Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test: fix grpc health check #268

Merged
merged 6 commits into from
Nov 12, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 2 additions & 15 deletions charts/zitadel/acceptance/accessibility.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,14 @@ package acceptance

import (
"context"
"crypto/x509"
"errors"
"fmt"
"net/http"
"strconv"
"strings"
"sync"
"time"

mgmt_api "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/management"
mgmt_api "github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/management"

"github.com/gruntwork-io/terratest/modules/k8s"
corev1 "k8s.io/api/core/v1"
Expand Down Expand Up @@ -77,22 +75,11 @@ func (s *ConfigurationTest) checkAccessibility(pods []corev1.Pod) {
},
},
checkOptionsFunc(func(ctx context.Context) error {
randomInvalidKey := `{"type":"serviceaccount","keyId":"229185755715993707","key":"-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAm8bpVfzWJuZsEz1VfTrwSAdkbH+i/u2NS4dv60lwIjtXzrU7\n1xZkHw9jxqz+c+APTaTzp1KY49Dc/wcwXv032FuD1GK2ZSRnMaHm8QnNt8Xhi0e8\nBlu3QQmlqxWPCI67wDPUwXoSHM+r9gQXn2pOR0oonoLP+Gzef+RRj1zUFpZmHWPX\nxw4UWWHwl4xChw9iyO4HbZZGe6wBVYVWe2BnvviCVEeKapyjaCqokZES38S4+S2X\nit202xLlRDyXs3XFWmBzHGmEsxx3LZZor85Kbph/bGjDcV8rdQC1YKC++z8OhuLp\n79GltP7YWrfMN3Z8iRUJQY9APrKQYtljVkWrnQIDAQABAoIBAQCIRZrLyRHCF+LF\ndes6UPvv1t+n9oQtRLxNLV7f0m+Q0p7+yhZeE01kyn67R4yU65YXk0w+vIfZC1a4\nlp5fCl73Gx+ZBP2QPyczCPHRPIVE1Yt33zoByevmrjzKDGMC1nIyMmVVF6eOorFI\n1s2ffEycGqir+b1bEkoWUTJ0Gn3Cf1PE4vTgenHhCrYSvMsbmszQ5GDlfxNj27qf\nF2YrnLx11GplMYU0YEzGqSQHxw76rrmF7yiTvbB+olsjXWARAJxBriSlrF2BDYQk\n+HJ8MEwhWhncaZH1i0Xz/jarDBizpo2o1+K1ZqF6RBUknT72EPnMxI9JsvS4FH44\nZfbrujBhAoGBAMQnx6tO79GpnBIAr7iELyUu5F4mCdU6D0rOAiCjXPpCUAdCDuwX\nzROonIGXPPmhzXXtxebeTz4cf+P8p6tUnrqpl/f0Oi1DMOzv0jL/SAUDC9uUrg6k\nurXZT2dgeONwd1pADyNXSpbZfwRE5IoecFg6cgFi4kune0mdG3mr8QjpAoGBAMtN\nerrMc+4bc3GsmWG4FSXn3xlWMeVGIo2/owP2P5MuMu0ibjofZkl28y0xo8dJgWmv\nLiFSEOhUy+TXZK7K1a2+fD+AXHHaHkBjNbTmCaAbf7rZnuUL4iZVpQyIoTCVuAwo\nC6bsE4TcwGddk4yZj/WZ7v1be+uNgeYwQr2UshyVAoGAN8pYsBCzhR6IlVY8pG50\nOk8sBNss0MjCsLQHRuEwAL37pRTUybG7UmwSl4k8foPWvEP0lcWFJFVWyrGBvulC\nfDTgVFXSdi02LS3Iy1hwU3yaUsnm96NCt5YnT2/Q8l96kuDFbXfWbzFNPxmZJu+h\nZHa7FknZs0rfdgCJYAHXfIECgYEAw3kSqSrNyMICJOkkbO2W/+RLAUx8GwttS8dX\nkQaip/wCoTi6rQ3lxnslY23YIFRPpvL1srn6YbiudrCXMOz7uNtvEYt01082SQha\n6j1IQfZOwLRfb7EWV29/i2aPPWynEqEqWuuf9N5f7MLvjH9WCHpibJ4aryhXHqGG\nekvPWWUCgYA5qDsPk5ykRWEALbunzB/RkpxR6LTLSwriU/OzRswOiKo8UPqH4JZI\nOsFAgudG5H+UOEGMuaSvIq0PLbGex16PjKqUsRwgIoPdH8183f9fxZSJDmr7ELIy\nZJEvE3eJnYwMOpSEZS0VR5Sw0CmKV2Hhd+u6rRB8YjXMP0nAVg8eOA==\n-----END RSA PRIVATE KEY-----\n","userId":"229185755715600491"}`
conn, err := OpenGRPCConnection(s, []byte(randomInvalidKey))
if errors.As(err, &x509.UnknownAuthorityError{}) {
// The gRPC client doesn't support skipping the server cert validation
return nil
}
conn, err := OpenGRPCConnection(s, nil)
if err != nil {
return fmt.Errorf("couldn't create gRPC management client: %w", err)
}
_, err = conn.Healthz(ctx, &mgmt_api.HealthzRequest{})
// TODO: Why is the key checked on the healthz RPC?
if strings.Contains(err.Error(), "Errors.AuthNKey.NotFound") ||
strings.Contains(err.Error(), "Errors.User.NotFound") ||
strings.Contains(err.Error(), "assertion invalid") {
err = nil
}
return err
}))
for i := range pods {
Expand Down
2 changes: 1 addition & 1 deletion charts/zitadel/acceptance/authenticate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
"github.com/gruntwork-io/terratest/modules/k8s"
"github.com/zitadel/oidc/pkg/oidc"
"github.com/zitadel/zitadel-charts/charts/zitadel/acceptance"
mgmt_api "github.com/zitadel/zitadel-go/v2/pkg/client/zitadel/management"
mgmt_api "github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/management"
"net/http"
"net/url"
"strings"
Expand Down
39 changes: 26 additions & 13 deletions charts/zitadel/acceptance/grpc.go
Original file line number Diff line number Diff line change
@@ -1,19 +1,32 @@
package acceptance

