Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WPB-4262: Fixing tests for inbound federator calls. #3534

Closed
wants to merge 24 commits into from
Closed

WPB-4262: Fixing tests for inbound federator calls. #3534

wants to merge 24 commits into from

Conversation

lepsa
Copy link
Contributor

@lepsa lepsa commented Aug 24, 2023
edited
Loading

Ticket: https://wearezeta.atlassian.net/browse/WPB-4262

When testing inbound federation calls, set the origin domain as the value for BackendTwo, as a backend will not call into itself via the external Federator interface.

Checklist

  • [:x:] Add a new entry in an appropriate subdirectory of changelog.d
    • Fixing existing tests, no changelog needed.
  • [:heavy_check_mark:] Read and follow the PR guidelines

@lepsa
Hotfix: Fixing tests for inbound federator calls.
8e96782 
When testing inbound federation calls, set the origin domain as the
value for BackendTwo, as a backend will not call into itself via the
external Federator interface.
@lepsa lepsa marked this pull request as ready for review August 24, 2023 06:34
@lepsa lepsa changed the title Hotfix: Fixing tests for inbound federator calls. WPB-4262: Fixing tests for inbound federator calls. Aug 24, 2023
@stefanwire stefanwire added the ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist label Aug 24, 2023
akshaymankar
akshaymankar previously requested changes Aug 24, 2023
View reviewed changes
Copy link
Member

@akshaymankar akshaymankar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tests now fail with this error in CI:

federator-integration: AesonException "Error in $: When parsing the record IntegrationConfig of type Test.Federator.Util.IntegrationConfig the key backendTwo was not present."

CallStack (from HasCallStack):

  error, called at test/integration/Test/Federator/Util.hs:130:100 in main:Test.Federator.Util

The new config needs to be done for local setup and k8s setup.

@lepsa
Copy link
Contributor Author

lepsa commented Aug 24, 2023

I suspect I've tried to do this in a poor way to have it play nicely with k8s charts. I'll have a look at a better way to weave this value through.

@akshaymankar
Copy link
Member

akshaymankar commented Aug 24, 2023
edited
Loading

You also need to commit something to local integration config. This should also be failing locally.

@lepsa
Copy link
Contributor Author

lepsa commented Aug 25, 2023

It was working fine in local integration testing as the services/integration.yaml file matched the updated structure.

@fisx
Copy link
Contributor

fisx commented Aug 27, 2023

i'll fix this!

fisx
fisx approved these changes Aug 28, 2023
View reviewed changes
Copy link
Contributor

@fisx fisx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but let's see if concourse and i agree on this.

services/federator/test/integration/Test/Federator/InwardSpec.hs Show resolved Hide resolved
@fisx fisx dismissed akshaymankar’s stale review August 28, 2023 10:13

everything in this review should be taken care of.

@fisx
Copy link
Contributor

fisx commented Aug 28, 2023

The new config needs to be done for local setup and k8s setup.

to be fair, if my changes are correct and exhaustive, they weren't documented in pr-guidelines.md, and it took me a moment to figure this out.

@fisx
Copy link
Contributor

fisx commented Sep 4, 2023 

Failures:


  test/integration/Test/Federator/InwardSpec.hs:83:15: 

  1) Federator.API.Inward should be able to call brig

       uncaught exception: ErrorCall

       Assertions failed:

        1: 200 =/= 403

       Response was:

       Response {responseStatus = Status {statusCode = 403, statusMessage = "Forbidden"}, responseVersion = HTTP/1.1, responseHeaders = [("Transfer-Encoding","chunked"),("Date","Mon, 28 Aug 2023 10:33:21 GMT"),("Server","Warp/3.3.23"),("Content-Type","application/json")], responseBody = Just "{\"code\":403,\"label\":\"authentication-failure\",\"message\":\"none of the domain names match the certificate, errors: [[NameMismatch \\\"federation-test-helper.test-3e7ieul4tdeq-fed2.svc.cluster.local\\\"]]\"}", responseCookieJar = CJ {expose = []}, responseClose' = ResponseClose}

       CallStack (from HasCallStack):

         error, called at src/Bilge/Assert.hs:91:5 in bilge-0.22.0-GgoyGsZKTtyA1ar7qn3Y9r:Bilge.Assert

this doesn't look like it's related to the config file parsers? i'll investigate!

@fisx
Merge remote-tracking branch 'origin/develop' into hotfixing-federati…
f23daeb 
…on-tests
@fisx
Remove outdated FUTUREWORKs.
55dcbc2 
(all integration tests are to move to /integration, no need to say
that here.)
@fisx
Copy link
Contributor

fisx commented Sep 4, 2023

passes locally. maybe the backendTwoDomain has access to things beyond ingress in the local test setup, but not on concourse?

