def test_can_parse_fullfleged_entrdoes_parse_success_outcome_with_entries():
stdout = f'''Found 1 entries
Entry ID : 99b8dd8c-fd3e-4c67-808f-d37aca1cae9b
SPIFFE ID : spiffe://example.org/myagent
Parent ID : {parent_id1}
TTL : default
Selector : {selector_parent_id1}
Selector : unix:gid:1000
Selector : unix:user:etcd
DNS name : api.sapone.k8s
DNS name : kubernetes
DNS name : localhost
DNS name : kubernetes.default
Downstream : true
FederatesWith : spiffe://example2.org
FederatesWith : spiffe://example3.org
Admin : true
'''
outcome = show.SpireServerEntryShowOutcome(0, stdout, "")
assert not outcome.parse_error, f"parse should have been successful: {outcome.parse_error}"
expected_outcome = [
{
"entry_id": "99b8dd8c-fd3e-4c67-808f-d37aca1cae9b",
"spiffe_id": "spiffe://example.org/myagent",
"parent_id": parent_id1,
"ttl": "default",
"selector": [selector_parent_id1, "unix:gid:1000", "unix:user:etcd"],
"dns_name": ["api.sapone.k8s", "kubernetes", "localhost", "kubernetes.default"],
"admin": "true",
"downstream": "true",
"federates_with": ["spiffe://example2.org", "spiffe://example3.org"]
},
]
assert expected_outcome == outcome.entries
def test_update_entry(host):
cmd = " ".join([
"/opt/spire/bin/spire-server",
"entry",
"show",
"-parentID",
"spiffe://example.org/myagent",
#"-selector", "unix:user:etcd", "-selector", "unix:gid:1000",
"-spiffeID",
"spiffe://example.org/myagent/etcd"
])
cresult: CommandResult = host.run(cmd)
assert cresult.succeeded, f"""Fail to run show entry:
cmd={cmd},
result={cresult}
"""
outcome = show.SpireServerEntryShowOutcome(cresult.rc, cresult.stdout,
cresult.stderr)
assert outcome.entries is not None and len(
outcome.entries) == 1, f"Should have had exactly one entry: {outcome}"
entry: show.RegistrationEntry = outcome.entries[0]
assert set(["unix:user:etcd", "unix:gid:1000",
"updated:yes"]) == set(entry.get("selector") or [])
assert ["node1.local1", "node1.local2",
"node1.local3"] == entry.get("dns_name"), f"outcome={outcome}"
assert "spiffe://example.org/myagent/etcd" == entry.get("spiffe_id")
def test_does_parse_success_outcome_with_entries():
stdout = f'''Found 23 entries
Entry ID : 99b8dd8c-fd3e-4c67-808f-d37aca1cae9b
SPIFFE ID : spiffe://example.org/myagent
Parent ID : {parent_id1}
TTL : default
Selector : {selector_parent_id1}
Entry ID : 10c1f178-758d-45c0-bbe2-57558729b28c
SPIFFE ID : spiffe://example.org/myagent
Parent ID : {parent_id2}
TTL : default
Selector : {selector_parent_id2}
Entry ID : 1234-4321
SPIFFE ID : spiffe://example.local
Parent ID : spiffe://example.local/parent
TTL : 24564
Selector : spiffe_id:spiffe://example.local/spire/agent/join_token/tkkk
'''
outcome = show.SpireServerEntryShowOutcome(0, stdout, None)
assert not outcome.parse_error, f"parse should have been successful: {outcome.parse_error}"
expected_outcome = [
{
"entry_id": "99b8dd8c-fd3e-4c67-808f-d37aca1cae9b",
"spiffe_id": "spiffe://example.org/myagent",
"parent_id": parent_id1,
"ttl": "default",
"selector": [selector_parent_id1]
},
{
"entry_id": "10c1f178-758d-45c0-bbe2-57558729b28c",
"spiffe_id": "spiffe://example.org/myagent",
"parent_id": parent_id2,
"ttl": "default",
"selector": [selector_parent_id2]
},
{
"entry_id": "1234-4321",
"spiffe_id": "spiffe://example.local",
"parent_id": "spiffe://example.local/parent",
"ttl": "24564",
"selector": ["spiffe_id:spiffe://example.local/spire/agent/join_token/tkkk"]
}
]
assert expected_outcome == outcome.entries
def test_delete_entry(host):
cmd = " ".join([
"/opt/spire/bin/spire-server", "entry", "show", "-parentID",
"spiffe://example.org/myagent", "-spiffeID",
"spiffe://example.org/myagent/etcd"
])
cresult: CommandResult = host.run(cmd)
assert cresult.succeeded, f"""Fail to run show entry:
cmd={cmd},
result={cresult}
"""
outcome = show.SpireServerEntryShowOutcome(cresult.rc, cresult.stdout,
cresult.stderr)
assert not outcome.entries, f"Should have been empty: {outcome}"
def test_parse_can_handle_single_entry_found() -> None:
stdout = """Found 1 entry
Entry ID : 4cba8d72-ae37-4f41-9fe7-af7edcc1cc4f
SPIFFE ID : spiffe://example.org/myagent/etcd
Parent ID : spiffe://example.org/myagent
TTL : 3600
