Add tests for gRPC tls and mTLS (#1224)

Signed-off-by: Bogdan Drutu <[email protected]>

config/configgrpc/configgrpc.go

@@ -17,6 +17,7 @@ package configgrpc
 
 import (
 	"fmt"
+	"net"
 	"strings"
 	"time"
 
@@ -179,6 +180,15 @@ func (gcs *GRPCClientSettings) ToDialOptions() ([]grpc.DialOption, error) {
 	return opts, nil
 }
 
+func (gss *GRPCServerSettings) ToListener() (net.Listener, error) {
+	listener, err := net.Listen("tcp", gss.Endpoint)
+	if err != nil {
+		return nil, err
+	}
+
+	return listener, nil
+}
+
 // ToServerOption maps configgrpc.GRPCServerSettings to a slice of server options for gRPC
 func (gss *GRPCServerSettings) ToServerOption() ([]grpc.ServerOption, error) {
 	var opts []grpc.ServerOption

config/configgrpc/configgrpc_test.go

@@ -15,12 +15,16 @@
 package configgrpc
 
 import (
+	"context"
+	"path"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
+	"google.golang.org/grpc"
 
 	"go.opentelemetry.io/collector/config/configtls"
+	otelcol "go.opentelemetry.io/collector/internal/data/opentelemetry-proto-gen/collector/trace/v1"
 )
 
 func TestDefaultGrpcClientSettings(t *testing.T) {
@@ -201,6 +205,20 @@ func TestGRPCServerSettingsError(t *testing.T) {
 	}
 }
 
