Merge pull request #11713 from hashicorp/dnephin/ca-test-names

ca: make test naming consistent
This commit is contained in:
Daniel Nephin 2021-12-02 16:05:42 -05:00 committed by GitHub
commit 96f95889db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 60 additions and 59 deletions

View File

@ -311,7 +311,7 @@ func (c *CAManager) Start(ctx context.Context) {
// Attempt to initialize the Connect CA now. This will // Attempt to initialize the Connect CA now. This will
// happen during leader establishment and it would be great // happen during leader establishment and it would be great
// if the CA was ready to go once that process was finished. // if the CA was ready to go once that process was finished.
if err := c.InitializeCA(); err != nil { if err := c.Initialize(); err != nil {
c.logger.Error("Failed to initialize Connect CA", "error", err) c.logger.Error("Failed to initialize Connect CA", "error", err)
// we failed to fully initialize the CA so we need to spawn a // we failed to fully initialize the CA so we need to spawn a
@ -351,7 +351,7 @@ func (c *CAManager) startPostInitializeRoutines(ctx context.Context) {
} }
func (c *CAManager) backgroundCAInitialization(ctx context.Context) error { func (c *CAManager) backgroundCAInitialization(ctx context.Context) error {
retryLoopBackoffAbortOnSuccess(ctx, c.InitializeCA, func(err error) { retryLoopBackoffAbortOnSuccess(ctx, c.Initialize, func(err error) {
c.logger.Error("Failed to initialize Connect CA", c.logger.Error("Failed to initialize Connect CA",
"routine", backgroundCAInitializationRoutineName, "routine", backgroundCAInitializationRoutineName,
"error", err, "error", err,
@ -368,10 +368,10 @@ func (c *CAManager) backgroundCAInitialization(ctx context.Context) error {
return nil return nil
} }
// InitializeCA sets up the CA provider when gaining leadership, either bootstrapping // Initialize sets up the CA provider when gaining leadership, either bootstrapping
// the CA if this is the primary DC or making a remote RPC for intermediate signing // the CA if this is the primary DC or making a remote RPC for intermediate signing
// if this is a secondary DC. // if this is a secondary DC.
func (c *CAManager) InitializeCA() (reterr error) { func (c *CAManager) Initialize() (reterr error) {
// Bail if connect isn't enabled. // Bail if connect isn't enabled.
if !c.serverConf.ConnectEnabled { if !c.serverConf.ConnectEnabled {
return nil return nil
@ -820,7 +820,7 @@ func (c *CAManager) UpdateConfiguration(args *structs.CARequest) (reterr error)
} }
}() }()
// Attempt to initialize the config if we failed to do so in InitializeCA for some reason // Attempt to initialize the config if we failed to do so in Initialize for some reason
_, err = c.initializeCAConfig() _, err = c.initializeCAConfig()
if err != nil { if err != nil {
return err return err
@ -1280,7 +1280,7 @@ func (c *CAManager) secondaryUpdateRoots(roots structs.IndexedCARoots) error {
} }
// Attempt to initialize now that we have updated roots. This is an optimization // Attempt to initialize now that we have updated roots. This is an optimization
// so that we don't have to wait for the InitializeCA retry backoff if we were // so that we don't have to wait for the Initialize retry backoff if we were
// waiting on roots from the primary to be able to complete initialization. // waiting on roots from the primary to be able to complete initialization.
if err := c.delegate.ServersSupportMultiDCConnectCA(); err != nil { if err := c.delegate.ServersSupportMultiDCConnectCA(); err != nil {
return fmt.Errorf("failed to initialize while updating primary roots: %w", err) return fmt.Errorf("failed to initialize while updating primary roots: %w", err)

