-
Notifications
You must be signed in to change notification settings - Fork 484
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Integration tests for windows service support (#3733)
* Create integration tests for windows service support Signed-off-by: Guilherme Carvalho <[email protected]>
- Loading branch information
1 parent
0f20b0a
commit 968a198
Showing
16 changed files
with
275 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
#!/bin/bash | ||
|
||
"${ROOTDIR}/setup/x509pop/setup.sh" conf/server conf/agent |
8 changes: 8 additions & 0 deletions
8
test/integration/suites-windows/windows-service/01-start-server-service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
#!/bin/bash | ||
source ./common | ||
|
||
docker-up spire-server | ||
|
||
create-service spire-server C:/spire/bin/spire-server.exe | ||
start-service spire-server run -config C:/spire/conf/server/server.conf | ||
assert-service-status spire-server RUNNING |
5 changes: 5 additions & 0 deletions
5
test/integration/suites-windows/windows-service/02-bootstrap-agent
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#!/bin/bash | ||
|
||
log-debug "bootstrapping agent..." | ||
docker-compose exec -T spire-server \ | ||
c:/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt || fail-now "failed to bootstrap agent" |
8 changes: 8 additions & 0 deletions
8
test/integration/suites-windows/windows-service/03-start-agent-service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
#!/bin/bash | ||
source ./common | ||
|
||
docker-up spire-agent | ||
|
||
create-service spire-agent C:/spire/bin/spire-agent.exe | ||
start-service spire-agent run -config C:/spire/conf/agent/agent.conf | ||
assert-service-status spire-agent RUNNING |
12 changes: 12 additions & 0 deletions
12
test/integration/suites-windows/windows-service/04-create-registration-entries
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
#!/bin/bash | ||
source ./common | ||
|
||
log-debug "creating regular registration entry..." | ||
docker-compose exec -T spire-server \ | ||
c:/spire/bin/spire-server entry create \ | ||
-parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ | ||
-spiffeID "spiffe://domain.test/workload" \ | ||
-selector "windows:user_name:User Manager\ContainerUser" \ | ||
-ttl 0 | ||
|
||
assert-synced-entry "spiffe://domain.test/workload" |
9 changes: 9 additions & 0 deletions
9
test/integration/suites-windows/windows-service/05-test-fetch-svid
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#!/bin/bash | ||
|
||
log-debug "test fetch x509 SVID..." | ||
docker-compose exec -T -u ContainerUser spire-agent \ | ||
c:/spire/bin/spire-agent api fetch x509 || fail-now "failed to fetch x509" | ||
|
||
log-debug "test fetch JWT SVID..." | ||
docker-compose exec -T -u ContainerUser spire-agent \ | ||
c:/spire/bin/spire-agent api fetch jwt -audience mydb || fail-now "failed to fetch JWT" |
10 changes: 10 additions & 0 deletions
10
test/integration/suites-windows/windows-service/06-test-graceful-shutdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
#!/bin/bash | ||
source ./common | ||
|
||
stop-service spire-agent | ||
assert-service-status spire-agent STOPPED | ||
assert-graceful-shutdown agent | ||
|
||
stop-service spire-server | ||
assert-service-status spire-server STOPPED | ||
assert-graceful-shutdown server |
8 changes: 8 additions & 0 deletions
8
test/integration/suites-windows/windows-service/07-test-service-failing-to-start
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
#!/bin/bash | ||
source ./common | ||
|
||
start-service spire-server run -config invalid-config-path | ||
assert-service-status spire-server STOPPED | ||
|
||
start-service spire-agent run -config invalid-config-path | ||
assert-service-status spire-agent STOPPED |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# SPIRE Server CLI Suite | ||
|
||
## Description | ||
|
||
This suite validates that we can run both spire agent and spire server natively on Windows OS, asserting that spire components | ||
can run as a [windows service application](https://learn.microsoft.com/en-us/dotnet/framework/windows-services/introduction-to-windows-service-applications#service-applications-vs-other-visual-studio-applications), | ||
and perform [service state transitions](https://learn.microsoft.com/en-us/windows/win32/services/service-status-transitions). | ||
|
||
The suite steps are structured as follows: | ||
|
||
1. Spire server and agent are installed as Windows services. | ||
2. Spire server and agent services starts, their respective status is asserted as **_RUNNING_**, and the node attestation | ||
is performed with x509pop. | ||
3. Workload registration entries are created. | ||
4. The feature of fetching SVIDs (x509 and JWT) is asserted with the running spire agent service. | ||