+func TestGRPCServerSettings_ToListener_Error(t *testing.T) {
+	settings := GRPCServerSettings{
+		Endpoint: "127.0.0.1:1234567",
+		TLSCredentials: &configtls.TLSServerSetting{
+			TLSSetting: configtls.TLSSetting{
+				CertFile: "/doesnt/exist",
+			},
+		},
+		Keepalive: nil,
+	}
+	_, err := settings.ToListener()
+	assert.Error(t, err)
+}
+
 func TestGetGRPCCompressionKey(t *testing.T) {
 	if GetGRPCCompressionKey("gzip") != CompressionGzip {
 		t.Error("gzip is marked as supported but returned unsupported")
@@ -214,3 +232,154 @@ func TestGetGRPCCompressionKey(t *testing.T) {
 		t.Error("badType is not supported but was returned as supported")
 	}
 }
+
+func TestHttpReception(t *testing.T) {
+	tests := []struct {
+		name           string
+		tlsServerCreds *configtls.TLSServerSetting
+		tlsClientCreds *configtls.TLSClientSetting
+		hasError       bool
+	}{
+		{
+			name:           "noTLS",
+			tlsServerCreds: nil,
+			tlsClientCreds: &configtls.TLSClientSetting{
+				Insecure: true,
+			},
+		},
+		{
+			name: "TLS",
+			tlsServerCreds: &configtls.TLSServerSetting{
+				TLSSetting: configtls.TLSSetting{
+					CAFile:   path.Join(".", "testdata", "ca.crt"),
+					CertFile: path.Join(".", "testdata", "server.crt"),
+					KeyFile:  path.Join(".", "testdata", "server.key"),
+				},
+			},
+			tlsClientCreds: &configtls.TLSClientSetting{
+				TLSSetting: configtls.TLSSetting{
+					CAFile: path.Join(".", "testdata", "ca.crt"),
+				},
+				ServerName: "localhost",
+			},
+		},
+		{
+			name: "NoServerCertificates",
+			tlsServerCreds: &configtls.TLSServerSetting{
+				TLSSetting: configtls.TLSSetting{
+					CAFile: path.Join(".", "testdata", "ca.crt"),
+				},
+			},
+			tlsClientCreds: &configtls.TLSClientSetting{
+				TLSSetting: configtls.TLSSetting{
+					CAFile: path.Join(".", "testdata", "ca.crt"),
+				},
+				ServerName: "localhost",
+			},
+			hasError: true,
+		},
+		{
+			name: "mTLS",
+			tlsServerCreds: &configtls.TLSServerSetting{
+				TLSSetting: configtls.TLSSetting{
+					CAFile:   path.Join(".", "testdata", "ca.crt"),
+					CertFile: path.Join(".", "testdata", "server.crt"),
+					KeyFile:  path.Join(".", "testdata", "server.key"),
+				},
+				ClientCAFile: path.Join(".", "testdata", "ca.crt"),
+			},
+			tlsClientCreds: &configtls.TLSClientSetting{
+				TLSSetting: configtls.TLSSetting{
+					CAFile:   path.Join(".", "testdata", "ca.crt"),
+					CertFile: path.Join(".", "testdata", "client.crt"),
+					KeyFile:  path.Join(".", "testdata", "client.key"),
+				},
+				ServerName: "localhost",
+			},
+		},
+		{
+			name: "NoClientCertificate",
+			tlsServerCreds: &configtls.TLSServerSetting{
+				TLSSetting: configtls.TLSSetting{
+					CAFile:   path.Join(".", "testdata", "ca.crt"),
+					CertFile: path.Join(".", "testdata", "server.crt"),
+					KeyFile:  path.Join(".", "testdata", "server.key"),
+				},
+				ClientCAFile: path.Join(".", "testdata", "ca.crt"),
+			},
+			tlsClientCreds: &configtls.TLSClientSetting{
+				TLSSetting: configtls.TLSSetting{
+					CAFile: path.Join(".", "testdata", "ca.crt"),
+				},
+				ServerName: "localhost",
+			},
+			hasError: true,
+		},
+		{
+			name: "WrongClientCA",
+			tlsServerCreds: &configtls.TLSServerSetting{
+				TLSSetting: configtls.TLSSetting{
+					CAFile:   path.Join(".", "testdata", "ca.crt"),
+					CertFile: path.Join(".", "testdata", "server.crt"),
+					KeyFile:  path.Join(".", "testdata", "server.key"),
+				},
+				ClientCAFile: path.Join(".", "testdata", "server.crt"),
+			},
+			tlsClientCreds: &configtls.TLSClientSetting{
+				TLSSetting: configtls.TLSSetting{
+					CAFile:   path.Join(".", "testdata", "ca.crt"),
+					CertFile: path.Join(".", "testdata", "client.crt"),
+					KeyFile:  path.Join(".", "testdata", "client.key"),
+				},
+				ServerName: "localhost",
+			},
+			hasError: true,
+		},
+	}
+	// prepare
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gss := &GRPCServerSettings{
+				Endpoint:       "localhost:0",
+				TLSCredentials: tt.tlsServerCreds,
+			}
+			ln, err := gss.ToListener()
+			assert.NoError(t, err)
+			opts, err := gss.ToServerOption()
+			assert.NoError(t, err)
+			s := grpc.NewServer(opts...)
+			otelcol.RegisterTraceServiceServer(s, &grpcTraceServer{})
+
+			go func() {
+				_ = s.Serve(ln)
+			}()
+
+			gcs := &GRPCClientSettings{
+				Endpoint:   ln.Addr().String(),
+				TLSSetting: *tt.tlsClientCreds,
+			}
+			clientOpts, errClient := gcs.ToDialOptions()
+			assert.NoError(t, errClient)
+			grpcClientConn, errDial := grpc.Dial(gcs.Endpoint, clientOpts...)
+			assert.NoError(t, errDial)
+			client := otelcol.NewTraceServiceClient(grpcClientConn)
+			ctx, cancelFunc := context.WithTimeout(context.Background(), 2*time.Second)
+			resp, errResp := client.Export(ctx, &otelcol.ExportTraceServiceRequest{}, grpc.WaitForReady(true))
+			if tt.hasError {
+				assert.Error(t, errResp)
+			} else {
+				assert.NoError(t, errResp)
+				assert.NotNil(t, resp)
+			}
+			cancelFunc()
+			s.Stop()
+		})
+	}
+}
+
+type grpcTraceServer struct{}
+
+func (gts *grpcTraceServer) Export(context.Context, *otelcol.ExportTraceServiceRequest) (*otelcol.ExportTraceServiceResponse, error) {
+	return &otelcol.ExportTraceServiceResponse{}, nil
+}

