Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add resource service auth tests (Unsecured, ApiKey) #3824

Merged
merged 1 commit into from
May 23, 2024
Merged

Add resource service auth tests (Unsecured, ApiKey) #3824

merged 1 commit into from
May 23, 2024

Conversation

drewnoakes
Copy link
Member

@drewnoakes drewnoakes commented Apr 19, 2024
edited
Loading

Contributes to #3200

Adds tests for Unsecured and ApiKey auth modes for the resource service, from the perspective of the dashboard client in the dashboard project.

Also:

  • Work around race condition between cancellation and connection attempts that leads to a previously-unhandled ObjectDisposedException.
  • Move resource service code into own namespace, out of model.
  • Use a more specific namespace for generated protobuf code.
Microsoft Reviewers: Open in CodeFlow

@drewnoakes
Add resource service auth tests
d440563 
Adds tests for `Unsecured` and `ApiKey` auth modes for the resource service, from the perspective of the dashboard client in the dashboard project.

Also:
- Work around race condition between cancellation and connection attempts that leads to a previously-unhandled `ObjectDisposedException`.
- Move resource service code into own namespace, out of model.
- Use a more specific namespace for generated protobuf code.
JamesNK
JamesNK reviewed Apr 22, 2024
View reviewed changes
tests/Aspire.Dashboard.Tests/Integration/DashboardClientAuthTests.cs
using Xunit;
using DashboardServiceBase = Aspire.ResourceService.Proto.V1.DashboardService.DashboardServiceBase;

namespace Aspire.Dashboard.Tests.Integration;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These tests are ok and don't need to be rewritten, but I think there is a simpler implementation. You could have added support for passing a custom HttpMessageHandler to the resource client, then capture the outgoing request when it is sent to the handler and returned a response from the handler. Then assert the outgoing request has headers expected. That saves having a mock server. The integration tests could turn into unit tests.

On the other hand, binary gRPC request/responses aren't easily approachable when working at a bytes level like a message handler does.

tests/Aspire.Dashboard.Tests/Integration/DashboardClientAuthTests.cs
private const string ApiKeyHeaderName = "x-resource-service-api-key";

[Fact]
public async Task ConnectsToResourceService_Unsecured()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should there be HTTPS versions of these tests?

Copy link
Member

@JamesNK JamesNK Apr 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On that topic, I thought there wasn't much point in testing client cert auth, since it was just adding a certificate to the handler, but I looked through the resource client code and certificate loading happens inside the client.

I think we either need to test the end-to-end with cert auth or split the cert loading out into a separate type and test loading cert from configuration independently.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should there be HTTPS versions of these tests?

#4621

tests/Aspire.Dashboard.Tests/Integration/DashboardClientAuthTests.cs Show resolved Hide resolved
tests/Aspire.Dashboard.Tests/Integration/DashboardClientAuthTests.cs Show resolved Hide resolved
tests/Aspire.Dashboard.Tests/Integration/DashboardClientAuthTests.cs Show resolved Hide resolved
@danmoseley
Copy link
Member

Presumably this would be good in the 8.0 branch too when it's ready.

@drewnoakes drewnoakes changed the title Add resource service auth tests Add resource service auth tests (Unsecured, ApiKey) May 23, 2024
@drewnoakes drewnoakes enabled auto-merge (squash) May 23, 2024 13:37
@drewnoakes drewnoakes merged commit 9419a4c into dotnet:main May 23, 2024
8 checks passed
@drewnoakes drewnoakes deleted the dashboard-client-auth-tests branch May 23, 2024 22:04
This was referenced Jun 10, 2024
Closed
Closed
@drewnoakes drewnoakes mentioned this pull request Jun 21, 2024
Closed
5 tasks
@github-actions github-actions bot locked and limited conversation to collaborators Jul 21, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@JamesNK JamesNK JamesNK left review comments

@kvenkatrajan kvenkatrajan kvenkatrajan approved these changes

@davidfowl davidfowl Awaiting requested review from davidfowl

Assignees
No one assigned
Labels
area-dashboard security 🔐 testing ☑️
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@drewnoakes @danmoseley @JamesNK @kvenkatrajan