From a57ac269d58253e34998d93cc03a06a1de937df7 Mon Sep 17 00:00:00 2001 From: FedeNQ Date: Fri, 8 Mar 2024 11:09:23 -0300 Subject: [PATCH 1/9] Add agent cli command integration test Signed-off-by: FedeNQ --- test/integration/suites/agent-cli/00-setup | 6 +++ .../suites/agent-cli/01-start-server | 3 ++ .../suites/agent-cli/02-bootstrap-agent | 5 +++ .../suites/agent-cli/03-start-agent | 3 ++ .../suites/agent-cli/04-check-healthy | 40 +++++++++++++++++++ test/integration/suites/agent-cli/README.md | 5 +++ .../suites/agent-cli/conf/agent/agent.conf | 31 ++++++++++++++ .../suites/agent-cli/conf/server/server.conf | 26 ++++++++++++ .../suites/agent-cli/docker-compose.yaml | 15 +++++++ test/integration/suites/agent-cli/teardown | 7 ++++ 10 files changed, 141 insertions(+) create mode 100755 test/integration/suites/agent-cli/00-setup create mode 100755 test/integration/suites/agent-cli/01-start-server create mode 100755 test/integration/suites/agent-cli/02-bootstrap-agent create mode 100755 test/integration/suites/agent-cli/03-start-agent create mode 100755 test/integration/suites/agent-cli/04-check-healthy create mode 100644 test/integration/suites/agent-cli/README.md create mode 100644 test/integration/suites/agent-cli/conf/agent/agent.conf create mode 100644 test/integration/suites/agent-cli/conf/server/server.conf create mode 100644 test/integration/suites/agent-cli/docker-compose.yaml create mode 100755 test/integration/suites/agent-cli/teardown diff --git a/test/integration/suites/agent-cli/00-setup b/test/integration/suites/agent-cli/00-setup new file mode 100755 index 0000000000..c1fb18218e --- /dev/null +++ b/test/integration/suites/agent-cli/00-setup @@ -0,0 +1,6 @@ +#!/bin/bash + +"${ROOTDIR}/setup/x509pop/setup.sh" conf/server conf/agent + +"${ROOTDIR}/setup/debugserver/build.sh" "${RUNDIR}/conf/server/debugclient" +"${ROOTDIR}/setup/debugagent/build.sh" "${RUNDIR}/conf/agent/debugclient" diff --git a/test/integration/suites/agent-cli/01-start-server b/test/integration/suites/agent-cli/01-start-server new file mode 100755 index 0000000000..a3e999b264 --- /dev/null +++ b/test/integration/suites/agent-cli/01-start-server @@ -0,0 +1,3 @@ +#!/bin/bash + +docker-up spire-server diff --git a/test/integration/suites/agent-cli/02-bootstrap-agent b/test/integration/suites/agent-cli/02-bootstrap-agent new file mode 100755 index 0000000000..405147f2fd --- /dev/null +++ b/test/integration/suites/agent-cli/02-bootstrap-agent @@ -0,0 +1,5 @@ +#!/bin/bash + +log-debug "bootstrapping agent..." +docker-compose exec -T spire-server \ + /opt/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt diff --git a/test/integration/suites/agent-cli/03-start-agent b/test/integration/suites/agent-cli/03-start-agent new file mode 100755 index 0000000000..ac36d05f0d --- /dev/null +++ b/test/integration/suites/agent-cli/03-start-agent @@ -0,0 +1,3 @@ +#!/bin/bash + +docker-up spire-agent diff --git a/test/integration/suites/agent-cli/04-check-healthy b/test/integration/suites/agent-cli/04-check-healthy new file mode 100755 index 0000000000..9029fa6fe5 --- /dev/null +++ b/test/integration/suites/agent-cli/04-check-healthy @@ -0,0 +1,40 @@ +#!/bin/bash + +RETRIES=10 +AGENTFOUND=0 +VALIDCONFIG=0 +HEALTHCHECK=0 +HEALTHCHECKFAIL=0 + +for ((m=1;m<=$RETRIES;m++)); do + + AGENTS=$(docker-compose exec -T spire-server /opt/spire/bin/spire-server agent list) + if [ "$AGENTS" != "No attested agents found" ]; then + AGENTFOUND=1 + break + fi + +done + +VALIDATE=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent validate) + +if [[ "$VALIDATE" =~ "SPIRE agent configuration file is valid." ]]; then + VALIDCONFIG=1 +fi + +HEALTH=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent healthcheck) +HEALTHFAIL=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent