[SQSERVICES-1885] [OAUTH] Scopes with regard to calendar integration#3046
Merged
battermann merged 62 commits intoSQSERVICES-1825-be-oauth-refresh-token-generationfrom Feb 8, 2023
Conversation
#3037) * charts: Mark all test resources to be only created while running tests * Use patched helm to ensure it doesn't try to get logs of configmaps * ciImage,devSetup: Add awk * ciImage: Add cfssl
zebot
added
the
ok-to-test
Co-authored-by: Sebastian Willenborg <sebastian.willenborg@wire.com>
Co-authored-by: Sebastian Willenborg <sebastian.willenborg@wire.com>
Add security response about wire.com DoS and HTML injection
* change helm hook type of test resources which are not Pods * changelog adjustment
- change liveness and readyness probes to start querying more quickly to see if cassandra is up. Instead of 90 - 120 seconds, if cassandra is up earlier that should manifest itself in the setup time of 'make kube-integration-setup' - change helmfile for wire-server to wait for databases-ephemeral to be up before launching pods: cassandra-migration needs to have a working cassandra anyway - the crashloop-backoff strategy leads to a lot of waiting in between restarts; so it should be faster to wait for cassandra to be up before attempting schema migrations
example case where this test failed: https://concourse.ops.zinfra.io/teams/main/pipelines/staging/jobs/test/builds/342 output of failing test: ``` metrics prometheus: OK (0.02s) work: FAIL (1.06s) Error message: /login was called twice expected: 2 but got: 3 CallStack (from HasCallStack): assertFailure, called at ./Test/Tasty/HUnit/Orig.hs:86:32 in tasty-hunit-0.10.0.3-KJER1RJhmod6e0raY4U8z6:Test.Tasty.HUnit.Orig assertEqual, called at test/integration/API/Metrics.hs:78:12 in main:API.Metrics Use -p '(!/turn/&&!/user.auth.cookies.limit/)&&/metrics.work/' to rerun this test only. ```
…#3045) * Extend the docs on the federation error type
* Test helper SQSWatcher: use purgeQueue The previous logic of emptying the queue by reading all messages and deleting them assumes there is no other process writing anything into the queue, which might not be the case (in case of parallel brig/galley/spar tests). Instead, use purgeQueue to empty the queue, which should be faster and more reliable. * Hi CI
… to flaky tests) for parallel helm test executions. (#3040) 1. Allow running helm tests in parallel if desired, using `HELM_PARALLELISM=6` (disabled for now until we have fixed some flaky tests which fail more often when tests run in parallel) 2. rework integration test output: logs from test runs will only show if there are any failed tests. Also, the bottom of the output will have a summary of what failed and what didn't; as well as only the failed test lines with a context of +- 10 lines. This should hopefully make it easier to see what went wrong: just scroll to the bottom. The summary looks like this: ``` === tail cargohold: === All 21 tests passed (8.45s) === tail gundeck: === All 33 tests passed (56.60s) === tail federator: === Finished in 0.6576 seconds 9 examples, 0 failures === tail spar: === Finished in 397.2779 seconds 553 examples, 0 failures, 65 pending === tail brig: === 2 out of 449 tests failed (123.07s) === tail galley: === 1 out of 414 tests failed (136.33s) cargohold-integration passed ✅. gundeck-integration passed ✅. federator-integration passed ✅. spar-integration passed ✅. brig-integration FAILED ❌. pfff... galley-integration FAILED ❌. pfff... Tests failed. ```
battermann
force-pushed
the
SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration
branch
from
0ecb2ed to
e4b69e8
Compare
…-integration' of github.com:wireapp/wire-server into SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration
…-integration' of github.com:wireapp/wire-server into SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration
…-integration' of github.com:wireapp/wire-server into SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration
battermann
force-pushed
the
SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration
branch
from
c992bb4 to
c666e69
Compare
battermann
force-pushed
the
SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration
branch
from
c666e69 to
501a96f
Compare
fisx
reviewed
Feb 8, 2023
Comment on lines
+116
to
+117
| services/nginz/third_party/headers-more-nginx-module | ||
| services/nginz/third_party/nginx-module-vts |
Contributor
There was a problem hiding this comment.
Suggested change
| services/nginz/third_party/headers-more-nginx-module | |
| services/nginz/third_party/nginx-module-vts | |
| /services/nginz/third_party/headers-more-nginx-module | |
| /services/nginz/third_party/nginx-module-vts |
| nginx-ingress-controller nginx-ingress-services reaper sftd restund coturn \ | ||
| inbucket k8ssandra-test-cluster | ||
| KIND_CLUSTER_NAME := wire-server | ||
| HELM_PARALLELISM ?= 1 # 1 for sequential tests; 6 for all-parallel tests |
Contributor
There was a problem hiding this comment.
I think that should go to a separate PR, no?
| @@ -0,0 +1 @@ | |||
| Deflake integration test: metrics | |||
Contributor
There was a problem hiding this comment.
same here. am i reading the wrong diff?
fisx
approved these changes
Feb 8, 2023
| } | ||
|
|
||
| addScopeDescription :: Swagger -> Swagger | ||
| addScopeDescription = allOperations . description %~ Just . (<> "OAuth scope(s): " <> showOAuthScopeList @scopes) . fold |
Contributor
There was a problem hiding this comment.
swagger: scopes are there (cool!), but the other security information is not visible in swagger-ui, or at least i can't find it. also, it's not even converted completely into swagger.json, or am i reading this wrong?
battermann
deleted the
SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Checklist
changelog.d