[FAB-8061] Update grpc-go to latest version

Update to grpc-go 1.10.0

We were several releases behind and there were
changes in behavior and some APIs which required
tweaking production and test code

Change-Id: I86bc6cd170b5a07777c11db485bb86fdc73e495a
Signed-off-by: Gari Singh <gari.r.singh@gmail.com>

Author: mastersingh24

Gopkg.lock

@@ -140,7 +140,7 @@ required = [
 
 [[constraint]]
   name = "google.golang.org/grpc"
-  version = "=1.5.2"
+  version = "=1.10.0"
 
 [[constraint]]
   name = "gopkg.in/alecthomas/kingpin.v2"

Gopkg.toml

@@ -172,7 +172,7 @@ func TestAccessControl(t *testing.T) {
 	// Create an attacker without a TLS certificate
 	_, err = newClient(t, 7052, nil, ca.CertBytes())
 	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "tls: bad certificate")
+	assert.Contains(t, err.Error(), "context deadline exceeded")
 
 	// Create an attacker with its own TLS certificate
 	maliciousCA, _ := NewCA()
@@ -181,7 +181,7 @@ func TestAccessControl(t *testing.T) {
 	assert.NoError(t, err)
 	_, err = newClient(t, 7052, &cert, ca.CertBytes())
 	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "tls: bad certificate")
+	assert.Contains(t, err.Error(), "context deadline exceeded")
 
 	// Create a chaincode for example01 that tries to impersonate example02
 	kp, err := auth.Generate("example01")

core/chaincode/accesscontrol/access_test.go

@@ -89,5 +89,5 @@ func TestTLSCA(t *testing.T) {
 	assert.NoError(t, err)
 	err = probeTLS(kp)
 	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "tls: bad certificate")
+	assert.Contains(t, err.Error(), "context deadline exceeded")
 }

core/chaincode/accesscontrol/ca_test.go

@@ -220,7 +220,7 @@ func TestNewConnection(t *testing.T) {
 			serverTLS: &tls.Config{
 				Certificates: []tls.Certificate{testServerCert}},
 			success:  false,
-			errorMsg: "certificate signed by unknown authority",
+			errorMsg: "context deadline exceeded",
 		},
 		{
 			name:       "client TLS / server TLS missing client cert",
@@ -237,7 +237,7 @@ func TestNewConnection(t *testing.T) {
 				Certificates: []tls.Certificate{testServerCert},
 				ClientAuth:   tls.RequireAndVerifyClientCert},
 			success:  false,
-			errorMsg: "bad certificate",
+			errorMsg: "context deadline exceeded",
 		},
 		{
 			name:       "client TLS / server TLS client cert",

core/comm/client_test.go

@@ -40,10 +40,15 @@ var (
 		tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
 		tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
 	}
+	// default connection timeout
+	DefaultConnectionTimeout = 5 * time.Second
 )
 
 // ServerConfig defines the parameters for configuring a GRPCServer instance
 type ServerConfig struct {
+	// ConnectionTimeout specifies the timeout for connection establishment
+	// for all new connections
+	ConnectionTimeout time.Duration
 	// SecOpts defines the security parameters
 	SecOpts *SecureOptions
 	// KaOpts defines the keepalive parameters

core/comm/config.go

@@ -14,6 +14,7 @@ import (
 )
 
 func TestConfig(t *testing.T) {
+	t.Parallel()
 	// check the defaults
 	assert.EqualValues(t, maxRecvMsgSize, MaxRecvMsgSize())
 	assert.EqualValues(t, maxSendMsgSize, MaxSendMsgSize())

core/comm/config_test.go

@@ -282,6 +282,7 @@ func newServer(org string, port int) *srv {
 		panic(fmt.Errorf("Failed listening on port %d: %v", port, err))
 	}
 	gSrv, err := NewGRPCServerFromListener(l, ServerConfig{
+		ConnectionTimeout: 250 * time.Millisecond,
 		SecOpts: &SecureOptions{
 			Certificate: certs["server.crt"],
 			Key:         certs["server.key"],
@@ -338,14 +339,14 @@ func testInvoke(t *testing.T, channelID string, s *srv, shouldSucceed bool) {
 	assert.NoError(t, err)
 	endpoint := fmt.Sprintf("localhost:%d", s.port)
 	ctx := context.Background()
-	ctx, _ = context.WithTimeout(ctx, time.Second*3)
+	ctx, _ = context.WithTimeout(ctx, 1*time.Second)
 	conn, err := grpc.DialContext(ctx, endpoint, grpc.WithTransportCredentials(creds), grpc.WithBlock())
 	if shouldSucceed {
 		assert.NoError(t, err)
 		defer conn.Close()
 	} else {
 		assert.Error(t, err)
-		assert.Contains(t, err.Error(), "certificate signed by unknown authority")
+		assert.Contains(t, err.Error(), "context deadline exceeded")
 		return
 	}
 	client := testpb.NewTestServiceClient(conn)

