test: add grpc tests testing TLS connections

Only grpc insecure connections were being used in the tests. Also, these
new tests allow to cover for the untested `NSOLID_GRPC_CERTS` env
variable.

PR-URL: #406
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>

Author: santigimeno

test/agents/test-grpc-basic.mjs

@@ -1,5 +1,6 @@
 // Flags: --expose-internals
 import { mustCall, mustSucceed } from '../common/index.mjs';
+import fixtures from '../common/fixtures.js';
 import assert from 'node:assert';
 import {
   checkExitData,
@@ -13,17 +14,17 @@ const tests = [];
 
 tests.push({
   name: 'should work if agent is killed with signal',
-  test: async (getEnv) => {
+  test: async (getEnv, isSecure) => {
     return new Promise((resolve) => {
-      const grpcServer = new GRPCServer();
+      const grpcServer = new GRPCServer({ tls: isSecure });
       grpcServer.start(mustSucceed(async (port) => {
         grpcServer.on('exit', mustCall((data) => {
           checkExitData(data.msg, data.metadata, agentId, { code: SIGTERM, error: null, profile: '' });
           grpcServer.close();
           resolve();
         }));
 
-        const env = getEnv(port);
+        const env = getEnv(port, isSecure);
 
         const opts = {
           stdio: ['inherit', 'inherit', 'inherit', 'ipc'],
@@ -39,17 +40,17 @@ tests.push({
 
 tests.push({
   name: 'should work if agent exits gracefully without error',
-  test: async (getEnv) => {
+  test: async (getEnv, isSecure) => {
     return new Promise((resolve) => {
-      const grpcServer = new GRPCServer();
+      const grpcServer = new GRPCServer({ tls: isSecure });
       grpcServer.start(mustSucceed(async (port) => {
         grpcServer.on('exit', mustCall((data) => {
           checkExitData(data.msg, data.metadata, agentId, { code: 0, error: null, profile: '' });
           grpcServer.close();
           resolve();
         }));
 
-        const env = getEnv(port);
+        const env = getEnv(port, isSecure);
 
         const opts = {
           stdio: ['inherit', 'inherit', 'inherit', 'ipc'],
@@ -68,17 +69,17 @@ tests.push({
 
 tests.push({
   name: 'should work if agent exits gracefully with error code',
-  test: async (getEnv) => {
+  test: async (getEnv, isSecure) => {
     return new Promise((resolve) => {
-      const grpcServer = new GRPCServer();
+      const grpcServer = new GRPCServer({ tls: isSecure });
       grpcServer.start(mustSucceed(async (port) => {
         grpcServer.on('exit', mustCall((data) => {
           checkExitData(data.msg, data.metadata, agentId, { code: 1, error: null, profile: '' });
           grpcServer.close();
           resolve();
         }));
 
-        const env = getEnv(port);
+        const env = getEnv(port, isSecure);
 
         const opts = {
           stdio: ['inherit', 'inherit', 'inherit', 'ipc'],
@@ -97,9 +98,9 @@ tests.push({
 
 tests.push({
   name: 'should work if agent exits with exception',
-  test: async (getEnv) => {
+  test: async (getEnv, isSecure) => {
     return new Promise((resolve) => {
-      const grpcServer = new GRPCServer();
+      const grpcServer = new GRPCServer({ tls: isSecure });
       grpcServer.start(mustSucceed(async (port) => {
         grpcServer.on('exit', mustCall((data) => {
           const error = { message: 'Uncaught Error: error', stack: '' };
@@ -108,7 +109,7 @@ tests.push({
           resolve();
         }));
 
