Change errCredentialsMisuse to errCredentialsConflict and errTransportCredentialsMissing
This commit is contained in:
@ -61,10 +61,13 @@ var (
|
|||||||
// being set for ClientConn. Users should either set one or explicitly
|
// being set for ClientConn. Users should either set one or explicitly
|
||||||
// call WithInsecure DialOption to disable security.
|
// call WithInsecure DialOption to disable security.
|
||||||
errNoTransportSecurity = errors.New("grpc: no transport security set (use grpc.WithInsecure() explicitly or set credentials)")
|
errNoTransportSecurity = errors.New("grpc: no transport security set (use grpc.WithInsecure() explicitly or set credentials)")
|
||||||
// errCredentialsMisuse indicates that users want to transmit security information
|
// errTransportCredentialsMissing indicates that users want to transmit security
|
||||||
// (e.g., oauth2 token) which requires secure connection on an insecure
|
// information (e.g., oauth2 token) which requires secure connection on an insecure
|
||||||
// connection.
|
// connection.
|
||||||
errCredentialsMisuse = errors.New("grpc: the credentials require transport level security (use grpc.WithTransportAuthenticator() to set)")
|
errTransportCredentialsMissing = errors.New("grpc: the credentials require transport level security (use grpc.WithTransportCredentials() to set)")
|
||||||
|
// errCredentialsConflict indicates that grpc.WithTransportCredentials()
|
||||||
|
// and grpc.WithInsecure() are both called for a connection.
|
||||||
|
errCredentialsConflict = errors.New("grpc: transport credentials are set for an insecure connection (grpc.WithTransportCredentials() and grpc.WithInsecure() are both called)")
|
||||||
// errNetworkIP indicates that the connection is down due to some network I/O error.
|
// errNetworkIP indicates that the connection is down due to some network I/O error.
|
||||||
errNetworkIO = errors.New("grpc: failed with network I/O error")
|
errNetworkIO = errors.New("grpc: failed with network I/O error")
|
||||||
// errConnDrain indicates that the connection starts to be drained and does not accept any new RPCs.
|
// errConnDrain indicates that the connection starts to be drained and does not accept any new RPCs.
|
||||||
@ -374,11 +377,11 @@ func (cc *ClientConn) newAddrConn(addr Address, skipWait bool) error {
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if ac.dopts.copts.TransportCredentials != nil {
|
if ac.dopts.copts.TransportCredentials != nil {
|
||||||
return errCredentialsMisuse
|
return errCredentialsConflict
|
||||||
}
|
}
|
||||||
for _, cd := range ac.dopts.copts.PerRPCCredentials {
|
for _, cd := range ac.dopts.copts.PerRPCCredentials {
|
||||||
if cd.RequireTransportSecurity() {
|
if cd.RequireTransportSecurity() {
|
||||||
return errCredentialsMisuse
|
return errTransportCredentialsMissing
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -68,21 +68,21 @@ func TestTLSDialTimeout(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestCredentialsMisuse(t *testing.T) {
|
func TestCredentialsMisuse(t *testing.T) {
|
||||||
auth, err := credentials.NewClientTLSFromFile(tlsDir+"ca.pem", "x.test.youtube.com")
|
tlsCreds, err := credentials.NewClientTLSFromFile(tlsDir+"ca.pem", "x.test.youtube.com")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create authenticator %v", err)
|
t.Fatalf("Failed to create authenticator %v", err)
|
||||||
}
|
}
|
||||||
// Two conflicting credential configurations
|
// Two conflicting credential configurations
|
||||||
if _, err := Dial("Non-Existent.Server:80", WithTransportCredentials(auth), WithTimeout(time.Millisecond), WithBlock(), WithInsecure()); err != errCredentialsMisuse {
|
if _, err := Dial("Non-Existent.Server:80", WithTransportCredentials(tlsCreds), WithTimeout(time.Millisecond), WithBlock(), WithInsecure()); err != errCredentialsConflict {
|
||||||
t.Fatalf("Dial(_, _) = _, %v, want _, %v", err, errCredentialsMisuse)
|
t.Fatalf("Dial(_, _) = _, %v, want _, %v", err, errCredentialsConflict)
|
||||||
}
|
}
|
||||||
creds, err := oauth.NewJWTAccessFromKey(nil)
|
rpcCreds, err := oauth.NewJWTAccessFromKey(nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create credentials %v", err)
|
t.Fatalf("Failed to create credentials %v", err)
|
||||||
}
|
}
|
||||||
// security info on insecure connection
|
// security info on insecure connection
|
||||||
if _, err := Dial("Non-Existent.Server:80", WithPerRPCCredentials(creds), WithTimeout(time.Millisecond), WithBlock(), WithInsecure()); err != errCredentialsMisuse {
|
if _, err := Dial("Non-Existent.Server:80", WithPerRPCCredentials(rpcCreds), WithTimeout(time.Millisecond), WithBlock(), WithInsecure()); err != errTransportCredentialsMissing {
|
||||||
t.Fatalf("Dial(_, _) = _, %v, want _, %v", err, errCredentialsMisuse)
|
t.Fatalf("Dial(_, _) = _, %v, want _, %v", err, errTransportCredentialsMissing)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user