Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test: set AuthToken in tests to match Client code #24792

Merged
merged 1 commit into from
Jan 7, 2025
Merged

test: set AuthToken in tests to match Client code #24792

merged 1 commit into from
Jan 7, 2025

Conversation

schmichael
Copy link
Member

tl;dr - runtime code is fine but tests should match reality

The Nomad Client Agent is the only consumer of the Node.Derive{SI,Vault}Token RPCs, therefore tests of the RPCs should match Nomad Client behavior.

  • DeriveVaultToken code:

    nomad/client/client.go

    Lines 2904 to 2917 in a9ee66a

    // DeriveVaultToken of nomad server can take in a set of tasks and
    // creates tokens for all the tasks.
    req := &structs.DeriveVaultTokenRequest{
    NodeID: c.NodeID(),
    SecretID: c.secretNodeID(),
    AllocID: alloc.ID,
    Tasks: verifiedTasks,
    QueryOptions: structs.QueryOptions{
    Region: c.Region(),
    AllowStale: false,
    MinQueryIndex: alloc.CreateIndex,
    AuthToken: c.secretNodeID(),
    },
    }
  • DeriveSIToken code:

    nomad/client/client.go

    Lines 2988 to 2997 in a9ee66a

    req := &structs.DeriveSITokenRequest{
    NodeID: c.NodeID(),
    SecretID: c.secretNodeID(),
    AllocID: alloc.ID,
    Tasks: tasks,
    QueryOptions: structs.QueryOptions{
    Region: c.Region(),
    AuthToken: c.secretNodeID(),
    },
    }

Both of those client code paths include the Node SecretID in both the request's SecretID field as well as the embedded
QueryOptions.AuthToken field.

This patch updates server tests to match that behavior. The tests pass either way.

Description

Testing & Reproduction steps

Links

Contributor Checklist

  • Changelog Entry If this PR changes user-facing behavior, please generate and add a
    changelog entry using the make cl command.
  • Testing Please add tests to cover any new functionality or to demonstrate bug fixes and
    ensure regressions will be caught.
  • Documentation If the change impacts user-facing functionality such as the CLI, API, UI,
    and job configuration, please update the Nomad website documentation to reflect this. Refer to
    the website README for docs guidelines. Please also consider whether the
    change requires notes within the upgrade guide.

Reviewer Checklist

  • Backport Labels Please add the correct backport labels as described by the internal
    backporting document.
  • Commit Type Ensure the correct merge method is selected which should be "squash and merge"
    in the majority of situations. The main exceptions are long-lived feature branches or merges where
    history should be preserved.
  • Enterprise PRs If this is an enterprise only PR, please add any required changelog entry
    within the public repository.

@schmichael
test: set AuthToken in tests to match Client code
a24f355 
tl;dr - runtime code is fine but tests should match reality

The Nomad Client Agent is the only consumer of the
`Node.Derive{SI,Vault}Token` RPCs, therefore tests of the RPCs should
match Nomad Client behavior.

- DeriveVaultToken code: https://github.com/hashicorp/nomad/blob/a9ee66a6ef358097783d1bf745051124cc0f14f2/client/client.go#L2904-L2917
- DeriveSIToken code: https://github.com/hashicorp/nomad/blob/a9ee66a6ef358097783d1bf745051124cc0f14f2/client/client.go#L2988-L2997

Both of those client code paths include the Node SecretID in both the
request's SecretID field as well as the embedded
`QueryOptions.AuthToken` field.

This patch updates server tests to match that behavior. The tests pass
either way.
@schmichael schmichael marked this pull request as ready for review January 6, 2025 21:58
@schmichael schmichael requested review from a team as code owners January 6, 2025 21:58
jrasell
jrasell approved these changes Jan 7, 2025
View reviewed changes
Copy link
Member

@jrasell jrasell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@schmichael schmichael merged commit 1610f18 into main Jan 7, 2025
30 checks passed
@schmichael schmichael deleted the test-derive-auth branch January 7, 2025 17:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jrasell jrasell jrasell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@schmichael @jrasell