e2e test for elasticsearch token propagation #1705
Conversation
rubenvp8510
requested review from
black-adder,
jpkrohling,
objectiser,
pavolloffay,
tiffon,
vprithvi and
yurishkuro
as code owners
Codecov Report
@@ Coverage Diff @@
## master #1705 +/- ##
==========================================
- Coverage 98.36% 98.32% -0.05%
==========================================
Files 193 193
Lines 9358 9358
==========================================
- Hits 9205 9201 -4
- Misses 119 122 +3
- Partials 34 35 +1
Continue to review full report at Codecov.
|
.travis.yml
Outdated
| @@ -75,6 +78,7 @@ script: | |||
| - if [ "$CASSANDRA_INTEGRATION_TEST" == true ]; then bash ./scripts/travis/cassandra-integration-test.sh ; else echo 'skipping cassandra integration test'; fi | |||
| - if [ "$HOTROD" == true ]; then bash ./scripts/travis/hotrod-integration-test.sh ; else echo 'skipping hotrod example'; fi | |||
| - if [ "$PROTO_GEN_TEST" == true ]; then make proto PROTOC=$HOME/protoc/bin/protoc && git diff --name-status --exit-code ; else echo 'skipping protoc validation'; fi | |||
| - if [ "TOKEN_INTEGRATION_TEST" == true ]; then bash ./scripts/travis/token-integration-test.sh ; else echo 'skipping protoc validation'; fi | |||
There was a problem hiding this comment.
Message should be "skipping token propagation test".
.travis.yml
Outdated
| @@ -36,6 +36,9 @@ matrix: | |||
| - go: "1.12.1" | |||
| env: | |||
| - HOTROD=true | |||
| - go: "1.12.1" | |||
| env: | |||
| - TOKEN_INTEGRATION_TEST=true | |||
There was a problem hiding this comment.
Would prefer it to be called TOKEN_PROPAGATION_TEST
There was a problem hiding this comment.
I'll integrate into ES tests as @pavolloffay suggested.
| const bearerToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZG1pbiIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI" | ||
| const bearerHeader = "Bearer " + bearerToken | ||
|
|
||
|
|
| } | ||
| stop := &sync.WaitGroup{} | ||
|
|
||
| go MockingESEToken(t, stop) |
There was a problem hiding this comment.
Does this need to be a goroutine?
There was a problem hiding this comment.
Yes, I need to have this running in background mocking the ES, if I don't do this in a goroutine the function will run indefinitely listen on 9200 port, and the next section of the test won't be executed.
|
To keep the number of jobs low, could we add this test to |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| // See the License for the specific language governing permissions and | ||
| // limitations under the License. | ||
| // +build token_propagation |
There was a problem hiding this comment.
nit: add a space before so it's better visible
rubenvp8510
force-pushed
the
token-propagation-e2e-simple
branch
10 times, most recently
from
9c86e36
to
5ee958c
Compare
.travis.yml
Outdated
| @@ -63,6 +63,9 @@ install: | |||
| curl -L https://github.com/google/protobuf/releases/download/v3.6.1/protoc-3.6.1-linux-x86_64.zip -o /tmp/protoc.zip | |||
| unzip /tmp/protoc.zip -d "$HOME"/protoc | |||
| fi | |||
| - rm -rf ~/.nvm && git clone https://github.com/creationix/nvm.git ~/.nvm && (cd ~/.nvm && git checkout `git describe --abbrev=0 --tags`) && source ~/.nvm/nvm.sh && nvm install 8.16.0 | |||
| - npm install | |||
| - curl -o- -L https://yarnpkg.com/install.sh | bash | |||
There was a problem hiding this comment.
why do we need this unconditionally in all matrix runs? It's only needed for steps where the UI is built, and I think it's already being installed there
Makefile
Outdated
| @@ -103,6 +103,11 @@ index-cleaner-integration-test: docker-images-elastic | |||
| go clean -testcache | |||
| bash -c "set -e; set -o pipefail; $(GOTEST) -tags index_cleaner $(STORAGE_PKGS) | $(COLORIZE)" | |||
|
|
|||
| .PHONY: token-propagation-integration-test | |||
| query-integration-test: | |||
| @@ -9,3 +9,14 @@ STORAGE=elasticsearch make storage-integration-test | |||
| make index-cleaner-integration-test | |||
|
|
|||
| docker kill $CID | |||
|
|
|||
| make build-ui | |||
There was a problem hiding this comment.
why does this need the UI? It should only need query service API
There was a problem hiding this comment.