View File

@ -23,6 +23,8 @@ import (
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/agent/token"
"github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil"
"github.com/hashicorp/consul/sdk/testutil/retry"
"github.com/hashicorp/consul/testrpc"
) )
// TODO(kyhavlov): replace with t.Deadline() // TODO(kyhavlov): replace with t.Deadline()
@ -221,7 +223,7 @@ func initTestManager(t *testing.T, manager *CAManager, delegate *mockCAServerDel
t.Helper() t.Helper()
initCh := make(chan struct{}) initCh := make(chan struct{})
go func() { go func() {
require.NoError(t, manager.InitializeCA()) require.NoError(t, manager.Initialize())
close(initCh) close(initCh)
}() }()
for i := 0; i < 5; i++ { for i := 0; i < 5; i++ {
@ -251,12 +253,12 @@ func TestCAManager_Initialize(t *testing.T) {
rootPEM: delegate.primaryRoot.RootCert, rootPEM: delegate.primaryRoot.RootCert,
} }
// Call InitializeCA and then confirm the RPCs and provider calls // Call Initialize and then confirm the RPCs and provider calls
// happen in the expected order. // happen in the expected order.
require.Equal(t, caStateUninitialized, manager.state) require.Equal(t, caStateUninitialized, manager.state)
errCh := make(chan error) errCh := make(chan error)
go func() { go func() {
err := manager.InitializeCA() err := manager.Initialize()
assert.NoError(t, err) assert.NoError(t, err)
errCh <- err errCh <- err
}() }()
@ -269,7 +271,7 @@ func TestCAManager_Initialize(t *testing.T) {
waitForCh(t, delegate.callbackCh, "raftApply/ConnectCA") waitForCh(t, delegate.callbackCh, "raftApply/ConnectCA")
waitForEmptyCh(t, delegate.callbackCh) waitForEmptyCh(t, delegate.callbackCh)
// Make sure the InitializeCA call returned successfully. // Make sure the Initialize call returned successfully.
select { select {
case err := <-errCh: case err := <-errCh:
require.NoError(t, err) require.NoError(t, err)
@ -462,3 +464,34 @@ func TestCADelegateWithState_GenerateCASignRequest(t *testing.T) {
req := d.generateCASignRequest("A") req := d.generateCASignRequest("A")
require.Equal(t, "east", req.RequestDatacenter()) require.Equal(t, "east", req.RequestDatacenter())
} }
func TestCAManager_Initialize_Logging(t *testing.T) {
if testing.Short() {
t.Skip("too slow for testing.Short")
}
t.Parallel()
_, conf1 := testServerConfig(t)
// Setup dummy logger to catch output
var buf bytes.Buffer
logger := testutil.LoggerWithOutput(t, &buf)
deps := newDefaultDeps(t, conf1)
deps.Logger = logger
s1, err := NewServer(conf1, deps)
require.NoError(t, err)
defer s1.Shutdown()
testrpc.WaitForLeader(t, s1.RPC, "dc1")
// Wait til CA root is setup
retry.Run(t, func(r *retry.R) {
var out structs.IndexedCARoots
r.Check(s1.RPC("ConnectCA.Roots", structs.DCSpecificRequest{
Datacenter: conf1.Datacenter,
}, &out))
})
require.Contains(t, buf.String(), "consul CA provider configured")
}

