Fix util test PKI options

Signed-off-by: joshvanl <me@joshvanl.dev>
dapr · Nov 28, 2023 · f35c9f2 · f35c9f2
1 parent abe8b80
commit f35c9f2
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 11 deletions.
diff --git a/go.mod b/go.mod
@@ -64,6 +64,7 @@ require (
 	google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405
 	google.golang.org/grpc v1.59.0
+	google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20
 	google.golang.org/protobuf v1.31.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.26.9

diff --git a/pkg/operator/api/api_test.go b/pkg/operator/api/api_test.go
@@ -194,7 +194,7 @@ func TestProcessComponentSecrets(t *testing.T) {
 func TestComponentUpdate(t *testing.T) {
 	appID := spiffeid.RequireFromString("spiffe://example.org/ns/ns1/app1")
 	serverID := spiffeid.RequireFromString("spiffe://example.org/ns/dapr-system/dapr-operator")
-	pki := util.GenPKI(t, util.Options{
+	pki := util.GenPKI(t, util.PKIOptions{
 		LeafID:   serverID,
 		ClientID: appID,
 	})
@@ -317,7 +317,7 @@ func TestComponentUpdate(t *testing.T) {
 func TestHTTPEndpointUpdate(t *testing.T) {
 	appID := spiffeid.RequireFromString("spiffe://example.org/ns/ns1/app1")
 	serverID := spiffeid.RequireFromString("spiffe://example.org/ns/dapr-system/dapr-operator")
-	pki := util.GenPKI(t, util.Options{
+	pki := util.GenPKI(t, util.PKIOptions{
 		LeafID:   serverID,
 		ClientID: appID,
 	})
@@ -411,7 +411,7 @@ func TestHTTPEndpointUpdate(t *testing.T) {
 func TestListsNamespaced(t *testing.T) {
 	appID := spiffeid.RequireFromString("spiffe://example.org/ns/namespace-a/app1")
 	serverID := spiffeid.RequireFromString("spiffe://example.org/ns/dapr-system/dapr-operator")
-	pki := util.GenPKI(t, util.Options{
+	pki := util.GenPKI(t, util.PKIOptions{
 		LeafID:   serverID,
 		ClientID: appID,
 	})

diff --git a/pkg/operator/api/authz_test.go b/pkg/operator/api/authz_test.go
@@ -28,7 +28,7 @@ import (
 func Test_authzRequest(t *testing.T) {
 	appID := spiffeid.RequireFromString("spiffe://example.org/ns/ns1/app1")
 	serverID := spiffeid.RequireFromString("spiffe://example.org/ns/dapr-system/dapr-operator")
-	pki := util.GenPKI(t, util.Options{LeafID: serverID, ClientID: appID})
+	pki := util.GenPKI(t, util.PKIOptions{LeafID: serverID, ClientID: appID})
 
 	t.Run("no auth context should error", func(t *testing.T) {
 		err := new(apiServer).authzRequest(context.Background(), "ns1")
@@ -50,7 +50,7 @@ func Test_authzRequest(t *testing.T) {
 
 	t.Run("invalid SPIFFE path should error", func(t *testing.T) {
 		appID := spiffeid.RequireFromString("spiffe://example.org/foo/bar")
-		pki2 := util.GenPKI(t, util.Options{LeafID: serverID, ClientID: appID})
+		pki2 := util.GenPKI(t, util.PKIOptions{LeafID: serverID, ClientID: appID})
 		err := new(apiServer).authzRequest(pki2.ClientGRPCCtx(t), "ns1")
 		assert.Error(t, err)
 		assert.Equal(t, codes.PermissionDenied, status.Code(err))

diff --git a/tests/e2e/service_invocation/service_invocation_test.go b/tests/e2e/service_invocation/service_invocation_test.go
@@ -80,7 +80,9 @@ func TestMain(m *testing.M) {
 	utils.SetupLogs("service_invocation")
 	utils.InitHTTPClient(false)
 
-	pki, err := util.GenPKI("service-invocation-external")
+	pki, err := util.GenPKI(t, util.PKIOptions{
+		LeafDNS: "service-invocation-external",
+	})
 	if err != nil {
 		fmt.Println(err)
 		os.Exit(-1)

diff --git a/tests/integration/suite/daprd/serviceinvocation/http/httpendpoints.go b/tests/integration/suite/daprd/serviceinvocation/http/httpendpoints.go
@@ -46,8 +46,8 @@ type httpendpoints struct {
 }
 
 func (h *httpendpoints) Setup(t *testing.T) []framework.Option {
-	pki1 := testsutil.GenPKI(t, testsutil.Options{LeafDNS: "localhost"})
-	pki2 := testsutil.GenPKI(t, testsutil.Options{LeafDNS: "localhost"})
+	pki1 := testsutil.GenPKI(t, testsutil.PKIOptions{LeafDNS: "localhost"})
+	pki2 := testsutil.GenPKI(t, testsutil.PKIOptions{LeafDNS: "localhost"})
 
 	newHTTPServer := func() *prochttp.HTTP {
 		handler := http.NewServeMux()

diff --git a/tests/integration/suite/operator/api/authz.go b/tests/integration/suite/operator/api/authz.go
@@ -47,7 +47,8 @@ func init() {
 	suite.Register(new(authz))
 }
 
-// authz tests the authz of the operator API
+// authz tests the authz of the operator API which is based on client request
+// namespace.
 type authz struct {
 	sentry  *procsentry.Sentry
 	kubeapi *kubernetes.Kubernetes

diff --git a/tests/util/pki.go b/tests/util/pki.go
@@ -39,7 +39,7 @@ import (
 	"google.golang.org/grpc/peer"
 )
 
-type Options struct {
+type PKIOptions struct {
 	LeafDNS   string
 	LeafID    spiffeid.ID
 	ClientDNS string
@@ -62,7 +62,7 @@ type PKI struct {
 	clientID spiffeid.ID
 }
 
-func GenPKI(t *testing.T, opts Options) PKI {
+func GenPKI(t *testing.T, opts PKIOptions) PKI {
 	t.Helper()
 
 	rootPK, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)