Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adapt ambient OIDC tests to support interactive flow for local testing #576

Merged
merged 10 commits into from
Mar 23, 2023
Merged

Adapt ambient OIDC tests to support interactive flow for local testing #576

merged 10 commits into from
Mar 23, 2023

Conversation

tnytown
Copy link
Collaborator

@tnytown tnytown commented Mar 22, 2023

Summary

Introduces a new Makefile target test-oidc. This runs ambient OIDC tests with tokens from sigstore get-identity-token.

Partially fixes #570.

@tnytown
test_sign: support tokens from interactive flow
164d997 
Signed-off-by: Andrew Pan <a@tny.town>
@tnytown
Makefile: test-oidc target for interactive flow
96dbb2b 
Signed-off-by: Andrew Pan <a@tny.town>
@tnytown tnytown added component:tests Unit and integration tests safe to test labels Mar 22, 2023
@tnytown tnytown marked this pull request as draft March 22, 2023 21:30
@tnytown
test_sign: remove redundant parameters
e3ca08f 
Signed-off-by: Andrew Pan <a@tny.town>
@tnytown
conftest: reformat
9d48b24 
Signed-off-by: Andrew Pan <a@tny.town>
@tnytown tnytown marked this pull request as ready for review March 22, 2023 21:36
@tnytown tnytown requested a review from woodruffw March 22, 2023 21:37
@tnytown
CHANGELOG: blurb
2441ef5 
Signed-off-by: Andrew Pan <a@tny.town>
woodruffw
woodruffw reviewed Mar 22, 2023
View reviewed changes
Makefile Outdated
Comment on lines 86 to 90
.PHONY: test-oidc
test-oidc: TEST_ENV += \
SIGSTORE_IDENTITY_TOKEN_production=$$($(MAKE) -s run ARGS="get-identity-token") \
SIGSTORE_IDENTITY_TOKEN_staging=$$($(MAKE) -s run ARGS="--staging get-identity-token")
test-oidc: test
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Let's name this test-interactive, to emphasize that it'll require user interaction.

woodruffw
woodruffw reviewed Mar 22, 2023
View reviewed changes
sigstore/oidc.py
Comment on lines -128 to +134
print("Waiting for browser interaction...")
print("Waiting for browser interaction...", file=sys.stderr)
else:
server.enable_oob()
print(
f"Go to the following link in a browser:\n\n\t{server.auth_endpoint}"
f"Go to the following link in a browser:\n\n\t{server.auth_endpoint}",
file=sys.stderr,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@woodruffw
Copy link
Member

Let's also document this new make target in the CONTRIBUTING.md, as another test entrypoint.

@tnytown
Implement suggestions from code review
485403c 
Signed-off-by: Andrew Pan <a@tny.town>
@tnytown tnytown requested a review from woodruffw March 22, 2023 22:24
@tnytown
conftest: sp
0a7330b 
Signed-off-by: Andrew Pan <a@tny.town>
@tnytown tnytown self-assigned this Mar 23, 2023
woodruffw
woodruffw previously approved these changes Mar 23, 2023
View reviewed changes
Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. get-identity-token should also work automatically with ambient credentials, so it might be good to add another test job in CI that makes sure we don't accidentally regress the make test-interactive target.

@tnytown
workflows/ci: run test-interactive
db04ae5 
Signed-off-by: Andrew Pan <a@tny.town>
@tnytown tnytown requested a review from woodruffw March 23, 2023 20:57
@tnytown
workflows/ci: only run interactive w/ oidc cred
f38465f 
Signed-off-by: Andrew Pan <a@tny.town>
@woodruffw woodruffw merged commit 7904283 into sigstore:main Mar 23, 2023
@woodruffw woodruffw deleted the andrew/issue/570 branch March 23, 2023 21:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woodruffw woodruffw woodruffw approved these changes

@tetsuo-cpp tetsuo-cpp Awaiting requested review from tetsuo-cpp

Assignees

@tnytown tnytown

Labels
component:tests Unit and integration tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Reduce our dependency on ambient OIDC tests for error cases
2 participants
@tnytown @woodruffw