Strona główna Odkrywaj Pomoc
Zaloguj się
logic855
/
helm-external-secrets
kopia lustrzana https://github.com/external-secrets/external-secrets
1
0
Forkuj 0
Pliki Problemy 0 Wiki
Gałąź: mj-aws-v2-parameterstore-e2e
Gałęzie Tagi
helm-external-s...
/
providers
/
v2
/
common
/
grpc
/
pool_test.go

pool_test.go 6.3 KB
Bezpośredni odnośnik Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252 
  1. /*
    2. 

  2. Copyright © The ESO Authors
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     https://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package grpc
    18. 

  18. 

  19. import (
    20. 

  20. 	"context"
    21. 

  21. 	"crypto/tls"
    22. 

  22. 	"crypto/x509"
    23. 

  23. 	"net"
    24. 

  24. 	"testing"
    25. 

  25. 	"time"
    26. 

  26. 

  27. 	"google.golang.org/grpc"
    28. 

  28. 	"google.golang.org/grpc/credentials"
    29. 

  29. 

  30. 	pb "github.com/external-secrets/external-secrets/proto/provider"
    31. 

  31. )
    32. 

  32. 

  33. func TestConnectionPoolGetReleaseReuse(t *testing.T) {
    34. 

  34. 	address, tlsConfig := newPoolTestServer(t)
    35. 

  35. 

  36. 	pool := NewConnectionPool(PoolConfig{
    37. 

  37. 		MaxIdleTime:         time.Minute,
    38. 

  38. 		MaxLifetime:         time.Minute,
    39. 

  39. 		HealthCheckInterval: time.Hour,
    40. 

  40. 	})
    41. 

  41. 	defer func() {
    42. 

  42. 		_ = pool.Close()
    43. 

  43. 	}()
    44. 

  44. 

  45. 	client1, err := pool.Get(context.Background(), address, tlsConfig)
    46. 

  46. 	if err != nil {
    47. 

  47. 		t.Fatalf("Get() error = %v", err)
    48. 

  48. 	}
    49. 

  49. 	client2, err := pool.Get(context.Background(), address, tlsConfig)
    50. 

  50. 	if err != nil {
    51. 

  51. 		t.Fatalf("second Get() error = %v", err)
    52. 

  52. 	}
    53. 

  53. 

  54. 	if client1 != client2 {
    55. 

  55. 		t.Fatal("expected pooled client to be reused")
    56. 

  56. 	}
    57. 

  57. 

  58. 	key := pool.connectionKey(address, tlsConfig)
    59. 

  59. 	pooled := pool.connections[key]
    60. 

  60. 	if pooled == nil {
    61. 

  61. 		t.Fatalf("expected pooled connection for key %q", key)
    62. 

  62. 	}
    63. 

  63. 	if pooled.references != 2 {
    64. 

  64. 		t.Fatalf("expected references=2, got %d", pooled.references)
    65. 

  65. 	}
    66. 

  66. 

  67. 	pool.Release(address, tlsConfig)
    68. 

  68. 	if pooled.references != 1 {
    69. 

  69. 		t.Fatalf("expected references=1 after release, got %d", pooled.references)
    70. 

  70. 	}
    71. 

  71. 	pool.Release(address, tlsConfig)
    72. 

  72. 	if pooled.references != 0 {
    73. 

  73. 		t.Fatalf("expected references=0 after second release, got %d", pooled.references)
    74. 

  74. 	}
    75. 

  75. }
    76. 

  76. 

  77. func TestConnectionPoolGetReplacesExpiredConnection(t *testing.T) {
    78. 

  78. 	address, tlsConfig := newPoolTestServer(t)
    79. 

  79. 

  80. 	pool := NewConnectionPool(PoolConfig{
    81. 

  81. 		MaxIdleTime:         time.Minute,
    82. 

  82. 		MaxLifetime:         time.Minute,
    83. 

  83. 		HealthCheckInterval: time.Hour,
    84. 

  84. 	})
    85. 

  85. 	defer func() {
    86. 

  86. 		_ = pool.Close()
    87. 

  87. 	}()
    88. 

  88. 

  89. 	client1, err := pool.Get(context.Background(), address, tlsConfig)
    90. 

  90. 	if err != nil {
    91. 

