IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Siningkeys: Fix test setup (#76333)

Browse Source 
* Don't use integration tests for service and init store only once for integration tests

* Set one key as expired in test
This commit is contained in:
Karl Persson 2023-10-11 13:50:38 +02:00 committed by GitHub
parent 6968f4d6ff
commit 3fc925364f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
pkg/services/signingkeys/signingkeysimpl/service_test.go
View File

@ -18,7 +18,6 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"github.com/grafana/grafana/pkg/api/routing" "github.com/grafana/grafana/pkg/api/routing"
"github.com/grafana/grafana/pkg/infra/db"
"github.com/grafana/grafana/pkg/infra/localcache" "github.com/grafana/grafana/pkg/infra/localcache"
"github.com/grafana/grafana/pkg/infra/log" "github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/infra/remotecache" "github.com/grafana/grafana/pkg/infra/remotecache"
@ -45,14 +44,10 @@ func getPrivateKey(t *testing.T, svc *Service) []byte {
return bytes return bytes
} }
func TestIntegrationEmbeddedKeyService_GetJWKS_OnlyPublicKeyShared(t *testing.T) { func TestEmbeddedKeyService_GetJWKS_OnlyPublicKeyShared(t *testing.T) {
if testing.Short() {
t.Skip("skipping integration test")
}
svc := &Service{ svc := &Service{
log: log.NewNopLogger(), log: log.NewNopLogger(),
store: signingkeystore.NewSigningKeyStore(db.InitTestDB(t)), store: signingkeystore.NewFakeStore(),
secretsService: secretstest.NewFakeSecretsService(), secretsService: secretstest.NewFakeSecretsService(),
remoteCache: remotecache.NewFakeCacheStorage(), remoteCache: remotecache.NewFakeCacheStorage(),
localCache: localcache.New(privateKeyTTL, 10*time.Hour), localCache: localcache.New(privateKeyTTL, 10*time.Hour),
@ -87,15 +82,11 @@ func TestIntegrationEmbeddedKeyService_GetJWKS_OnlyPublicKeyShared(t *testing.T)
} }
} }
func TestIntegrationEmbeddedKeyService_GetOrCreatePrivateKey(t *testing.T) { func TestEmbeddedKeyService_GetOrCreatePrivateKey(t *testing.T) {
if testing.Short() {
t.Skip("skipping integration test")
}
cacheStorage := remotecache.NewFakeCacheStorage() cacheStorage := remotecache.NewFakeCacheStorage()
svc := &Service{ svc := &Service{
log: log.NewNopLogger(), log: log.NewNopLogger(),
store: signingkeystore.NewSigningKeyStore(db.InitTestDB(t)), store: signingkeystore.NewFakeStore(),
secretsService: secretstest.NewFakeSecretsService(), secretsService: secretstest.NewFakeSecretsService(),
remoteCache: cacheStorage, remoteCache: cacheStorage,
localCache: localcache.New(privateKeyTTL, 10*time.Hour), localCache: localcache.New(privateKeyTTL, 10*time.Hour),

