diff --git a/Cargo.toml b/Cargo.toml index fa22f84c1b..5f89e6e9cb 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,7 +11,7 @@ tls-boring = ["dep:boring", "dep:boring-sys", "boring-rustls-provider/fips-only" tls-ring = ["dep:ring", "rustls/ring", "tokio-rustls/ring", "hyper-rustls/ring", "dep:rcgen"] tls-aws-lc = ["dep:ring", "rustls/aws_lc_rs", "tokio-rustls/aws_lc_rs", "hyper-rustls/aws-lc-rs", "dep:rcgen", "rcgen/aws_lc_rs"] tls-openssl = ["dep:rustls-openssl", "dep:openssl" ] -testing = ["dep:rcgen", "rcgen/x509-parser"] # Enables utilities supporting tests. +testing = ["dep:rcgen", "rcgen/x509-parser", "dep:tempfile"] # Enables utilities supporting tests. [lib] path = "src/lib.rs" @@ -117,6 +117,7 @@ tracing-core = "0.1" tracing-appender = "0.2" tokio-util = { version = "0.7", features = ["io-util"] } educe = "0.6" +tempfile = { version = "3.21", optional = true} [target.'cfg(target_os = "linux")'.dependencies] netns-rs = "0.1" @@ -160,7 +161,6 @@ rcgen = { version = "0.14", features = ["pem", "x509-parser"] } x509-parser = { version = "0.17", default-features = false, features = ["verify"] } time = "0.3" ctor = "0.5" -tempfile = "3.21" [lints.clippy] # This rule makes code more confusing diff --git a/src/config.rs b/src/config.rs index 2918f143cf..926355d360 100644 --- a/src/config.rs +++ b/src/config.rs @@ -1082,11 +1082,14 @@ pub mod tests { #[test] fn config_from_proxyconfig() { + use crate::test_helpers::{MESH_CONFIG_YAML, temp_file_with_content}; + let default_config = construct_config(ProxyConfig::default()) .expect("could not build Config without ProxyConfig"); // mesh config only - let mesh_config_path = "./src/test_helpers/mesh_config.yaml"; + let mesh_config_file = temp_file_with_content(MESH_CONFIG_YAML).unwrap(); + let mesh_config_path = mesh_config_file.path().to_str().unwrap(); let pc = construct_proxy_config(mesh_config_path, None).unwrap(); let cfg = construct_config(pc).unwrap(); assert_eq!(cfg.stats_addr.port(), 15888); diff --git a/src/state/workload.rs b/src/state/workload.rs index 77c1742365..15c56979e3 100644 --- a/src/state/workload.rs +++ b/src/state/workload.rs @@ -907,6 +907,7 @@ mod tests { use crate::config::ConfigSource; use crate::state::{DemandProxyState, ProxyState, ServiceResolutionMode, UpstreamDestination}; use crate::test_helpers::helpers::initialize_telemetry; + use crate::test_helpers::{LOCALHOST_YAML, temp_file_with_content}; use crate::xds::istio::workload::PortList as XdsPortList; use crate::xds::istio::workload::Service as XdsService; use crate::xds::istio::workload::WorkloadStatus as XdsStatus; @@ -1857,11 +1858,8 @@ mod tests { #[tokio::test] async fn local_client() { - let cfg = ConfigSource::File( - std::path::PathBuf::from(env!("CARGO_MANIFEST_DIR")) - .join("examples") - .join("localhost.yaml"), - ); + let config_file = temp_file_with_content(LOCALHOST_YAML).unwrap(); + let cfg = ConfigSource::File(config_file.path().to_path_buf()); let (state, demand, _) = setup_test(); let local_client = LocalClient { cfg, diff --git a/src/test_helpers.rs b/src/test_helpers.rs index f6560829ac..21c3cf7675 100644 --- a/src/test_helpers.rs +++ b/src/test_helpers.rs @@ -30,6 +30,8 @@ use crate::xds::{Handler, LocalConfig, LocalWorkload, ProxyStateUpdater, XdsReso use anyhow::anyhow; use bytes::{BufMut, Bytes}; use hickory_resolver::config::*; +use std::io::Write; +use tempfile::NamedTempFile; use crate::{state, strng}; use http_body_util::{BodyExt, Full}; @@ -161,6 +163,11 @@ pub const TEST_SERVICE_HOST: &str = "local-vip.default.svc.cluster.local"; pub const TEST_SERVICE_DNS_HBONE_NAME: &str = "local-vip-async-dns"; pub const TEST_SERVICE_DNS_HBONE_HOST: &str = "local-vip-async-dns.default.svc.cluster.local"; +// Embedded test data - available when running binary outside source tree +pub const FAKE_JWT: &str = include_str!("test_helpers/fake-jwt"); +pub const MESH_CONFIG_YAML: &str = include_str!("test_helpers/mesh_config.yaml"); +pub const LOCALHOST_YAML: &str = include_str!("../examples/localhost.yaml"); + pub fn localhost_error_message() -> String { let addrs = &[ TEST_WORKLOAD_SOURCE, @@ -547,3 +554,12 @@ pub fn mpsc_ack(buffer: usize) -> (MpscAckSender, MpscAckReceiver) { let (ack_tx, ack_rx) = tokio::sync::mpsc::channel::<()>(1); (MpscAckSender { tx, ack_rx }, MpscAckReceiver { rx, ack_tx }) } + +/// Creates a temporary file with the given content and returns the path. +/// The file is automatically deleted when the returned NamedTempFile is dropped +pub fn temp_file_with_content(content: &str) -> std::io::Result { + let mut file = NamedTempFile::new()?; + file.write_all(content.as_bytes())?; + file.flush()?; + Ok(file) +} diff --git a/src/test_helpers/ca.rs b/src/test_helpers/ca.rs index e6ed041a04..963bf908d0 100644 --- a/src/test_helpers/ca.rs +++ b/src/test_helpers/ca.rs @@ -12,7 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -use std::path::PathBuf; use std::time::Duration; use async_trait::async_trait; @@ -27,6 +26,7 @@ use tracing::error; use crate::config::RootCert; use crate::identity::{AuthSource, CaClient}; +use crate::test_helpers::FAKE_JWT; use crate::test_helpers::hyper_tower; use crate::xds::istio::ca::istio_certificate_service_server::{ IstioCertificateService, IstioCertificateServiceServer, @@ -76,14 +76,12 @@ impl CaServer { } } }); + let client = CaClient::new( "https://".to_string() + &server_addr.to_string(), None, Box::new(tls::ControlPlaneAuthentication::RootCert(root_cert)), - AuthSource::Token( - PathBuf::from(r"src/test_helpers/fake-jwt"), - "Kubernetes".to_string(), - ), + AuthSource::StaticToken(FAKE_JWT.to_string(), "Kubernetes".to_string()), true, 60 * 60 * 24, Vec::new(),