healthcheck -socketPath example/fail 2>&1 &) + +if [[ "$HEALTH" =~ "Agent is healthy." ]]; then + HEALTHCHECK=1 +fi + +if [[ "$HEALTHFAIL" =~ "Agent is unhealthy: unable to determine health" ]]; then + HEALTHCHECKFAIL=1 +fi + +if [ $AGENTFOUND -eq 1 ] && [ $VALIDCONFIG -eq 1 ] && [ $HEALTHCHECK -eq 1 ] && [ $HEALTHCHECKFAIL -eq 1 ]; then + exit 0 +else + exit 1 +fi diff --git a/test/integration/suites/agent-cli/README.md b/test/integration/suites/agent-cli/README.md new file mode 100644 index 0000000000..56188cd6c9 --- /dev/null +++ b/test/integration/suites/agent-cli/README.md @@ -0,0 +1,5 @@ +# Agent CLI commands + +## Description + +This suite validates Agent CLI commands. diff --git a/test/integration/suites/agent-cli/conf/agent/agent.conf b/test/integration/suites/agent-cli/conf/agent/agent.conf new file mode 100644 index 0000000000..20020d1df6 --- /dev/null +++ b/test/integration/suites/agent-cli/conf/agent/agent.conf @@ -0,0 +1,31 @@ +agent { + data_dir = "/opt/spire/data/agent" + log_level = "DEBUG" + server_address = "spire-server" + server_port = "8081" + socket_path = "/tmp/spire-agent/public/api.sock" + trust_bundle_path = "/opt/spire/conf/agent/bootstrap.crt" + trust_domain = "domain.test" + admin_socket_path = "/opt/debug.sock" + experimental { + x509_svid_cache_max_size = 8 + } +} + +plugins { + NodeAttestor "x509pop" { + plugin_data { + private_key_path = "/opt/spire/conf/agent/agent.key.pem" + certificate_path = "/opt/spire/conf/agent/agent.crt.pem" + } + } + KeyManager "disk" { + plugin_data { + directory = "/opt/spire/data/agent" + } + } + WorkloadAttestor "unix" { + plugin_data { + } + } +} diff --git a/test/integration/suites/agent-cli/conf/server/server.conf b/test/integration/suites/agent-cli/conf/server/server.conf new file mode 100644 index 0000000000..b6b82f9371 --- /dev/null +++ b/test/integration/suites/agent-cli/conf/server/server.conf @@ -0,0 +1,26 @@ +server { + bind_address = "0.0.0.0" + bind_port = "8081" + trust_domain = "domain.test" + data_dir = "/opt/spire/data/server" + log_level = "DEBUG" + ca_ttl = "1h" + default_x509_svid_ttl = "10m" +} + +plugins { + DataStore "sql" { + plugin_data { + database_type = "sqlite3" + connection_string = "/opt/spire/data/server/datastore.sqlite3" + } + } + NodeAttestor "x509pop" { + plugin_data { + ca_bundle_path = "/opt/spire/conf/server/agent-cacert.pem" + } + } + KeyManager "memory" { + plugin_data = {} + } +} diff --git a/test/integration/suites/agent-cli/docker-compose.yaml b/test/integration/suites/agent-cli/docker-compose.yaml new file mode 100644 index 0000000000..0e67183c23 --- /dev/null +++ b/test/integration/suites/agent-cli/docker-compose.yaml @@ -0,0 +1,15 @@ +version: '3' +services: + spire-server: + image: spire-server:latest-local + hostname: spire-server + volumes: + - ./conf/server:/opt/spire/conf/server + command: ["-config", "/opt/spire/conf/server/server.conf"] + spire-agent: + image: spire-agent:latest-local + hostname: spire-agent + depends_on: ["spire-server"] + volumes: + - ./conf/agent:/opt/spire/conf/agent + command: ["-config", "/opt/spire/conf/agent/agent.conf"] diff --git a/test/integration/suites/agent-cli/teardown b/test/integration/suites/agent-cli/teardown new file mode 100755 index 0000000000..83a892cf9f --- /dev/null +++ b/test/integration/suites/agent-cli/teardown @@ -0,0 +1,7 @@ +#!