core/comm/connection_test.go

@@ -17,6 +17,7 @@ import (
 )
 
 func TestCreds(t *testing.T) {
+	t.Parallel()
 	var creds credentials.TransportCredentials
 	creds = comm.NewServerTransportCredentials(&tls.Config{})
 	_, _, err := creds.ClientHandshake(nil, "", nil)

core/comm/creds_test.go

@@ -16,13 +16,15 @@ import (
 )
 
 func TestEmptyEndpoints(t *testing.T) {
+	t.Parallel()
 	noopFactory := func(endpoint string) (*grpc.ClientConn, error) {
 		return nil, nil
 	}
 	assert.Nil(t, NewConnectionProducer(noopFactory, []string{}))
 }
 
 func TestConnFailures(t *testing.T) {
+	t.Parallel()
 	conn2Endpoint := make(map[string]string)
 	shouldConnFail := map[string]bool{
 		"a": true,
@@ -70,6 +72,7 @@ func TestConnFailures(t *testing.T) {
 }
 
 func TestUpdateEndpoints(t *testing.T) {
+	t.Parallel()
 	conn2Endpoint := make(map[string]string)
 	connFactory := func(endpoint string) (*grpc.ClientConn, error) {
 		conn := &grpc.ClientConn{}
@@ -97,6 +100,7 @@ func TestUpdateEndpoints(t *testing.T) {
 }
 
 func TestDisableEndpoint(t *testing.T) {
+	t.Parallel()
 	orgEndpointDisableInterval := EndpointDisableInterval
 	EndpointDisableInterval = time.Millisecond * 100
 	defer func() { EndpointDisableInterval = orgEndpointDisableInterval }()

core/comm/producer_test.go

@@ -122,6 +122,13 @@ func NewGRPCServerFromListener(listener net.Listener, serverConfig ServerConfig)
 	serverOpts = append(serverOpts, grpc.MaxRecvMsgSize(MaxRecvMsgSize()))
 	// set the keepalive options
 	serverOpts = append(serverOpts, ServerKeepaliveOptions(serverConfig.KaOpts)...)
+	// set connection timeout
+	if serverConfig.ConnectionTimeout <= 0 {
+		serverConfig.ConnectionTimeout = DefaultConnectionTimeout
+	}
+	serverOpts = append(
+		serverOpts,
+		grpc.ConnectionTimeout(serverConfig.ConnectionTimeout))
 
 	grpcServer.server = grpc.NewServer(serverOpts...)
 

core/comm/server.go

@@ -111,7 +111,11 @@ func (tss *testServiceServer) EmptyCall(context.Context, *testpb.Empty) (*testpb
 func invokeEmptyCall(address string, dialOptions []grpc.DialOption) (*testpb.Empty, error) {
 
 	//add DialOptions
-	dialOptions = append(dialOptions, grpc.WithBlock())
+	dialOptions = append(
+		dialOptions,
+		grpc.WithDefaultCallOptions(grpc.FailFast(true)),
+		grpc.FailOnNonTempDialError(true),
+		grpc.WithBlock())
 	ctx := context.Background()
 	ctx, _ = context.WithTimeout(ctx, timeout)
 	//create GRPC client conn
@@ -194,6 +198,7 @@ func (org *testOrg) testServers(port int, clientRootCAs [][]byte) []testServer {
 		testServer := testServer{
 			fmt.Sprintf("localhost:%d", port+i),
 			comm.ServerConfig{
+				ConnectionTimeout: 250 * time.Millisecond,
 				SecOpts: &comm.SecureOptions{
 					UseTLS:            true,
 					Certificate:       serverCert.certPEM,
@@ -575,6 +580,7 @@ func TestNewSecureGRPCServer(t *testing.T) {
 	t.Parallel()
 	testAddress := "localhost:9055"
 	srv, err := comm.NewGRPCServer(testAddress, comm.ServerConfig{
+		ConnectionTimeout: 250 * time.Millisecond,
 		SecOpts: &comm.SecureOptions{
 			UseTLS:      true,
 			Certificate: []byte(selfSignedCertPEM),
@@ -633,18 +639,22 @@ func TestNewSecureGRPCServer(t *testing.T) {
 		t.Log("GRPC client successfully invoked the EmptyCall service: " + testAddress)
 	}
 
