Skip to content

Add daemon default Unix socket TLS integration test #592

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
taniwha3 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add daemon default Unix socket TLS integration test #592

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5c304de
Add daemon default Unix socket TLS integration test
taniwha3 Nov 22, 2025
f9bee32
Merge branch 'main' into bind-and-accept-grpc-integration-test
dmah42 Nov 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
161 changes: 161 additions & 0 deletions auraed/tests/auraed_daemon_should_bind_runtime_unix_socket.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,161 @@
/* -------------------------------------------------------------------------- *\
* | █████╗ ██╗ ██╗██████╗ █████╗ ███████╗ | *
* | ██╔══██╗██║ ██║██╔══██╗██╔══██╗██╔════╝ | *
* | ███████║██║ ██║██████╔╝███████║█████╗ | *
* | ██╔══██║██║ ██║██╔══██╗██╔══██║██╔══╝ | *
* | ██║ ██║╚██████╔╝██║ ██║██║ ██║███████╗ | *
* | ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝ | *
* +--------------------------------------------+ *
* *
* Distributed Systems Runtime *
* -------------------------------------------------------------------------- *
* Copyright 2022 - 2024, the aurae contributors *
* SPDX-License-Identifier: Apache-2.0 *
\* -------------------------------------------------------------------------- */

mod common;

use crate::common::tls::{TlsMaterial, generate_server_and_client_tls};
use client::discovery::discovery_service::DiscoveryServiceClient;
use client::{AuraeConfig, AuraeSocket, AuthConfig, Client, SystemConfig};
use proto::discovery::DiscoverRequest;
use std::{
fs::OpenOptions,
os::unix::fs::{FileTypeExt, PermissionsExt},
path::Path,
process::{Child, Command, Stdio},
time::Duration,
};
use test_helpers::*;
use test_helpers_macros::shared_runtime_test;
use tokio::time::sleep;

#[shared_runtime_test]
async fn auraed_daemon_default_should_bind_runtime_unix_socket_and_accept_grpc()
{
skip_if_not_root!(
"auraed_daemon_default_should_bind_runtime_unix_socket_and_accept_grpc"
);
skip_if_seccomp!(
"auraed_daemon_default_should_bind_runtime_unix_socket_and_accept_grpc"
);

let tempdir = tempfile::tempdir().expect("tempdir");
let runtime_dir = tempdir.path().join("runtime");
let library_dir = tempdir.path().join("library");
std::fs::create_dir_all(&runtime_dir).expect("runtime dir");
std::fs::create_dir_all(&library_dir).expect("library dir");

let tls_dir = tempdir.path().join("pki");
std::fs::create_dir_all(&tls_dir).expect("pki dir");
let tls = generate_server_and_client_tls(&tls_dir);

let log_path = tempdir.path().join("auraed.log");
let auraed_child =
spawn_auraed_daemon(&runtime_dir, &library_dir, &log_path, &tls);
let mut guard = common::ChildGuard::new(auraed_child);

wait_for_default_socket(
&runtime_dir,
&log_path,
guard.child_mut().expect("auraed child"),
)
.await;

let socket_path = runtime_dir.join("aurae.sock");
let client_config = AuraeConfig {
auth: AuthConfig {
ca_crt: tls.ca_crt.to_string_lossy().into_owned(),
client_crt: tls
.client_crt
.as_ref()
.expect("client crt")
.to_string_lossy()
.into_owned(),
client_key: tls
.client_key
.as_ref()
.expect("client key")
.to_string_lossy()
.into_owned(),
},
system: SystemConfig { socket: AuraeSocket::Path(socket_path.into()) },
};

let client =
Client::new(client_config).await.expect("TLS client over Unix socket");
let _ = client
.discover(DiscoverRequest {})
.await
.expect("discover should succeed on default Unix socket");
}

fn spawn_auraed_daemon(
runtime_dir: &Path,
library_dir: &Path,
log_path: &Path,
tls: &TlsMaterial,
) -> Child {
let log = OpenOptions::new()
.create(true)
.append(true)
.open(log_path)
.expect("open log file");

Command::new(env!("CARGO_BIN_EXE_auraed"))
.arg("--runtime-dir")
.arg(runtime_dir)
.arg("--library-dir")
.arg(library_dir)
.arg("--ca-crt")
.arg(&tls.ca_crt)
.arg("--server-crt")
.arg(&tls.server_crt)
.arg("--server-key")
.arg(&tls.server_key)
.stdout(Stdio::from(log.try_clone().expect("clone log file")))
.stderr(Stdio::from(log))
.spawn()
.expect("spawn auraed")
}

async fn wait_for_default_socket(
runtime_dir: &Path,
log_path: &Path,
child: &mut Child,
) {
let socket_path = runtime_dir.join("aurae.sock");
let deadline = tokio::time::Instant::now() + Duration::from_secs(20);

while tokio::time::Instant::now() < deadline {
if let Some(status) = child.try_wait().expect("check child status") {
let logs = std::fs::read_to_string(log_path).unwrap_or_default();
panic!("auraed exited early with status {status:?}. logs:\n{logs}");
}

if socket_path.exists() {
let meta = std::fs::symlink_metadata(&socket_path)
.expect("metadata for socket");
assert!(
meta.file_type().is_socket(),
"expected {:?} to be a Unix socket",
socket_path
);
let mode = meta.permissions().mode() & 0o777;
assert_eq!(
mode, 0o766,
"expected socket mode 0o766, got {:o}",
mode
);
return;
}

sleep(Duration::from_millis(100)).await;
}

let logs = std::fs::read_to_string(log_path).unwrap_or_default();
panic!(
"socket {:?} not ready within 20s. auraed logs:\n{}",
socket_path, logs
);
}
5 changes: 5 additions & 0 deletions auraed/tests/common/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,11 @@ impl ChildGuard {
pub fn new(child: std::process::Child) -> Self {
Self { child: Some(child) }
}

#[allow(dead_code)]
pub fn child_mut(&mut self) -> Option<&mut std::process::Child> {
self.child.as_mut()
}
}

impl Drop for ChildGuard {
Expand Down