agent: Add agent process supervisor tests #20741
Conversation
Co-authored-by: Anton Averchenkov <[email protected]>
Co-authored-by: Anton Averchenkov <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Co-authored-by: Anton Averchenkov <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
Co-authored-by: Anton Averchenkov <[email protected]>
Signed-off-by: Daniel Huckins <[email protected]>
…o agent-runner-env-var
Signed-off-by: Daniel Huckins <[email protected]>
| "request_id": "8af096e9-518c-7351-eff5-5ba20554b21f", | ||
| "lease_id": "", | ||
| "renewable": false, | ||
| "lease_duration": 0, |
There was a problem hiding this comment.
I'd like to see a test on a dynamic secret, as well as static (it would likely make more sense on a real Vault server, as mentioned above).
There was a problem hiding this comment.
Dynamic secret might be a bit difficult to set up on a real server. I'm thinking we can use fake server that simply scrambles the response on each request.
There was a problem hiding this comment.
You could request a token? That should be easy enough to set up, I think. For example, while TestAgent_Cache_DynamicSecret uses the API proxy subsystem of Agent, I don't see why it couldn't be doable using templating?
| }}, | ||
| testAppArgs: []string{"--stop-after", "10s"}, | ||
| testAppStopSignal: syscall.SIGTERM, | ||
| testAppPort: 34001, |
There was a problem hiding this comment.
Instead of static ports, could we use something similar to generateListenerAddress in agent_test to try and avoid collisions?
There was a problem hiding this comment.
I had a similar concern (port collisions when running the tests from multiple PR's) but if I understand correctly, GHA should run each PR in an isolated/containerized environment so it should not be an issue
| }() | ||
|
|
||
| for name, testCase := range testCases { | ||
| t.Run(name, func(t *testing.T) { |
There was a problem hiding this comment.
Can we use t.Parallel() on the next line here (and at the start of the function)? I can't see anything that might conflict, but I could be missing something
There was a problem hiding this comment.
I've tried t.Parallel but it's failing the tests -- possibly something related to the data race.
There was a problem hiding this comment.
Unfortunately, the tests currently can't be run in parallel since there is a shared setup (a common test app that is built ahead of time). This would probably work better in a test suite/fixture, but these don't seem to be used in Vault.
|
Oh, as an FYI, there's a data race test failure, in case you've not seen it: |
|
We've been looking into this data race and trying to figure it out, gives us a concern about the existing code 😄 |
|
The data race seems to be internal to consul-template. I've created an issue hashicorp/consul-template#1753 with a minimal example of failure. |
This introduces 6 integration tests for agent running in process supervisor mode (#20739):
This PR is part of a larger effort to implement secrets as environment variable support in agent (VLT-253)
This PR was started in #20722 by @dhuckins