-	// ensure that TLS 1.2 in required / enforced
-	for _, tlsVersion := range []uint16{tls.VersionSSL30, tls.VersionTLS10, tls.VersionTLS11} {
-		_, err = invokeEmptyCall(testAddress,
-			[]grpc.DialOption{grpc.WithTransportCredentials(
-				credentials.NewTLS(&tls.Config{
-					RootCAs:    certPool,
-					MinVersion: tlsVersion,
-					MaxVersion: tlsVersion,
-				}))})
-		t.Logf("TLSVersion [%d] failed with [%s]", tlsVersion, err)
-		assert.Error(t, err, "Should not have been able to connect with TLS version < 1.2")
-		assert.Contains(t, err.Error(), "protocol version not supported")
+	tlsVersions := []string{"SSL30", "TLS10", "TLS11"}
+	for counter, tlsVersion := range []uint16{tls.VersionSSL30, tls.VersionTLS10, tls.VersionTLS11} {
+		tlsVersion := tlsVersion
+		t.Run(tlsVersions[counter], func(t *testing.T) {
+			t.Parallel()
+			_, err = invokeEmptyCall(testAddress,
+				[]grpc.DialOption{grpc.WithTransportCredentials(
+					credentials.NewTLS(&tls.Config{
+						RootCAs:    certPool,
+						MinVersion: tlsVersion,
+						MaxVersion: tlsVersion,
+					}))})
+			t.Logf("TLSVersion [%d] failed with [%s]", tlsVersion, err)
+			assert.Error(t, err, "Should not have been able to connect with TLS version < 1.2")
+			assert.Contains(t, err.Error(), "context deadline exceeded")
+		})
 	}
 }
 
@@ -923,7 +933,11 @@ func runMutualAuth(t *testing.T, servers []testServer, trustedClients, unTrusted
 		//loop through all the untrusted clients
 		for k := 0; k < len(unTrustedClients); k++ {
 			//invoke the EmptyCall service
-			_, err = invokeEmptyCall(servers[i].address, []grpc.DialOption{grpc.WithTransportCredentials(credentials.NewTLS(unTrustedClients[k]))})
+			_, err = invokeEmptyCall(
+				servers[i].address,
+				[]grpc.DialOption{
+					grpc.WithTransportCredentials(
+						credentials.NewTLS(unTrustedClients[k]))})
 			//we expect failure from untrusted clients
 			if err != nil {
 				t.Logf("Untrusted client%d was correctly rejected by %s", k, servers[i].address)
@@ -1413,8 +1427,12 @@ func TestKeepaliveClientResponse(t *testing.T) {
 	defer srv.Stop()
 
 	// test that connection does not close with response to ping
-	clientTransport, err := transport.NewClientTransport(context.Background(),
-		transport.TargetInfo{Addr: testAddress}, transport.ConnectOptions{})
+	clientTransport, err := transport.NewClientTransport(
+		context.Background(),
+		context.Background(),
+		transport.TargetInfo{Addr: testAddress},
+		transport.ConnectOptions{},
+		func() {})
 	assert.NoError(t, err, "Unexpected error creating client transport")
 	defer clientTransport.Close()
 	// sleep past keepalive timeout
@@ -1469,7 +1487,7 @@ func TestUpdateTLSCert(t *testing.T) {
 	// bootstrap TLS certificate has a SAN of "notlocalhost" so it should fail
 	err = probeServer()
 	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "certificate is valid for notlocalhost.org1.example.com, notlocalhost, not localhost")
+	assert.Contains(t, err.Error(), "context deadline exceeded")
 
 	// new TLS certificate has a SAN of "localhost" so it should succeed
 	certPath := filepath.Join("testdata", "dynamic_cert_update", "localhost", "server.crt")
@@ -1488,7 +1506,7 @@ func TestUpdateTLSCert(t *testing.T) {
 	srv.SetServerCertificate(tlsCert)
 	err = probeServer()
 	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "certificate is valid for notlocalhost.org1.example.com, notlocalhost, not localhost")
+	assert.Contains(t, err.Error(), "context deadline exceeded")
 }
 
 func TestCipherSuites(t *testing.T) {

core/comm/server_test.go

@@ -28,6 +28,7 @@ import (
 )
 
 func TestExtractCertificateHashFromContext(t *testing.T) {
+	t.Parallel()
 	assert.Nil(t, comm.ExtractCertificateHashFromContext(context.Background()))
 
 	p := &peer.Peer{}
@@ -61,12 +62,14 @@ func (*nonTLSConnection) AuthType() string {
 }
 
 func TestBindingInspectorBadInit(t *testing.T) {
+	t.Parallel()
 	assert.Panics(t, func() {
 		comm.NewBindingInspector(false, nil)
 	})
 }
 
 func TestNoopBindingInspector(t *testing.T) {
+	t.Parallel()
 	extract := func(msg proto.Message) []byte {
 		return nil
 	}
@@ -77,6 +80,7 @@ func TestNoopBindingInspector(t *testing.T) {
 }
 
 func TestBindingInspector(t *testing.T) {
+	t.Parallel()
 	testAddress := "localhost:25000"
 	extract := func(msg proto.Message) []byte {
 		env, isEnvelope := msg.(*common.Envelope)
@@ -152,6 +156,7 @@ func (is *inspectingServer) inspect(envelope *common.Envelope) error {
 
 func newInspectingServer(addr string, inspector comm.BindingInspector) *inspectingServer {
 	srv, err := comm.NewGRPCServer(addr, comm.ServerConfig{
+		ConnectionTimeout: 250 * time.Millisecond,
 		SecOpts: &comm.SecureOptions{
 			UseTLS:      true,
 			Certificate: []byte(selfSignedCertPEM),