/bin/bash + +if [ -z "$SUCCESS" ]; then + echo "$SUCCESS" + docker-compose logs +fi +docker-down From e0e7b7319824bfab03ca90c157604ee51406c2fd Mon Sep 17 00:00:00 2001 From: FedeNQ Date: Fri, 8 Mar 2024 15:13:44 -0300 Subject: [PATCH 2/9] Add check-valid-config Signed-off-by: FedeNQ --- .../suites/agent-cli/04-check-healthy | 11 ++----- .../suites/agent-cli/05-check-valid-config | 33 +++++++++++++++++++ 2 files changed, 35 insertions(+), 9 deletions(-) create mode 100755 test/integration/suites/agent-cli/05-check-valid-config diff --git a/test/integration/suites/agent-cli/04-check-healthy b/test/integration/suites/agent-cli/04-check-healthy index 9029fa6fe5..2c0ebfc4fd 100755 --- a/test/integration/suites/agent-cli/04-check-healthy +++ b/test/integration/suites/agent-cli/04-check-healthy @@ -2,7 +2,6 @@ RETRIES=10 AGENTFOUND=0 -VALIDCONFIG=0 HEALTHCHECK=0 HEALTHCHECKFAIL=0 @@ -16,14 +15,8 @@ for ((m=1;m<=$RETRIES;m++)); do done -VALIDATE=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent validate) - -if [[ "$VALIDATE" =~ "SPIRE agent configuration file is valid." ]]; then - VALIDCONFIG=1 -fi - HEALTH=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent healthcheck) -HEALTHFAIL=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent healthcheck -socketPath example/fail 2>&1 &) +HEALTHFAIL=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent healthcheck -socketPath invalid/path 2>&1 &) if [[ "$HEALTH" =~ "Agent is healthy." ]]; then HEALTHCHECK=1 @@ -33,7 +26,7 @@ if [[ "$HEALTHFAIL" =~ "Agent is unhealthy: unable to determine health" ]]; then HEALTHCHECKFAIL=1 fi -if [ $AGENTFOUND -eq 1 ] && [ $VALIDCONFIG -eq 1 ] && [ $HEALTHCHECK -eq 1 ] && [ $HEALTHCHECKFAIL -eq 1 ]; then +if [ $AGENTFOUND -eq 1 ] && [ $HEALTHCHECK -eq 1 ] && [ $HEALTHCHECKFAIL -eq 1 ]; then exit 0 else exit 1 diff --git a/test/integration/suites/agent-cli/05-check-valid-config b/test/integration/suites/agent-cli/05-check-valid-config new file mode 100755 index 0000000000..0c44f54b47 --- /dev/null +++ b/test/integration/suites/agent-cli/05-check-valid-config @@ -0,0 +1,33 @@ +#!/bin/bash + +RETRIES=10 +AGENTFOUND=0 +VALIDCONFIG=0 +INVALIDCONFIG=0 + +for ((m=1;m<=$RETRIES;m++)); do + + AGENTS=$(docker-compose exec -T spire-server /opt/spire/bin/spire-server agent list) + if [ "$AGENTS" != "No attested agents found" ]; then + AGENTFOUND=1 + break + fi + +done + +VALIDATE=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent validate) +VALIDATEFAIL=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent validate -config invalid/path 2>&1 &) + +if [[ "$VALIDATE" =~ "SPIRE agent configuration file is valid." ]]; then + VALIDCONFIG=1 +fi + +if [[ "$VALIDATEFAIL" =~ "SPIRE agent configuration file is invalid" ]]; then + INVALIDCONFIG=1 +fi + +if [ $AGENTFOUND -eq 1 ] && [ $VALIDCONFIG -eq 1 ] && [ $INVALIDCONFIG -eq 1 ]; then + exit 0 +else + exit 1 +fi From 3ec955d0423e14b292e27318b7b445cfddf13eb9 Mon Sep 17 00:00:00 2001 From: FedeNQ Date: Mon, 11 Mar 2024 13:26:45 -0300 Subject: [PATCH 3/9] add API WATCH command integration test Signed-off-by: FedeNQ --- .../suites/agent-cli/05-check-valid-config | 23 +++++---- .../suites/agent-cli/06-check-api-watch | 49 +++++++++++++++++++ 2 files changed, 63 insertions(+), 9 deletions(-) create mode 100755 test/integration/suites/agent-cli/06-check-api-watch diff --git a/test/integration/suites/agent-cli/05-check-valid-config b/test/integration/suites/agent-cli/05-check-valid-config index 0c44f54b47..1b960985e3 100755 --- a/test/integration/suites/agent-cli/05-check-valid-config +++ b/test/integration/suites/agent-cli/05-check-valid-config @@ -1,32 +1,37 @@ #!