import (
"fmt"
"github.com/zitadel/zitadel-go/v2/pkg/client/management"
"github.com/zitadel/zitadel-go/v2/pkg/client/middleware"
"github.com/zitadel/zitadel-go/v2/pkg/client/zitadel"
oidc_client "github.com/zitadel/oidc/v3/pkg/client"
"github.com/zitadel/zitadel-go/v3/pkg/client"
"github.com/zitadel/zitadel-go/v3/pkg/client/zitadel/management"
"github.com/zitadel/zitadel-go/v3/pkg/zitadel"
"strconv"
)

func OpenGRPCConnection(cfg *ConfigurationTest, key []byte) (*management.Client, error) {
conn, err := management.NewClient(
cfg.APIBaseURL(),
fmt.Sprintf("%s:%d", cfg.Domain, cfg.Port),
[]string{zitadel.ScopeZitadelAPI()},
zitadel.WithJWTProfileTokenSource(middleware.JWTProfileFromFileData(key)),
zitadel.WithInsecure(),
)
return conn, err
func OpenGRPCConnection(cfg *ConfigurationTest, key []byte) (management.ManagementServiceClient, error) {
var clientOptions []client.Option
if key != nil {
keyFile, err := oidc_client.ConfigFromKeyFileData(key)
if err != nil {
return nil, err
}
clientOptions = append(clientOptions, client.WithAuth(client.JWTAuthentication(keyFile, client.ScopeZitadelAPI())))
}
zitadelOptions := []zitadel.Option{
zitadel.WithPort(cfg.Port),
zitadel.WithInsecureSkipVerifyTLS(),
}
if cfg.Scheme != "https" {
zitadelOptions = append(zitadelOptions, zitadel.WithInsecure(strconv.Itoa(int(cfg.Port))))
}
c, err := client.New(cfg.Ctx, zitadel.New(cfg.Domain, zitadelOptions...), clientOptions...)
if err != nil {
return nil, err
}
return c.ManagementService(), nil
}
4 changes: 2 additions & 2 deletions examples/7-self-signed/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,10 @@ helm install my-zitadel zitadel/zitadel --values https://raw.githubusercontent.c
When ZITADEL is ready, you can access the GUI via port-forwarding:

```bash
kubectl port-forward svc/my-zitadel 8080
kubectl port-forward svc/my-zitadel 8443:8080
```