View File

@ -24,7 +24,7 @@ import (
"github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/testrpc"
) )
func TestLeader_Builtin_PrimaryCA_ChangeKeyConfig(t *testing.T) { func TestConnectCA_ConfigurationSet_ChangeKeyConfig_Primary(t *testing.T) {
if testing.Short() { if testing.Short() {
t.Skip("too slow for testing.Short") t.Skip("too slow for testing.Short")
} }
@ -175,7 +175,7 @@ func TestLeader_Builtin_PrimaryCA_ChangeKeyConfig(t *testing.T) {
} }
func TestLeader_SecondaryCA_Initialize(t *testing.T) { func TestCAManager_Initialize_Secondary(t *testing.T) {
if testing.Short() { if testing.Short() {
t.Skip("too slow for testing.Short") t.Skip("too slow for testing.Short")
} }
@ -330,7 +330,7 @@ func getCAProviderWithLock(s *Server) (ca.Provider, *structs.CARoot) {
return s.caManager.getCAProvider() return s.caManager.getCAProvider()
} }
func TestLeader_Vault_PrimaryCA_IntermediateRenew(t *testing.T) { func TestCAManager_RenewIntermediate_Vault_Primary(t *testing.T) {
if testing.Short() { if testing.Short() {
t.Skip("too slow for testing.Short") t.Skip("too slow for testing.Short")
} }
@ -463,7 +463,7 @@ func TestLeader_Vault_PrimaryCA_IntermediateRenew(t *testing.T) {
require.NoError(err) require.NoError(err)
} }
func TestLeader_SecondaryCA_IntermediateRenew(t *testing.T) { func TestCAManager_RenewIntermediate_Secondary(t *testing.T) {
if testing.Short() { if testing.Short() {
t.Skip("too slow for testing.Short") t.Skip("too slow for testing.Short")
} }
@ -613,7 +613,7 @@ func TestLeader_SecondaryCA_IntermediateRenew(t *testing.T) {
require.NoError(err) require.NoError(err)
} }
func TestLeader_SecondaryCA_IntermediateRefresh(t *testing.T) { func TestConnectCA_ConfigurationSet_RootRotation_Secondary(t *testing.T) {
if testing.Short() { if testing.Short() {
t.Skip("too slow for testing.Short") t.Skip("too slow for testing.Short")
} }
@ -764,7 +764,7 @@ func TestLeader_SecondaryCA_IntermediateRefresh(t *testing.T) {
require.NoError(err) require.NoError(err)
} }
func TestLeader_Vault_PrimaryCA_FixSigningKeyID_OnRestart(t *testing.T) { func TestCAManager_Initialize_Vault_FixesSigningKeyID_Primary(t *testing.T) {
ca.SkipIfVaultNotPresent(t) ca.SkipIfVaultNotPresent(t)
if testing.Short() { if testing.Short() {
@ -866,7 +866,7 @@ func TestLeader_Vault_PrimaryCA_FixSigningKeyID_OnRestart(t *testing.T) {
}) })
} }
func TestLeader_SecondaryCA_FixSigningKeyID_via_IntermediateRefresh(t *testing.T) { func TestCAManager_Initialize_FixesSigningKeyID_Secondary(t *testing.T) {
if testing.Short() { if testing.Short() {
t.Skip("too slow for testing.Short") t.Skip("too slow for testing.Short")
} }
@ -967,7 +967,7 @@ func TestLeader_SecondaryCA_FixSigningKeyID_via_IntermediateRefresh(t *testing.T
}) })
} }
func TestLeader_SecondaryCA_TransitionFromPrimary(t *testing.T) { func TestCAManager_Initialize_TransitionFromPrimaryToSecondary(t *testing.T) {
if testing.Short() { if testing.Short() {
t.Skip("too slow for testing.Short") t.Skip("too slow for testing.Short")
} }
@ -1059,7 +1059,7 @@ func TestLeader_SecondaryCA_TransitionFromPrimary(t *testing.T) {
}) })
} }
func TestLeader_SecondaryCA_UpgradeBeforePrimary(t *testing.T) { func TestCAManager_Initialize_SecondaryBeforePrimary(t *testing.T) {
if testing.Short() { if testing.Short() {
t.Skip("too slow for testing.Short") t.Skip("too slow for testing.Short")
} }
@ -1268,7 +1268,7 @@ func TestLeader_CARootPruning(t *testing.T) {
require.NotEqual(roots[0].ID, oldRoot.ID) require.NotEqual(roots[0].ID, oldRoot.ID)
} }
func TestLeader_PersistIntermediateCAs(t *testing.T) { func TestConnectCA_ConfigurationSet_PersistsRoots(t *testing.T) {
if testing.Short() { if testing.Short() {
t.Skip("too slow for testing.Short") t.Skip("too slow for testing.Short")
} }
@ -1351,7 +1351,7 @@ func TestLeader_PersistIntermediateCAs(t *testing.T) {
}) })
} }
