Skip to content

Comments

[SQSERVICES-1885] [OAUTH] Scopes with regard to calendar integration#3046

Merged
battermann merged 62 commits intoSQSERVICES-1825-be-oauth-refresh-token-generationfrom
SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration
Feb 8, 2023
Merged

[SQSERVICES-1885] [OAUTH] Scopes with regard to calendar integration#3046
battermann merged 62 commits intoSQSERVICES-1825-be-oauth-refresh-token-generationfrom
SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration

Conversation

@battermann
Copy link
Contributor

Checklist

  • Add a new entry in an appropriate subdirectory of changelog.d
  • Read and follow the PR guidelines

smatting and others added 5 commits January 31, 2023 12:09
#3037)

* charts: Mark all test resources to be only created while running tests

* Use patched helm to ensure it doesn't try to get logs of configmaps

* ciImage,devSetup: Add awk

* ciImage: Add cfssl
@zebot zebot added the ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist label Feb 1, 2023
sanojwr and others added 23 commits February 1, 2023 17:32
Co-authored-by: Sebastian Willenborg <sebastian.willenborg@wire.com>
Co-authored-by: Sebastian Willenborg <sebastian.willenborg@wire.com>
Add security response about wire.com DoS and HTML injection
* change helm hook type of test resources which are not Pods

* changelog adjustment
- change liveness and readyness probes to start querying more quickly to
  see if cassandra is up. Instead of 90 - 120 seconds, if cassandra is
up earlier that should manifest itself in the setup time of 'make
kube-integration-setup'
- change helmfile for wire-server to wait for databases-ephemeral to be
  up before launching pods: cassandra-migration needs to have a working
cassandra anyway - the crashloop-backoff strategy leads to a lot of
waiting in between restarts; so it should be faster to wait for
cassandra to be up before attempting schema migrations
example case where this test failed: https://concourse.ops.zinfra.io/teams/main/pipelines/staging/jobs/test/builds/342

output of failing test:
```
  metrics
    prometheus:                                                                              OK (0.02s)
    work:                                                                                    FAIL (1.06s)
      Error message: /login was called twice
      expected: 2
       but got: 3

      CallStack (from HasCallStack):
        assertFailure, called at ./Test/Tasty/HUnit/Orig.hs:86:32 in tasty-hunit-0.10.0.3-KJER1RJhmod6e0raY4U8z6:Test.Tasty.HUnit.Orig
        assertEqual, called at test/integration/API/Metrics.hs:78:12 in main:API.Metrics
      Use -p '(!/turn/&&!/user.auth.cookies.limit/)&&/metrics.work/' to rerun this test only.
```
* Test helper SQSWatcher: use purgeQueue

The previous logic of emptying the queue by reading all messages and
deleting them assumes there is no other process writing anything into
the queue, which might not be the case (in case of parallel
brig/galley/spar tests). Instead, use purgeQueue to empty the queue,
which should be faster and more reliable.

* Hi CI
… to flaky tests) for parallel helm test executions. (#3040)

1. Allow running helm tests in parallel if desired, using `HELM_PARALLELISM=6` (disabled for now until we have fixed some flaky tests which fail more often when tests run in parallel)

2. rework integration test output: logs from test runs will only show if there are any failed tests. Also, the bottom of the output will have a summary of what failed and what didn't; as well as only the failed test lines with a context of +- 10 lines. This should hopefully make it easier to see what went wrong: just scroll to the bottom.

The summary looks like this:

```
=== tail cargohold: ===

All 21 tests passed (8.45s)
=== tail gundeck: ===

All 33 tests passed (56.60s)
=== tail federator: ===
Finished in 0.6576 seconds
9 examples, 0 failures
=== tail spar: ===
Finished in 397.2779 seconds
553 examples, 0 failures, 65 pending
=== tail brig: ===

2 out of 449 tests failed (123.07s)
=== tail galley: ===

1 out of 414 tests failed (136.33s)
cargohold-integration passed ✅.
gundeck-integration passed ✅.
federator-integration passed ✅.
spar-integration passed ✅.
brig-integration FAILED ❌. pfff...
galley-integration FAILED ❌. pfff...
Tests failed.
```
naming
@battermann battermann force-pushed the SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration branch from 0ecb2ed to e4b69e8 Compare February 3, 2023 10:35
battermann and others added 13 commits February 6, 2023 08:09
…-integration' of github.com:wireapp/wire-server into SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration
…-integration' of github.com:wireapp/wire-server into SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration
…-integration' of github.com:wireapp/wire-server into SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration
@battermann battermann force-pushed the SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration branch from c992bb4 to c666e69 Compare February 7, 2023 13:26
@battermann battermann force-pushed the SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration branch from c666e69 to 501a96f Compare February 7, 2023 13:51
Comment on lines +116 to +117
services/nginz/third_party/headers-more-nginx-module
services/nginz/third_party/nginx-module-vts
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
services/nginz/third_party/headers-more-nginx-module
services/nginz/third_party/nginx-module-vts
/services/nginz/third_party/headers-more-nginx-module
/services/nginz/third_party/nginx-module-vts

nginx-ingress-controller nginx-ingress-services reaper sftd restund coturn \
inbucket k8ssandra-test-cluster
KIND_CLUSTER_NAME := wire-server
HELM_PARALLELISM ?= 1 # 1 for sequential tests; 6 for all-parallel tests
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that should go to a separate PR, no?

@@ -0,0 +1 @@
Deflake integration test: metrics
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here. am i reading the wrong diff?

Copy link
Contributor

@fisx fisx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not saying this is done, but the new develop-merge into the sub-PR messes with the diff, and also i'm generally confuseda about the state of things. we should probably wrap it up here and move back to #2989?

}

addScopeDescription :: Swagger -> Swagger
addScopeDescription = allOperations . description %~ Just . (<> "OAuth scope(s): " <> showOAuthScopeList @scopes) . fold
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

swagger: scopes are there (cool!), but the other security information is not visible in swagger-ui, or at least i can't find it. also, it's not even converted completely into swagger.json, or am i reading this wrong?

2023-02-08-094841_1920x1080_scrot
2023-02-08-094844_1920x1080_scrot

@battermann battermann merged commit a58362e into SQSERVICES-1825-be-oauth-refresh-token-generation Feb 8, 2023
@battermann battermann deleted the SQSERVICES-1885-be-oauth-scopes-with-regard-to-calendar-integration branch February 8, 2023 10:46
@battermann battermann mentioned this pull request Feb 8, 2023
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist

Projects

None yet

Development

Successfully merging this pull request may close these issues.

8 participants