I received errors when I tried to compile the query service alone,.
There was a problem hiding this comment.
we build query service for crossdock using a mock UI, check that
There was a problem hiding this comment.
I'll check it, Thanks!
| req.Header.Add(testCase.headerName, testCase.headerValue) | ||
| assert.NoError(t, err) | ||
| client := &http.Client{} | ||
| _, err = client.Do(req) |
There was a problem hiding this comment.
I don't think this is a valid test, the query service can simply ignore the tokens, the test is not validating anything.
There was a problem hiding this comment.
What do you mean? If query service ignore the token, the handler in the elasticsearch mocker won't received it and the test will fail.
There was a problem hiding this comment.
but the ESMock doesn't return any sensible results, the query service will fail anyway
There was a problem hiding this comment.
Ha sure, I'm not validating if the query service returns results or not, I only validate that the token is being propagated to the ES storage. I of course can implement a better mock of ES if you think we need to validate the query reply
There was a problem hiding this comment.
Due to the nature of the e2e tests I decided to follow your recommendation, now I returned an empty result if with an http 200 if the token was received with mocked ES, and 403 (forbidden http) otherwise.
So the test validates that the query service propagated the token correctly.
There was a problem hiding this comment.
Is the test better now?
rubenvp8510
force-pushed
the
token-propagation-e2e-simple
branch
8 times, most recently
from
b744067
to
aab79fe
Compare
rubenvp8510
force-pushed
the
token-propagation-e2e-simple
branch
4 times, most recently
from
0265690
to
8511d74
Compare
rubenvp8510
force-pushed
the
token-propagation-e2e-simple
branch
7 times, most recently
from
3ebf761
to
a39956c
Compare
| http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) | ||
| } | ||
|
|
||
| func CreateElasticSearchMock(srv *http.Server, t *testing.T) { |
There was a problem hiding this comment.
private? should not be capitalized
| } | ||
| } | ||
|
|
||
| func Test_bearTokenPropagation(t *testing.T) { |
| // Ask for services query, this should return 200 | ||
| req, err := http.NewRequest("GET", queryUrl, nil) | ||
| req.Header.Add(testCase.headerName, testCase.headerValue) | ||
| assert.NoError(t, err) |
There was a problem hiding this comment.
move one line above. Should use require instead of assert since you can't continue the test on error
| assert.NoError(t, err) | ||
| client := &http.Client{} | ||
| resp, err := client.Do(req) | ||
| // Should not have errors. |
| client := &http.Client{} | ||
| resp, err := client.Do(req) | ||
| // Should not have errors. | ||
| assert.Nil(t, err) |
| } | ||
| } | ||
|
|
||
| srv.Shutdown(context.Background()) |
There was a problem hiding this comment.
move to next line after creating a server and invoke via defer, to keep housekeeping logic together
rubenvp8510
force-pushed
the
token-propagation-e2e-simple
branch
3 times, most recently
from
de4e4fc
to
ef3302c
Compare
Signed-off-by: Ruben Vargas <ruben.vp8510@gmail.com>
rubenvp8510
force-pushed
the
token-propagation-e2e-simple
branch
from
ef3302c
to
628d228
Compare
|
Ok, I addressed all comments, @yurishkuro thanks for the review! |
Signed-off-by: Ruben Vargas ruben.vp8510@gmail.com
Which problem is this PR solving?
Short description of the changes