mirror of
https://github.com/status-im/consul.git
synced 2025-01-10 22:06:20 +00:00
Merge pull request #11713 from hashicorp/dnephin/ca-test-names
ca: make test naming consistent
This commit is contained in:
commit
96f95889db
@ -311,7 +311,7 @@ func (c *CAManager) Start(ctx context.Context) {
|
|||||||
// Attempt to initialize the Connect CA now. This will
|
// Attempt to initialize the Connect CA now. This will
|
||||||
// happen during leader establishment and it would be great
|
// happen during leader establishment and it would be great
|
||||||
// if the CA was ready to go once that process was finished.
|
// if the CA was ready to go once that process was finished.
|
||||||
if err := c.InitializeCA(); err != nil {
|
if err := c.Initialize(); err != nil {
|
||||||
c.logger.Error("Failed to initialize Connect CA", "error", err)
|
c.logger.Error("Failed to initialize Connect CA", "error", err)
|
||||||
|
|
||||||
// we failed to fully initialize the CA so we need to spawn a
|
// we failed to fully initialize the CA so we need to spawn a
|
||||||
@ -351,7 +351,7 @@ func (c *CAManager) startPostInitializeRoutines(ctx context.Context) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (c *CAManager) backgroundCAInitialization(ctx context.Context) error {
|
func (c *CAManager) backgroundCAInitialization(ctx context.Context) error {
|
||||||
retryLoopBackoffAbortOnSuccess(ctx, c.InitializeCA, func(err error) {
|
retryLoopBackoffAbortOnSuccess(ctx, c.Initialize, func(err error) {
|
||||||
c.logger.Error("Failed to initialize Connect CA",
|
c.logger.Error("Failed to initialize Connect CA",
|
||||||
"routine", backgroundCAInitializationRoutineName,
|
"routine", backgroundCAInitializationRoutineName,
|
||||||
"error", err,
|
"error", err,
|
||||||
@ -368,10 +368,10 @@ func (c *CAManager) backgroundCAInitialization(ctx context.Context) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// InitializeCA sets up the CA provider when gaining leadership, either bootstrapping
|
// Initialize sets up the CA provider when gaining leadership, either bootstrapping
|
||||||
// the CA if this is the primary DC or making a remote RPC for intermediate signing
|
// the CA if this is the primary DC or making a remote RPC for intermediate signing
|
||||||
// if this is a secondary DC.
|
// if this is a secondary DC.
|
||||||
func (c *CAManager) InitializeCA() (reterr error) {
|
func (c *CAManager) Initialize() (reterr error) {
|
||||||
// Bail if connect isn't enabled.
|
// Bail if connect isn't enabled.
|
||||||
if !c.serverConf.ConnectEnabled {
|
if !c.serverConf.ConnectEnabled {
|
||||||
return nil
|
return nil
|
||||||
@ -820,7 +820,7 @@ func (c *CAManager) UpdateConfiguration(args *structs.CARequest) (reterr error)
|
|||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
// Attempt to initialize the config if we failed to do so in InitializeCA for some reason
|
// Attempt to initialize the config if we failed to do so in Initialize for some reason
|
||||||
_, err = c.initializeCAConfig()
|
_, err = c.initializeCAConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@ -1280,7 +1280,7 @@ func (c *CAManager) secondaryUpdateRoots(roots structs.IndexedCARoots) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Attempt to initialize now that we have updated roots. This is an optimization
|
// Attempt to initialize now that we have updated roots. This is an optimization
|
||||||
// so that we don't have to wait for the InitializeCA retry backoff if we were
|
// so that we don't have to wait for the Initialize retry backoff if we were
|
||||||
// waiting on roots from the primary to be able to complete initialization.
|
// waiting on roots from the primary to be able to complete initialization.
