Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

common tests framework: cluster client creation could fail with invalid auth #14331

Merged
merged 1 commit into from
Sep 30, 2022

Conversation

chaochn47
Copy link
Member

@chaochn47 chaochn47 commented Aug 10, 2022

common tests framework: cluster client creation with auth could fail

related to #14041

More than 2K line of code change is too big, could you try to break down this PR into small ones?

This PR has 227 additions and 73 deletions.

Signed-off-by: Chao Chen [email protected]


In order to fail the test cluster client creation with invalid auth, I have to change the interface function signature.

@chaochn47 chaochn47 force-pushed the auth_test_framework_update branch from f749c30 to e2dffb0 Compare August 10, 2022 23:56
@chaochn47 chaochn47 changed the title common tests framework: cluster client creation with auth could fail common tests framework: cluster client creation could fail with invalid auth Aug 11, 2022
@chaochn47
Copy link
Member Author

Does it look better or I can give another shot to split the PR? @ahrtr

tests/framework/config/client.go Outdated Show resolved Hide resolved
tests/framework/config/client.go Outdated Show resolved Hide resolved
tests/framework/e2e/etcdctl.go Outdated Show resolved Hide resolved
tests/framework/config/cluster.go Outdated Show resolved Hide resolved
@chaochn47 chaochn47 force-pushed the auth_test_framework_update branch from e2dffb0 to c32c049 Compare August 16, 2022 06:13
@chaochn47
Copy link
Member Author

mixin test failure is unrelated. There is no monitoring changes.

All the comments are addressed. PTAL, thx! @ahrtr

@codecov-commenter
Copy link

codecov-commenter commented Aug 16, 2022

Codecov Report

Merging #14331 (cd9764a) into main (b886bbc) will decrease coverage by 0.01%.
The diff coverage is 82.18%.

❗ Current head cd9764a differs from pull request most recent head 2006d13. Consider uploading reports for the commit 2006d13 to get more accurate results

@@            Coverage Diff             @@
##             main   #14331      +/-   ##
==========================================
- Coverage   75.39%   75.37%   -0.02%     
==========================================
  Files         457      457              
  Lines       37207    37181      -26     
==========================================
- Hits        28053    28026      -27     
- Misses       7394     7397       +3     
+ Partials     1760     1758       -2     
Flag Coverage Δ
all 75.37% <82.18%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
client/v3/internal/endpoint/endpoint.go 87.50% <ø> (ø)
client/v3/kv.go 94.44% <ø> (ø)
client/v3/txn.go 100.00% <ø> (ø)
etcdctl/ctlv3/command/global.go 54.40% <0.00%> (ø)
etcdctl/ctlv3/command/make_mirror_command.go 14.28% <0.00%> (ø)
etcdctl/main.go 40.00% <ø> (ø)
pkg/adt/interval_tree.go 87.21% <ø> (ø)
pkg/flags/urls.go 45.00% <0.00%> (ø)
raft/confchange/confchange.go 82.06% <ø> (ø)
raft/tracker/progress.go 97.67% <ø> (ø)
... and 76 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@chaochn47 chaochn47 closed this Sep 10, 2022
@chaochn47 chaochn47 force-pushed the auth_test_framework_update branch from c32c049 to b886bbc Compare September 10, 2022 01:28
@chaochn47
Copy link
Member Author

This PR is accidentally closed because I pushed to the same commit of main to the remote branch. How to re-open it?

@chaochn47 chaochn47 reopened this Sep 10, 2022
@chaochn47 chaochn47 force-pushed the auth_test_framework_update branch 2 times, most recently from c362f7d to a29ebe9 Compare September 10, 2022 07:22
@chaochn47
Copy link
Member Author

This PR is ready to review. Would you mind take a look again? @ahrtr @serathius Thanks!!

@chaochn47 chaochn47 force-pushed the auth_test_framework_update branch 2 times, most recently from dc11322 to 2006d13 Compare September 24, 2022 01:15
@chaochn47 chaochn47 requested review from serathius and ahrtr and removed request for serathius September 29, 2022 19:06
@chaochn47 chaochn47 requested review from serathius and removed request for ahrtr September 29, 2022 19:07
@chaochn47
Copy link
Member Author

chaochn47 commented Sep 29, 2022

Kindly ping again, do you think upstream still needs this auth test migration? @serathius @ahrtr

@serathius
Copy link
Member

For faster review I would recommend removing unrelated changes from the PR. It's over 300 lines of code, but still includes changes that muddy the water. Best if PRs do one thing and only this one thing.

