Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a03026b

Browse files
sreyasreya
committed
add some tests
1 parent 808aa32 commit a03026b

File tree

3 files changed

+127
-4
lines changed

3 files changed

+127
-4
lines changed

enterprise/coderd/workspaceproxy.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -987,10 +987,10 @@ func fromDBCryptoKeys(keys []database.CryptoKey) []wsproxysdk.CryptoKey {
987987
for _, key := range keys {
988988
wskeys = append(wskeys, wsproxysdk.CryptoKey{
989989
Feature: wsproxysdk.CryptoKeyFeature(key.Feature),
990-
Secret: key.Secret.String,
991-
DeletesAt: key.DeletesAt.Time,
992990
Sequence: key.Sequence,
993-
StartsAt: key.StartsAt,
991+
StartsAt: key.StartsAt.UTC(),
992+
DeletesAt: key.DeletesAt.Time.UTC(),
993+
Secret: key.Secret.String,
994994
})
995995
}
996996
return wskeys

enterprise/coderd/workspaceproxy_test.go

Lines changed: 117 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package coderd_test
22

33
import (
4+
"database/sql"
45
"fmt"
56
"net/http"
67
"net/http/httptest"
@@ -17,6 +18,7 @@ import (
1718
"github.com/coder/coder/v2/buildinfo"
1819
"github.com/coder/coder/v2/coderd/coderdtest"
1920
"github.com/coder/coder/v2/coderd/database"
21+
"github.com/coder/coder/v2/coderd/database/dbgen"
2022
"github.com/coder/coder/v2/coderd/database/dbtestutil"
2123
"github.com/coder/coder/v2/coderd/database/dbtime"
2224
"github.com/coder/coder/v2/coderd/workspaceapps"
@@ -887,3 +889,118 @@ func TestReconnectingPTYSignedToken(t *testing.T) {
887889
// validate it here.
888890
})
889891
}
892+
893+
func TestGetCryptoKeys(t *testing.T) {
894+
t.Parallel()
895+
896+
t.Run("OK", func(t *testing.T) {
897+
t.Parallel()
898+
899+
ctx := testutil.Context(t, testutil.WaitMedium)
900+
db, pubsub := dbtestutil.NewDB(t)
901+
cclient, _, api, _ := coderdenttest.NewWithAPI(t, &coderdenttest.Options{
902+
Options: &coderdtest.Options{
903+
Database: db,
904+
Pubsub: pubsub,
905+
IncludeProvisionerDaemon: true,
906+
},
907+
LicenseOptions: &coderdenttest.LicenseOptions{
908+
Features: license.Features{
909+
codersdk.FeatureWorkspaceProxy: 1,
910+
},
911+
},
912+
})
913+
914+
now := time.Now().UTC()
915+
916+
expectedKey1 := dbgen.CryptoKey(t, db, database.CryptoKey{
917+
Feature: database.CryptoKeyFeatureWorkspaceApps,
918+
StartsAt: now.Add(-time.Hour),
919+
Sequence: 2,
920+
})
921+
key1 := fromDBCryptoKeys(expectedKey1)
922+
923+
expectedKey2 := dbgen.CryptoKey(t, db, database.CryptoKey{
924+
Feature: database.CryptoKeyFeatureWorkspaceApps,
925+
StartsAt: now,
926+
Sequence: 3,
927+
})
928+
key2 := fromDBCryptoKeys(expectedKey2)
929+
930+
// Create a deleted key.
931+
_ = dbgen.CryptoKey(t, db, database.CryptoKey{
932+
Feature: database.CryptoKeyFeatureWorkspaceApps,
933+
StartsAt: now.Add(-time.Hour),
934+
Secret: sql.NullString{
935+
String: "secret1",
936+
Valid: false,
937+
},
938+
Sequence: 1,
939+
})
940+
941+
// Create a key with different features.
942+
_ = dbgen.CryptoKey(t, db, database.CryptoKey{
943+
Feature: database.CryptoKeyFeatureTailnetResume,
944+
StartsAt: now.Add(-time.Hour),
945+
Sequence: 1,
946+
})
947+
_ = dbgen.CryptoKey(t, db, database.CryptoKey{
948+
Feature: database.CryptoKeyFeatureOidcConvert,
949+
StartsAt: now.Add(-time.Hour),
950+
Sequence: 1,
951+
})
952+
953+
proxy := coderdenttest.NewWorkspaceProxyReplica(t, api, cclient, &coderdenttest.ProxyOptions{
954+
Name: testutil.GetRandomName(t),
955+
})
956+
957+
keys, err := proxy.SDKClient.CryptoKeys(ctx)
958+
require.NoError(t, err)
959+
require.NotEmpty(t, keys)
960+
require.Equal(t, 2, len(keys.CryptoKeys))
961+
require.Contains(t, keys.CryptoKeys, key1)
962+
require.Contains(t, keys.CryptoKeys, key2)
963+
})
964+
965+
t.Run("Unauthorized", func(t *testing.T) {
966+
t.Parallel()
967+
968+
ctx := testutil.Context(t, testutil.WaitMedium)
969+
db, pubsub := dbtestutil.NewDB(t)
970+
cclient, _, api, _ := coderdenttest.NewWithAPI(t, &coderdenttest.Options{
971+
Options: &coderdtest.Options{
972+
Database: db,
973+
Pubsub: pubsub,
974+
IncludeProvisionerDaemon: true,
975+
},
976+
LicenseOptions: &coderdenttest.LicenseOptions{
977+
Features: license.Features{
978+
codersdk.FeatureWorkspaceProxy: 1,
979+
},
980+
},
981+
})
982+
983+
_ = coderdenttest.NewWorkspaceProxyReplica(t, api, cclient, &coderdenttest.ProxyOptions{
984+
Name: testutil.GetRandomName(t),
985+
})
986+
987+
client := wsproxysdk.New(cclient.URL)
988+
client.SetSessionToken(cclient.SessionToken())
989+
990+
_, err := client.CryptoKeys(ctx)
991+
require.Error(t, err)
992+
var sdkErr *codersdk.Error
993+
require.ErrorAs(t, err, &sdkErr)
994+
require.Equal(t, http.StatusUnauthorized, sdkErr.StatusCode())
995+
})
996+
}
997+
998+
func fromDBCryptoKeys(key database.CryptoKey) wsproxysdk.CryptoKey {
999+
return wsproxysdk.CryptoKey{
1000+
Feature: wsproxysdk.CryptoKeyFeature(key.Feature),
1001+
Sequence: key.Sequence,
1002+
StartsAt: key.StartsAt.UTC(),
1003+
DeletesAt: key.DeletesAt.Time.UTC(),
1004+
Secret: key.Secret.String,
1005+
}
1006+
}

