-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
e2e test for elasticsearch token propagation #1705
e2e test for elasticsearch token propagation #1705
Conversation
Codecov Report
@@ Coverage Diff @@
## master #1705 +/- ##
==========================================
- Coverage 98.36% 98.32% -0.05%
==========================================
Files 193 193
Lines 9358 9358
==========================================
- Hits 9205 9201 -4
- Misses 119 122 +3
- Partials 34 35 +1
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM - just some minor
.travis.yml
Outdated
@@ -75,6 +78,7 @@ script: | |||
- if [ "$CASSANDRA_INTEGRATION_TEST" == true ]; then bash ./scripts/travis/cassandra-integration-test.sh ; else echo 'skipping cassandra integration test'; fi | |||
- if [ "$HOTROD" == true ]; then bash ./scripts/travis/hotrod-integration-test.sh ; else echo 'skipping hotrod example'; fi | |||
- if [ "$PROTO_GEN_TEST" == true ]; then make proto PROTOC=$HOME/protoc/bin/protoc && git diff --name-status --exit-code ; else echo 'skipping protoc validation'; fi | |||
- if [ "TOKEN_INTEGRATION_TEST" == true ]; then bash ./scripts/travis/token-integration-test.sh ; else echo 'skipping protoc validation'; fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Message should be "skipping token propagation test".
.travis.yml
Outdated
@@ -36,6 +36,9 @@ matrix: | |||
- go: "1.12.1" | |||
env: | |||
- HOTROD=true | |||
- go: "1.12.1" | |||
env: | |||
- TOKEN_INTEGRATION_TEST=true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would prefer it to be called TOKEN_PROPAGATION_TEST
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll integrate into ES tests as @pavolloffay suggested.
const bearerToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZG1pbiIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI" | ||
const bearerHeader = "Bearer " + bearerToken | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Remove two lines.
} | ||
stop := &sync.WaitGroup{} | ||
|
||
go MockingESEToken(t, stop) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this need to be a goroutine?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I need to have this running in background mocking the ES, if I don't do this in a goroutine the function will run indefinitely listen on 9200 port, and the next section of the test won't be executed.
To keep the number of jobs low, could we add this test to |
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
// +build token_propagation |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: add a space before so it's better visible
9c86e36
to
5ee958c
Compare
.travis.yml
Outdated
@@ -63,6 +63,9 @@ install: | |||
curl -L https://github.com/google/protobuf/releases/download/v3.6.1/protoc-3.6.1-linux-x86_64.zip -o /tmp/protoc.zip | |||
unzip /tmp/protoc.zip -d "$HOME"/protoc | |||
fi | |||
- rm -rf ~/.nvm && git clone https://github.com/creationix/nvm.git ~/.nvm && (cd ~/.nvm && git checkout `git describe --abbrev=0 --tags`) && source ~/.nvm/nvm.sh && nvm install 8.16.0 | |||
- npm install | |||
- curl -o- -L https://yarnpkg.com/install.sh | bash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why do we need this unconditionally in all matrix runs? It's only needed for steps where the UI is built, and I think it's already being installed there
Makefile
Outdated
@@ -103,6 +103,11 @@ index-cleaner-integration-test: docker-images-elastic | |||
go clean -testcache | |||
bash -c "set -e; set -o pipefail; $(GOTEST) -tags index_cleaner $(STORAGE_PKGS) | $(COLORIZE)" | |||
|
|||
.PHONY: token-propagation-integration-test | |||
query-integration-test: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
target names don't match
@@ -9,3 +9,14 @@ STORAGE=elasticsearch make storage-integration-test | |||
make index-cleaner-integration-test | |||
|
|||
docker kill $CID | |||
|
|||
make build-ui |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why does this need the UI? It should only need query service API
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I received errors when I tried to compile the query service alone,.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we build query service for crossdock using a mock UI, check that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll check it, Thanks!
req.Header.Add(testCase.headerName, testCase.headerValue) | ||
assert.NoError(t, err) | ||
client := &http.Client{} | ||
_, err = client.Do(req) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is a valid test, the query service can simply ignore the tokens, the test is not validating anything.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you mean? If query service ignore the token, the handler in the elasticsearch mocker won't received it and the test will fail.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but the ESMock doesn't return any sensible results, the query service will fail anyway
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ha sure, I'm not validating if the query service returns results or not, I only validate that the token is being propagated to the ES storage. I of course can implement a better mock of ES if you think we need to validate the query reply
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Due to the nature of the e2e tests I decided to follow your recommendation, now I returned an empty result if with an http 200 if the token was received with mocked ES, and 403 (forbidden http) otherwise.
So the test validates that the query service propagated the token correctly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the test better now?
b744067
to
aab79fe
Compare
0265690
to
8511d74
Compare
3ebf761
to
a39956c
Compare
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) | ||
} | ||
|
||
func CreateElasticSearchMock(srv *http.Server, t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
private? should not be capitalized
} | ||
} | ||
|
||
func Test_bearTokenPropagation(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TestBearerTokenPropagation
// Ask for services query, this should return 200 | ||
req, err := http.NewRequest("GET", queryUrl, nil) | ||
req.Header.Add(testCase.headerName, testCase.headerValue) | ||
assert.NoError(t, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move one line above. Should use require
instead of assert
since you can't continue the test on error
assert.NoError(t, err) | ||
client := &http.Client{} | ||
resp, err := client.Do(req) | ||
// Should not have errors. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
redundant comment
client := &http.Client{} | ||
resp, err := client.Do(req) | ||
// Should not have errors. | ||
assert.Nil(t, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
assert.NoError
} | ||
} | ||
|
||
srv.Shutdown(context.Background()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move to next line after creating a server and invoke via defer
, to keep housekeeping logic together
de4e4fc
to
ef3302c
Compare
Signed-off-by: Ruben Vargas <ruben.vp8510@gmail.com>
ef3302c
to
628d228
Compare
Ok, I addressed all comments, @yurishkuro thanks for the review! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Signed-off-by: Ruben Vargas ruben.vp8510@gmail.com
Which problem is this PR solving?
Short description of the changes