config/configgrpc/testdata/ca.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIUNTVp7u2jqu+nCZbTtHNihE2mFLcwDQYJKoZIhvcNAQEL
+BQAwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM
+DU1vdW50YWluIFZpZXcxGjAYBgNVBAoMEVlvdXIgT3JnYW5pemF0aW9uMRIwEAYD
+VQQLDAlZb3VyIFVuaXQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMDA1MTMxNDEz
+MzNaFw00NjEwMTQxNDEzMzNaMH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp
+Zm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRowGAYDVQQKDBFZb3VyIE9y
+Z2FuaXphdGlvbjESMBAGA1UECwwJWW91ciBVbml0MRIwEAYDVQQDDAlsb2NhbGhv
+c3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/8S2PdY/icKqALehp
+qD3fJ8vb/JjXBSxWVRoE/do90Bab7ld5QUBhkWo+nCRMOPOgRJokHeHL8tEhefTy
+nK58tNgmRtv7LaULw+FADWnGb+J/LjAyb+naB4hsH7yBYjEz+cbeXQNH46DyfiQ6
+tcOjWHGWonw2k7RU/QwDMc8IusUpebK5ebC/dYNaviWa5lozCgyGPM4dg7+HxTZA
+7vaVqtzgK3oaoukj+/lHkDVCwWV3gSoZLz+9C93TqvRPxaW7tNXsMfVZT54peO9u
+ee5bAZec7ha+IoSdGCS4DNX58eJXJc2OYFXo+6u9FewcqDU5nRKpDBSuld30P8t5
+hbShAgMBAAGjUzBRMB0GA1UdDgQWBBQ2xsEER2LQWXC0yUYhGMn7Cj5+XzAfBgNV
+HSMEGDAWgBQ2xsEER2LQWXC0yUYhGMn7Cj5+XzAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQArJstEh6SJ8r5AAs6uGEEAlcsoUFFNRoRHa7qAFzy6
+zU7kuGkPjh8heQ0Hy6cosdHnN+hPDtjX2rwWWNLGcQzYkZ2/ycYeKFpq4kDAOz7V
+3KC1gt7KekmQMIOPqVW5Xb2HvHWYjg9VvYyFgwv/tm2kcaRaEuwdMfjvN1wTttKL
+9nNGC/IKrjxafr/1bWMB+869Dqba9rm9Z3yfNSF6ulFfDj3aHRQj8ToMzlk/RUH4
+7GTI6biCGl/h1I53Q4dZ793b9q3OIK6z+ztDqjT3bdKFCewdhONIH9CtuI+LlrUm
+FsXrc1M0ObwheiW8QxK7oROOwIDgCTSZJLKv5+8jCazt
+-----END CERTIFICATE-----

config/configgrpc/testdata/client.crt

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdQCAQEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNV
+BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxGjAYBgNVBAoM
+EVlvdXIgT3JnYW5pemF0aW9uMRIwEAYDVQQLDAlZb3VyIFVuaXQxEjAQBgNVBAMM
+CWxvY2FsaG9zdDAeFw0yMDA1MTMxNDI4MzRaFw00NjEwMTQxNDI4MzRaMH4xCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFp
+biBWaWV3MRowGAYDVQQKDBFZb3VyIE9yZ2FuaXphdGlvbjESMBAGA1UECwwJWW91
+ciBVbml0MRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAKqklQUlHrs8qVwHvedr36b5yu8bJqzx4RKHL37CKdMA4FbmmnKz/JjK
+9UKqTWWPWnG9HZ26jwTehfEPDN56qODvGYwwvYywgy0iWXhcnsrM3PnC7S2nXyAm
+joMD1thBcXpWqLFMuyAiGqwRFZYheEvUlspbxDZEdlXmZkNg3G4fAgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBAIekrxrjEM7udCZuECPQDPY1+d1m9843pcztO5O/0Ru+
+8dFLKya3VoLBHBf8WYClBd8loLO6tw3qBEJKJRH6UscCiSP8JFcoHiCVogHOiMYx
+g5ECbXSjnul5b6j/7O7OHQ+CDxcf79AzezHZb3WcxH3b8ljSxn66GvYb1ANmKUt6
+Am2i+vsTQgcJ8TX/QpsJPaVhgic+3G0cZkLnDoxKW/xjKU6Dsba9u0b8JpO55PDO
+EEvHkz4T8czJTrIqJs+KK9omY2U8o+PQjnAiEdq8UTK9g0V1SsEBnfPmaIKgg9l8
+vbWd7N38Krg9NZMWqWWufXg9+1VJJplXmnMSP16NiMg=
+-----END CERTIFICATE-----

config/configgrpc/testdata/client.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCqpJUFJR67PKlcB73na9+m+crvGyas8eEShy9+winTAOBW5ppy
+s/yYyvVCqk1lj1pxvR2duo8E3oXxDwzeeqjg7xmMML2MsIMtIll4XJ7KzNz5wu0t
+p18gJo6DA9bYQXF6VqixTLsgIhqsERWWIXhL1JbKW8Q2RHZV5mZDYNxuHwIDAQAB
+AoGATzIzN0ATEzMEJwIw0Mbv9b7YwEAJoxpfKwoysNHMN3GgrLQ52iJOiVsomNgR
+M6FkiIUMybdbyRa9czNY9ahX18sdNWAPZVM97z0lpAF9EfsYqBHtz6HrzBvC0Pyd
+bDhAaWI8JSTioAYXupOPpsPTVrF3jgN4587aEz/qLU6OP4ECQQDSkrp4f46Masqh
+lx68KBe6823oU7cQBv4VjjRJRmslq3kERxf5gdfyfv6W69FWk12cqw1W7WgfRCc0
+/0TSj2hLAkEAz3SinA6LhJ+RivPlwQs09DI9QSpZxmGThrVTcmWHL5kDUcvJy9Gu
+umIrbfUHBNmqK/NItZjmDPC3kG5KKiWU/QJAS1iJNHif7wp/Otax/q1x4EkeOJVL
+2YZHADuD5fw2dqImiStPHs4hEPnz6tiybQIJ6vchrMsCCL4AMWxtmdIKhQJAY65F
+W/rZKvaJNl0O7nz2CsgBCsjQrjPAcR+7YuJJ3KMHJ0xmQBsWe9QjzgfIQZpc3BVf
+wHIhR+J6MVntJOc9+QJAGwPIhmWU6TYgJ/R7usiNwzIdG+XMcw9ySVgICDhs3Gea
+PrcdkrTt9DG9MPwXaCHD7PB+3w0D3VaaRsUIotXP0A==
+-----END RSA PRIVATE KEY-----

