Integration tests for windows service support #3733
Conversation
Signed-off-by: Guilherme Carvalho <guilhermbrsp@gmail.com>
Signed-off-by: Guilherme Carvalho <guilhermbrsp@gmail.com>
…tainers Signed-off-by: Guilherme Carvalho <guilhermbrsp@gmail.com>
Signed-off-by: Guilherme Carvalho <guilhermbrsp@gmail.com>
guilhermocc
requested review from
evan2645,
amartinezfayo,
azdagron,
MarcosDY and
rturner3
as code owners
guilhermocc
changed the title
Signed-off-by: Guilherme Carvalho <guilhermbrsp@gmail.com>
Signed-off-by: Guilherme Carvalho <guilhermbrsp@gmail.com>
guilhermocc
changed the title
Signed-off-by: Guilherme Carvalho <guilhermbrsp@gmail.com>
| @@ -20,7 +25,10 @@ type systemCall struct { | |||
| } | |||
|
|
|||
| func (s *systemCall) IsWindowsService() (bool, error) { | |||
| return svc.IsWindowsService() | |||
| // We are using a custom function because the svc.IsWindowsService() one still has an open issue in which it states | |||
| // that it is not working properly in Windows containers: https://github.com/golang/go/issues/56335. Soon as we have | |||
There was a problem hiding this comment.
Is it worth submitting a PR? That issue has a help wanted tag and it seems like you have a fix below.
There was a problem hiding this comment.
A PR is already opened for this, in fact, the custom function with the workaround is based on the opened solution proposal: golang/sys#141
| @@ -0,0 +1,6 @@ | |||
| #!/bin/bash | |||
|
|
|||
| pwd | |||
There was a problem hiding this comment.
Not sure if it is actually required, I took it from another test sample (windows workload attestor). I'm going to check if it is really necessary.
| create-service spire-server C:\\spire\\bin\\spire-server.exe | ||
| start-service spire-server run -config C:/spire/conf/server/server.conf |
There was a problem hiding this comment.
is it possible to be consistent and use \\ or / in all places?
There was a problem hiding this comment.
Sure! nice suggestion
| docker-compose exec -T -u ContainerUser spire-base \ | ||
| c:/spire/bin/spire-agent api fetch jwt -audience mydb fail-now "failed to fetch x509" |
There was a problem hiding this comment.
| docker-compose exec -T -u ContainerUser spire-base \ | |
| c:/spire/bin/spire-agent api fetch jwt -audience mydb fail-now "failed to fetch x509" | |
| docker-compose exec -T -u ContainerUser spire-base \ | |
| c:/spire/bin/spire-agent api fetch jwt -audience mydb || fail-now "failed to fetch JWT" |
|
|
||
| FROM spire-server-windows:latest-local as spire-base | ||
|
|
||
| COPY --from=spire-agent-windows C:/spire/bin/spire-agent.exe C:/spire/bin/spire-agent.exe |
There was a problem hiding this comment.
why you choose to use the same container to start both services?
There was a problem hiding this comment.
So, in this initial version, I tried to reproduce a test that I ran manually on my local machine (spire server and agent on the same host). Still, I see that a more realistic scenario would be running them in different hosts, right? I can update it :)
There was a problem hiding this comment.
yeah that is 'generally' the case
Signed-off-by: Guilherme Carvalho <guilhermbrsp@gmail.com>
Signed-off-by: Guilherme Carvalho <guilhermbrsp@gmail.com>
guilhermocc
requested review from
MarcosDY and
faisal-memon
and removed request for
MarcosDY and
faisal-memon
* Create integration tests for windows service support Signed-off-by: Guilherme Carvalho <guilhermbrsp@gmail.com>
Pull Request check list
Affected functionality
Running spire as a windows service inside windows containers.
Description of change
Which issue this PR fixes
Complement for #3490