Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TUF client unit tests are messy and use network calls #3878

Open
cmurphy opened this issue Sep 11, 2024 · 0 comments
Open

TUF client unit tests are messy and use network calls #3878

cmurphy opened this issue Sep 11, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@cmurphy
Copy link
Contributor

cmurphy commented Sep 11, 2024

Description

  1. This unit test does not use a temporary sandbox and therefore uses the user's existing TUF configuration, if it exists, as part of its test.

  2. Other related tests are properly sandboxed on the filesystem, but with the result that, if they were run in isolation, they would make real network calls to tuf-repo-cdn.sigstore.dev and are therefore not hermetic unit tests:

$ sudo tcpdump -i wlp0s20f3 dst host tuf-repo-cdn.sigstore.dev -c 3 &
[1] 1785765
$ tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wlp0s20f3, link-type EN10MB (Ethernet), snapshot length 262144 bytes

$ go test -run TestGetRekorPubKeys
15:38:07.583027 IP 192.168.0.44.48270 > 14.62.117.34.bc.googleusercontent.com.https: Flags [S], seq 2930179631, win 64240, options [mss 1460,sackOK,TS val 510888671 ecr 0,nop,wscale 7], length 0
15:38:07.591863 IP 192.168.0.44.48270 > 14.62.117.34.bc.googleusercontent.com.https: Flags [.], ack 1202518797, win 502, options [nop,nop,TS val 510888680 ecr 3859513012], length 0
15:38:07.592084 IP 192.168.0.44.48270 > 14.62.117.34.bc.googleusercontent.com.https: Flags [P.], seq 0:285, ack 1, win 502, options [nop,nop,TS val 510888680 ecr 3859513012], length 285
3 packets captured
19 packets received by filter
0 packets dropped by kernel
PASS
ok      github.com/sigstore/cosign/v2/pkg/cosign        0.285s
[1]+  Done                    sudo tcpdump -i wlp0s20f3 dst host tuf-repo-cdn.sigstore.dev -c 3
$

The improper sandboxing of the first test has the funny effect that the initialization done with the user's existing trust config for that test means the rest of the tests do not fetch updates from the mirror and so no network calls are made in practice, at least on a developer's machine (this may be different on a clean CI runner machine):

$ sudo tcpdump -i wlp0s20f3 dst host tuf-repo-cdn.sigstore.dev -c 3 &
[1] 1789835
$ tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wlp0s20f3, link-type EN10MB (Ethernet), snapshot length 262144 bytes

$ go test
PASS
ok      github.com/sigstore/cosign/v2/pkg/cosign        6.806s
$ fg
sudo tcpdump -i wlp0s20f3 dst host tuf-repo-cdn.sigstore.dev -c 3
^C
0 packets captured
6 packets received by filter
0 packets dropped by kernel

This may be fixed as part of #3548

Version

dee0b23
@cmurphy cmurphy added the bug Something isn't working label Sep 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cmurphy