-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security: Stabilize AdvancedTlsX509KeyManager. #11139
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR @erm-g! A couple nits, and two other points:
- This PR only de-experimentalizes the key manager. Should we amend the PR title accordingly?
- Please address the failing tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please address the failing tests. :)
Fixed (few styling things) |
util/src/test/java/io/grpc/util/AdvancedTlsX509KeyManagerTest.java
Outdated
Show resolved
Hide resolved
} | ||
|
||
@Test | ||
public void credentialSettingParameterValidity() throws Exception { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We seem to be testing several distinct behaviors in the same unit test - can we break these up into separate smaller-scoped tests so that each unit test is testing an independent behavior?
Similarly above in the credentialSetting
test.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this test we're just checking that we correctly put checkNotNull
checks across the public api. So I grouped that under single unit test since I saw a similar pattern at MatcherTest -
public void stringMatcher() { |
credentialSetting
is different - we check a sequence of changing (serverCert->clientCert->serverCert) so splitting it is possible, but will require a lot of boilerplate code (smth like wordy BeforeMethod before each test)
util/src/test/java/io/grpc/util/AdvancedTlsX509KeyManagerTest.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's swap to FakeClock, but otherwise looks good.
@matthewstevenson88, do you want us to wait for your approval before this goes in? |
Thanks @ejona86. LGTM, and ok to merge once the FakeClock change is done. |
This PR is a part of 'Stabilize Advanced TLS' effort.
Clean up, improve javadoc, de-experimentalize of AdvancedTlsX509KeyManager, add a unit test (e2e already exists).