mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-28 22:21:30 +01:00
Code Issues Projects Releases Wiki Activity

Use hclog instead of t.Logf within PKI ACME test suite (#22049)

Browse Source 
- Avoid issues with t.Logf data race issues if a log message is
   called post test completion from a background go routine.
This commit is contained in:
Steven Clark 2023-07-25 13:24:39 -04:00 committed by GitHub
parent fd20c99c4a
commit 068da27a2d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
builtin/logical/pki/acme_challenges_test.go
View File

@ -23,6 +23,7 @@ import (
"testing" "testing"
"time" "time"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/builtin/logical/pki/dnstest" "github.com/hashicorp/vault/builtin/logical/pki/dnstest"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -242,6 +243,8 @@ func TestAcmeValidateTLSALPN01Challenge(t *testing.T) {
host := "localhost" host := "localhost"
config := &acmeConfigEntry{} config := &acmeConfigEntry{}
log := hclog.L()
returnedProtocols := []string{ALPNProtocol} returnedProtocols := []string{ALPNProtocol}
var certificates []*x509.Certificate var certificates []*x509.Certificate
var privateKey crypto.PrivateKey var privateKey crypto.PrivateKey
@ -250,7 +253,7 @@ func TestAcmeValidateTLSALPN01Challenge(t *testing.T) {
tlsCfg.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) { tlsCfg.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) {
var retCfg tls.Config = *tlsCfg var retCfg tls.Config = *tlsCfg
retCfg.NextProtos = returnedProtocols retCfg.NextProtos = returnedProtocols
t.Logf("[alpn-server] returned protocol: %v", returnedProtocols) log.Info(fmt.Sprintf("[alpn-server] returned protocol: %v", returnedProtocols))
return &retCfg, nil return &retCfg, nil
} }
tlsCfg.GetCertificate = func(*tls.ClientHelloInfo) (*tls.Certificate, error) { tlsCfg.GetCertificate = func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
@ -262,7 +265,7 @@ func TestAcmeValidateTLSALPN01Challenge(t *testing.T) {
} }
} }
ret.PrivateKey = privateKey ret.PrivateKey = privateKey
t.Logf("[alpn-server] returned certificates: %v", ret) log.Info(fmt.Sprintf("[alpn-server] returned certificates: %v", ret))
return &ret, nil return &ret, nil
} }
@ -270,26 +273,27 @@ func TestAcmeValidateTLSALPN01Challenge(t *testing.T) {
require.NoError(t, err, "failed to listen with TLS config") require.NoError(t, err, "failed to listen with TLS config")
doOneAccept := func() { doOneAccept := func() {
t.Logf("[alpn-server] starting accept...") log.Info("[alpn-server] starting accept...")
connRaw, err := ln.Accept() connRaw, err := ln.Accept()
require.NoError(t, err, "failed to accept TLS connection") require.NoError(t, err, "failed to accept TLS connection")
t.Logf("[alpn-server] got connection...") log.Info("[alpn-server] got connection...")
conn := tls.Server(connRaw.(*tls.Conn), tlsCfg) conn := tls.Server(connRaw.(*tls.Conn), tlsCfg)
ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute) ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
defer func() { defer func() {
log.Info("[alpn-server] canceling listener connection...")
cancel() cancel()
}() }()
t.Logf("[alpn-server] starting handshake...") log.Info("[alpn-server] starting handshake...")
if err := conn.HandshakeContext(ctx); err != nil { if err := conn.HandshakeContext(ctx); err != nil {
t.Logf("[alpn-server] got non-fatal error while handshaking connection: %v", err) log.Info("[alpn-server] got non-fatal error while handshaking connection: %v", err)
} }
t.Logf("[alpn-server] closing connection...") log.Info("[alpn-server] closing connection...")
if err := conn.Close(); err != nil { if err := conn.Close(); err != nil {
t.Logf("[alpn-server] got non-fatal error while closing connection: %v", err) log.Info("[alpn-server] got non-fatal error while closing connection: %v", err)
} }
} }
@ -308,7 +312,7 @@ func TestAcmeValidateTLSALPN01Challenge(t *testing.T) {
var alpnTestCases []alpnTestCase var alpnTestCases []alpnTestCase
// Add all of our keyAuthorizationTestCases into alpnTestCases // Add all of our keyAuthorizationTestCases into alpnTestCases
for index, tc := range keyAuthorizationTestCases { for index, tc := range keyAuthorizationTestCases {
t.Logf("using keyAuthorizationTestCase [tc=%d] as alpnTestCase [tc=%d]...", index, len(alpnTestCases)) log.Info(fmt.Sprintf("using keyAuthorizationTestCase [tc=%d] as alpnTestCase [tc=%d]...", index, len(alpnTestCases)))
// Properly encode the authorization. // Properly encode the authorization.
checksum := sha256.Sum256([]byte(tc.keyAuthz)) checksum := sha256.Sum256([]byte(tc.keyAuthz))
authz, err := asn1.Marshal(checksum[:]) authz, err := asn1.Marshal(checksum[:])
@ -690,7 +694,7 @@ func TestAcmeValidateTLSALPN01Challenge(t *testing.T) {
} }
for index, tc := range alpnTestCases { for index, tc := range alpnTestCases {
t.Logf("\n\n[tc=%d/name=%s] starting validation", index, tc.name) log.Info(fmt.Sprintf("\n\n[tc=%d/name=%s] starting validation", index, tc.name))
certificates = tc.certificates certificates = tc.certificates
privateKey = tc.privateKey privateKey = tc.privateKey
returnedProtocols = tc.protocols returnedProtocols = tc.protocols
@ -706,7 +710,7 @@ func TestAcmeValidateTLSALPN01Challenge(t *testing.T) {
if expectedValid != isValid { if expectedValid != isValid {
t.Fatalf("[tc=%d/name=%s] got ret=%v (err=%v), expected ret=%v (shouldFail=%v)", index, tc.name, isValid, err, expectedValid, tc.shouldFail) t.Fatalf("[tc=%d/name=%s] got ret=%v (err=%v), expected ret=%v (shouldFail=%v)", index, tc.name, isValid, err, expectedValid, tc.shouldFail)
} else if err != nil { } else if err != nil {
t.Logf("[tc=%d/name=%s] got expected failure: err=%v", index, tc.name, err) log.Info(fmt.Sprintf("[tc=%d/name=%s] got expected failure: err=%v", index, tc.name, err))
} }
} }
} }