|
||||||
if err := c.delegate.ServersSupportMultiDCConnectCA(); err != nil {
|
if err := c.delegate.ServersSupportMultiDCConnectCA(); err != nil {
|
||||||
return fmt.Errorf("failed to initialize while updating primary roots: %w", err)
|
return fmt.Errorf("failed to initialize while updating primary roots: %w", err)
|
||||||
|
@ -23,6 +23,8 @@ import (
|
|||||||
"github.com/hashicorp/consul/agent/structs"
|
"github.com/hashicorp/consul/agent/structs"
|
||||||
"github.com/hashicorp/consul/agent/token"
|
"github.com/hashicorp/consul/agent/token"
|
||||||
"github.com/hashicorp/consul/sdk/testutil"
|
"github.com/hashicorp/consul/sdk/testutil"
|
||||||
|
"github.com/hashicorp/consul/sdk/testutil/retry"
|
||||||
|
"github.com/hashicorp/consul/testrpc"
|
||||||
)
|
)
|
||||||
|
|
||||||
// TODO(kyhavlov): replace with t.Deadline()
|
// TODO(kyhavlov): replace with t.Deadline()
|
||||||
@ -221,7 +223,7 @@ func initTestManager(t *testing.T, manager *CAManager, delegate *mockCAServerDel
|
|||||||
t.Helper()
|
t.Helper()
|
||||||
initCh := make(chan struct{})
|
initCh := make(chan struct{})
|
||||||
go func() {
|
go func() {
|
||||||
require.NoError(t, manager.InitializeCA())
|
require.NoError(t, manager.Initialize())
|
||||||
close(initCh)
|
close(initCh)
|
||||||
}()
|
}()
|
||||||
for i := 0; i < 5; i++ {
|
for i := 0; i < 5; i++ {
|
||||||
@ -251,12 +253,12 @@ func TestCAManager_Initialize(t *testing.T) {
|
|||||||
rootPEM: delegate.primaryRoot.RootCert,
|
rootPEM: delegate.primaryRoot.RootCert,
|
||||||
}
|
}
|
||||||
|
|
||||||
// Call InitializeCA and then confirm the RPCs and provider calls
|
// Call Initialize and then confirm the RPCs and provider calls
|
||||||
// happen in the expected order.
|
// happen in the expected order.
|
||||||
require.Equal(t, caStateUninitialized, manager.state)
|
require.Equal(t, caStateUninitialized, manager.state)
|
||||||
errCh := make(chan error)
|
errCh := make(chan error)
|
||||||
go func() {
|
go func() {
|
||||||
err := manager.InitializeCA()
|
err := manager.Initialize()
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
errCh <- err
|
errCh <- err
|
||||||
}()
|
}()
|
||||||
@ -269,7 +271,7 @@ func TestCAManager_Initialize(t *testing.T) {
|
|||||||
waitForCh(t, delegate.callbackCh, "raftApply/ConnectCA")
|
waitForCh(t, delegate.callbackCh, "raftApply/ConnectCA")
|
||||||
waitForEmptyCh(t, delegate.callbackCh)
|
waitForEmptyCh(t, delegate.callbackCh)
|
||||||
|
|
||||||
// Make sure the InitializeCA call returned successfully.
|
// Make sure the Initialize call returned successfully.
