, grpc.PerRPCCredentials(&insecurePerRPCCredentials{PerRPCCredentials: v.Creds})) - break - } - } - return invoker(ctx, method, req, reply, cc, opts...) - }) -} - -// WithInsecureStreamRPCCredentials makes passed call option with credentials.PerRPCCredentials insecure. -func WithInsecureStreamRPCCredentials() grpc.DialOption { - return grpc.WithChainStreamInterceptor(func(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error) { - for i := len(opts) - 1; i > -1; i-- { - if v, ok := opts[i].(grpc.PerRPCCredsCallOption); ok { - opts = append(opts, grpc.PerRPCCredentials(&insecurePerRPCCredentials{PerRPCCredentials: v.Creds})) - break - } - } - return streamer(ctx, desc, cc, method, opts...) - }) -} +const ( + // RegistryExpiryDuration is a duration that should be used for expire tests + RegistryExpiryDuration = time.Second + // DefaultTokenTimeout is a default token timeout for sandbox testing + DefaultTokenTimeout = time.Hour +) // GenerateTestToken generates test token func GenerateTestToken(_ credentials.AuthInfo) (tokenValue string, expireTime time.Time, err error) { - return "TestToken", time.Now().Add(time.Hour).Local(), nil + return "TestToken", time.Now().Add(DefaultTokenTimeout).Local(), nil } // GenerateExpiringToken returns a token generator with the specified expiration duration. @@ -94,9 +62,14 @@ func NewCrossConnectClientFactory(additionalFunctionality ...networkservice.Netw } // DefaultDialOptions returns default dial options for sandbox testing -func DefaultDialOptions(genTokenFunc token.GeneratorFunc) []grpc.DialOption { +func DefaultDialOptions(tokenTimeout time.Duration) []grpc.DialOption { + return DefaultSecureDialOptions(newInsecureTC(), GenerateExpiringToken(tokenTimeout)) +} + +// DefaultSecureDialOptions returns default secure dial options for sandbox testing +func DefaultSecureDialOptions(clientTC credentials.TransportCredentials, genTokenFunc token.GeneratorFunc) []grpc.DialOption { return append([]grpc.DialOption{ - grpc.WithTransportCredentials(grpcfdTransportCredentials(insecure.NewCredentials())), + grpc.WithTransportCredentials(grpcfdTransportCredentials(clientTC)), grpc.WithBlock(), grpc.WithDefaultCallOptions( grpc.WaitForReady(true), @@ -104,8 +77,6 @@ func DefaultDialOptions(genTokenFunc token.GeneratorFunc) []grpc.DialOption { ), grpcfd.WithChainStreamInterceptor(), grpcfd.WithChainUnaryInterceptor(), - WithInsecureRPCCredentials(), - WithInsecureStreamRPCCredentials(), }, opentracing.WithTracingDial()...) } @@ -116,9 +87,9 @@ func Name(prefix string) string { // SetupDefaultNode setups NSMgr and default Forwarder on the given node func SetupDefaultNode(ctx context.Context, node *Node, supplyNSMgr SupplyNSMgrFunc) { - node.NewNSMgr(ctx, Name("nsmgr"), nil, GenerateTestToken, supplyNSMgr) + node.NewNSMgr(ctx, Name("nsmgr"), nil, DefaultTokenTimeout, supplyNSMgr) node.NewForwarder(ctx, ®istryapi.NetworkServiceEndpoint{ Name: Name("forwarder"), - }, GenerateTestToken) + }, DefaultTokenTimeout) }