Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

redesign test for key retrieval via http #428

Closed
wants to merge 1 commit into from

Conversation

karmix
Copy link

@karmix karmix commented Jun 1, 2019

Description

Revises test cookbook so that instead of downloading an individual's personal keys from GitHub, it
starts a web service and uses it to serve dedicated keys for validating that the user_manage resource can retrieve ssh keys via http.

Issues Resolved

Resolves #427

Check List

@karmix karmix force-pushed the fix-keys-from-url-test branch 2 times, most recently from e8b27dc to f6b4c3d Compare June 1, 2019 07:14
@karmix
Copy link
Author

karmix commented Jun 1, 2019

It looks like the travis-ci build is having problems installing ChefDK while setting up the test environment. This error makes it look like it might have a corrupt apt-get cache, or be hitting a broken mirror: https://travis-ci.org/chef-cookbooks/users/jobs/540010073#L574 .

@@ -91,7 +91,7 @@
ssh_keys = []
if u['ssh_keys']
Array(u['ssh_keys']).each do |key|
if key.start_with?('https')
if key.start_with?('http')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we talked about this at the sous-chefs meeting on Jul 22 2019, the concern is MITM and if we want to support use cases pulling over http I think it needs to be a curl --insecure type setup.

@karmix
Copy link
Author

karmix commented Jan 28, 2021

Sorry, I thought I wrapped this up long ago, but apparently I didn't update the PR. I added a prefix to non-ssl http, so it's now INSECURE:http://.... kitchen verify passed, and there was nothing unexpected with the rebase.

However, it appears that recent changes set enforce_idempotency in kitchen. Because there is no way to ignore specific resources with enforce_idempotency, and the users_manage resource does not support :before notifications, I don't see a portable way to make this patch start the web service for the users_manage resource without tripping up the idempotency checks.

@majormoses
Copy link
Contributor

Hmm I will try to dig into that issue if I can find some time this weekend. I imagine there has to be a way to give a list of resources that are expected to lack idempotency because of their nature either through configuration initialization or inline. I have not been deeply involved in the chef world for a while so maybe I am remembering things incorrectly.

@ramereth
Copy link
Contributor

@majormoses that would be a sweet feature to have in test-kitchen

@ramereth
Copy link
Contributor

BTW we're in the process of adopting this cookbook into Sous Chefs so please give us a week or so to get this repo ready for our automation.

@Stromweld
Copy link

closing this due to age. please feel free to reopen if needed.

@Stromweld Stromweld closed this May 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Integration tests for populating keys from a URL are broken
5 participants