/bin/bash RETRIES=10 -AGENTFOUND=0 -VALIDCONFIG=0 -INVALIDCONFIG=0 +AGENT_FOUND=0 +VALID_CONFIG=0 +INVALID_CONFIG=0 + for ((m=1;m<=$RETRIES;m++)); do AGENTS=$(docker-compose exec -T spire-server /opt/spire/bin/spire-server agent list) + # Break when an agent is found if [ "$AGENTS" != "No attested agents found" ]; then - AGENTFOUND=1 + AGENT_FOUND=1 break fi done +# Assert that 'validate' command works VALIDATE=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent validate) -VALIDATEFAIL=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent validate -config invalid/path 2>&1 &) + +# Assert that 'validate' command fails with an invalid path +VALIDATE_FAIL=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent validate -config invalid/path 2>&1 &) if [[ "$VALIDATE" =~ "SPIRE agent configuration file is valid." ]]; then - VALIDCONFIG=1 + VALID_CONFIG=1 fi -if [[ "$VALIDATEFAIL" =~ "SPIRE agent configuration file is invalid" ]]; then - INVALIDCONFIG=1 +if [[ "$VALIDATE_FAIL" =~ "SPIRE agent configuration file is invalid" ]]; then + INVALID_CONFIG=1 fi -if [ $AGENTFOUND -eq 1 ] && [ $VALIDCONFIG -eq 1 ] && [ $INVALIDCONFIG -eq 1 ]; then +if [ $AGENT_FOUND -eq 1 ] && [ $VALID_CONFIG -eq 1 ] && [ $INVALID_CONFIG -eq 1 ]; then exit 0 else exit 1 diff --git a/test/integration/suites/agent-cli/06-check-api-watch b/test/integration/suites/agent-cli/06-check-api-watch new file mode 100755 index 0000000000..9f7092000d --- /dev/null +++ b/test/integration/suites/agent-cli/06-check-api-watch @@ -0,0 +1,49 @@ +#!/bin/bash + +RETRIES=200 +AGENT_FOUND=0 +SVID_RECEIVED=1 + +for ((m=1;m<=$RETRIES;m++)); do + + AGENTS=$(docker-compose exec -T spire-server /opt/spire/bin/spire-server agent list) + # Break when an agent is found + if [ "$AGENTS" != "No attested agents found" ]; then + AGENT_FOUND=1 + break + fi + +done + +echo "$AGENTS" +SPIFFE_ID=$(echo "$AGENTS" | awk '/SPIFFE ID/ {print $4}') +echo "$SPIFFE_ID" + +docker-compose exec -T spire-server \ + /opt/spire/bin/spire-server entry create \ + -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ + -spiffeID "spiffe://domain.test/workload-$m" \ + -selector "unix:uid:1001" \ + -ttl 0 & + +# Get the PID of the last background process +API_WATCH_PID=$! + +# Run the background process and store its output in a temporary file +(docker-compose exec -u 1001 -T spire-agent /opt/spire/bin/spire-agent api watch < /dev/null > api_watch_output.txt) & + +# Wait for the background process to complete +wait $API_WATCH_PID + +# Continuously check the output file for the desired pattern +while ! grep -q "Received 1 svid after" api_watch_output.txt; do + sleep 1 # Wait for 1 second before checking again +done + +cat api_watch_output.txt # Print the full content of the output file + +# Pattern found, set SVID_RECEIVED to 0 +SVID_RECEIVED=0 + +# If SVID_RECEIVED is set to 0, the script should succed +exit $SVID_RECEIVED From 9e19557ae9079f3b5a719c7c6ab39c89a5b8761c Mon Sep 17 00:00:00 2001 From: FedeNQ Date: Tue, 12 Mar 2024 11:05:18 -0300 Subject: [PATCH 4/9] Add api-watch-fail test Signed-off-by: FedeNQ --- .../suites/agent-cli/06-check-api-watch-fail | 47 +++++++++++++++++++ ...{06-check-api-watch => 07-check-api-watch} | 25 ++++++---- 2 files changed, 64 insertions(+), 8 deletions(-) create mode 100755 test/integration/suites/agent-cli/06-check-api-watch-fail rename test/integration/suites/agent-cli/{06-check-api-watch => 07-check-api-watch} (71%) diff --git a/test/integration/suites/agent-cli/06-check-api-watch-fail b/test/integration/suites/agent-cli/06-check-api-watch-fail new file mode 100755 index 0000000000..f80ff3d56f --- /dev/null +++ b/test/integration/suites/agent-cli/06-check-api-watch-fail @@ -0,0 +1,47 @@ +#!/bin/bash + +RETRIES=200 +AGENT_FOUND=0 +SVID_RECEIVED=1 +TIMEOUT_REACHED=0 + +for ((m=1;m<=$RETRIES;m++)); do + AGENTS=$(docker-compose exec -T spire-server /opt/spire/bin/spire-server agent list) + # Break when an agent is found + if [ "$AGENTS" != "No attested agents found" ]; then + AGENT_FOUND=1 + break + fi +done + +echo "$AGENTS" +SPIFFE_ID=$(echo "$AGENTS" | awk '/SPIFFE ID/ {print $4}') +echo "$SPIFFE_ID" + +# Run the background process and store its output in a temporary file +(docker-compose exec -u 1001 -T spire-agent /opt/spire/bin/spire-agent api watch < /dev/null > api_watch_output.txt) & + +# Get the PID of the last background process +API_WATCH_PID=$! + +# Continuously check the output file for the desired pattern with a timeout of 20 seconds +timeout=20 +start_time=$(date +%s) +while ! grep -q "Received 1 svid after" api_watch_output.txt; do + current_time=$(date +%s) + elapsed_time=$((current_time - start_time)) + if [ $elapsed_time -gt $timeout ]; then + echo "Error: Timeout reached while waiting for 'Received' message." + TIMEOUT_REACHED=1 + break + fi + sleep 1 # Wait for 1 second before checking again +done + + +if [ $TIMEOUT_REACHED -eq 1 ]; then + kill -9 $API_WATCH_PID # If timeout reached, kill the background process + exit 0 +fi + +exit 1 diff --git a/test/integration/suites/agent-cli/06-check-api-watch b/test/integration/suites/agent-cli/07-check-api-watch similarity index 71% rename from test/integration/suites/agent-cli/06-check-api-watch rename to test/integration/suites/agent-cli/07-check-api-watch index 9f7092000d..d1b1da04ce 100755 --- a/test/integration/suites/agent-cli/06-check-api-watch +++ b/test/integration/suites/agent-cli/07-check-api-watch @@ -2,7 +2,7 @@ RETRIES=200 AGENT_FOUND=0 -SVID_RECEIVED=1 +TIMEOUT_REACHED=0 for ((m=1;m<=$RETRIES;m++)); do @@ -35,15 +35,24 @@ API_WATCH_PID=$! # Wait for the background process to complete wait $API_WATCH_PID -# Continuously check the output file for the desired pattern + +# Continuously check the output file for the desired pattern with a timeout of 20 seconds +timeout=20 +start_time=$(date +%s) while ! grep -q "Received 1 svid after" api_watch_output.txt; do + current_time=$(date +%s) + elapsed_time=$((current_time - start_time)) + if [ $elapsed_time -gt $timeout ]; then + echo "Error: Timeout reached while waiting for 'Received' message." + TIMEOUT_REACHED=1 + break + fi sleep 1 # Wait for 1 second before checking again done -cat api_watch_output.txt # Print the full content of the output file - -# Pattern found, set SVID_RECEIVED to 0 -SVID_RECEIVED=0 +if [ $TIMEOUT_REACHED -eq 1 ]; then + exit 1 +fi -# If SVID_RECEIVED is set to 0, the script should succed -exit $SVID_RECEIVED +# Pattern found +exit 0 From 39a389aa629312633dbacec33559d43492c37707 Mon Sep 17 00:00:00 2001 From: FedeNQ Date: Tue, 12 Mar 2024 13:03:05 -0300 Subject: [PATCH 5/9] minor changes Signed-off-by: FedeNQ --- .../suites/agent-cli/04-check-healthy | 16 ++++++++-------- .../suites/agent-cli/06-check-api-watch-fail | 14 +++++++------- .../suites/agent-cli/07-check-api-watch | 12 ++++++------ 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/test/integration/suites/agent-cli/04-check-healthy b/test/integration/suites/agent-cli/04-check-healthy index 2c0ebfc4fd..ecdad5a80c 100755 --- a/test/integration/suites/agent-cli/04-check-healthy +++ b/test/integration/suites/agent-cli/04-check-healthy @@ -1,32 +1,32 @@ #!/bin/bash -RETRIES=10 -AGENTFOUND=0 +RETRIES=20 +AGENT_FOUND=0 HEALTHCHECK=0 -HEALTHCHECKFAIL=0 +HEALTHCHECK_FAIL=0 for ((m=1;m<=$RETRIES;m++)); do AGENTS=$(docker-compose exec -T spire-server /opt/spire/bin/spire-server agent list) if [ "$AGENTS" != "No attested agents found" ]; then - AGENTFOUND=1 + AGENT_FOUND=1 break fi done HEALTH=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent healthcheck) -HEALTHFAIL=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent healthcheck -socketPath invalid/path 2>&1 &) +HEALTH_FAIL=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent healthcheck -socketPath invalid/path 2>&1 &) if [[ "$HEALTH" =~ "Agent is healthy." ]]; then HEALTHCHECK=1 fi -if [[ "$HEALTHFAIL" =~ "Agent is unhealthy: unable to determine health" ]]; then - HEALTHCHECKFAIL=1 +if [[ "$HEALTH_FAIL" =~ "Agent is unhealthy: unable to determine health" ]]; then + HEALTHCHECK_FAIL=1 fi -if [ $AGENTFOUND -eq 1 ] && [ $HEALTHCHECK -eq 1 ] && [ $HEALTHCHECKFAIL -eq 1 ]; then +if [ $AGENT_FOUND -eq 1 ] && [ $HEALTHCHECK -eq 1 ] && [ $HEALTHCHECK_FAIL -eq 1 ]; then exit 0 else exit 1 diff --git a/test/integration/suites/agent-cli/06-check-api-watch-fail b/test/integration/suites/agent-cli/06-check-api-watch-fail index f80ff3d56f..2e18b25961 100755 --- a/test/integration/suites/agent-cli/06-check-api-watch-fail +++ b/test/integration/suites/agent-cli/06-check-api-watch-fail @@ -1,6 +1,6 @@ #!