frontegg-mock: initial commit #23176
Conversation
|
@philip-stoev I've sketched out some parts of a frontegg service. I'm not sure how to handle certificate plumbing because I think the test certs service will need to start first, but I need the arguments when making the other services? There must be a correct way to do this. Are you able to take over the python here? |
|
|
||
| pub struct FronteggMockServer { | ||
| pub url: String, | ||
| pub refreshes: Arc<Mutex<u64>>, |
There was a problem hiding this comment.
any reason to use Mutex<u64> instead of an AtomicU64?
There was a problem hiding this comment.
Nope. This was copied over from the previous location. If I remember I'll change it.
| auth_requests: Arc::clone(&auth_requests), | ||
| }; | ||
|
|
||
| let runtime = Arc::new(Runtime::new()?); |
There was a problem hiding this comment.
I'm surprised this works! In main.rs we're also creating a runtime, e.g. #[tokio::main], and we create a runtime here. I thought this would have panicked with "creating a runtime within a runtime".
If possible I would prefer fn start(...) to not spawn its own runtime and instead return the server future, e.g.:
pub fn start(...) -> Result<(FronteggMockServer, BoxFuture<'static, ()>), _> { ... }
This allows us to be more flexible with how FronteggMockServer is used. For example, in main.rs we can create our own runtime, but for our integration tests we can spawn the returned future on the test runtime.
There was a problem hiding this comment.
It might not work, but I recall being able to start the binary and it ran. Yes, doing what you describe would be best. I'd definitely prefer to do that refactor in a followup, as this was copied over from existing code.
philip-stoev
requested review from
philip-stoev
and removed request for
a team
maddyblue
force-pushed
the
frontegg-mock
branch
from
002820b
to
26572b9
Compare
|
Finally got this working in mzcompose. That was much more than I expected. @philip-stoev can you re-review? I ran out of time today to add more tests. I'll work on those soon. |
maddyblue
force-pushed
the
frontegg-mock
branch
2 times, most recently
from
db58c40
to
dc7a576
Compare
| user=user, | ||
| password=password, | ||
| port=port, | ||
| ssl_context=ssl_context, |
There was a problem hiding this comment.
I'm worried this will break all other callers that have ssl disabled. Am waiting for tests to see.
There was a problem hiding this comment.
This indeed caused problems; changed to plumb down the ssl context.
maddyblue
force-pushed
the
frontegg-mock
branch
3 times, most recently
from
6aea2b0
to
1e425c9
Compare
misc/images/frontegg/Dockerfile
Outdated
| && groupadd --system --gid=999 materialize \ | ||
| && useradd --system --gid=999 --uid=999 --create-home materialize | ||
|
|
||
| COPY mz-frontegg-mock /usr/local/bin/frontegg |
There was a problem hiding this comment.
Why are we changing the binary name here? If it's mz-frontegg-mock in the repo, just stick with mz-frontegg-mock in the Docker image?
| from materialize.ui import UIError | ||
|
|
||
|
|
||
| class Frontegg(Service): |
There was a problem hiding this comment.
| class Frontegg(Service): | |
| class FronteggMock(Service): |
| users, | ||
| "--roles", | ||
| roles, | ||
| ] |
There was a problem hiding this comment.
I don't think you want to be overriding the entrypoint here? Just build up a command instead, and use the default entrypoint. Otherwise you'll lose tini.
| } | ||
| config: ServiceConfig = { | ||
| "mzbuild": mzbuild, | ||
| "entrypoint": entrypoint, |
There was a problem hiding this comment.
See below comment about entrypoint vs command.
misc/images/frontegg/mzbuild.yml
Outdated
| # the Business Source License, use of this software will be governed | ||
| # by the Apache License, Version 2.0. | ||
|
|
||
| name: frontegg |
There was a problem hiding this comment.
I think calling this frontegg-mock would be less confusing. Also matches the binary name that way!
| name: frontegg | |
| name: frontegg-mock |
| elif encoding_key_file: | ||
| entrypoint += ["--encoding-key-file", encoding_key_file] | ||
| else: | ||
| raise UIError("frontegg service must specify encoding-key[-file]") |
There was a problem hiding this comment.
| raise UIError("frontegg service must specify encoding-key[-file]") | |
| raise UIError("FronteggMock service must specify encoding-key[-file]") |
test/test-certs/create-certs.sh
Outdated
| @@ -135,7 +135,7 @@ create_cert() { | |||
| -passout pass:$SSL_SECRET | |||
| } | |||
|
|
|||
| for i in materialized producer postgres certuser | |||
| for i in materialized producer postgres certuser balancerd frontegg | |||
There was a problem hiding this comment.
| for i in materialized producer postgres certuser balancerd frontegg | |
| for i in materialized producer postgres certuser balancerd frontegg-mock |
| name: str = "frontegg", | ||
| mzbuild: str = "frontegg", |
There was a problem hiding this comment.
| name: str = "frontegg", | |
| mzbuild: str = "frontegg", | |
| name: str = "frontegg-mock", | |
| mzbuild: str = "frontegg-mock", |
Add a frontegg mock server.
maddyblue
force-pushed
the
frontegg-mock
branch
from
1e425c9
to
f98da38
Compare
|
Renamed everything to frontegg-mock. |
There was a problem hiding this comment.
Generally seems good to me, thanks for the additional testing! I want to check coverage too (https://buildkite.com/materialize/coverage/builds/321) but ran into some issues, so don't let that be a blocker.
| && TZ=UTC DEBIAN_FRONTEND=noninteractive apt-get -qy install \ | ||
| ca-certificates \ | ||
| tini \ | ||
| && groupadd --system --gid=999 materialize \ |
There was a problem hiding this comment.
Why do we have to specify gid and uid here?
There was a problem hiding this comment.
No idea, I cargo culted from other dockerfiles.
| config: ServiceConfig = { | ||
| "mzbuild": mzbuild, | ||
| "command": command, | ||
| "ports": [6875, 6876, 6877, 6878], |
There was a problem hiding this comment.
MZ_BALANCER_SQL/HTTP_LISTEN_ADDR ports are 6880/6881 though. Do we not want to expose them?
Edit: seen later, those are exposed in environmentd.
Add a frontegg mock server binary. Needed for testdrive and cloud testing.
Motivation
Checklist
$T ⇔ Proto$Tmapping (possibly in a backwards-incompatible way), then it is tagged with aT-protolabel.