Skip to content

Commit

Permalink
test: deflake session extend config side-effect
Browse files Browse the repository at this point in the history
  • Loading branch information
zepatrik committed Jun 13, 2024
1 parent b29dff3 commit 73d6ce7
Show file tree
Hide file tree
Showing 17 changed files with 532 additions and 427 deletions.
72 changes: 32 additions & 40 deletions cipher/cipher_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ import (
"fmt"
"testing"

"github.com/ory/x/configx"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

Expand All @@ -18,10 +20,11 @@ import (
"github.com/ory/kratos/internal"
)

var goodSecret = []string{"secret-thirty-two-character-long"}

func TestCipher(t *testing.T) {
ctx := context.Background()
cfg, reg := internal.NewFastRegistryWithMocks(t)
goodSecret := []string{"secret-thirty-two-character-long"}
_, reg := internal.NewFastRegistryWithMocks(t, configx.WithValue(config.ViperKeySecretsDefault, goodSecret))

ciphers := []cipher.Cipher{
cipher.NewCryptAES(reg),
Expand All @@ -30,82 +33,71 @@ func TestCipher(t *testing.T) {

for _, c := range ciphers {
t.Run(fmt.Sprintf("cipher=%T", c), func(t *testing.T) {
t.Parallel()

t.Run("case=all_work", func(t *testing.T) {
cfg.MustSet(ctx, config.ViperKeySecretsCipher, goodSecret)
testAllWork(t, c, cfg)
t.Parallel()

testAllWork(ctx, t, c)
})

t.Run("case=encryption_failed", func(t *testing.T) {
// unset secret
err := cfg.Set(ctx, config.ViperKeySecretsCipher, []string{})
require.NoError(t, err)
t.Parallel()

ctx := config.WithConfigValue(ctx, config.ViperKeySecretsCipher, []string{""})

// secret have to be set
_, err = c.Encrypt(context.Background(), []byte("not-empty"))
_, err := c.Encrypt(ctx, []byte("not-empty"))
require.Error(t, err)
var hErr *herodot.DefaultError
require.ErrorAs(t, err, &hErr)
assert.Equal(t, "Unable to encrypt message because no cipher secrets were configured.", hErr.Reason())

// unset secret
err = cfg.Set(ctx, config.ViperKeySecretsCipher, []string{"bad-length"})
require.NoError(t, err)
ctx = config.WithConfigValue(ctx, config.ViperKeySecretsCipher, []string{"bad-length"})

// bad secret length
_, err = c.Encrypt(context.Background(), []byte("not-empty"))
if e, ok := err.(*herodot.DefaultError); ok {
t.Logf("reason contains: %s", e.Reason())
}
t.Logf("err type %T contains: %s", err, err.Error())
require.Error(t, err)
_, err = c.Encrypt(ctx, []byte("not-empty"))
require.ErrorAs(t, err, &hErr)
assert.Equal(t, "Unable to encrypt message because no cipher secrets were configured.", hErr.Reason())
})

t.Run("case=decryption_failed", func(t *testing.T) {
// set secret
err := cfg.Set(ctx, config.ViperKeySecretsCipher, goodSecret)
require.NoError(t, err)
t.Parallel()

//
_, err = c.Decrypt(context.Background(), hex.EncodeToString([]byte("bad-data")))
_, err := c.Decrypt(ctx, hex.EncodeToString([]byte("bad-data")))
require.Error(t, err)

_, err = c.Decrypt(context.Background(), "not-empty")
_, err = c.Decrypt(ctx, "not-empty")
require.Error(t, err)

// unset secret
err = cfg.Set(ctx, config.ViperKeySecretsCipher, []string{})
require.NoError(t, err)

_, err = c.Decrypt(context.Background(), "not-empty")
_, err = c.Decrypt(config.WithConfigValue(ctx, config.ViperKeySecretsCipher, []string{""}), "not-empty")
require.Error(t, err)
})
})
}

c := cipher.NewNoop(reg)
t.Run(fmt.Sprintf("cipher=%T", c), func(t *testing.T) {
cfg.MustSet(ctx, config.ViperKeySecretsCipher, goodSecret)
testAllWork(t, c, cfg)
t.Parallel()
testAllWork(ctx, t, c)
})
}

func testAllWork(t *testing.T, c cipher.Cipher, cfg *config.Config) {
ctx := context.Background()

goodSecret := []string{"secret-thirty-two-character-long"}
cfg.MustSet(ctx, config.ViperKeySecretsCipher, goodSecret)

func testAllWork(ctx context.Context, t *testing.T, c cipher.Cipher) {
message := "my secret message!"

encryptedSecret, err := c.Encrypt(context.Background(), []byte(message))
encryptedSecret, err := c.Encrypt(ctx, []byte(message))
require.NoError(t, err)

decryptedSecret, err := c.Decrypt(context.Background(), encryptedSecret)
decryptedSecret, err := c.Decrypt(ctx, encryptedSecret)
require.NoError(t, err, "encrypted", encryptedSecret)
assert.Equal(t, message, string(decryptedSecret))

// data to encrypt return blank result
_, err = c.Encrypt(context.Background(), []byte(""))
_, err = c.Encrypt(ctx, []byte(""))
require.NoError(t, err)