/bin/bash -RETRIES=200 +RETRIES=50 AGENT_FOUND=0 SVID_RECEIVED=1 TIMEOUT_REACHED=0 @@ -25,12 +25,12 @@ echo "$SPIFFE_ID" API_WATCH_PID=$! # Continuously check the output file for the desired pattern with a timeout of 20 seconds -timeout=20 -start_time=$(date +%s) +TIMEOUT=20 +START_TIME=$(date +%s) while ! grep -q "Received 1 svid after" api_watch_output.txt; do - current_time=$(date +%s) - elapsed_time=$((current_time - start_time)) - if [ $elapsed_time -gt $timeout ]; then + CURRENT_TIME=$(date +%s) + ELAPSED_TIME=$((current_time - start_time)) + if [ $ELAPSED_TIME -gt $TIMEOUT ]; then echo "Error: Timeout reached while waiting for 'Received' message." TIMEOUT_REACHED=1 break @@ -38,7 +38,7 @@ while ! grep -q "Received 1 svid after" api_watch_output.txt; do sleep 1 # Wait for 1 second before checking again done - +# If timeout is reached, the test was succesful if [ $TIMEOUT_REACHED -eq 1 ]; then kill -9 $API_WATCH_PID # If timeout reached, kill the background process exit 0 diff --git a/test/integration/suites/agent-cli/07-check-api-watch b/test/integration/suites/agent-cli/07-check-api-watch index d1b1da04ce..102b57cc2c 100755 --- a/test/integration/suites/agent-cli/07-check-api-watch +++ b/test/integration/suites/agent-cli/07-check-api-watch @@ -1,6 +1,6 @@ #!/bin/bash -RETRIES=200 +RETRIES=50 AGENT_FOUND=0 TIMEOUT_REACHED=0 @@ -37,12 +37,12 @@ wait $API_WATCH_PID # Continuously check the output file for the desired pattern with a timeout of 20 seconds -timeout=20 -start_time=$(date +%s) +TIMEOUT=20 +START_TIME=$(date +%s) while ! grep -q "Received 1 svid after" api_watch_output.txt; do - current_time=$(date +%s) - elapsed_time=$((current_time - start_time)) - if [ $elapsed_time -gt $timeout ]; then + CURRENT_TIME=$(date +%s) + ELAPSED_TIME=$((current_time - start_time)) + if [ $ELAPSED_TIME -gt $TIMEOUT ]; then echo "Error: Timeout reached while waiting for 'Received' message." TIMEOUT_REACHED=1 break From cfe4e0cda20da88fbd5fb0be2c0ae01be0339219 Mon Sep 17 00:00:00 2001 From: FedeNQ Date: Tue, 12 Mar 2024 16:36:55 -0300 Subject: [PATCH 6/9] fix Signed-off-by: FedeNQ --- test/integration/suites/agent-cli/06-check-api-watch-fail | 2 +- test/integration/suites/agent-cli/07-check-api-watch | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/suites/agent-cli/06-check-api-watch-fail b/test/integration/suites/agent-cli/06-check-api-watch-fail index 2e18b25961..9e6ca19183 100755 --- a/test/integration/suites/agent-cli/06-check-api-watch-fail +++ b/test/integration/suites/agent-cli/06-check-api-watch-fail @@ -29,7 +29,7 @@ TIMEOUT=20 START_TIME=$(date +%s) while ! grep -q "Received 1 svid after" api_watch_output.txt; do CURRENT_TIME=$(date +%s) - ELAPSED_TIME=$((current_time - start_time)) + ELAPSED_TIME=$((CURRENT_TIME - START_TIME)) if [ $ELAPSED_TIME -gt $TIMEOUT ]; then echo "Error: Timeout reached while waiting for 'Received' message." TIMEOUT_REACHED=1 diff --git a/test/integration/suites/agent-cli/07-check-api-watch b/test/integration/suites/agent-cli/07-check-api-watch index 102b57cc2c..af2edab5ea 100755 --- a/test/integration/suites/agent-cli/07-check-api-watch +++ b/test/integration/suites/agent-cli/07-check-api-watch @@ -41,7 +41,7 @@ TIMEOUT=20 START_TIME=$(date +%s) while ! grep -q "Received 1 svid after" api_watch_output.txt; do