Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix flakey server-acl-init tests with retries #1095

Merged
merged 3 commits into from
Mar 11, 2022
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
102 changes: 53 additions & 49 deletions control-plane/subcommand/server-acl-init/command_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1894,9 +1894,9 @@ func TestRun_ACLReplicationTokenValid(t *testing.T) {
// Test that replication was successful.
retry.Run(t, func(r *retry.R) {
replicationStatus, _, err := secondaryConsulClient.ACL().Replication(nil)
require.NoError(t, err)
require.True(t, replicationStatus.Enabled)
require.Greater(t, replicationStatus.ReplicatedIndex, uint64(0))
require.NoError(r, err)
require.True(r, replicationStatus.Enabled)
require.Greater(r, replicationStatus.ReplicatedIndex, uint64(0))
})

// Test that the client policy was created.
Expand Down Expand Up @@ -2280,45 +2280,47 @@ func TestRun_PoliciesAndBindingRulesACLLogin_SecondaryDatacenter(t *testing.T) {
datacenter = primaryDatacenter
}

// Check that the Role exists + has correct Policy and is associated with a BindingRule.
for i := range c.Roles {
// Check that the Policy exists.
policy, _, err := consul.ACL().PolicyReadByName(c.PolicyNames[i], &api.QueryOptions{Datacenter: primaryDatacenter})
require.NoError(t, err)
require.NotNil(t, policy)

// Check that the Role exists.
role, _, err := consul.ACL().RoleReadByName(c.Roles[i], &api.QueryOptions{Datacenter: datacenter})
require.NoError(t, err)
require.NotNil(t, role)
retry.Run(t, func(r *retry.R) {
// Check that the Role exists + has correct Policy and is associated with a BindingRule.
for i := range c.Roles {
// Check that the Policy exists.
policy, _, err := consul.ACL().PolicyReadByName(c.PolicyNames[i], &api.QueryOptions{Datacenter: primaryDatacenter})
require.NoError(r, err)
require.NotNil(r, policy)

// Check that the Role references the Policy.
found := false
for j := range role.Policies {
if role.Policies[j].Name == policy.Name {
found = true
break
// Check that the Role exists.
role, _, err := consul.ACL().RoleReadByName(c.Roles[i], &api.QueryOptions{Datacenter: datacenter})
require.NoError(r, err)
require.NotNil(r, role)

// Check that the Role references the Policy.
found := false
for j := range role.Policies {
if role.Policies[j].Name == policy.Name {
found = true
break
}
}
}
require.True(t, found)
require.True(r, found)

// Check that there exists a BindingRule that references this Role.
authMethodName := fmt.Sprintf("%s-%s", resourcePrefix, componentAuthMethod)
if c.GlobalAuthMethod {
authMethodName = fmt.Sprintf("%s-%s-%s", resourcePrefix, componentAuthMethod, secondaryDatacenter)
}
rb, _, err := consul.ACL().BindingRuleList(authMethodName, &api.QueryOptions{Datacenter: datacenter})
require.NoError(t, err)
require.NotNil(t, rb)
found = false
for j := range rb {
if rb[j].BindName == c.Roles[i] {
found = true
break
// Check that there exists a BindingRule that references this Role.
authMethodName := fmt.Sprintf("%s-%s", resourcePrefix, componentAuthMethod)
if c.GlobalAuthMethod {
authMethodName = fmt.Sprintf("%s-%s-%s", resourcePrefix, componentAuthMethod, secondaryDatacenter)
}
rb, _, err := consul.ACL().BindingRuleList(authMethodName, &api.QueryOptions{Datacenter: datacenter})
require.NoError(r, err)
require.NotNil(r, rb)
found = false
for j := range rb {
if rb[j].BindName == c.Roles[i] {
found = true
break
}
}
require.True(r, found)
}
require.True(t, found)
}
})
})
}
}
Expand Down Expand Up @@ -2544,18 +2546,20 @@ func TestRun_ValidateLoginToken_SecondaryDatacenter(t *testing.T) {
})
require.NoError(t, err)

tok, _, err := client.ACL().Login(&api.ACLLoginParams{
AuthMethod: authMethodName,
BearerToken: jwtToken,
Meta: map[string]string{},
}, &api.WriteOptions{})
require.NoError(t, err)

require.Equal(t, len(tok.Roles), len(c.Roles))
for _, role := range tok.Roles {
require.Contains(t, c.Roles, role.Name)
}
require.Equal(t, !c.GlobalToken, tok.Local)
retry.Run(t, func(r *retry.R) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we make this exact change to the corresponding test in command_ent_test as well, please?

tok, _, err := client.ACL().Login(&api.ACLLoginParams{
AuthMethod: authMethodName,
BearerToken: jwtToken,
Meta: map[string]string{},
}, &api.WriteOptions{})
require.NoError(r, err)

require.Equal(r, len(tok.Roles), len(c.Roles))
for _, role := range tok.Roles {
require.Contains(r, c.Roles, role.Name)
}
require.Equal(r, !c.GlobalToken, tok.Local)
})
})
}
}
Expand Down