5. Spire server and agent services are stopped, their respective status is asserted as **_STOPPED_**, and graceful | ||
shutdown is verified via application logs. | ||
6. Spire server and agent services are started again, but this time with an invalid config; their respective status is | ||
asserted as **_STOPPED_**. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
#!/bin/bash | ||
|
||
assert-synced-entry() { | ||
# Check at most 30 times (with one second in between) that the agent has | ||
# successfully synced down the workload entry. | ||
MAXCHECKS=30 | ||
CHECKINTERVAL=1 | ||
for ((i=1;i<=MAXCHECKS;i++)); do | ||
log-info "checking for synced entry ($i of $MAXCHECKS max)..." | ||
if grep -wq "$1" conf/agent/logs.txt; then | ||
return 0 | ||
fi | ||
sleep "${CHECKINTERVAL}" | ||
done | ||
|
||
fail-now "timed out waiting for agent to sync down entry" | ||
} | ||
|
||
assert-service-status() { | ||
MAXCHECKS=10 | ||
CHECKINTERVAL=1 | ||
for ((i=1;i<=MAXCHECKS;i++)); do | ||
log-info "checking for $1 service $2 ($i of $MAXCHECKS max)..." | ||
scCommand=$([ "$2" == "STOPPED" ] && echo "query" || echo "interrogate") | ||
if docker-compose exec -T -u ContainerAdministrator "$1" sc "$scCommand" "$1" | grep -wq "$2"; then | ||
log-info "$1 is in $2 state" | ||
return 0 | ||
fi | ||
sleep "${CHECKINTERVAL}" | ||
done | ||
|
||
fail-now "$1 service failed to reach $2 state" | ||
} | ||
|
||
assert-graceful-shutdown() { | ||
MAXCHECKS=10 | ||
CHECKINTERVAL=1 | ||
for ((i=1;i<=MAXCHECKS;i++)); do | ||
log-info "checking for graceful shutdown ($i of $MAXCHECKS max)..." | ||
if grep -wq "stopped gracefully" conf/"$1"/logs.txt; then | ||
log-info "$1 stopped gracefully" | ||
return 0 | ||
fi | ||
sleep "${CHECKINTERVAL}" | ||
done | ||
|
||
fail-now "timed out waiting for $1 graceful shutdown" | ||
} | ||
|
||
create-service() { | ||
log-info "creating $1 service..." | ||
docker-compose exec -T -u ContainerAdministrator "$1" \ | ||
sc create "$1" binPath="$2" || grep "STOPPED" fail-now "failed to create $1 service" | ||
} | ||
|
||
stop-service() { | ||
log-info "stopping $1 service..." | ||
docker-compose exec -T -u ContainerAdministrator "$1" \ | ||
sc stop "$1" || fail-now "failed to stop $1 service" | ||
} | ||
|
||
start-service(){ | ||
log-info "starting $1 service..." | ||
docker-compose exec -T -u ContainerAdministrator "$1" \ | ||
sc start "$@" | grep -wq "START_PENDING" || fail-now "failed to start $2 service" | ||
} |
25 changes: 25 additions & 0 deletions
25
test/integration/suites-windows/windows-service/conf/agent/agent.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
agent { | ||
data_dir = "c:/spire/data/agent" | ||
log_level = "DEBUG" | ||
server_address = "spire-server" | ||
log_file ="c:/spire/conf/agent/logs.txt" | ||
server_port = "8081" | ||
trust_bundle_path = "c:/spire/conf/agent/bootstrap.crt" | ||
trust_domain = "domain.test" | ||
} | ||
|
||
plugins { | ||
NodeAttestor "x509pop" { | ||
plugin_data { | ||
private_key_path = "c:/spire/conf/agent/agent.key.pem" | ||
certificate_path = "c:/spire/conf/agent/agent.crt.pem" | ||
} | ||
} | ||
KeyManager "disk" { | ||
plugin_data { | ||
directory = "c:/spire/data/agent" | ||
} | ||
} | ||
WorkloadAttestor "windows" { | ||
} | ||
} |
25 changes: 25 additions & 0 deletions
25
test/integration/suites-windows/windows-service/conf/server/server.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
server { | ||
bind_address = "0.0.0.0" | ||
bind_port = "8081" | ||
trust_domain = "domain.test" | ||
log_file ="c:/spire/conf/server/logs.txt" | ||
data_dir = "c:/spire/data/server" | ||
log_level = "DEBUG" | ||
} | ||
|
||
plugins { | ||
DataStore "sql" { | ||
plugin_data { | ||
database_type = "sqlite3" | ||
connection_string = "c:/spire/data/server/datastore.sqlite3" | ||
} | ||
} | ||
NodeAttestor "x509pop" { | ||
plugin_data { | ||
ca_bundle_path = "c:/spire/conf/server/agent-cacert.pem" | ||
} | ||
} | ||
KeyManager "memory" { | ||
plugin_data = {} | ||
} | ||
} |
24 changes: 24 additions & 0 deletions
24
test/integration/suites-windows/windows-service/docker-compose.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
version: '3' | ||
|
||
services: | ||
spire-server: | ||
image: spire-server-windows:latest-local | ||
hostname: spire-server | ||
volumes: | ||
- ./conf/server:c:/spire/conf/server | ||
user: ContainerAdministrator | ||
entrypoint: | ||
- cmd | ||
command: | ||
- cmd /c ping -t localhost > NUL | ||
spire-agent: | ||
image: spire-agent-windows:latest-local | ||
hostname: spire-agent | ||
depends_on: ["spire-server"] | ||
volumes: | ||
- ./conf/agent:c:/spire/conf/agent | ||
user: ContainerAdministrator | ||
entrypoint: | ||
- cmd | ||
command: | ||
- cmd /c ping -t localhost > NUL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/bin/bash | ||
|
||
if [ -z "$SUCCESS" ]; then | ||
docker-compose logs | ||
fi | ||
docker-down |