open-consul/agent/grpc/public/services/connectca/server_test.go

package connectca

import (
	"context"
	"net"
	"sync"
	"testing"
	"time"

	"github.com/stretchr/testify/require"
	"google.golang.org/grpc"

	"github.com/hashicorp/consul/agent/consul/state"
	"github.com/hashicorp/consul/agent/consul/stream"
	"github.com/hashicorp/consul/agent/structs"
	"github.com/hashicorp/consul/proto-public/pbconnectca"
)

func noopForwardRPC(structs.RPCInfo, func(*grpc.ClientConn) error) (bool, error) {
	return false, nil
}

func testStateStore(t *testing.T, publisher state.EventPublisher) *state.Store {
	t.Helper()

	gc, err := state.NewTombstoneGC(time.Second, time.Millisecond)
	require.NoError(t, err)

	return state.NewStateStoreWithEventPublisher(gc, publisher)
}

type FakeFSM struct {
	lock      sync.Mutex
	store     *state.Store
	publisher *stream.EventPublisher
}

func newFakeFSM(t *testing.T, publisher *stream.EventPublisher) *FakeFSM {
	t.Helper()

	store := testStateStore(t, publisher)

	fsm := FakeFSM{store: store, publisher: publisher}

	// register handlers
	publisher.RegisterHandler(state.EventTopicCARoots, func(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error) {
		return fsm.GetStore().CARootsSnapshot(req, buf)
	})

	return &fsm
}

func (f *FakeFSM) GetStore() *state.Store {
	f.lock.Lock()
	defer f.lock.Unlock()
	return f.store
}

func (f *FakeFSM) ReplaceStore(store *state.Store) {
	f.lock.Lock()
	defer f.lock.Unlock()
	oldStore := f.store
	f.store = store
	oldStore.Abandon()
	f.publisher.RefreshTopic(state.EventTopicCARoots)
}

func setupFSMAndPublisher(t *testing.T) (*FakeFSM, state.EventPublisher) {
	t.Helper()
	publisher := stream.NewEventPublisher(10 * time.Second)

	fsm := newFakeFSM(t, publisher)

	ctx, cancel := context.WithCancel(context.Background())
	t.Cleanup(cancel)
	go publisher.Run(ctx)

	return fsm, publisher
}

func testClient(t *testing.T, server *Server) pbconnectca.ConnectCAServiceClient {
	t.Helper()

	addr := runTestServer(t, server)

	conn, err := grpc.DialContext(context.Background(), addr.String(), grpc.WithInsecure())
	require.NoError(t, err)
	t.Cleanup(func() {
		require.NoError(t, conn.Close())
	})

	return pbconnectca.NewConnectCAServiceClient(conn)
}

func runTestServer(t *testing.T, server *Server) net.Addr {
	t.Helper()

	lis, err := net.Listen("tcp", "127.0.0.1:0")
	require.NoError(t, err)

	grpcServer := grpc.NewServer()
	server.Register(grpcServer)

	go grpcServer.Serve(lis)
	t.Cleanup(grpcServer.Stop)

	return lis.Addr()
}
WatchRoots gRPC endpoint (#12678) Adds a new gRPC streaming endpoint (WatchRoots) that dataplane clients will use to fetch the current list of active Connect CA roots and receive new lists whenever the roots are rotated. 2022-04-05 14:26:14 +00:00			`package connectca`

			`import (`
			`"context"`
			`"net"`
Move to using a shared EventPublisher (#12673) Previously we had 1 EventPublisher per state.Store. When a state store was closed/abandoned such as during a consul snapshot restore, this had the behavior of force closing subscriptions for that topic and evicting event snapshots from the cache. The intention of this commit is to keep all that behavior. To that end, the shared EventPublisher now supports the ability to refresh a topic. That will perform the force close + eviction. The FSM upon abandoning the previous state.Store will call RefreshTopic for all the topics with events generated by the state.Store. 2022-04-12 13:47:42 +00:00			`"sync"`
WatchRoots gRPC endpoint (#12678) Adds a new gRPC streaming endpoint (WatchRoots) that dataplane clients will use to fetch the current list of active Connect CA roots and receive new lists whenever the roots are rotated. 2022-04-05 14:26:14 +00:00			`"testing"`
			`"time"`

			`"github.com/stretchr/testify/require"`
			`"google.golang.org/grpc"`

			`"github.com/hashicorp/consul/agent/consul/state"`
Move to using a shared EventPublisher (#12673) Previously we had 1 EventPublisher per state.Store. When a state store was closed/abandoned such as during a consul snapshot restore, this had the behavior of force closing subscriptions for that topic and evicting event snapshots from the cache. The intention of this commit is to keep all that behavior. To that end, the shared EventPublisher now supports the ability to refresh a topic. That will perform the force close + eviction. The FSM upon abandoning the previous state.Store will call RefreshTopic for all the topics with events generated by the state.Store. 2022-04-12 13:47:42 +00:00			`"github.com/hashicorp/consul/agent/consul/stream"`
ConnectCA.Sign gRPC Endpoint (#12787) Introduces a gRPC endpoint for signing Connect leaf certificates. It's also the first of the public gRPC endpoints to perform leader-forwarding, so establishes the pattern of forwarding over the multiplexed internal RPC port. 2022-04-14 13:26:14 +00:00			`"github.com/hashicorp/consul/agent/structs"`
WatchRoots gRPC endpoint (#12678) Adds a new gRPC streaming endpoint (WatchRoots) that dataplane clients will use to fetch the current list of active Connect CA roots and receive new lists whenever the roots are rotated. 2022-04-05 14:26:14 +00:00			`"github.com/hashicorp/consul/proto-public/pbconnectca"`
			`)`