  91. 		t.Fatalf("Get() error = %v", err)
    92. 

  92. 	}
    93. 

  93. 	pool.Release(address, tlsConfig)
    94. 

  94. 

  95. 	key := pool.connectionKey(address, tlsConfig)
    96. 

  96. 	pooled := pool.connections[key]
    97. 

  97. 	if pooled == nil {
    98. 

  98. 		t.Fatalf("expected pooled connection for key %q", key)
    99. 

  99. 	}
    100. 

  100. 	pooled.mu.Lock()
    101. 

  101. 	pooled.created = time.Now().Add(-2 * time.Hour)
    102. 

  102. 	pooled.mu.Unlock()
    103. 

  103. 

  104. 	client2, err := pool.Get(context.Background(), address, tlsConfig)
    105. 

  105. 	if err != nil {
    106. 

  106. 		t.Fatalf("second Get() error = %v", err)
    107. 

  107. 	}
    108. 

  108. 

  109. 	if client1 == client2 {
    110. 

  110. 		t.Fatal("expected expired pooled client to be replaced")
    111. 

  111. 	}
    112. 

  112. }
    113. 

  113. 

  114. func TestConnectionPoolCleanupIdleConnectionsRemovesReleasedConnection(t *testing.T) {
    115. 

  115. 	address, tlsConfig := newPoolTestServer(t)
    116. 

  116. 

  117. 	pool := NewConnectionPool(PoolConfig{
    118. 

  118. 		MaxIdleTime:         time.Second,
    119. 

  119. 		MaxLifetime:         time.Minute,
    120. 

  120. 		HealthCheckInterval: time.Hour,
    121. 

  121. 	})
    122. 

  122. 	defer func() {
    123. 

  123. 		_ = pool.Close()
    124. 

  124. 	}()
    125. 

  125. 

  126. 	_, err := pool.Get(context.Background(), address, tlsConfig)
    127. 

  127. 	if err != nil {
    128. 

  128. 		t.Fatalf("Get() error = %v", err)
    129. 

  129. 	}
    130. 

  130. 	pool.Release(address, tlsConfig)
    131. 

  131. 

  132. 	key := pool.connectionKey(address, tlsConfig)
    133. 

  133. 	pooled := pool.connections[key]
    134. 

  134. 	if pooled == nil {
    135. 

  135. 		t.Fatalf("expected pooled connection for key %q", key)
    136. 

  136. 	}
    137. 

  137. 	pooled.mu.Lock()
    138. 

  138. 	pooled.lastUsed = time.Now().Add(-2 * time.Second)
    139. 

  139. 	pooled.mu.Unlock()
    140. 

  140. 

  141. 	pool.cleanupIdleConnections()
    142. 

  142. 

  143. 	if _, ok := pool.connections[key]; ok {
    144. 

  144. 		t.Fatalf("expected idle pooled connection %q to be removed", key)
    145. 

  145. 	}
    146. 

  146. }
    147. 

  147. 

  148. func TestConnectionPoolCheckConnectionHealthRemovesShutdownConnection(t *testing.T) {
    149. 

  149. 	address, tlsConfig := newPoolTestServer(t)
    150. 

  150. 

  151. 	pool := NewConnectionPool(PoolConfig{
    152. 

  152. 		MaxIdleTime:         time.Minute,
    153. 

  153. 		MaxLifetime:         time.Minute,
    154. 

  154. 		HealthCheckInterval: time.Hour,
    155. 

  155. 	})
    156. 

  156. 	defer func() {
    157. 

  157. 		_ = pool.Close()
    158. 

  158. 	}()
    159. 

  159. 

  160. 	_, err := pool.Get(context.Background(), address, tlsConfig)
    161. 

  161. 	if err != nil {
    162. 

  162. 		t.Fatalf("Get() error = %v", err)
    163. 

  163. 	}
    164. 

  164. 	pool.Release(address, tlsConfig)
    165. 

  165. 

  166. 	key := pool.connectionKey(address, tlsConfig)
    167. 

  167. 	pooled := pool.connections[key]
    168. 

  168. 	if pooled == nil {
    169. 

  169. 		t.Fatalf("expected pooled connection for key %q", key)
    170. 

  170. 	}
    171. 

  171. 