func TestLeader_ParseCARoot(t *testing.T) { func TestParseCARoot(t *testing.T) {
type test struct { type test struct {
name string name string
pem string pem string
@ -1434,7 +1434,7 @@ func readTestData(t *testing.T, name string) string {
return string(bs) return string(bs)
} }
func TestLeader_lessThanHalfTimePassed(t *testing.T) { func TestLessThanHalfTimePassed(t *testing.T) {
now := time.Now() now := time.Now()
require.False(t, lessThanHalfTimePassed(now, now.Add(-10*time.Second), now.Add(-5*time.Second))) require.False(t, lessThanHalfTimePassed(now, now.Add(-10*time.Second), now.Add(-5*time.Second)))
require.False(t, lessThanHalfTimePassed(now, now.Add(-10*time.Second), now)) require.False(t, lessThanHalfTimePassed(now, now.Add(-10*time.Second), now))
@ -1444,7 +1444,7 @@ func TestLeader_lessThanHalfTimePassed(t *testing.T) {
require.True(t, lessThanHalfTimePassed(now, now.Add(-10*time.Second), now.Add(20*time.Second))) require.True(t, lessThanHalfTimePassed(now, now.Add(-10*time.Second), now.Add(20*time.Second)))
} }
func TestLeader_retryLoopBackoffHandleSuccess(t *testing.T) { func TestRetryLoopBackoffHandleSuccess(t *testing.T) {
if testing.Short() { if testing.Short() {
t.Skip("too slow for testing.Short") t.Skip("too slow for testing.Short")
} }
@ -1488,7 +1488,7 @@ func TestLeader_retryLoopBackoffHandleSuccess(t *testing.T) {
} }
} }
func TestLeader_Vault_BadCAConfigShouldntPreventLeaderEstablishment(t *testing.T) { func TestCAManager_Initialize_Vault_BadCAConfigDoesNotPreventLeaderEstablishment(t *testing.T) {
ca.SkipIfVaultNotPresent(t) ca.SkipIfVaultNotPresent(t)
testVault := ca.NewTestVaultServer(t) testVault := ca.NewTestVaultServer(t)
@ -1545,7 +1545,7 @@ func TestLeader_Vault_BadCAConfigShouldntPreventLeaderEstablishment(t *testing.T
require.NotNil(t, activeRoot) require.NotNil(t, activeRoot)
} }
func TestLeader_Consul_BadCAConfigShouldntPreventLeaderEstablishment(t *testing.T) { func TestCAManager_Initialize_BadCAConfigDoesNotPreventLeaderEstablishment(t *testing.T) {
ca.SkipIfVaultNotPresent(t) ca.SkipIfVaultNotPresent(t)
_, s1 := testServerWithConfig(t, func(c *Config) { _, s1 := testServerWithConfig(t, func(c *Config) {
@ -1589,7 +1589,7 @@ func TestLeader_Consul_BadCAConfigShouldntPreventLeaderEstablishment(t *testing.
require.NotNil(t, activeRoot) require.NotNil(t, activeRoot)
} }
func TestLeader_Consul_ForceWithoutCrossSigning(t *testing.T) { func TestConnectCA_ConfigurationSet_ForceWithoutCrossSigning(t *testing.T) {
require := require.New(t) require := require.New(t)
dir1, s1 := testServer(t) dir1, s1 := testServer(t)
defer os.RemoveAll(dir1) defer os.RemoveAll(dir1)
@ -1645,7 +1645,7 @@ func TestLeader_Consul_ForceWithoutCrossSigning(t *testing.T) {
} }
} }
func TestLeader_Vault_ForceWithoutCrossSigning(t *testing.T) { func TestConnectCA_ConfigurationSet_Vault_ForceWithoutCrossSigning(t *testing.T) {
ca.SkipIfVaultNotPresent(t) ca.SkipIfVaultNotPresent(t)
require := require.New(t) require := require.New(t)

View File

@ -1,7 +1,6 @@
package consul package consul
import ( import (
"bytes"
"crypto/x509" "crypto/x509"
"fmt" "fmt"
"net" "net"
@ -1702,34 +1701,3 @@ func TestServer_RPC_RateLimit(t *testing.T) {
} }
}) })
} }
func TestServer_CALogging(t *testing.T) {
if testing.Short() {
t.Skip("too slow for testing.Short")
}
t.Parallel()
_, conf1 := testServerConfig(t)
// Setup dummy logger to catch output
var buf bytes.Buffer
logger := testutil.LoggerWithOutput(t, &buf)
deps := newDefaultDeps(t, conf1)
deps.Logger = logger
s1, err := NewServer(conf1, deps)
require.NoError(t, err)
defer s1.Shutdown()
testrpc.WaitForLeader(t, s1.RPC, "dc1")
// Wait til CA root is setup
retry.Run(t, func(r *retry.R) {
var out structs.IndexedCARoots
r.Check(s1.RPC("ConnectCA.Roots", structs.DCSpecificRequest{
Datacenter: conf1.Datacenter,
}, &out))
})
require.Contains(t, buf.String(), "consul CA provider configured")
}