Skip to content

Commit

Permalink
Add test to show node aliases don't work upon refresh from cache
Browse files Browse the repository at this point in the history 
Signed-off-by: Sorin Dumitru <sdumitru@bloomberg.net>
  • Loading branch information
@sorindumitru
sorindumitru committed Jan 17, 2024
1 parent 3035ce3 commit 2894186
Showing 1 changed file with 69 additions and 0 deletions.
69 changes: 69 additions & 0 deletions pkg/server/endpoints/authorized_entryfetcher_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (
"testing"

"github.com/sirupsen/logrus/hooks/test"
"github.com/spiffe/go-spiffe/v2/spiffeid"
"github.com/spiffe/spire/proto/spire/common"
"github.com/spiffe/spire/test/clock"
"github.com/spiffe/spire/test/fakes/fakedatastore"
"github.com/stretchr/testify/assert"
Expand All @@ -20,6 +22,73 @@ func TestNewAuthorizedEntryFetcherWithEventsBasedCache(t *testing.T) {
ef, err := NewAuthorizedEntryFetcherWithEventsBasedCache(ctx, log, clk, ds, defaultCacheReloadInterval, defaultPruneEventsOlderThan)
assert.NoError(t, err)
assert.NotNil(t, ef)

agentId, err := spiffeid.FromString("spiffe://example.org/myagent")

Check failure on line 26 in pkg/server/endpoints/authorized_entryfetcher_test.go

View workflow job for this annotation

GitHub Actions / lint (linux) 

var-naming: var agentId should be agentID (revive)

Check failure on line 26 in pkg/server/endpoints/authorized_entryfetcher_test.go

View workflow job for this annotation

GitHub Actions / lint (windows) 

var-naming: var agentId should be agentID (revive)
assert.NoError(t, err)

_, err = ds.CreateAttestedNode(ctx, &common.AttestedNode{
SpiffeId: agentId.String(),
CertNotAfter: 99999999999,
})
assert.NoError(t, err)

// Also set the node selectors, since this isn't done by CreateAttestedNode
err = ds.SetNodeSelectors(ctx, agentId.String(), []*common.Selector{
{
Type: "test",
Value: "alias",
},
{
Type: "test",
Value: "cluster",
},
})
assert.NoError(t, err)

// Create node alias for the agent
_, err = ds.CreateRegistrationEntry(ctx, &common.RegistrationEntry{
SpiffeId: "spiffe://example.org/alias",
ParentId: "spiffe://example.org/spire/server",
Selectors: []*common.Selector{
{
Type: "test",
Value: "alias",
},
},
})
assert.NoError(t, err)

// Create one registration entry parented to the agent directly
_, err = ds.CreateRegistrationEntry(ctx, &common.RegistrationEntry{

Check failure on line 62 in pkg/server/endpoints/authorized_entryfetcher_test.go

View workflow job for this annotation

GitHub Actions / lint (linux) 

ineffectual assignment to err (ineffassign)

Check failure on line 62 in pkg/server/endpoints/authorized_entryfetcher_test.go

View workflow job for this annotation

GitHub Actions / lint (windows) 

ineffectual assignment to err (ineffassign)
SpiffeId: "spiffe://example.org/viaagent",
ParentId: agentId.String(),
Selectors: []*common.Selector{
{
Type: "workload",
Value: "one",
},
},
})

// Create one registration entry parented to the alias
_, err = ds.CreateRegistrationEntry(ctx, &common.RegistrationEntry{
SpiffeId: "spiffe://example.org/viaalias",
ParentId: "spiffe://example.org/alias",
Selectors: []*common.Selector{
{
Type: "workload",
Value: "two",
},
},
})
assert.NoError(t, err)

err = ef.updateCache(ctx)
assert.NoError(t, err)

entries, err := ef.FetchAuthorizedEntries(ctx, agentId)
assert.NoError(t, err)
assert.Equal(t, 2, len(entries))
}

func TestNewAuthorizedEntryFetcherWithEventsBasedCacheErrorBuildingCache(t *testing.T) {
Expand Down

0 comments on commit 2894186

Please sign in to comment.