|
||||||
select {
|
select {
|
||||||
case err := <-errCh:
|
case err := <-errCh:
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
@ -462,3 +464,34 @@ func TestCADelegateWithState_GenerateCASignRequest(t *testing.T) {
|
|||||||
req := d.generateCASignRequest("A")
|
req := d.generateCASignRequest("A")
|
||||||
require.Equal(t, "east", req.RequestDatacenter())
|
require.Equal(t, "east", req.RequestDatacenter())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestCAManager_Initialize_Logging(t *testing.T) {
|
||||||
|
if testing.Short() {
|
||||||
|
t.Skip("too slow for testing.Short")
|
||||||
|
}
|
||||||
|
|
||||||
|
t.Parallel()
|
||||||
|
_, conf1 := testServerConfig(t)
|
||||||
|
|
||||||
|
// Setup dummy logger to catch output
|
||||||
|
var buf bytes.Buffer
|
||||||
|
logger := testutil.LoggerWithOutput(t, &buf)
|
||||||
|
|
||||||
|
deps := newDefaultDeps(t, conf1)
|
||||||
|
deps.Logger = logger
|
||||||
|
|
||||||
|
s1, err := NewServer(conf1, deps)
|
||||||
|
require.NoError(t, err)
|
||||||
|
defer s1.Shutdown()
|
||||||
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
||||||
|
|
||||||
|
// Wait til CA root is setup
|
||||||
|
retry.Run(t, func(r *retry.R) {
|
||||||
|
var out structs.IndexedCARoots
|
||||||
|
r.Check(s1.RPC("ConnectCA.Roots", structs.DCSpecificRequest{
|
||||||
|
Datacenter: conf1.Datacenter,
|
||||||
|
}, &out))
|
||||||
|
})
|
||||||
|
|
||||||
|
require.Contains(t, buf.String(), "consul CA provider configured")
|
||||||
|
}
|
||||||
|
@ -24,7 +24,7 @@ import (
|
|||||||
"github.com/hashicorp/consul/testrpc"
|
"github.com/hashicorp/consul/testrpc"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestLeader_Builtin_PrimaryCA_ChangeKeyConfig(t *testing.T) {
|
func TestConnectCA_ConfigurationSet_ChangeKeyConfig_Primary(t *testing.T) {
|
||||||
if testing.Short() {
|
if testing.Short() {
|
||||||
t.Skip("too slow for testing.Short")
|
t.Skip("too slow for testing.Short")
|
||||||
}
|
}
|
||||||
@ -175,7 +175,7 @@ func TestLeader_Builtin_PrimaryCA_ChangeKeyConfig(t *testing.T) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_SecondaryCA_Initialize(t *testing.T) {
|
func TestCAManager_Initialize_Secondary(t *testing.T) {
|
||||||
if testing.Short() {
|
if testing.Short() {
|
||||||
t.Skip("too slow for testing.Short")
|
t.Skip("too slow for testing.Short")
|
||||||
}
|
}
|
||||||
@ -330,7 +330,7 @@ func getCAProviderWithLock(s *Server) (ca.Provider, *structs.CARoot) {
|
|||||||
return s.caManager.getCAProvider()
|
return s.caManager.getCAProvider()
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_Vault_PrimaryCA_IntermediateRenew(t *testing.T) {
|
func TestCAManager_RenewIntermediate_Vault_Primary(t *testing.T) {
|
||||||
if testing.Short() {
|
if testing.Short() {
|
||||||
t.Skip("too slow for testing.Short")
|
t.Skip("too slow for testing.Short")
|
||||||
}
|
}
|
||||||
@ -463,7 +463,7 @@ func TestLeader_Vault_PrimaryCA_IntermediateRenew(t *testing.T) {
|
|||||||
require.NoError(err)
|
require.NoError(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_SecondaryCA_IntermediateRenew(t *testing.T) {
|
func TestCAManager_RenewIntermediate_Secondary(t *testing.T) {
|
||||||
if testing.Short() {
|
if testing.Short() {
|
||||||
t.Skip("too slow for testing.Short")
|
t.Skip("too slow for testing.Short")
|
||||||
}
|
}
|
||||||
@ -613,7 +613,7 @@ func TestLeader_SecondaryCA_IntermediateRenew(t *testing.T) {
|
|||||||
require.NoError(err)
|
require.NoError(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_SecondaryCA_IntermediateRefresh(t *testing.T) {
|
func TestConnectCA_ConfigurationSet_RootRotation_Secondary(t *testing.T) {
|
||||||