Selector : unix:gid:1000
Selector : unix:user:etcd
DNS name : node1.local
"""
outcome = show.SpireServerEntryShowOutcome(0, stdout, None)
assert not outcome.parse_error, f"parse should have been successful: {outcome.parse_error}"
expected_outcome = [
{
"entry_id": "4cba8d72-ae37-4f41-9fe7-af7edcc1cc4f",
"spiffe_id": "spiffe://example.org/myagent/etcd",
"parent_id": "spiffe://example.org/myagent",
"ttl": "3600",
"selector": ["unix:gid:1000", "unix:user:etcd"],
"dns_name": ["node1.local"]
}
]
assert expected_outcome == outcome.entries
def test_agent_created(host: Host, agent_data_dir_local: str) -> None:
host_funcs = HostFuncsAdapter(host)
print(f"Test Infra Host: {host}")
# copying data to local machine because certificates requires
# files to be local
host_funcs.docker_copy_agent_svid_der(agent_data_dir_local)
dirs = AgentDirs(
config_dir="/etc/spire-agent",
data_dir=agent_data_dir_local,
install_dir="/opt/spire-agent",
service_name="spire_agent",
log_dir="/var/log/spire",
service_dir="/etc/systemd/system",
)
agent_info = SpireAgentInfo(run_command=host_funcs.run_command,
log_func=host_funcs.no_log,
dirs=dirs,
service_scope="system",
socket_path="/tmp/agent.sock",
expected_version=test_data.spire_version,
file_exists_func=host_funcs.file_exists)
print(f"agent_info:{agent_info}")
assert ("agent-installed", *agent_info.is_agent_installed()) == ("agent-installed",True, None) \
and ("service-installed", *agent_info.is_service_installed()) == ("service-installed",True, None) \
and ("service-enabled", *agent_info.is_service_enabled()) == ("service-enabled",True, None) \
and ("service-running", *agent_info.is_service_running()) == ("service-running",True, None) \
and ("agent-healthy", *agent_info.is_agent_healthy()) == ("agent-healthy",True, None) \
and agent_info.version == (test_data.spire_version, None) \
, ["should have been installed, enabled and healthy", agent_info]
spire_agent_create_ansible_result: CommandResult = host.run(
"cat /tmp/spire_agent_creation_result.json")
assert spire_agent_create_ansible_result.succeeded and spire_agent_create_ansible_result.stdout
ansible_res_json: Dict[str, str] = json.loads(
spire_agent_create_ansible_result.stdout)
print(f"ansible_res_json={ansible_res_json}")
agent_spiffe_id_sn_and_issue = agent_info.get_agent_spiffe_id_and_sertial_number(
)
assert (ansible_res_json.get("actual_spire_agent_spiffe_id"),
ansible_res_json.get("actual_spire_agent_serial_number"),
ansible_res_json.get("actual_spire_agent_get_info_issue")
) == agent_spiffe_id_sn_and_issue
spire_agent_service_name = "spire_agent"
spire_agent_service_filename = f"{spire_agent_service_name}.service"
agent_health_res: CommandResult = host.run("%s %s", dirs.path_executable,
"healthcheck")
agent_srv_running_res: CommandResult = host.run(
"systemctl is-active %s", spire_agent_service_filename)
agent_srv_enabled_res: CommandResult = host.run(
"systemctl is-enabled %s", spire_agent_service_filename)
assert (agent_health_res.succeeded and "Agent is healthy" in agent_health_res.stdout) \
and (agent_srv_enabled_res.succeeded and "enabled" == str(agent_srv_enabled_res.stdout).strip() ) \
and (agent_srv_running_res.succeeded and "active" == str(agent_srv_running_res.stdout).strip() )
spire_server_install_dir = "/opt/spire/"
spire_service_bin_path = os.path.join(spire_server_install_dir, "bin",
"spire-server")
cmd = " ".join([
spire_service_bin_path, "entry", "show", "-parentID",
agent_spiffe_id_sn_and_issue[0], "-selector",
f"spiffe_id:{agent_spiffe_id_sn_and_issue[0]}"
])
host_spire_server: Host = ansible_runner.get_host("spire_server")
print(f"host_spire_server:{host_spire_server}")
cresult: CommandResult = host_spire_server.run(cmd)
assert cresult.succeeded, f"""Fail to run show entry:
cmd={cmd},
result={cresult}
"""
outcome = spire_server_entry_cmd.SpireServerEntryShowOutcome(
cresult.rc, cresult.stdout, cresult.stderr)
assert outcome.entries is not None and len(
outcome.entries) == 1, f"Should have had exactly one entry: {outcome}"
entry: spire_server_entry_cmd.RegistrationEntry = outcome.entries[0]
assert "spiffe://example.org/agent/local1" == entry.get("spiffe_id")