From 3ed9ae7e19f2655c286c1f0d1a75426485f71685 Mon Sep 17 00:00:00 2001
From: ZhenLian <zhenlian@google.com>
Date: Wed, 20 May 2020 22:50:59 -0700
Subject: [PATCH] make test applicable only to >= go1.10

---
 credentials/credentials_go10_test.go | 149 +++++++++++++++++++++++++++
 credentials/credentials_test.go      | 123 ----------------------
 credentials/go10.go                  |   4 +-
 3 files changed, 151 insertions(+), 125 deletions(-)
 create mode 100644 credentials/credentials_go10_test.go

diff --git a/credentials/credentials_go10_test.go b/credentials/credentials_go10_test.go
new file mode 100644
index 00000000000..288692fbb8f
--- /dev/null
+++ b/credentials/credentials_go10_test.go
@@ -0,0 +1,149 @@
+// +build go1.10
+
+/*
+ *
+ * Copyright 2020 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package credentials
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"net/url"
+	"testing"
+)
+
+func (s) TestParseSpiffeID(t *testing.T) {
+	tests := []struct {
+		name string
+		urls []*url.URL
+		// If we expect ParseSpiffeID to return an error.
+		expectError bool
+		// If we expect TLSInfo.SpiffeID to be plumbed.
+		expectID bool
+	}{
+		{
+			name:        "empty URIs",
+			urls:        []*url.URL{},
+			expectError: false,
+			expectID:    false,
+		},
+		{
+			name: "good SPIFFE ID",
+			urls: []*url.URL{
+				{
+					Scheme:  "spiffe",
+					Host:    "foo.bar.com",
+					Path:    "workload/wl1",
+					RawPath: "workload/wl1",
+				},
+				{
+					Scheme:  "https",
+					Host:    "foo.bar.com",
+					Path:    "workload/wl1",
+					RawPath: "workload/wl1",
+				},
+			},
+			expectError: false,
+			expectID:    true,
+		},
+		{
+			name: "invalid host",
+			urls: []*url.URL{
+				{
+					Scheme:  "spiffe",
+					Host:    "",
+					Path:    "workload/wl1",
+					RawPath: "workload/wl1",
+				},
+			},
+			expectError: true,
+			expectID:    false,
+		},
+		{
+			name: "invalid path",
+			urls: []*url.URL{
+				{
+					Scheme:  "spiffe",
+					Host:    "foo.bar.com",
+					Path:    "",
+					RawPath: "",
+				},
+			},
+			expectError: true,
+			expectID:    false,
+		},
+		{
+			name: "large path",
+			urls: []*url.URL{
+				{
+					Scheme:  "spiffe",
+					Host:    "foo.bar.com",
+					Path:    string(make([]byte, 2050)),
+					RawPath: string(make([]byte, 2050)),
+				},
+			},
+			expectError: true,
+			expectID:    false,
+		},
+		{
+			name: "large host",
+			urls: []*url.URL{
+				{
+					Scheme:  "spiffe",
+					Host:    string(make([]byte, 256)),
+					Path:    "workload/wl1",
+					RawPath: "workload/wl1",
+				},
+			},
+			expectError: true,
+			expectID:    false,
+		},
+		{
+			name: "multiple SPIFFE IDs",
+			urls: []*url.URL{
+				{
+					Scheme:  "spiffe",
+					Host:    "foo.bar.com",
+					Path:    "workload/wl1",
+					RawPath: "workload/wl1",
+				},
+				{
+					Scheme:  "spiffe",
+					Host:    "bar.baz.com",
+					Path:    "workload/wl2",
+					RawPath: "workload/wl2",
+				},
+			},
+			expectError: false,
+			expectID:    false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			info := TLSInfo{
+				State: tls.ConnectionState{PeerCertificates: []*x509.Certificate{{URIs: tt.urls}}}}
+			err := info.ParseSpiffeID()
+			if got, want := err != nil, tt.expectError; got != want {
+				t.Errorf("want expectError = %v, but got expectError = %v, with error %v", want, got, err)
+			}
+			if got, want := info.SpiffeID != nil, tt.expectID; got != want {
+				t.Errorf("want expectID = %v, but spiffe ID is %v", want, info.SpiffeID)
+			}
+		})
+	}
+}
diff --git a/credentials/credentials_test.go b/credentials/credentials_test.go
index 843b99acee3..c2a31628192 100644
--- a/credentials/credentials_test.go
+++ b/credentials/credentials_test.go
@@ -21,9 +21,7 @@ package credentials
 import (
 	"context"
 	"crypto/tls"
-	"crypto/x509"
 	"net"
-	"net/url"
 	"reflect"
 	"strings"
 	"testing"
@@ -364,124 +362,3 @@ func (s) TestAppendH2ToNextProtos(t *testing.T) {
 		})
 	}
 }
-
-func (s) TestParseSpiffeID(t *testing.T) {
-	tests := []struct {
-		name string
-		urls []*url.URL
-		// If we expect ParseSpiffeID to return an error.