CURRENT_TIME=$(date +%s) - ELAPSED_TIME=$((current_time - start_time)) + ELAPSED_TIME=$((CURRENT_TIME - START_TIME)) if [ $ELAPSED_TIME -gt $TIMEOUT ]; then echo "Error: Timeout reached while waiting for 'Received' message." TIMEOUT_REACHED=1 From 84b7668df029cadf3fd656dc2c93a5c7533d001c Mon Sep 17 00:00:00 2001 From: FedeNQ Date: Wed, 27 Mar 2024 17:21:48 -0300 Subject: [PATCH 7/9] remove unnecesary code Signed-off-by: FedeNQ --- .../suites/agent-cli/05-check-valid-config | 16 +--------------- .../suites/agent-cli/06-check-api-watch-fail | 15 --------------- .../suites/agent-cli/07-check-api-watch | 17 ----------------- 3 files changed, 1 insertion(+), 47 deletions(-) diff --git a/test/integration/suites/agent-cli/05-check-valid-config b/test/integration/suites/agent-cli/05-check-valid-config index 1b960985e3..d5f21f329a 100755 --- a/test/integration/suites/agent-cli/05-check-valid-config +++ b/test/integration/suites/agent-cli/05-check-valid-config @@ -1,22 +1,8 @@ #!/bin/bash -RETRIES=10 -AGENT_FOUND=0 VALID_CONFIG=0 INVALID_CONFIG=0 - -for ((m=1;m<=$RETRIES;m++)); do - - AGENTS=$(docker-compose exec -T spire-server /opt/spire/bin/spire-server agent list) - # Break when an agent is found - if [ "$AGENTS" != "No attested agents found" ]; then - AGENT_FOUND=1 - break - fi - -done - # Assert that 'validate' command works VALIDATE=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent validate) @@ -31,7 +17,7 @@ if [[ "$VALIDATE_FAIL" =~ "SPIRE agent configuration file is invalid" ]]; then INVALID_CONFIG=1 fi -if [ $AGENT_FOUND -eq 1 ] && [ $VALID_CONFIG -eq 1 ] && [ $INVALID_CONFIG -eq 1 ]; then +if [ $VALID_CONFIG -eq 1 ] && [ $INVALID_CONFIG -eq 1 ]; then exit 0 else exit 1 diff --git a/test/integration/suites/agent-cli/06-check-api-watch-fail b/test/integration/suites/agent-cli/06-check-api-watch-fail index 9e6ca19183..fcc4d272c7 100755 --- a/test/integration/suites/agent-cli/06-check-api-watch-fail +++ b/test/integration/suites/agent-cli/06-check-api-watch-fail @@ -1,23 +1,8 @@ #!/bin/bash -RETRIES=50 -AGENT_FOUND=0 SVID_RECEIVED=1 TIMEOUT_REACHED=0 -for ((m=1;m<=$RETRIES;m++)); do - AGENTS=$(docker-compose exec -T spire-server /opt/spire/bin/spire-server agent list) - # Break when an agent is found - if [ "$AGENTS" != "No attested agents found" ]; then - AGENT_FOUND=1 - break - fi -done - -echo "$AGENTS" -SPIFFE_ID=$(echo "$AGENTS" | awk '/SPIFFE ID/ {print $4}') -echo "$SPIFFE_ID" - # Run the background process and store its output in a temporary file (docker-compose exec -u 1001 -T spire-agent /opt/spire/bin/spire-agent api watch < /dev/null > api_watch_output.txt) & diff --git a/test/integration/suites/agent-cli/07-check-api-watch b/test/integration/suites/agent-cli/07-check-api-watch index af2edab5ea..018a51c142 100755 --- a/test/integration/suites/agent-cli/07-check-api-watch +++ b/test/integration/suites/agent-cli/07-check-api-watch @@ -1,24 +1,7 @@ #!/bin/bash -RETRIES=50 -AGENT_FOUND=0 TIMEOUT_REACHED=0 -for ((m=1;m<=$RETRIES;m++)); do - - AGENTS=$(docker-compose exec -T spire-server /opt/spire/bin/spire-server agent list) - # Break when an agent is found - if [ "$AGENTS" != "No attested agents found" ]; then - AGENT_FOUND=1 - break - fi - -done - -echo "$AGENTS" -SPIFFE_ID=$(echo "$AGENTS" | awk '/SPIFFE ID/ {print $4}') -echo "$SPIFFE_ID" - docker-compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ From c73714277e8a2939de4a51a7f982320b50808094 Mon Sep 17 00:00:00 2001 From: FedeNQ Date: Tue, 2 Apr 2024 16:24:37 -0300 Subject: [PATCH 8/9] Update check-api-watch Signed-off-by: FedeNQ --- .../suites/agent-cli/07-check-api-watch | 35 +++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/test/integration/suites/agent-cli/07-check-api-watch b/test/integration/suites/agent-cli/07-check-api-watch index 018a51c142..22c8c42b4c 100755 --- a/test/integration/suites/agent-cli/07-check-api-watch +++ b/test/integration/suites/agent-cli/07-check-api-watch @@ -1,13 +1,14 @@ #!