ConnectCA.Sign gRPC Endpoint (#12787) Introduces a gRPC endpoint for signing Connect leaf certificates. It's also the first of the public gRPC endpoints to perform leader-forwarding, so establishes the pattern of forwarding over the multiplexed internal RPC port. 2022-04-14 13:26:14 +00:00			`func noopForwardRPC(structs.RPCInfo, func(*grpc.ClientConn) error) (bool, error) {`
			`return false, nil`
			`}`

Move to using a shared EventPublisher (#12673) Previously we had 1 EventPublisher per state.Store. When a state store was closed/abandoned such as during a consul snapshot restore, this had the behavior of force closing subscriptions for that topic and evicting event snapshots from the cache. The intention of this commit is to keep all that behavior. To that end, the shared EventPublisher now supports the ability to refresh a topic. That will perform the force close + eviction. The FSM upon abandoning the previous state.Store will call RefreshTopic for all the topics with events generated by the state.Store. 2022-04-12 13:47:42 +00:00			`func testStateStore(t testing.T, publisher state.EventPublisher) state.Store {`
WatchRoots gRPC endpoint (#12678) Adds a new gRPC streaming endpoint (WatchRoots) that dataplane clients will use to fetch the current list of active Connect CA roots and receive new lists whenever the roots are rotated. 2022-04-05 14:26:14 +00:00			`t.Helper()`

			`gc, err := state.NewTombstoneGC(time.Second, time.Millisecond)`
			`require.NoError(t, err)`

Move to using a shared EventPublisher (#12673) Previously we had 1 EventPublisher per state.Store. When a state store was closed/abandoned such as during a consul snapshot restore, this had the behavior of force closing subscriptions for that topic and evicting event snapshots from the cache. The intention of this commit is to keep all that behavior. To that end, the shared EventPublisher now supports the ability to refresh a topic. That will perform the force close + eviction. The FSM upon abandoning the previous state.Store will call RefreshTopic for all the topics with events generated by the state.Store. 2022-04-12 13:47:42 +00:00			`return state.NewStateStoreWithEventPublisher(gc, publisher)`
			`}`

			`type FakeFSM struct {`
			`lock sync.Mutex`
			`store *state.Store`
			`publisher *stream.EventPublisher`
			`}`

			`func newFakeFSM(t testing.T, publisher stream.EventPublisher) *FakeFSM {`
			`t.Helper()`

			`store := testStateStore(t, publisher)`

			`fsm := FakeFSM{store: store, publisher: publisher}`

			`// register handlers`
			`publisher.RegisterHandler(state.EventTopicCARoots, func(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error) {`
			`return fsm.GetStore().CARootsSnapshot(req, buf)`
			`})`

			`return &fsm`
			`}`

			`func (f FakeFSM) GetStore() state.Store {`
			`f.lock.Lock()`
			`defer f.lock.Unlock()`
			`return f.store`
			`}`

			`func (f FakeFSM) ReplaceStore(store state.Store) {`
			`f.lock.Lock()`
			`defer f.lock.Unlock()`
			`oldStore := f.store`
			`f.store = store`
			`oldStore.Abandon()`
			`f.publisher.RefreshTopic(state.EventTopicCARoots)`
			`}`

			`func setupFSMAndPublisher(t testing.T) (FakeFSM, state.EventPublisher) {`
			`t.Helper()`
			`publisher := stream.NewEventPublisher(10 * time.Second)`

			`fsm := newFakeFSM(t, publisher)`

			`ctx, cancel := context.WithCancel(context.Background())`
			`t.Cleanup(cancel)`
			`go publisher.Run(ctx)`

			`return fsm, publisher`
WatchRoots gRPC endpoint (#12678) Adds a new gRPC streaming endpoint (WatchRoots) that dataplane clients will use to fetch the current list of active Connect CA roots and receive new lists whenever the roots are rotated. 2022-04-05 14:26:14 +00:00			`}`

			`func testClient(t testing.T, server Server) pbconnectca.ConnectCAServiceClient {`
			`t.Helper()`

			`addr := runTestServer(t, server)`

			`conn, err := grpc.DialContext(context.Background(), addr.String(), grpc.WithInsecure())`
			`require.NoError(t, err)`
			`t.Cleanup(func() {`
			`require.NoError(t, conn.Close())`
			`})`

			`return pbconnectca.NewConnectCAServiceClient(conn)`
			`}`

			`func runTestServer(t testing.T, server Server) net.Addr {`
			`t.Helper()`

			`lis, err := net.Listen("tcp", "127.0.0.1:0")`
			`require.NoError(t, err)`

			`grpcServer := grpc.NewServer()`
			`server.Register(grpcServer)`

			`go grpcServer.Serve(lis)`
			`t.Cleanup(grpcServer.Stop)`

			`return lis.Addr()`
			`}`