Fix broken auth Access Request creation tests #49258
Conversation
This got exposed while working on Access Request reason required PR: #49124
kopiczko
added
the
no-changelog
| requestRole, err := types.NewRole("requestRole", types.RoleSpecV6{}) | ||
| requestRole, err := types.NewRole("requestRole", types.RoleSpecV6{ | ||
| Allow: types.RoleConditions{ | ||
| GroupLabels: types.Labels{ | ||
| types.Wildcard: []string{types.Wildcard}, | ||
| }, | ||
| NodeLabels: types.Labels{ | ||
| types.Wildcard: []string{types.Wildcard}, | ||
| }, | ||
| }, | ||
| }) | ||
| require.NoError(t, err) |
There was a problem hiding this comment.
This role wasn't created before, because searchRole above had the same name ("requestRole") and srv.Auth().CreateRole(ctx, requestRole) call (below) wasn't checked for error.
| ) | ||
| require.NoError(t, err) | ||
|
|
||
| _, err = srv.Auth().UpsertNode(ctx, nodeAllowedByRequestRole) |
There was a problem hiding this comment.
Are we able to avoid doing upserts here? I know that due to how our cache works, it's safe in tests to create a resource and then not wait for the change to propagate. This isn't true when performing an update, so you run into a risk of having a flaky test. The rest of the code in the test might execute without observing the change to nodeAllowedByRequestRole.
See the question I asked about this on Slack some time ago.
There was a problem hiding this comment.
Thanks for pointing out. AFAICT there is nothing like CreateNode. Only upsert. Also in this particular case cache is not set in the auth server.
public-teleport-github-review-bot
bot
removed request for
r0mant and
mvbrock
kopiczko
deleted the
kopiczko/fix-broken-access-request-creation-tests
branch
kopiczko
restored the
kopiczko/fix-broken-access-request-creation-tests
branch
kopiczko
deleted the
kopiczko/fix-broken-access-request-creation-tests
branch
This got exposed while working on Access Request reason required PR: #49124