From 3bff520d17aeeaa7b7eae4b82725a92419d3e2e1 Mon Sep 17 00:00:00 2001 From: Faisal Memon Date: Fri, 5 Apr 2024 13:04:07 -0700 Subject: [PATCH] Fix event being dropped on error (#5030) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fix event being dropped on error Signed-off-by: Faisal Memon * Fix missing event id bump Signed-off-by: Faisal Memon --------- Signed-off-by: Faisal Memon Co-authored-by: Andrew Harding Co-authored-by: Agustín Martínez Fayó --- .../endpoints/authorized_entryfetcher.go | 4 +- .../endpoints/authorized_entryfetcher_test.go | 62 +++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) diff --git a/pkg/server/endpoints/authorized_entryfetcher.go b/pkg/server/endpoints/authorized_entryfetcher.go index 09d8f7d1b2..7791f91ae9 100644 --- a/pkg/server/endpoints/authorized_entryfetcher.go +++ b/pkg/server/endpoints/authorized_entryfetcher.go @@ -160,10 +160,10 @@ func (a *AuthorizedEntryFetcherWithEventsBasedCache) updateAttestedNodesCache(ct if err != nil { return err } - a.lastAttestedNodeEventID = event.EventID if node == nil { a.cache.RemoveAgent(event.SpiffeID) + a.lastAttestedNodeEventID = event.EventID continue } @@ -176,10 +176,12 @@ func (a *AuthorizedEntryFetcherWithEventsBasedCache) updateAttestedNodesCache(ct agentExpiresAt := time.Unix(node.CertNotAfter, 0) if agentExpiresAt.Before(a.clk.Now()) { a.cache.RemoveAgent(event.SpiffeID) + a.lastAttestedNodeEventID = event.EventID continue } a.cache.UpdateAgent(node.SpiffeId, agentExpiresAt, api.ProtoFromSelectors(node.Selectors)) + a.lastAttestedNodeEventID = event.EventID } return nil diff --git a/pkg/server/endpoints/authorized_entryfetcher_test.go b/pkg/server/endpoints/authorized_entryfetcher_test.go index 0fa509a2b3..4071b81ae5 100644 --- a/pkg/server/endpoints/authorized_entryfetcher_test.go +++ b/pkg/server/endpoints/authorized_entryfetcher_test.go @@ -187,3 +187,65 @@ func TestBuildRegistrationEntriesCache(t *testing.T) { }) } } + +func TestUpdateAttestedNodesCache(t *testing.T) { + ctx := context.Background() + log, _ := test.NewNullLogger() + clk := clock.NewMock(t) + ds := fakedatastore.New(t) + + ef, err := NewAuthorizedEntryFetcherWithEventsBasedCache(ctx, log, clk, ds, defaultCacheReloadInterval, defaultPruneEventsOlderThan) + require.NoError(t, err) + require.NotNil(t, ef) + + agentID, err := spiffeid.FromString("spiffe://example.org/myagent") + require.NoError(t, err) + + _, err = ds.CreateAttestedNode(ctx, &common.AttestedNode{ + SpiffeId: agentID.String(), + CertNotAfter: time.Now().Add(5 * time.Hour).Unix(), + }) + require.NoError(t, err) + + for _, tt := range []struct { + name string + errs []error + expectedLastAttestedNodeEventID uint + }{ + { + name: "Error Listing Attested Node Events", + errs: []error{errors.New("listing attested node events")}, + expectedLastAttestedNodeEventID: uint(0), + }, + { + name: "Error Fetching Attested Node", + errs: []error{nil, errors.New("fetching attested node")}, + expectedLastAttestedNodeEventID: uint(0), + }, + { + name: "Error Getting Node Selectors", + errs: []error{nil, nil, errors.New("getting node selectors")}, + expectedLastAttestedNodeEventID: uint(0), + }, + { + name: "No Errors", + expectedLastAttestedNodeEventID: uint(1), + }, + } { + tt := tt + t.Run(tt.name, func(t *testing.T) { + for _, err = range tt.errs { + ds.AppendNextError(err) + } + + err = ef.updateAttestedNodesCache(ctx) + if len(tt.errs) > 0 { + assert.EqualError(t, err, tt.errs[len(tt.errs)-1].Error()) + } else { + assert.NoError(t, err) + } + + assert.Equal(t, tt.expectedLastAttestedNodeEventID, ef.lastAttestedNodeEventID) + }) + } +}