Add PQC base system test#5442
Conversation
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a suite of system-level tests designed to ensure that the device under test (DUT) correctly handles and supports Post-Quantum Cryptography (PQC) protocols. By utilizing a custom gRPC dialer with specific TLS curve preferences, the tests verify that secure connections can be established across various management and control plane interfaces. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
Pull Request Functional Test Report for #5442 / 1cd8768Virtual Devices
Hardware Devices
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds a new test file to verify Post-Quantum Cryptography (PQC) protocol support for gNMI, gNOI, gNSI, gRIBI, and P4RT services. The reviewer provided several improvement opportunities, including adhering to the repository style guide by implementing TestMain and setupEnvironment, simplifying the logic for handling non-standard gRPC ports, and replacing deprecated gRPC functions. There is also a recommendation to use t.Fatalf for better error handling in the gNSI test.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
…update PQC protocol test to use grpc.NewClient.
marcushines
force-pushed
the
hines1
branch
2 times, most recently
from
02bc85e to
8d86dc1
Compare
| | service-1.6 | gNMI PQC client | gNMI Get works | | ||
| | service-1.7 | gNOI PQC client | gNOI system Time works | | ||
| | service-1.8 | gNSI PQC client | gNSI authz Get works | | ||
| | service-1.9 | gRIBI PQC client | gRIBI Get works | | ||
| | service-1.10 | p4rt PQC client | P4RT Capabilities works | |
There was a problem hiding this comment.
For the description here, can we call out that these are specifically for PQC-algorithms or just differentiate them somehow from the ones that above?
| | service-1.3 | gNSI client | gNSI authz Get works | | ||
| | service-1.4 | gRIBI client | gRIBI Get works | | ||
| | service-1.5 | p4rt client | P4RT Capabilities works | | ||
| | service-1.6 | gNMI PQC client | gNMI Get works | |
There was a problem hiding this comment.
Can you add these to the testregistry.textproto at the root of the repo please?
|
|
||
| ## OpenConfig Path and RPC Coverage | ||
|
|
||
| ## OpenConfig Path and RPC Coverage |
There was a problem hiding this comment.
Do we need this heading to be repeated?
| | service-1.8 | gNSI PQC client | gNSI authz Get works | | ||
| | service-1.9 | gRIBI PQC client | gRIBI Get works | | ||
| | service-1.10 | p4rt PQC client | P4RT Capabilities works | | ||
|
|
There was a problem hiding this comment.
It'd be useful to have some verbiage in the README that describes what the PQC tests do differently to the base tests.
| // Custom TLS config for PQC | ||
| tlsConfig := &tls.Config{ | ||
| InsecureSkipVerify: true, | ||
| CurvePreferences: []tls.CurveID{tls.X25519MLKEM768, tls.X25519, tls.CurveP256}, |
There was a problem hiding this comment.
Did you consider just adding a parameter to the existing dialConn in system_g_protocol_test.go that takes the CurvePreferences or the tls.Config so that we don't duplicate the whole fn?
There was a problem hiding this comment.
If you did this, you could probably make it such that you just have a table-driven test for each of the existing TestXXX functions with the different parameters.
6 participants
No description provided.