Now, open https://my-iam.127.0.0.1.sslip.io:8080 in your browser and log in with the following credentials:
Now, open https://my-iam.127.0.0.1.sslip.io:8443 in your browser and log in with the following credentials:

**Username**: zitadel-admin@zitadel.my-iam.127.0.0.1.sslip.io
**Password**: Password1!
1 change: 1 addition & 0 deletions examples/7-self-signed/zitadel-values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ zitadel:
additionalDnsName: my-iam.127.0.0.1.sslip.io
configmapConfig:
ExternalSecure: true
ExternalPort: 8443
ExternalDomain: my-iam.127.0.0.1.sslip.io
TLS:
Enabled: true
Expand Down
39 changes: 24 additions & 15 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@ require (
github.com/jinzhu/copier v0.4.0
github.com/stretchr/testify v1.9.0
github.com/zitadel/oidc v1.13.5
github.com/zitadel/zitadel-go/v2 v2.2.8
github.com/zitadel/oidc/v3 v3.30.0
github.com/zitadel/zitadel-go/v3 v3.3.0
gopkg.in/yaml.v3 v3.0.1
k8s.io/api v0.31.2
k8s.io/apimachinery v0.31.2
Expand All @@ -22,11 +23,13 @@ require (
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/emicklei/go-restful/v3 v3.12.0 // indirect
github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect
github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/ghodss/yaml v1.0.0 // indirect
github.com/go-errors/errors v1.5.1 // indirect
github.com/go-jose/go-jose/v4 v4.0.4 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
Expand All @@ -43,10 +46,9 @@ require (
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/gorilla/schema v1.4.1 // indirect
github.com/gorilla/securecookie v1.1.2 // indirect
github.com/gorilla/websocket v1.5.1 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
github.com/gruntwork-io/go-commons v0.17.1 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
Expand All @@ -66,30 +68,37 @@ require (
github.com/moby/spdystream v0.4.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/muhlemmer/gu v0.3.1 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/pquerna/otp v1.4.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/texttheater/golang-levenshtein v1.0.1 // indirect
github.com/urfave/cli/v2 v2.27.2 // indirect
github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect
github.com/x448/float16 v0.8.4 // indirect
github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
golang.org/x/crypto v0.24.0 // indirect
golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
golang.org/x/net v0.26.0 // indirect
golang.org/x/oauth2 v0.21.0 // indirect
golang.org/x/sync v0.7.0 // indirect
golang.org/x/sys v0.21.0 // indirect
golang.org/x/term v0.21.0 // indirect
golang.org/x/text v0.16.0 // indirect
github.com/zitadel/logging v0.6.0 // indirect
github.com/zitadel/schema v1.3.0 // indirect
go.opentelemetry.io/otel v1.29.0 // indirect
go.opentelemetry.io/otel/metric v1.29.0 // indirect
go.opentelemetry.io/otel/trace v1.29.0 // indirect
golang.org/x/crypto v0.26.0 // indirect
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
golang.org/x/net v0.28.0 // indirect
golang.org/x/oauth2 v0.23.0 // indirect
golang.org/x/sync v0.8.0 // indirect
golang.org/x/sys v0.24.0 // indirect
golang.org/x/term v0.23.0 // indirect
golang.org/x/text v0.18.0 // indirect
golang.org/x/time v0.5.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e // indirect
google.golang.org/grpc v1.64.1 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
google.golang.org/grpc v1.67.0 // indirect
google.golang.org/protobuf v1.34.2 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
Expand Down
Loading