API refactor: Add integration tests for admin RPCs #1730
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MarcosDY
requested review from
amartinezfayo,
APTy,
azdagron,
evan2645 and
mcpherrinm
as code owners
MarcosDY
changed the title
MarcosDY
force-pushed
the
api-refactor-admin-its
branch
2 times, most recently
from
760d68b
to
23e93b4
Compare
| case err != nil: | ||
| return err | ||
| case time.Unix(resp.Svid.ExpiresAt, 0).Before(time.Now()): | ||
| return errors.New("invalid expiredAt") |
There was a problem hiding this comment.
Suggested change
| return errors.New("invalid expiredAt") | |
| return errors.New("invalid ExpiresAt") |
| claimsMap := make(map[string]interface{}) | ||
| err = token.UnsafeClaimsWithoutVerification(&claimsMap) | ||
| if err != nil { | ||
| return fmt.Errorf("failed to claims: %v", err) |
There was a problem hiding this comment.
Suggested change
| return fmt.Errorf("failed to claims: %v", err) | |
| return fmt.Errorf("claims verification failed: %v", err) |
| case len(r.Bundle.X509Authorities) == 0: | ||
| return errors.New("missing X509 authorities") | ||
| case !containsX509Certificate(r.Bundle.X509Authorities, blk.Bytes): | ||
| return errors.New("no x509 authority") |
There was a problem hiding this comment.
Suggested change
| return errors.New("no x509 authority") | |
| return errors.New("no X509 authority") |
| case !containsX509Certificate(r.Bundle.X509Authorities, blk.Bytes): | ||
| return errors.New("no x509 authority") | ||
| case !containsJWTKey(r.Bundle.JwtAuthorities, jwtKey): | ||
| return errors.New("no jwt key") |
There was a problem hiding this comment.
Suggested change
| return errors.New("no jwt key") | |
| return errors.New("no JWT key") |
| case len(r.Bundle.JwtAuthorities) == 0: | ||
| return errors.New("missing JWT authorities") | ||
| case len(r.Bundle.X509Authorities) != 0: | ||
| return errors.New("unexpected x509 authorities") |
There was a problem hiding this comment.
Suggested change
| return errors.New("unexpected x509 authorities") | |
| return errors.New("unexpected X509 authorities") |
|
|
||
| for _, e := range resp.Entries { | ||
| if !containsFunc(e.SpiffeId) { | ||
| return fmt.Errorf("unexpected entry: %v", e.Id) |
There was a problem hiding this comment.
Suggested change
| return fmt.Errorf("unexpected entry: %v", e.Id) | |
| return fmt.Errorf("unexpected entry: %v", e) |
| case r.Status.Code != int32(codes.OK): | ||
| return fmt.Errorf("unexpected status: %v", r.Status) | ||
| case r.Id != entryID: | ||
| return fmt.Errorf("unexpected entryID: %v", r.Id) |
There was a problem hiding this comment.
Suggested change
| return fmt.Errorf("unexpected entryID: %v", r.Id) | |
| return fmt.Errorf("unexpected entry: %v", r) |
| return errors.New("missing token") | ||
| } | ||
|
|
||
| // Set agentID that will be used in another tests |
There was a problem hiding this comment.
Suggested change
| // Set agentID that will be used in another tests | |
| // Set agentID that will be used in other tests |
| // Create CSR | ||
| csr, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{}, key) | ||
| if err != nil { | ||
| return fmt.Errorf("fails to create CSR: %v", err) |
There was a problem hiding this comment.
Suggested change
| return fmt.Errorf("fails to create CSR: %v", err) | |
| return fmt.Errorf("failed to create CSR: %v", err) |
|
|
||
| ## Description | ||
|
|
||
| This suite validates access to experimental admin endpoints |
There was a problem hiding this comment.
Since we are not validating only access, this does't seem to be completely accurate
Suggested change
| This suite validates access to experimental admin endpoints | |
| This suite validates the experimental endpoints that require an admin X509-SVID |
dfeldman
reviewed
Jul 23, 2020
|
|
||
| DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" | ||
|
|
||
| cd "${DIR}" && GOOS=linux go build -o $1 |
There was a problem hiding this comment.
Can you please add CGO_ENABLED=0 to this? It makes it easier to do development since you can compile outside Docker and run inside Docker (alpine)
marcosy
reviewed
Jul 23, 2020
| -ttl 0 | ||
| check-synced-entry "spire-agent" "spiffe://domain.test/admin" | ||
|
|
||
| log-debug "creating admin registration entry..." |
There was a problem hiding this comment.
The message seems duplicated from the previous log line. Maybe:
Suggested change
| log-debug "creating admin registration entry..." | |
| log-debug "creating non admin registration entry..." |
or
Suggested change
| log-debug "creating admin registration entry..." | |
| log-debug "creating regular registration entry..." |
| ca_ttl = "1h" | ||
| default_svid_ttl = "10m" | ||
| experimental { | ||
| enable_api = true |
There was a problem hiding this comment.
Just for clarifying... why does the server configuration file has the experimental API enabled and the agent configuration file does not have it? Not sure if it was intended
There was a problem hiding this comment.
we dont use agent to run this test we use it only to fetch svids on client, and using regular workload api that is compatible with go-spiffe
Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
MarcosDY
force-pushed
the
api-refactor-admin-its
branch
from
0a0ddd4
to
c0479af
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add integration tests for admin RPCs