if testing.Short() {
|
if testing.Short() {
|
||||||
t.Skip("too slow for testing.Short")
|
t.Skip("too slow for testing.Short")
|
||||||
}
|
}
|
||||||
@ -764,7 +764,7 @@ func TestLeader_SecondaryCA_IntermediateRefresh(t *testing.T) {
|
|||||||
require.NoError(err)
|
require.NoError(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_Vault_PrimaryCA_FixSigningKeyID_OnRestart(t *testing.T) {
|
func TestCAManager_Initialize_Vault_FixesSigningKeyID_Primary(t *testing.T) {
|
||||||
ca.SkipIfVaultNotPresent(t)
|
ca.SkipIfVaultNotPresent(t)
|
||||||
|
|
||||||
if testing.Short() {
|
if testing.Short() {
|
||||||
@ -866,7 +866,7 @@ func TestLeader_Vault_PrimaryCA_FixSigningKeyID_OnRestart(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_SecondaryCA_FixSigningKeyID_via_IntermediateRefresh(t *testing.T) {
|
func TestCAManager_Initialize_FixesSigningKeyID_Secondary(t *testing.T) {
|
||||||
if testing.Short() {
|
if testing.Short() {
|
||||||
t.Skip("too slow for testing.Short")
|
t.Skip("too slow for testing.Short")
|
||||||
}
|
}
|
||||||
@ -967,7 +967,7 @@ func TestLeader_SecondaryCA_FixSigningKeyID_via_IntermediateRefresh(t *testing.T
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_SecondaryCA_TransitionFromPrimary(t *testing.T) {
|
func TestCAManager_Initialize_TransitionFromPrimaryToSecondary(t *testing.T) {
|
||||||
if testing.Short() {
|
if testing.Short() {
|
||||||
t.Skip("too slow for testing.Short")
|
t.Skip("too slow for testing.Short")
|
||||||
}
|
}
|
||||||
@ -1059,7 +1059,7 @@ func TestLeader_SecondaryCA_TransitionFromPrimary(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_SecondaryCA_UpgradeBeforePrimary(t *testing.T) {
|
func TestCAManager_Initialize_SecondaryBeforePrimary(t *testing.T) {
|
||||||
if testing.Short() {
|
if testing.Short() {
|
||||||
t.Skip("too slow for testing.Short")
|
t.Skip("too slow for testing.Short")
|
||||||
}
|
}
|
||||||
@ -1268,7 +1268,7 @@ func TestLeader_CARootPruning(t *testing.T) {
|
|||||||
require.NotEqual(roots[0].ID, oldRoot.ID)
|
require.NotEqual(roots[0].ID, oldRoot.ID)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_PersistIntermediateCAs(t *testing.T) {
|
func TestConnectCA_ConfigurationSet_PersistsRoots(t *testing.T) {
|
||||||
if testing.Short() {
|
if testing.Short() {
|
||||||
t.Skip("too slow for testing.Short")
|
t.Skip("too slow for testing.Short")
|
||||||
}
|
}
|
||||||
@ -1351,7 +1351,7 @@ func TestLeader_PersistIntermediateCAs(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_ParseCARoot(t *testing.T) {
|
func TestParseCARoot(t *testing.T) {
|
||||||
type test struct {
|
type test struct {
|
||||||
name string
|
name string
|
||||||
pem string
|
pem string
|
||||||
@ -1434,7 +1434,7 @@ func readTestData(t *testing.T, name string) string {
|
|||||||
return string(bs)
|
return string(bs)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_lessThanHalfTimePassed(t *testing.T) {
|
func TestLessThanHalfTimePassed(t *testing.T) {
|
||||||
now := time.Now()
|
now := time.Now()
|
||||||
require.False(t, lessThanHalfTimePassed(now, now.Add(-10*time.Second), now.Add(-5*time.Second)))
|
require.False(t, lessThanHalfTimePassed(now, now.Add(-10*time.Second), now.Add(-5*time.Second)))
|
||||||
require.False(t, lessThanHalfTimePassed(now, now.Add(-10*time.Second), now))
|
require.False(t, lessThanHalfTimePassed(now, now.Add(-10*time.Second), now))
|
||||||
@ -1444,7 +1444,7 @@ func TestLeader_lessThanHalfTimePassed(t *testing.T) {
|
|||||||
require.True(t, lessThanHalfTimePassed(now, now.Add(-10*time.Second), now.Add(20*time.Second)))
|
require.True(t, lessThanHalfTimePassed(now, now.Add(-10*time.Second), now.Add(20*time.Second)))
