Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: check for error messages from CI env #9953

Merged
merged 5 commits into from
Jul 12, 2022
Merged

test: check for error messages from CI env #9953

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c66fcf9
test: check for error messages from CI env
crenshaw-dev Jul 12, 2022
51b2357
more errors
crenshaw-dev Jul 12, 2022
a7ed2a2
look for error in the correct place
crenshaw-dev Jul 12, 2022
7ef6d28
fix more
crenshaw-dev Jul 12, 2022
8f60ce8
CI
crenshaw-dev Jul 12, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 17 additions & 4 deletions util/oidc/oidc_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"net/http/httptest"
"net/url"
"os"
"strings"
"testing"

gooidc "github.com/coreos/go-oidc"
Expand Down Expand Up @@ -133,7 +134,9 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleLogin(w, req)

assert.Contains(t, w.Body.String(), "certificate is not trusted")
if !strings.Contains(w.Body.String(), "certificate signed by unknown authority") && !strings.Contains(w.Body.String(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}

cdSettings.OIDCTLSInsecureSkipVerify = true

Expand All @@ -145,6 +148,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
app.HandleLogin(w, req)

assert.NotContains(t, w.Body.String(), "certificate is not trusted")
assert.NotContains(t, w.Body.String(), "certificate signed by unknown authority")
})

t.Run("dex certificate checking during login should toggle on config", func(t *testing.T) {
Expand All @@ -170,7 +174,9 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleLogin(w, req)

assert.Contains(t, w.Body.String(), "certificate signed by unknown authority")
if !strings.Contains(w.Body.String(), "certificate signed by unknown authority") && !strings.Contains(w.Body.String(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}

cdSettings.OIDCTLSInsecureSkipVerify = true

Expand All @@ -181,6 +187,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleLogin(w, req)

assert.NotContains(t, w.Body.String(), "certificate is not trusted")
assert.NotContains(t, w.Body.String(), "certificate signed by unknown authority")
})
}
Expand Down Expand Up @@ -211,7 +218,9 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleCallback(w, req)

assert.Contains(t, w.Body.String(), "certificate is not trusted")
if !strings.Contains(w.Body.String(), "certificate signed by unknown authority") && !strings.Contains(w.Body.String(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}

cdSettings.OIDCTLSInsecureSkipVerify = true

Expand All @@ -223,6 +232,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
app.HandleCallback(w, req)

assert.NotContains(t, w.Body.String(), "certificate is not trusted")
assert.NotContains(t, w.Body.String(), "certificate signed by unknown authority")
})

t.Run("dex certificate checking during oidc callback should toggle on config", func(t *testing.T) {
Expand All @@ -248,7 +258,9 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleCallback(w, req)

assert.Contains(t, w.Body.String(), "certificate signed by unknown authority")
if !strings.Contains(w.Body.String(), "certificate signed by unknown authority") && !strings.Contains(w.Body.String(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}

cdSettings.OIDCTLSInsecureSkipVerify = true

Expand All @@ -259,6 +271,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),

app.HandleCallback(w, req)

assert.NotContains(t, w.Body.String(), "certificate is not trusted")
assert.NotContains(t, w.Body.String(), "certificate signed by unknown authority")
})
}
Expand Down
21 changes: 17 additions & 4 deletions util/session/sessionmanager_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -550,8 +550,10 @@ rootCA: |
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
// If the root CA is being respected, we won't get this error.
// If the root CA is being respected, we won't get this error. The error message is environment-dependent, so
// we check for either of the error messages associated with a failed cert check.
assert.NotContains(t, err.Error(), "certificate is not trusted")
assert.NotContains(t, err.Error(), "certificate signed by unknown authority")
})

t.Run("OIDC provider is Dex, TLS is configured", func(t *testing.T) {
Expand Down Expand Up @@ -585,7 +587,10 @@ rootCA: |
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
assert.ErrorContains(t, err, "certificate signed by unknown authority")
require.Error(t, err)
if !strings.Contains(err.Error(), "certificate signed by unknown authority") && !strings.Contains(err.Error(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}
})

t.Run("OIDC provider is external, TLS is configured", func(t *testing.T) {
Expand Down Expand Up @@ -619,7 +624,10 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
assert.ErrorContains(t, err, "certificate is not trusted")
require.Error(t, err)
if !strings.Contains(err.Error(), "certificate signed by unknown authority") && !strings.Contains(err.Error(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}
})

t.Run("OIDC provider is Dex, TLS is configured", func(t *testing.T) {
Expand Down Expand Up @@ -653,7 +661,10 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
assert.ErrorContains(t, err, "certificate signed by unknown authority")
require.Error(t, err)
if !strings.Contains(err.Error(), "certificate signed by unknown authority") && !strings.Contains(err.Error(), "certificate is not trusted") {
t.Fatal("did not receive expected certificate verification failure error")
}
})

t.Run("OIDC provider is external, TLS is configured, OIDCTLSInsecureSkipVerify is true", func(t *testing.T) {
Expand Down Expand Up @@ -688,6 +699,7 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
require.NoError(t, err)

_, _, err = mgr.VerifyToken(tokenString)
assert.NotContains(t, err.Error(), "certificate is not trusted")
assert.NotContains(t, err.Error(), "certificate signed by unknown authority")
})

Expand Down Expand Up @@ -718,5 +730,6 @@ requestedScopes: ["oidc"]`, oidcTestServer.URL),
_, _, err = mgr.VerifyToken(tokenString)
// This is the error thrown when the test server's certificate _is_ being verified.
assert.NotContains(t, err.Error(), "certificate is not trusted")
assert.NotContains(t, err.Error(), "certificate signed by unknown authority")
})
}