Embed test data files to enable running tests outside source tree

Cargo.toml

@@ -11,7 +11,7 @@ tls-boring = ["dep:boring", "dep:boring-sys", "boring-rustls-provider/fips-only"
 tls-ring = ["dep:ring", "rustls/ring", "tokio-rustls/ring", "hyper-rustls/ring", "dep:rcgen"]
 tls-aws-lc = ["dep:ring", "rustls/aws_lc_rs", "tokio-rustls/aws_lc_rs", "hyper-rustls/aws-lc-rs", "dep:rcgen", "rcgen/aws_lc_rs"]
 tls-openssl = ["dep:rustls-openssl", "dep:openssl" ]
-testing = ["dep:rcgen", "rcgen/x509-parser"] # Enables utilities supporting tests.
+testing = ["dep:rcgen", "rcgen/x509-parser", "dep:tempfile"] # Enables utilities supporting tests.
 
 [lib]
 path = "src/lib.rs"
@@ -117,6 +117,7 @@ tracing-core = "0.1"
 tracing-appender = "0.2"
 tokio-util = { version = "0.7", features = ["io-util"] }
 educe = "0.6"
+tempfile = { version = "3.21", optional = true}
 
 [target.'cfg(target_os = "linux")'.dependencies]
 netns-rs = "0.1"
@@ -160,7 +161,6 @@ rcgen = { version = "0.14", features = ["pem", "x509-parser"] }
 x509-parser = { version = "0.17", default-features = false, features = ["verify"] }
 time = "0.3"
 ctor = "0.5"
-tempfile = "3.21"
 
 [lints.clippy]
 # This rule makes code more confusing

src/config.rs

@@ -1082,11 +1082,14 @@ pub mod tests {
 
     #[test]
     fn config_from_proxyconfig() {
+        use crate::test_helpers::{MESH_CONFIG_YAML, temp_file_with_content};
+
         let default_config = construct_config(ProxyConfig::default())
             .expect("could not build Config without ProxyConfig");
 
         // mesh config only
-        let mesh_config_path = "./src/test_helpers/mesh_config.yaml";
+        let mesh_config_file = temp_file_with_content(MESH_CONFIG_YAML).unwrap();
+        let mesh_config_path = mesh_config_file.path().to_str().unwrap();
         let pc = construct_proxy_config(mesh_config_path, None).unwrap();
         let cfg = construct_config(pc).unwrap();
         assert_eq!(cfg.stats_addr.port(), 15888);

src/state/workload.rs

@@ -907,6 +907,7 @@ mod tests {
     use crate::config::ConfigSource;
     use crate::state::{DemandProxyState, ProxyState, ServiceResolutionMode, UpstreamDestination};
     use crate::test_helpers::helpers::initialize_telemetry;
+    use crate::test_helpers::{LOCALHOST_YAML, temp_file_with_content};
     use crate::xds::istio::workload::PortList as XdsPortList;
     use crate::xds::istio::workload::Service as XdsService;
     use crate::xds::istio::workload::WorkloadStatus as XdsStatus;
@@ -1857,11 +1858,8 @@ mod tests {
 
     #[tokio::test]
     async fn local_client() {
-        let cfg = ConfigSource::File(
-            std::path::PathBuf::from(env!("CARGO_MANIFEST_DIR"))
-                .join("examples")
-                .join("localhost.yaml"),
-        );
+        let config_file = temp_file_with_content(LOCALHOST_YAML).unwrap();
+        let cfg = ConfigSource::File(config_file.path().to_path_buf());
         let (state, demand, _) = setup_test();
         let local_client = LocalClient {
             cfg,

src/test_helpers.rs

@@ -30,6 +30,8 @@ use crate::xds::{Handler, LocalConfig, LocalWorkload, ProxyStateUpdater, XdsReso
 use anyhow::anyhow;
 use bytes::{BufMut, Bytes};
 use hickory_resolver::config::*;
+use std::io::Write;
+use tempfile::NamedTempFile;
 
 use crate::{state, strng};
 use http_body_util::{BodyExt, Full};
@@ -161,6 +163,11 @@ pub const TEST_SERVICE_HOST: &str = "local-vip.default.svc.cluster.local";
 pub const TEST_SERVICE_DNS_HBONE_NAME: &str = "local-vip-async-dns";
 pub const TEST_SERVICE_DNS_HBONE_HOST: &str = "local-vip-async-dns.default.svc.cluster.local";
 
+// Embedded test data - available when running binary outside source tree
+pub const FAKE_JWT: &str = include_str!("test_helpers/fake-jwt");
+pub const MESH_CONFIG_YAML: &str = include_str!("test_helpers/mesh_config.yaml");
+pub const LOCALHOST_YAML: &str = include_str!("../examples/localhost.yaml");
+
 pub fn localhost_error_message() -> String {
     let addrs = &[
         TEST_WORKLOAD_SOURCE,
@@ -547,3 +554,12 @@ pub fn mpsc_ack<T>(buffer: usize) -> (MpscAckSender<T>, MpscAckReceiver<T>) {
     let (ack_tx, ack_rx) = tokio::sync::mpsc::channel::<()>(1);
     (MpscAckSender { tx, ack_rx }, MpscAckReceiver { rx, ack_tx })
 }
+
+/// Creates a temporary file with the given content and returns the path.
+/// The file is automatically deleted when the returned NamedTempFile is dropped
+pub fn temp_file_with_content(content: &str) -> std::io::Result<NamedTempFile> {
+    let mut file = NamedTempFile::new()?;
+    file.write_all(content.as_bytes())?;
+    file.flush()?;
+    Ok(file)
+}

src/test_helpers/ca.rs

@@ -12,7 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use std::path::PathBuf;
 use std::time::Duration;
 
 use async_trait::async_trait;
@@ -27,6 +26,7 @@ use tracing::error;
 use crate::config::RootCert;
 
 use crate::identity::{AuthSource, CaClient};
+use crate::test_helpers::FAKE_JWT;
 use crate::test_helpers::hyper_tower;
 use crate::xds::istio::ca::istio_certificate_service_server::{
     IstioCertificateService, IstioCertificateServiceServer,
@@ -76,14 +76,12 @@ impl CaServer {
                 }
             }
         });
+
         let client = CaClient::new(
             "https://".to_string() + &server_addr.to_string(),
             None,
             Box::new(tls::ControlPlaneAuthentication::RootCert(root_cert)),
-            AuthSource::Token(
-                PathBuf::from(r"src/test_helpers/fake-jwt"),
-                "Kubernetes".to_string(),
-            ),
+            AuthSource::StaticToken(FAKE_JWT.to_string(), "Kubernetes".to_string()),
             true,
             60 * 60 * 24,
             Vec::new(),