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_retryLoopBackoffHandleSuccess(t *testing.T) {
|
func TestRetryLoopBackoffHandleSuccess(t *testing.T) {
|
||||||
if testing.Short() {
|
if testing.Short() {
|
||||||
t.Skip("too slow for testing.Short")
|
t.Skip("too slow for testing.Short")
|
||||||
}
|
}
|
||||||
@ -1488,7 +1488,7 @@ func TestLeader_retryLoopBackoffHandleSuccess(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_Vault_BadCAConfigShouldntPreventLeaderEstablishment(t *testing.T) {
|
func TestCAManager_Initialize_Vault_BadCAConfigDoesNotPreventLeaderEstablishment(t *testing.T) {
|
||||||
ca.SkipIfVaultNotPresent(t)
|
ca.SkipIfVaultNotPresent(t)
|
||||||
|
|
||||||
testVault := ca.NewTestVaultServer(t)
|
testVault := ca.NewTestVaultServer(t)
|
||||||
@ -1545,7 +1545,7 @@ func TestLeader_Vault_BadCAConfigShouldntPreventLeaderEstablishment(t *testing.T
|
|||||||
require.NotNil(t, activeRoot)
|
require.NotNil(t, activeRoot)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_Consul_BadCAConfigShouldntPreventLeaderEstablishment(t *testing.T) {
|
func TestCAManager_Initialize_BadCAConfigDoesNotPreventLeaderEstablishment(t *testing.T) {
|
||||||
ca.SkipIfVaultNotPresent(t)
|
ca.SkipIfVaultNotPresent(t)
|
||||||
|
|
||||||
_, s1 := testServerWithConfig(t, func(c *Config) {
|
_, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
@ -1589,7 +1589,7 @@ func TestLeader_Consul_BadCAConfigShouldntPreventLeaderEstablishment(t *testing.
|
|||||||
require.NotNil(t, activeRoot)
|
require.NotNil(t, activeRoot)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_Consul_ForceWithoutCrossSigning(t *testing.T) {
|
func TestConnectCA_ConfigurationSet_ForceWithoutCrossSigning(t *testing.T) {
|
||||||
require := require.New(t)
|
require := require.New(t)
|
||||||
dir1, s1 := testServer(t)
|
dir1, s1 := testServer(t)
|
||||||
defer os.RemoveAll(dir1)
|
defer os.RemoveAll(dir1)
|
||||||
@ -1645,7 +1645,7 @@ func TestLeader_Consul_ForceWithoutCrossSigning(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestLeader_Vault_ForceWithoutCrossSigning(t *testing.T) {
|
func TestConnectCA_ConfigurationSet_Vault_ForceWithoutCrossSigning(t *testing.T) {
|
||||||
ca.SkipIfVaultNotPresent(t)
|
ca.SkipIfVaultNotPresent(t)
|
||||||
|
|
||||||
require := require.New(t)
|
require := require.New(t)
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
package consul
|
package consul
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
@ -1702,34 +1701,3 @@ func TestServer_RPC_RateLimit(t *testing.T) {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestServer_CALogging(t *testing.T) {
|
|
||||||
if testing.Short() {
|
|
||||||
t.Skip("too slow for testing.Short")
|
|
||||||
}
|
|
||||||
|
|
||||||
t.Parallel()
|
|
||||||
_, conf1 := testServerConfig(t)
|
|
||||||
|
|
||||||
// Setup dummy logger to catch output
|
|
||||||
var buf bytes.Buffer
|
|
||||||
logger := testutil.LoggerWithOutput(t, &buf)
|
|
||||||
|
|
||||||
deps := newDefaultDeps(t, conf1)
|
|
||||||
deps.Logger = logger
|
|
||||||
|
|
||||||
s1, err := NewServer(conf1, deps)
|
|
||||||
require.NoError(t, err)
|
|
||||||
defer s1.Shutdown()
|
|
||||||
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
|
||||||
|
|
||||||
// Wait til CA root is setup
|
|
||||||
retry.Run(t, func(r *retry.R) {
|
|
||||||
var out structs.IndexedCARoots
|
|
||||||
r.Check(s1.RPC("ConnectCA.Roots", structs.DCSpecificRequest{
|
|
||||||
Datacenter: conf1.Datacenter,
|
|
||||||
}, &out))
|
|
||||||
})
|
|
||||||
|
|
||||||
require.Contains(t, buf.String(), "consul CA provider configured")
|
|
||||||
}
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user