// empty encrypted data return blank
_, err = c.Decrypt(context.Background(), "")
_, err = c.Decrypt(ctx, "")
require.NoError(t, err)
}
4 changes: 2 additions & 2 deletions cmd/courier/watch_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"github.com/stretchr/testify/require"

"github.com/ory/kratos/internal"
"github.com/ory/x/configx"
)

func TestStartCourier(t *testing.T) {
Expand All @@ -27,10 +28,9 @@ func TestStartCourier(t *testing.T) {

t.Run("case=with metrics", func(t *testing.T) {
ctx, cancel := context.WithCancel(context.Background())
_, r := internal.NewFastRegistryWithMocks(t)
port, err := freeport.GetFreePort()
require.NoError(t, err)
r.Config().Set(ctx, "expose-metrics-port", port)
_, r := internal.NewFastRegistryWithMocks(t, configx.WithValue("expose-metrics-port", port))
go StartCourier(ctx, r)
time.Sleep(time.Second)
res, err := http.Get("http://" + r.Config().MetricsListenOn(ctx) + "/metrics/prometheus")
Expand Down
3 changes: 3 additions & 0 deletions cmd/hashers/argon2/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ import (
"reflect"
"strings"

"github.com/ory/x/contextx"

"github.com/spf13/cobra"
"github.com/spf13/pflag"

Expand Down Expand Up @@ -70,6 +72,7 @@ func configProvider(cmd *cobra.Command, flagConf *argon2Config) (*argon2Config,
cmd.Context(),
l,
cmd.ErrOrStderr(),
&contextx.Default{},
configx.WithFlags(cmd.Flags()),
configx.SkipValidation(),
configx.WithContext(cmd.Context()),
Expand Down
2 changes: 1 addition & 1 deletion courier/template/load_template_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ func TestLoadTextTemplate(t *testing.T) {
})

t.Run("case=disallowed resources", func(t *testing.T) {
require.NoError(t, reg.Config().GetProvider(ctx).Set(config.ViperKeyClientHTTPNoPrivateIPRanges, true))
require.NoError(t, reg.Config().Set(ctx, config.ViperKeyClientHTTPNoPrivateIPRanges, true))
reg.HTTPClient(ctx).RetryMax = 1
reg.HTTPClient(ctx).RetryWaitMax = time.Millisecond

Expand Down
16 changes: 9 additions & 7 deletions driver/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -367,13 +367,13 @@ func (s Schemas) FindSchemaByID(id string) (*Schema, error) {
return nil, errors.Errorf("unable to find identity schema with id: %s", id)
}

func MustNew(t testing.TB, l *logrusx.Logger, stdOutOrErr io.Writer, opts ...configx.OptionModifier) *Config {
p, err := New(context.TODO(), l, stdOutOrErr, opts...)
func MustNew(t testing.TB, l *logrusx.Logger, stdOutOrErr io.Writer, ctxer contextx.Contextualizer, opts ...configx.OptionModifier) *Config {
p, err := New(context.TODO(), l, stdOutOrErr, ctxer, opts...)
require.NoError(t, err)
return p
}

func New(ctx context.Context, l *logrusx.Logger, stdOutOrErr io.Writer, opts ...configx.OptionModifier) (*Config, error) {
func New(ctx context.Context, l *logrusx.Logger, stdOutOrErr io.Writer, ctxer contextx.Contextualizer, opts ...configx.OptionModifier) (*Config, error) {
var c *Config

opts = append([]configx.OptionModifier{
Expand Down Expand Up @@ -402,7 +402,7 @@ func New(ctx context.Context, l *logrusx.Logger, stdOutOrErr io.Writer, opts ...

l.UseConfig(p)

c = NewCustom(l, p, stdOutOrErr, &contextx.Default{})
c = NewCustom(l, p, stdOutOrErr, ctxer)

if !p.SkipValidation() {
if err := c.validateIdentitySchemas(ctx); err != nil {
Expand Down Expand Up @@ -518,12 +518,14 @@ func (p *Config) cors(ctx context.Context, prefix string) (cors.Options, bool) {
})
}

// Deprecatd: use context-based WithConfigValue instead
func (p *Config) Set(ctx context.Context, key string, value interface{}) error {
return p.GetProvider(ctx).Set(key, value)
return p.p.Set(key, value)
}

// Deprecated: use context-based WithConfigValue instead
func (p *Config) MustSet(ctx context.Context, key string, value interface{}) {
if err := p.GetProvider(ctx).Set(key, value); err != nil {
if err := p.p.Set(key, value); err != nil {
p.l.WithError(err).Fatalf("Unable to set \"%s\" to \"%s\".", key, value)
}
}
Expand Down Expand Up @@ -859,7 +861,7 @@ func (p *Config) SecretsCipher(ctx context.Context) [][32]byte {
result := make([][32]byte, len(cleanSecrets))
for n, s := range secrets {
for k, v := range []byte(s) {
result[n][k] = byte(v)
result[n][k] = v
}
}
return result
Expand Down
Loading

0 comments on commit 73d6ce7

Please sign in to comment.