Skip to content

Commit

Permalink
Merge branch 'main' into delete_non_lru_for_reals
Browse files Browse the repository at this point in the history
  • Loading branch information
amoore877 authored Sep 23, 2024
2 parents a1c5b9e + 2328715 commit 686804f
Showing 1 changed file with 10 additions and 16 deletions.
26 changes: 10 additions & 16 deletions pkg/server/ca/manager/manager_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -379,7 +379,7 @@ func TestUpstreamSigned(t *testing.T) {
}
}

func TestUpstreamProcesssTaintedAuthority(t *testing.T) {
func TestUpstreamProcessTaintedAuthority(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
defer cancel()

Expand Down Expand Up @@ -407,23 +407,20 @@ func TestUpstreamProcesssTaintedAuthority(t *testing.T) {
x509Roots := fakeUA.X509Roots()
require.True(t, x509Roots[0].Tainted)

commonCertificates := x509certificate.RequireToCommonProtos(x509Roots)
// Retry until the Tainted attribute is propagated to the database
require.Eventually(t, func() bool {
bundle := test.fetchBundle(ctx)
return spiretest.AssertProtoListEqual(t, commonCertificates, bundle.RootCas)
}, time.Minute, 500*time.Millisecond)

expectedTaintedAuthorities := []*x509.Certificate{x509Roots[0].Certificate}
select {
case received := <-test.ca.taintedAuthoritiesCh:
require.Equal(t, expectedTaintedAuthorities, received)
case <-ctx.Done():
assert.Fail(t, "deadline reached")
}

bundle := test.fetchBundle(ctx)
expectRootCas := x509certificate.RequireToCommonProtos(x509Roots)
spiretest.AssertProtoListEqual(t, expectRootCas, bundle.RootCas)
}

func TestUpstreamProcesssTaintedAuthorityBackoff(t *testing.T) {
func TestUpstreamProcessTaintedAuthorityBackoff(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
defer cancel()

Expand Down Expand Up @@ -475,20 +472,17 @@ func TestUpstreamProcesssTaintedAuthorityBackoff(t *testing.T) {
test.m.c.X509CAKeyType = keymanager.ECP256
test.clock.Add(10 * time.Second)

commonCertificates := x509certificate.RequireToCommonProtos(x509Roots)
// Retry until the Tainted attribute is propagated to the database
require.Eventually(t, func() bool {
bundle := test.fetchBundle(ctx)
return spiretest.AssertProtoListEqual(t, commonCertificates, bundle.RootCas)
}, time.Minute, 500*time.Millisecond)

expectedTaintedAuthorities := []*x509.Certificate{x509Roots[0].Certificate}
select {
case received := <-test.ca.taintedAuthoritiesCh:
require.Equal(t, expectedTaintedAuthorities, received)
case <-ctx.Done():
assert.Fail(t, "deadline reached")
}

bundle := test.fetchBundle(ctx)
expectRootCas := x509certificate.RequireToCommonProtos(x509Roots)
spiretest.AssertProtoListEqual(t, expectRootCas, bundle.RootCas)
}

func TestGetCurrentX509CASlotUpstreamSigned(t *testing.T) {
Expand Down

0 comments on commit 686804f

Please sign in to comment.