@@ -8,6 +8,7 @@ use crate::assert::{AssertionEngine, JsonComparator, get_json_diff};
88use crate :: grpc:: { CompressionMode , GrpcClient , GrpcClientConfig , ProtoConfig , TlsConfig } ;
99use crate :: optimizer;
1010use crate :: parser:: ast:: { SectionContent , SectionType } ;
11+ use crate :: polyfill:: runtime;
1112use crate :: report:: CoverageCollector ;
1213use crate :: utils:: file:: FileUtils ;
1314use anyhow:: Result ;
@@ -487,6 +488,26 @@ fn tls_env_defaults() -> HashMap<String, String> {
487488 defaults
488489}
489490
491+ fn resolve_tls_path ( value : & str , from_env : bool , document_path : & Path ) -> String {
492+ let path = Path :: new ( value) ;
493+ if path. is_absolute ( ) {
494+ return path. to_string_lossy ( ) . to_string ( ) ;
495+ }
496+
497+ if from_env {
498+ if runtime:: supports ( runtime:: Capability :: IsolatedFsIo )
499+ && let Ok ( cwd) = std:: env:: current_dir ( )
500+ {
501+ return cwd. join ( path) . to_string_lossy ( ) . to_string ( ) ;
502+ }
503+ return path. to_string_lossy ( ) . to_string ( ) ;
504+ }
505+
506+ FileUtils :: resolve_relative_path ( document_path, value)
507+ . to_string_lossy ( )
508+ . to_string ( )
509+ }
510+
490511impl TestRunner {
491512 pub fn full_service_name ( package : & str , service : & str ) -> String {
492513 if package. is_empty ( ) {
@@ -601,41 +622,55 @@ impl TestRunner {
601622 let document_path = Path :: new ( & document. file_path ) ;
602623
603624 let tls_defaults = tls_env_defaults ( ) ;
604- let tls_config = document
605- . get_tls_config_with_defaults ( & tls_defaults)
606- . map ( |tls_map| TlsConfig {
607- ca_cert_path : tls_map
608- . get ( "ca_cert" )
609- . or_else ( || tls_map. get ( "ca_file" ) )
610- . map ( |p| {
611- FileUtils :: resolve_relative_path ( document_path, p)
612- . to_string_lossy ( )
613- . to_string ( )
614- } ) ,
615- client_cert_path : tls_map
616- . get ( "client_cert" )
617- . or_else ( || tls_map. get ( "cert" ) )
618- . or_else ( || tls_map. get ( "cert_file" ) )
619- . map ( |p| {
620- FileUtils :: resolve_relative_path ( document_path, p)
621- . to_string_lossy ( )
622- . to_string ( )
623- } ) ,
624- client_key_path : tls_map
625- . get ( "client_key" )
626- . or_else ( || tls_map. get ( "key" ) )
627- . or_else ( || tls_map. get ( "key_file" ) )
628- . map ( |p| {
629- FileUtils :: resolve_relative_path ( document_path, p)
630- . to_string_lossy ( )
631- . to_string ( )
632- } ) ,
633- server_name : tls_map. get ( "server_name" ) . cloned ( ) ,
634- insecure_skip_verify : tls_map
635- . get ( "insecure" )
636- . map ( |s| parse_bool_flag ( s) )
637- . unwrap_or ( false ) ,
638- } ) ;
625+ let tls_section = document. get_tls_config ( ) ;
626+
627+ let pick_tls_value = |keys : & [ & str ] | -> Option < ( String , bool ) > {
628+ if let Some ( section_map) = tls_section. as_ref ( ) {
629+ for key in keys {
630+ if let Some ( value) = section_map. get ( * key) {
631+ return Some ( ( value. clone ( ) , false ) ) ;
632+ }
633+ }
634+ }
635+
636+ for key in keys {
637+ if let Some ( value) = tls_defaults. get ( * key) {
638+ return Some ( ( value. clone ( ) , true ) ) ;
639+ }
640+ }
641+
642+ None
643+ } ;
644+
645+ let ca_cert_path = pick_tls_value ( & [ "ca_cert" , "ca_file" ] )
646+ . map ( |( v, from_env) | resolve_tls_path ( & v, from_env, document_path) ) ;
647+ let client_cert_path = pick_tls_value ( & [ "client_cert" , "cert" , "cert_file" ] )
648+ . map ( |( v, from_env) | resolve_tls_path ( & v, from_env, document_path) ) ;
649+ let client_key_path = pick_tls_value ( & [ "client_key" , "key" , "key_file" ] )
650+ . map ( |( v, from_env) | resolve_tls_path ( & v, from_env, document_path) ) ;
651+ let server_name = pick_tls_value ( & [ "server_name" ] ) . map ( |( v, _) | v) ;
652+ let insecure_skip_verify = tls_section
653+ . as_ref ( )
654+ . and_then ( |m| m. get ( "insecure" ) )
655+ . map ( |s| parse_bool_flag ( s) )
656+ . unwrap_or ( false ) ;
657+
658+ let tls_config = if ca_cert_path. is_some ( )
659+ || client_cert_path. is_some ( )
660+ || client_key_path. is_some ( )
661+ || server_name. is_some ( )
662+ || insecure_skip_verify
663+ {
664+ Some ( TlsConfig {
665+ ca_cert_path,
666+ client_cert_path,
667+ client_key_path,
668+ server_name,
669+ insecure_skip_verify,
670+ } )
671+ } else {
672+ None
673+ } ;
639674
640675 // Check for Proto config in document
641676 let proto_config = if let Some ( proto_map) = document. get_proto_config ( ) {
@@ -1763,6 +1798,39 @@ mod tests {
17631798 assert ! ( !parse_bool_flag( "" ) ) ;
17641799 }
17651800
1801+ #[ test]
1802+ fn test_resolve_tls_path_from_env_uses_cwd ( ) {
1803+ if !runtime:: supports ( runtime:: Capability :: IsolatedFsIo ) {
1804+ return ;
1805+ }
1806+
1807+ let cwd = std:: env:: current_dir ( ) . unwrap ( ) ;
1808+ let document_path = Path :: new ( "tests/fixtures/sample.gctf" ) ;
1809+ let resolved = resolve_tls_path ( "certs/ca.crt" , true , document_path) ;
1810+ assert_eq ! ( Path :: new( & resolved) , cwd. join( "certs/ca.crt" ) ) ;
1811+ }
1812+
1813+ #[ test]
1814+ fn test_resolve_tls_path_from_env_without_fs_capability_returns_relative ( ) {
1815+ if runtime:: supports ( runtime:: Capability :: IsolatedFsIo ) {
1816+ return ;
1817+ }
1818+
1819+ let document_path = Path :: new ( "tests/fixtures/sample.gctf" ) ;
1820+ let resolved = resolve_tls_path ( "certs/ca.crt" , true , document_path) ;
1821+ assert_eq ! ( resolved, "certs/ca.crt" ) ;
1822+ }
1823+
1824+ #[ test]
1825+ fn test_resolve_tls_path_from_document_uses_document_dir ( ) {
1826+ let document_path = Path :: new ( "tests/fixtures/sample.gctf" ) ;
1827+ let resolved = resolve_tls_path ( "certs/ca.crt" , false , document_path) ;
1828+ assert_eq ! (
1829+ Path :: new( & resolved) ,
1830+ Path :: new( "tests/fixtures" ) . join( "certs" ) . join( "ca.crt" )
1831+ ) ;
1832+ }
1833+
17661834 #[ test]
17671835 fn test_tls_env_defaults_uses_grpctestify_prefix ( ) {
17681836 unsafe {
0 commit comments