/bin/bash TIMEOUT_REACHED=0 +RETRIES=3 docker-compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload-$m" \ -selector "unix:uid:1001" \ - -ttl 0 & + -ttl 20 & # Get the PID of the last background process API_WATCH_PID=$! @@ -20,6 +21,8 @@ wait $API_WATCH_PID # Continuously check the output file for the desired pattern with a timeout of 20 seconds +# Here we just care about the first one received + TIMEOUT=20 START_TIME=$(date +%s) while ! grep -q "Received 1 svid after" api_watch_output.txt; do @@ -37,5 +40,33 @@ if [ $TIMEOUT_REACHED -eq 1 ]; then exit 1 fi -# Pattern found +# Continuously check the output file for the desired pattern with a timeout of 60 seconds +# Here we care about the number of SVID received + +TIMEOUT=60 +START_TIME=$(date +%s) +while true; do + CURRENT_TIME=$(date +%s) + ELAPSED_TIME=$((CURRENT_TIME - START_TIME)) + if [ $ELAPSED_TIME -gt $TIMEOUT ]; then + echo "Error: Timeout reached while waiting for 'Received' message." + TIMEOUT_REACHED=1 + break + fi + + # Count the number of SVID received + COUNT_NOW=$(grep -c "Received 1 svid after" api_watch_output.txt) + + if [ $COUNT_NOW -gt 4 ]; then + echo "SVID rotated more than 4 times" + break + fi + sleep 1 # Wait for 1 second before checking again +done + +if [ $TIMEOUT_REACHED -eq 1 ]; then + exit 1 +fi + +# SVID rotated more than 4 times exit 0 From ca4bcc91f6c7d6ec086371fe76ecc0aad68e6856 Mon Sep 17 00:00:00 2001 From: FedeNQ Date: Tue, 21 May 2024 12:31:48 -0300 Subject: [PATCH 9/9] add suggested changes Signed-off-by: FedeNQ --- test/integration/suites/agent-cli/06-check-api-watch-fail | 2 +- test/integration/suites/agent-cli/07-check-api-watch | 8 +------- test/integration/suites/agent-cli/teardown | 1 - 3 files changed, 2 insertions(+), 9 deletions(-) diff --git a/test/integration/suites/agent-cli/06-check-api-watch-fail b/test/integration/suites/agent-cli/06-check-api-watch-fail index fcc4d272c7..0aea539dd4 100755 --- a/test/integration/suites/agent-cli/06-check-api-watch-fail +++ b/test/integration/suites/agent-cli/06-check-api-watch-fail @@ -16,7 +16,7 @@ while ! grep -q "Received 1 svid after" api_watch_output.txt; do CURRENT_TIME=$(date +%s) ELAPSED_TIME=$((CURRENT_TIME - START_TIME)) if [ $ELAPSED_TIME -gt $TIMEOUT ]; then - echo "Error: Timeout reached while waiting for 'Received' message." + echo "Timeout reached while waiting for 'Received' message, as expected" TIMEOUT_REACHED=1 break fi diff --git a/test/integration/suites/agent-cli/07-check-api-watch b/test/integration/suites/agent-cli/07-check-api-watch index 22c8c42b4c..b8c281f56e 100755 --- a/test/integration/suites/agent-cli/07-check-api-watch +++ b/test/integration/suites/agent-cli/07-check-api-watch @@ -49,9 +49,7 @@ while true; do CURRENT_TIME=$(date +%s) ELAPSED_TIME=$((CURRENT_TIME - START_TIME)) if [ $ELAPSED_TIME -gt $TIMEOUT ]; then - echo "Error: Timeout reached while waiting for 'Received' message." - TIMEOUT_REACHED=1 - break + fail-now "Timeout reached while waiting for 'Received' message." fi # Count the number of SVID received @@ -64,9 +62,5 @@ while true; do sleep 1 # Wait for 1 second before checking again done -if [ $TIMEOUT_REACHED -eq 1 ]; then - exit 1 -fi - # SVID rotated more than 4 times exit 0 diff --git a/test/integration/suites/agent-cli/teardown b/test/integration/suites/agent-cli/teardown index 83a892cf9f..9953dcd3f9 100755 --- a/test/integration/suites/agent-cli/teardown +++ b/test/integration/suites/agent-cli/teardown @@ -1,7 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - echo "$SUCCESS" docker-compose logs fi docker-down