config/configgrpc/testdata/server.crt

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdQCAQEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxEzARBgNV
+BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxGjAYBgNVBAoM
+EVlvdXIgT3JnYW5pemF0aW9uMRIwEAYDVQQLDAlZb3VyIFVuaXQxEjAQBgNVBAMM
+CWxvY2FsaG9zdDAeFw0yMDA1MTMxNDI2NTNaFw00NjEwMTQxNDI2NTNaMH4xCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFp
+biBWaWV3MRowGAYDVQQKDBFZb3VyIE9yZ2FuaXphdGlvbjESMBAGA1UECwwJWW91
+ciBVbml0MRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBAMvNgDMuMr7bz260Mlq6jSjxxzgPCRsQMsehoCa0q9PIkq8Tp6mFyody
+lKFu/oEZLreFmUZuZ0rzNoSf62MKVhKZE0s0Cq91m97ExIHW3NRhkS9IRj7cDJ1A
+ToQHlhxaOeMKEfnSJlymQnZNGVV79EcQDM36bfQPbTqRUeM9vWE1AgMBAAEwDQYJ
+KoZIhvcNAQELBQADggEBABgE3vf7vwUYmshpvK/xKGIpTmqFRA9gyh7o++C+KUoL
+eD4bz9NlxVk5bO8usPmuWo/MM8EIPWAc3RMsMHBQy6/87cP0wuolYkMrj2F5Mpc1
+vE6WRrFhxqNmnA1G5XhPmxcI29N6z6pc6TeOEuUe2/ywzSNhNUMCUf1NebzD9GMp
+4oQx5lcvsRmXaya7gSfDvoWi2Gd6v5qrYk3/enppNOu49h2THK+d4Ycmm/eG9883
+xaqTE+1lAJfSnM0Bsjso3SZfocOtW3yUk5JoEIRG4Prjv6gFPLvb0/OHLEYBlqGU
+Qw5MzYFmPJWGR7IKAs6Kkr2VxT7XUp7iYQAN5QyliGY=
+-----END CERTIFICATE-----

config/configgrpc/testdata/server.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDLzYAzLjK+289utDJauo0o8cc4DwkbEDLHoaAmtKvTyJKvE6ep
+hcqHcpShbv6BGS63hZlGbmdK8zaEn+tjClYSmRNLNAqvdZvexMSB1tzUYZEvSEY+
+3AydQE6EB5YcWjnjChH50iZcpkJ2TRlVe/RHEAzN+m30D206kVHjPb1hNQIDAQAB
+AoGBAKLQNU6t5ZRb/kcuZdvdlM/U95ZtTJT2R9r73/mL9IlofuanCRaA799tRhgB
+mAiCmbO7Y0vE/3f8/NzO9TlWFJOxACPliJgq/+HgdMGxXzRT6SLsNcxuWLYyEPAd
+/6DheLnZj4bwm1voi72tCvyMmndCNM6HzHzr6+u3j4ASRbgxAkEA9kwS2x/OLcm9
+j1QHpvBczrWrZya0PfpoVq8UC91Y0lJQELpSJiGfQRPS3eZeYb2+gd7KFiaQ/7c7
+WxhkQHzXkwJBANPU3hO8rLql4mKvRNJLEBMsTA2Ycstr5h4kMHF274grqQZSjDsY
+udsK+Pqgsx6PT0j7VfSxctzQ2jW4S4W90RcCQQDVbqcIbE9nLmOuSMs4xyIlnxih
+ktCuxMiWFbHxdib6W4o2dL+re4deBae901wGpz7nnADToSgV8Nrm3gRCPe0xAkAS
+1zsNXFmsnDZ/eoFPhveeDPGSv/1t1GH6SlO4s9BoNyHoew0X8IIPVnGAsSxdSnfN
+0PT7N5E0zKqr3oFxGsnvAkEAxga1mI8hg5xIkPvgaVn7Mtv8sVpXLJlQ0waWB1Q9
+tWJ7B53d+StEirPo4M4fug7LO12onuHaB/WpaEFh8Eftkg==
+-----END RSA PRIVATE KEY-----