  172. 	if err := pooled.conn.Close(); err != nil {
    173. 

  173. 		t.Fatalf("Close() error = %v", err)
    174. 

  174. 	}
    175. 

  175. 

  176. 	pool.checkConnectionHealth()
    177. 

  177. 

  178. 	if _, ok := pool.connections[key]; ok {
    179. 

  179. 		t.Fatalf("expected unhealthy pooled connection %q to be removed", key)
    180. 

  180. 	}
    181. 

  181. }
    182. 

  182. 

  183. func TestConnectionPoolCloseClearsTrackedConnections(t *testing.T) {
    184. 

  184. 	address, tlsConfig := newPoolTestServer(t)
    185. 

  185. 

  186. 	pool := NewConnectionPool(PoolConfig{
    187. 

  187. 		MaxIdleTime:         time.Minute,
    188. 

  188. 		MaxLifetime:         time.Minute,
    189. 

  189. 		HealthCheckInterval: time.Hour,
    190. 

  190. 	})
    191. 

  191. 

  192. 	_, err := pool.Get(context.Background(), address, tlsConfig)
    193. 

  193. 	if err != nil {
    194. 

  194. 		t.Fatalf("Get() error = %v", err)
    195. 

  195. 	}
    196. 

  196. 	pool.Release(address, tlsConfig)
    197. 

  197. 

  198. 	if len(pool.connections) != 1 {
    199. 

  199. 		t.Fatalf("expected one tracked connection, got %d", len(pool.connections))
    200. 

  200. 	}
    201. 

  201. 

  202. 	if err := pool.Close(); err != nil {
    203. 

  203. 		t.Fatalf("Close() error = %v", err)
    204. 

  204. 	}
    205. 

  205. 

  206. 	if len(pool.connections) != 0 {
    207. 

  207. 		t.Fatalf("expected no tracked connections after close, got %d", len(pool.connections))
    208. 

  208. 	}
    209. 

  209. }
    210. 

  210. 

  211. func newPoolTestServer(t *testing.T) (string, *TLSConfig) {
    212. 

  212. 	t.Helper()
    213. 

  213. 

  214. 	serverCert, serverKey, clientCert, clientKey, caCert := newTLSArtifactsForTest(t, "127.0.0.1")
    215. 

  215. 

  216. 	caPool := x509.NewCertPool()
    217. 

  217. 	if !caPool.AppendCertsFromPEM(caCert) {
    218. 

  218. 		t.Fatal("failed to append CA cert")
    219. 

  219. 	}
    220. 

  220. 	tlsCert, err := tls.X509KeyPair(serverCert, serverKey)
    221. 

  221. 	if err != nil {
    222. 

  222. 		t.Fatalf("X509KeyPair() error = %v", err)
    223. 

  223. 	}
    224. 

  224. 

  225. 	lis, err := net.Listen("tcp", "127.0.0.1:0")
    226. 

  226. 	if err != nil {
    227. 

  227. 		t.Fatalf("Listen() error = %v", err)
    228. 

  228. 	}
    229. 

  229. 

  230. 	server := grpc.NewServer(grpc.Creds(credentials.NewTLS(&tls.Config{
    231. 

  231. 		MinVersion:   tls.VersionTLS12,
    232. 

  232. 		Certificates: []tls.Certificate{tlsCert},
    233. 

  233. 		ClientCAs:    caPool,
    234. 

  234. 		ClientAuth:   tls.RequireAndVerifyClientCert,
    235. 

  235. 	})))
    236. 

  236. 	pb.RegisterSecretStoreProviderServer(server, &mockServer{})
    237. 

  237. 	go func() {
    238. 

  238. 		_ = server.Serve(lis)
    239. 

  239. 	}()
    240. 

  240. 

  241. 	t.Cleanup(func() {
    242. 

  242. 		server.Stop()
    243. 

  243. 		_ = lis.Close()
    244. 

  244. 	})
    245. 

  245. 

  246. 	return lis.Addr().String(), &TLSConfig{
    247. 

  247. 		CACert:     caCert,
    248. 

  248. 		ClientCert: clientCert,
    249. 

  249. 		ClientKey:  clientKey,
    250. 

  250. 		ServerName: "127.0.0.1",
    251. 

  251. 	}
    252. 

  252. }
    253.