-		expectError bool
-		// If we expect TLSInfo.SpiffeID to be plumbed.
-		expectID bool
-	}{
-		{
-			name:        "empty URIs",
-			urls:        []*url.URL{},
-			expectError: false,
-			expectID:    false,
-		},
-		{
-			name: "good SPIFFE ID",
-			urls: []*url.URL{
-				{
-					Scheme:  "spiffe",
-					Host:    "foo.bar.com",
-					Path:    "workload/wl1",
-					RawPath: "workload/wl1",
-				},
-				{
-					Scheme:  "https",
-					Host:    "foo.bar.com",
-					Path:    "workload/wl1",
-					RawPath: "workload/wl1",
-				},
-			},
-			expectError: false,
-			expectID:    true,
-		},
-		{
-			name: "invalid host",
-			urls: []*url.URL{
-				{
-					Scheme:  "spiffe",
-					Host:    "",
-					Path:    "workload/wl1",
-					RawPath: "workload/wl1",
-				},
-			},
-			expectError: true,
-			expectID:    false,
-		},
-		{
-			name: "invalid path",
-			urls: []*url.URL{
-				{
-					Scheme:  "spiffe",
-					Host:    "foo.bar.com",
-					Path:    "",
-					RawPath: "",
-				},
-			},
-			expectError: true,
-			expectID:    false,
-		},
-		{
-			name: "large path",
-			urls: []*url.URL{
-				{
-					Scheme:  "spiffe",
-					Host:    "foo.bar.com",
-					Path:    string(make([]byte, 2050)),
-					RawPath: string(make([]byte, 2050)),
-				},
-			},
-			expectError: true,
-			expectID:    false,
-		},
-		{
-			name: "large host",
-			urls: []*url.URL{
-				{
-					Scheme:  "spiffe",
-					Host:    string(make([]byte, 256)),
-					Path:    "workload/wl1",
-					RawPath: "workload/wl1",
-				},
-			},
-			expectError: true,
-			expectID:    false,
-		},
-		{
-			name: "multiple SPIFFE IDs",
-			urls: []*url.URL{
-				{
-					Scheme:  "spiffe",
-					Host:    "foo.bar.com",
-					Path:    "workload/wl1",
-					RawPath: "workload/wl1",
-				},
-				{
-					Scheme:  "spiffe",
-					Host:    "bar.baz.com",
-					Path:    "workload/wl2",
-					RawPath: "workload/wl2",
-				},
-			},
-			expectError: false,
-			expectID:    false,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			info := TLSInfo{
-				State: tls.ConnectionState{PeerCertificates: []*x509.Certificate{{URIs: tt.urls}}}}
-			err := info.ParseSpiffeID()
-			if got, want := err != nil, tt.expectError; got != want {
-				t.Errorf("want expectError = %v, but got expectError = %v, with error %v", want, got, err)
-			}
-			if got, want := info.SpiffeID != nil, tt.expectID; got != want {
-				t.Errorf("want expectID = %v, but spiffe ID is %v", want, info.SpiffeID)
-			}
-		})
-	}
-}
diff --git a/credentials/go10.go b/credentials/go10.go
index 11ad95ff7a4..23886c4372c 100644
--- a/credentials/go10.go
+++ b/credentials/go10.go
@@ -60,10 +60,10 @@ func (t *TLSInfo) ParseSpiffeID() error {
 	}
 	if spiffeIDCnt == 1 {
 		t.SpiffeID = &spiffeID
-	} else {
+	} else if spiffeIDCnt > 1 {
 		// A standard SPIFFE ID should be unique. If there are more, we log this
 		// mis-behavior and not plumb any of them.
-		grpclog.Info("invalid SPIFFE ID: multiple SPIFFE IDs")
+		grpclog.Warning("invalid SPIFFE ID: multiple SPIFFE IDs")
 	}
 	return nil
 }