11
builtin/logical/pki/dnstest/server.go
View File

@ -12,6 +12,7 @@ import (
"testing" "testing"
"time" "time"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/helper/testhelpers/corehelpers" "github.com/hashicorp/vault/helper/testhelpers/corehelpers"
"github.com/hashicorp/vault/sdk/helper/docker" "github.com/hashicorp/vault/sdk/helper/docker"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -20,6 +21,7 @@ import (
type TestServer struct { type TestServer struct {
t *testing.T t *testing.T
ctx context.Context ctx context.Context
log hclog.Logger
runner *docker.Runner runner *docker.Runner
network string network string
@ -45,6 +47,7 @@ func SetupResolverOnNetwork(t *testing.T, domain string, network string) *TestSe
ts.domains = []string{domain} ts.domains = []string{domain}
ts.records = map[string]map[string][]string{} ts.records = map[string]map[string][]string{}
ts.network = network ts.network = network
ts.log = hclog.L()
ts.setupRunner(domain, network) ts.setupRunner(domain, network)
ts.startContainer(network) ts.startContainer(network)
@ -62,7 +65,7 @@ func (ts *TestServer) setupRunner(domain string, network string) {
NetworkName: network, NetworkName: network,
Ports: []string{"53/udp"}, Ports: []string{"53/udp"},
LogConsumer: func(s string) { LogConsumer: func(s string) {
ts.t.Logf(s) ts.log.Info(s)
}, },
}) })
require.NoError(ts.t, err) require.NoError(ts.t, err)
@ -111,7 +114,7 @@ func (ts *TestServer) startContainer(network string) {
ts.startup.StartResult.RealIP = mapping[network] ts.startup.StartResult.RealIP = mapping[network]
} }
ts.t.Logf("[dnsserv] Addresses of DNS resolver: local=%v / container=%v", ts.GetLocalAddr(), ts.GetRemoteAddr()) ts.log.Info(fmt.Sprintf("[dnsserv] Addresses of DNS resolver: local=%v / container=%v", ts.GetLocalAddr(), ts.GetRemoteAddr()))
} }
func (ts *TestServer) buildNamedConf() string { func (ts *TestServer) buildNamedConf() string {
@ -181,7 +184,7 @@ func (ts *TestServer) pushNamedConf() {
contents[cfgPath] = docker.PathContentsFromString(namedCfg) contents[cfgPath] = docker.PathContentsFromString(namedCfg)
contents[cfgPath].SetOwners(0, 142) // root, bind contents[cfgPath].SetOwners(0, 142) // root, bind
ts.t.Logf("Generated bind9 config (%s):\n%v\n", cfgPath, namedCfg) ts.log.Info(fmt.Sprintf("Generated bind9 config (%s):\n%v\n", cfgPath, namedCfg))
err := ts.runner.CopyTo(ts.startup.Container.ID, "/", contents) err := ts.runner.CopyTo(ts.startup.Container.ID, "/", contents)
require.NoError(ts.t, err, "failed pushing updated named.conf.options to container") require.NoError(ts.t, err, "failed pushing updated named.conf.options to container")
@ -196,7 +199,7 @@ func (ts *TestServer) pushZoneFiles() {
contents[path] = docker.PathContentsFromString(zoneFile) contents[path] = docker.PathContentsFromString(zoneFile)
contents[path].SetOwners(0, 142) // root, bind contents[path].SetOwners(0, 142) // root, bind
ts.t.Logf("Generated bind9 zone file for %v (%s):\n%v\n", domain, path, zoneFile) ts.log.Info(fmt.Sprintf("Generated bind9 zone file for %v (%s):\n%v\n", domain, path, zoneFile))
} }
err := ts.runner.CopyTo(ts.startup.Container.ID, "/", contents) err := ts.runner.CopyTo(ts.startup.Container.ID, "/", contents)