-        const env = getEnv(port);
+        const env = getEnv(port, isSecure);
 
         const opts = {
           stdio: ['inherit', 'inherit', 'inherit', 'ipc'],
@@ -127,28 +128,41 @@ tests.push({
 
 const testConfigs = [
   {
-    getEnv: (port) => {
-      return {
+    getEnv: (port, isSecure) => {
+      const env = {
         NODE_DEBUG_NATIVE: 'nsolid_grpc_agent',
-        NSOLID_GRPC_INSECURE: 1,
         NSOLID_GRPC: `localhost:${port}`,
       };
+      if (!isSecure) {
+        env.NSOLID_GRPC_INSECURE = 1;
+      } else {
+        env.NSOLID_GRPC_CERTS = fixtures.path('keys', 'selfsigned-no-keycertsign', 'cert.pem');
+      }
+      return env;
     },
   },
   {
-    getEnv: (port) => {
-      return {
+    getEnv: (port, isSecure) => {
+      const env = {
         NODE_DEBUG_NATIVE: 'nsolid_grpc_agent',
-        NSOLID_GRPC_INSECURE: 1,
         NSOLID_SAAS: `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbtesting.localhost:${port}`,
       };
+      if (!isSecure) {
+        env.NSOLID_GRPC_INSECURE = 1;
+      } else {
+        env.NSOLID_GRPC_CERTS = fixtures.path('keys', 'selfsigned-no-keycertsign', 'cert.pem');
+      }
+      return env;
     },
   },
 ];
 
+const isSecureOpts = [false, true];
 for (const testConfig of testConfigs) {
   for (const { name, test } of tests) {
-    console.log(`[basic] ${name}`);
-    await test(testConfig.getEnv);
+    for (const isSecure of isSecureOpts) {
+      console.log(`[basic] ${name} ${isSecure ? 'secure' : 'insecure'}`);
+      await test(testConfig.getEnv, isSecure);
+    }
   }
 }

test/common/nsolid-grpc-agent/index.js

@@ -69,18 +69,24 @@ function checkResource(resource, agentId, config, metrics) {
 
 
 class GRPCServer extends EventEmitter {
+  #opts;
   #server;
-  constructor() {
+  constructor(opts) {
     super();
     this.#server = null;
+    this.#opts = opts || {};
   }
 
   start(cb) {
     const args = [];
+    if (this.#opts.tls) {
+      args.push('--tls');
+    }
+
     const opts = {
       stdio: ['inherit', 'inherit', 'inherit', 'ipc'],
     };
-    this.#server = fork(path.join(__dirname, 'server.mjs') + '', args, opts);
+    this.#server = fork(path.join(__dirname, 'server.mjs'), args, opts);
     this.#server.on('message', (message) => {
       switch (message.type) {
         case 'exit':

test/common/nsolid-grpc-agent/server.mjs

@@ -1,8 +1,20 @@
 import assert from 'node:assert';
 import path from 'node:path';
+import { parseArgs } from 'node:util';
 import grpc from '@grpc/grpc-js';
 import protoLoader from '@grpc/proto-loader';
 
+import fixtures from '../fixtures.js';
+
+const options = {
+  tls: {
+    type: 'boolean',
+    default: false,
+  },
+};
+
+const args = parseArgs({ options });
+
 const logsServiceProtoPath = 'opentelemetry/proto/collector/logs/v1/logs_service.proto';
 const metricsServiceProtoPath = 'opentelemetry/proto/collector/metrics/v1/metrics_service.proto';
 const traceServiceProtoPath = 'opentelemetry/proto/collector/trace/v1/trace_service.proto';
@@ -210,7 +222,20 @@ async function startServer(cb) {
     },
   });
 
-  const credentials = grpc.ServerCredentials.createInsecure();
+  let credentials;
+  if (args.values.tls) {
+    const key =
+      fixtures.readKey(path.join('selfsigned-no-keycertsign', 'key.pem'));
+    const cert =
+      fixtures.readKey(path.join('selfsigned-no-keycertsign', 'cert.pem'));
+    credentials = grpc.ServerCredentials.createSsl(null, [{
+      cert_chain: cert,
+      private_key: key,
+    }], false); // False means no client-side authentication
+  } else {
+    credentials = grpc.ServerCredentials.createInsecure();
+  }
+
   return new Promise((resolve, reject) => {
     server.bindAsync('localhost:0', credentials, (err, port) => {
       server.start();