@fisx
Copy link
Contributor

fisx commented Sep 8, 2023

the error is slightly different now:


Failures:


  test/integration/Test/Federator/InwardSpec.hs:79:15: 

  1) Federator.API.Inward should be able to call brig

       uncaught exception: ErrorCall

       Assertions failed:

        1: 200 =/= 422

       Response was:

       Response {responseStatus = Status {statusCode = 422, statusMessage = "Unprocessable Entity"}, responseVersion = HTTP/1.1, responseHeaders = [("Transfer-Encoding","chunked"),("Date","Fri, 08 Sep 2023 10:09:32 GMT"),("Server","Warp/3.3.23"),("Content-Type","application/json")], responseBody = Just "{\"code\":422,\"label\":\"invalid-domain\",\"message\":\"srv record not found: _wire-server-federator._tcp.federation-test-helper-backend2.test-1liuy49wttw2.svc.cluster.local\"}", responseCookieJar = CJ {expose = []}, responseClose' = ResponseClose}

       CallStack (from HasCallStack):

         error, called at src/Bilge/Assert.hs:91:5 in bilge-0.22.0-GgoyGsZKTtyA1ar7qn3Y9r:Bilge.Assert

fisx and others added 5 commits September 13, 2023 10:47
@fisx
Merge remote-tracking branch 'origin/develop' into hotfixing-federati…
1880999 
…on-tests
@fisx
stash
3c4303d
@lepsa
WPB-4262: Fixing federator tests
2316a6c 
Updating the request origin domains for federator tests, as the server
setup for tests doesn't allow a domain to search itself via inward
calls, but can search other members of the federation.
@lepsa
Merge remote-tracking branch 'lepsa/WPB-4262' into hotfixing-federati…
664d922 
…on-tests
@lepsa
Merge remote-tracking branch 'origin/develop' into hotfixing-federati…
52d5652 
…on-tests
@mdimjasevic
Copy link
Contributor

@lepsa , here are the failures from the CI:

TEST SUITE:     wire-server-federator-integration

Last Started:   Mon Sep 18 05:46:08 2023

Last Completed: Mon Sep 18 05:46:22 2023

Phase:          Failed

NOTES:

TODO: write nice NOTES.txt


Federator.API

  Inward

    should be able to call brig [✘]

    shouldRejectMissmatchingOriginDomainInward [✔]

    should be able to call cargohold [✔]

    should return 404 'no-endpoint' response from Brig [✔]

    should not accept invalid/disallowed paths [✔]

    should only accept /federation/ paths [✔]

    rejectRequestsWithoutClientCertInward [✔]

  Ingress

    should be accessible using http2 and forward to the local brig [✘]

  rejectRequestsWithoutClientCertIngress [✔]


Failures:


  test/integration/Test/Federator/InwardSpec.hs:83:15: 

  1) Federator.API.Inward should be able to call brig

       uncaught exception: ErrorCall

       Assertions failed:

        1: 200 =/= 422

       

       Response was:

       

       Response {responseStatus = Status {statusCode = 422, statusMessage = "Unprocessable Entity"}, responseVersion = HTTP/1.1, responseHeaders = [("Transfer-Encoding","chunked"),("Date","Mon, 18 Sep 2023 05:46:20 GMT"),("Server","Warp/3.3.23"),("Content-Type","application/json")], responseBody = Just "{\"code\":422,\"label\":\"invalid-domain\",\"message\":\"srv record not found: _wire-server-federator._tcp.federation-test-helper-backend2.test-iaf08ffwf41h.svc.cluster.local\"}", responseCookieJar = CJ {expose = []}, responseClose' = ResponseClose}

       CallStack (from HasCallStack):

         error, called at src/Bilge/Assert.hs:91:5 in bilge-0.22.0-GgoyGsZKTtyA1ar7qn3Y9r:Bilge.Assert

         <!!, called at test/integration/Test/Federator/InwardSpec.hs:83:15 in main:Test.Federator.InwardSpec


  To rerun use: --match "/Federator.API/Inward/should be able to call brig/"


  test/integration/Test/Federator/IngressSpec.hs:57:5: 

  2) Federator.API.Ingress should be accessible using http2 and forward to the local brig

       uncaught exception: HUnitFailure

       HUnitFailure [("assertFailure",SrcLoc {srcLocPackage = "main", srcLocModule = "Test.Federator.Util", srcLocFile = "test/integration/Test/Federator/Util.hs", srcLocStartLine = 357, srcLocStartCol = 29, srcLocEndLine = 357, srcLocEndCol = 42})] "Unexpected error: RemoteErrorResponse (SrvTarget {srvTargetDomain = \"federation-test-helper.test-iaf08ffwf41h.svc.cluster.local\", srvTargetPort = 443}) \"/federation/brig/get-user-by-handle\" (Status {statusCode = 422, statusMessage = \"Unprocessable Entity\"}) \"{\\\"code\\\":422,\\\"label\\\":\\\"invalid-domain\\\",\\\"message\\\":\\\"srv record not found: _wire-server-federator._tcp.federation-test-helper-backend2.test-iaf08ffwf41h.svc.cluster.local\\\"}\""


  To rerun use: --match "/Federator.API/Ingress/should be accessible using http2 and forward to the local brig/"


Randomized with seed 1320998227

@lepsa lepsa closed this Sep 25, 2023
@lepsa
Copy link
Contributor Author

lepsa commented Sep 25, 2023

Closing as @akshaymankar fixed this in #3582

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fisx fisx fisx approved these changes

@akshaymankar akshaymankar akshaymankar left review comments

Assignees
No one assigned
Labels
ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@lepsa @akshaymankar @fisx @mdimjasevic @stefanwire