36
pkg/services/signingkeys/signingkeystore/store_test.go
View File

@ -17,23 +17,15 @@ func TestIntegrationSigningKeyStore(t *testing.T) {
t.Skip("skipping integration test") t.Skip("skipping integration test")
} }
setup := func() (context.Context, *Store) { ctx, store := context.Background(), NewSigningKeyStore(db.InitTestDB(t))
return context.Background(), NewSigningKeyStore(db.InitTestDB(t))
}
t.Run("Should successfully add new singing key", func(_ *testing.T) { t.Run("Should successfully add new singing key", func(_ *testing.T) {
ctx, store := setup()
key, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "1", AddedAt: time.Now().UTC(), PrivateKey: []byte{}}, false) key, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "1", AddedAt: time.Now().UTC(), PrivateKey: []byte{}}, false)
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, "1", key.KeyID) assert.Equal(t, "1", key.KeyID)
}) })
t.Run("Should return old key if already exists", func(_ *testing.T) { t.Run("Should return old key if already exists", func(_ *testing.T) {
ctx, store := setup()
key, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "1", PrivateKey: []byte{}, AddedAt: time.Now().UTC()}, false)
require.NoError(t, err)
assert.Equal(t, "1", key.KeyID)
// try to add the same key again with a different AddedAt // try to add the same key again with a different AddedAt
key2, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "1", PrivateKey: []byte{}, AddedAt: time.Now().Add(10 * time.Minute).UTC()}, false) key2, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "1", PrivateKey: []byte{}, AddedAt: time.Now().Add(10 * time.Minute).UTC()}, false)
require.ErrorIs(t, err, signingkeys.ErrSigningKeyAlreadyExists) require.ErrorIs(t, err, signingkeys.ErrSigningKeyAlreadyExists)
@ -41,38 +33,32 @@ func TestIntegrationSigningKeyStore(t *testing.T) {
}) })
t.Run("Should update old key when force is true", func(t *testing.T) { t.Run("Should update old key when force is true", func(t *testing.T) {
ctx, store := setup() key, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "2", PrivateKey: []byte{}, AddedAt: time.Now().UTC()}, false)
key, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "1", PrivateKey: []byte{}, AddedAt: time.Now().UTC()}, false)
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, "1", key.KeyID) assert.Equal(t, "2", key.KeyID)
// try to add the same key again with a different AddedAt and force is true // try to add the same key again with a different AddedAt and force is true
key2, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "1", PrivateKey: []byte{}, AddedAt: time.Now().Add(10 * time.Minute).UTC()}, true) key2, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "2", PrivateKey: []byte{}, AddedAt: time.Now().Add(10 * time.Minute).UTC()}, true)
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, "1", key2.KeyID) assert.Equal(t, "2", key2.KeyID)
assert.NotEqual(t, key.AddedAt, key2.AddedAt) assert.NotEqual(t, key.AddedAt, key2.AddedAt)
}) })
t.Run("Should update old key when expired", func(t *testing.T) { t.Run("Should update old key when expired", func(t *testing.T) {
ctx, store := setup() key, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "3", PrivateKey: []byte{}, AddedAt: time.Now().UTC(), ExpiresAt: &time.Time{}}, false)
key, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "1", PrivateKey: []byte{}, AddedAt: time.Now().UTC(), ExpiresAt: &time.Time{}}, false)
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, "1", key.KeyID) assert.Equal(t, "3", key.KeyID)
// try to add the same key again with a different AddedAt and force is false // try to add the same key again with a different AddedAt and force is false
key2, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "1", PrivateKey: []byte{}, AddedAt: time.Now().Add(10 * time.Minute).UTC()}, false) key2, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "3", PrivateKey: []byte{}, AddedAt: time.Now().Add(10 * time.Minute).UTC()}, false)
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, "1", key2.KeyID) assert.Equal(t, "3", key2.KeyID)
assert.NotEqual(t, key.AddedAt, key2.AddedAt) assert.NotEqual(t, key.AddedAt, key2.AddedAt)
}) })
t.Run("List should return all keys that are not expired", func(t *testing.T) { t.Run("List should return all keys that are not expired", func(t *testing.T) {
ctx, store := setup() // expire key 3
_, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "1", PrivateKey: []byte{}, AddedAt: time.Now().UTC()}, false) _, err := store.Add(ctx, &signingkeys.SigningKey{KeyID: "3", PrivateKey: []byte{}, AddedAt: time.Now().UTC(), ExpiresAt: &time.Time{}}, true)
require.NoError(t, err)
_, err = store.Add(ctx, &signingkeys.SigningKey{KeyID: "2", PrivateKey: []byte{}, AddedAt: time.Now().UTC(), ExpiresAt: &time.Time{}}, false)
require.NoError(t, err)
_, err = store.Add(ctx, &signingkeys.SigningKey{KeyID: "3", PrivateKey: []byte{}, AddedAt: time.Now().UTC()}, false)
require.NoError(t, err) require.NoError(t, err)
keys, err := store.List(ctx) keys, err := store.List(ctx)