enterprise/wsproxy/wsproxysdk/wsproxysdk.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -234,7 +234,6 @@ func (c CryptoKey) Invalid(now time.Time) bool {
234234
}
235235

236236
type RegisterWorkspaceProxyResponse struct {
237-
Keys []CryptoKey `json:"keys"`
238237
AppSecurityKey string `json:"app_security_key"`
239238
DERPMeshKey string `json:"derp_mesh_key"`
240239
DERPRegionID int32 `json:"derp_region_id"`
@@ -364,6 +363,7 @@ func (l *RegisterWorkspaceProxyLoop) Start(ctx context.Context) (RegisterWorkspa
364363
failedAttempts = 0
365364
ticker = time.NewTicker(l.opts.Interval)
366365
)
366+
367367
for {
368368
var respCh chan RegisterWorkspaceProxyResponse
369369
select {
@@ -401,6 +401,12 @@ func (l *RegisterWorkspaceProxyLoop) Start(ctx context.Context) (RegisterWorkspa
401401
}
402402
failedAttempts = 0
403403

404+
// Check for consistency.
405+
if originalRes.AppSecurityKey != resp.AppSecurityKey {
406+
l.failureFn(xerrors.New("app security key has changed, proxy must be restarted"))
407+
return
408+
}
409+
404410
if originalRes.DERPMeshKey != resp.DERPMeshKey {
405411
l.failureFn(xerrors.New("DERP mesh key has changed, proxy must be restarted"))
406412
return

0 commit comments

Comments
 (0)