@chaochn47
Copy link
Member Author

chaochn47 commented Sep 29, 2022

For faster review I would recommend removing unrelated changes from the PR. It's over 300 lines of code, but still includes changes that muddy the water. Best if PRs do one thing and only this one.

Makes sense. 300+ lines of code is a burden for PR reviewers. I will try to split into smaller PRs for future bigger PRs going forward.

This PR is already a split from original even bigger PR. sigh^

Comment on lines +96 to +106
// use integration test client to validate if permissions are authorized
_, err := integration.NewClient(c.t, clientv3.Config{
Endpoints: c.EndpointsV3(),
DialTimeout: 5 * time.Second,
DialOptions: []grpc.DialOption{grpc.WithBlock()},
Username: cfg.Username,
Password: cfg.Password,
})
if err != nil {
return nil, err
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably we do not need this. Reasons:

  1. It seems not good for e2e test to depends on integration test;
  2. The related test cases will get a denied response if the auth info isn't correct. So the pre-check isn't necessary.

Copy link
Member Author

@chaochn47 chaochn47 Sep 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree it's not optimal that e2e test depending on integration test. This is an exception when auth config is not empty.

Copying from past conversation between @serathius and me.

From me

Some existing auth tests checks unauthenticated errors.

Integration test will throw an error at client creation stage with clientv3.New

err = client.getToken(ctx)

However, e2e test won't fail at client creation stage and fail at "got response" stage instead.

Also every request from e2e test will establish a new grpc connection to the server but integration test reuses existing one. In order to use a different user name and password, integration test needs to create another client.

From Marek

I think we can create clientv3.Client just for this.

ref. #14041 (comment)

Does this make sense to you?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the clarification.

I don't think e2e and integration test must follow the same pattern or behavior. Specifically, integration test will get an error when creating the client, while e2e test will not get an error until the submitting request stage when the auth config is invalid. It isn't necessary to change the behavior for e2e test. e2e test is just simulating the real users' use case, in which there is no explicit creating client stage from user perspective, and users just get an error response after submitting the request.

It isn't a big deal, so I won't insist on this so that we do not get blocked here.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems not good for e2e test to depends on integration test;

It's not tests, it's e2e tests using integration client, which is just a wrapper for clientv3 library. There is nothing wrong with e2e tests using client library for some things that are not surfaced in etcdctl. To complete migration of tests to new framework this is even required as Some tests cannot be expressed using just e2e or integration tools

I don't think e2e and integration test must follow the same pattern or behavior

But it would make testing and reasoning about them much simpler.

@@ -30,7 +30,7 @@ type testRunner interface {

type Cluster interface {
Members() []Member
Client() Client
Client(cfg clientv3.AuthConfig) (Client, error)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am thinking whether it's possible to get rid of the parameter cfg clientv3.AuthConfig. When the test cases setup the user & role, and enable the auth, then the client should record the authConfig automatically.

Does this make sense?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think client should be stateful. In general, it makes the client not concurrent safe. If multiple callers set up the user & role and enable the auth using the client, this would cause contention.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ack.

It's just a little strange to provide a specific cfg clientv3.AuthConfig parameter, but automatically get all other parameters from the cluster. Probably it makes more sense to resolve this using a generic way, such as change the parameter to something like opts ...Option. It might be a little over engineering from another perspective.

Let's keep it as it's for now, and probably think about it separately.

@ahrtr
Copy link
Member

ahrtr commented Sep 30, 2022

Please also rebase this PR although there is no conflict.

@chaochn47 chaochn47 force-pushed the auth_test_framework_update branch from 2006d13 to 0cf4ad5 Compare September 30, 2022 04:54
@chaochn47 chaochn47 force-pushed the auth_test_framework_update branch from 0cf4ad5 to 8d057ea Compare September 30, 2022 06:09
Copy link
Member

@ahrtr ahrtr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good to me.

Thank you @chaochn47

@ahrtr ahrtr merged commit 7fff4c4 into etcd-io:main Sep 30, 2022
@chaochn47 chaochn47 deleted the auth_test_framework_update branch September 30, 2022 17:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

4 participants