@ -4,6 +4,8 @@
package worker_test
import (
"bytes"
"context"
"sync/atomic"
"testing"
"time"
@ -109,12 +111,23 @@ func TestRotationTicking(t *testing.T) {
// Now we wait and check that we see new values in the DB and different
// creds on the worker after each rotation period
for i := 2 ; i < 5 ; i ++ {
// Make sure we have a failsafe in case the below loop never finds what it's
// looking for; at expiration the List will fail and we'll hit the Require,
// exiting
deadlineCtx , deadlineCtxCancel := context . WithTimeout ( c . Context ( ) , 10 * time . Minute )
defer deadlineCtxCancel ( )
rotationCount := 2
for {
if rotationCount > 5 {
break
}
nextRotation := w . Worker ( ) . AuthRotationNextRotation . Load ( )
time . Sleep ( ( * nextRotation ) . Sub ( time . Now ( ) ) + 5 * time . Second )
// Verify we see 2- after credentials have rotated, we should see current and previous
auths , err = workerAuthRepo . List ( c . Context ( ) , ( * types . NodeInformation ) ( nil ) )
auths , err = workerAuthRepo . List ( deadlineCtx , ( * types . NodeInformation ) ( nil ) )
require . NoError ( err )
assert . Len ( auths , 2 )
@ -126,6 +139,11 @@ func TestRotationTicking(t *testing.T) {
nodeenrollment . WithStorageWrapper ( w . Config ( ) . WorkerAuthStorageKms ) ,
)
require . NoError ( err )
if bytes . Equal ( currKey , currNodeCreds . CertificatePublicKeyPkix ) {
// Load due to parallel tests may mean that we didn't hit rotation
// yet, loop back to evaluate again
continue
}
assert . NotEqual ( currKey , currNodeCreds . CertificatePublicKeyPkix )
currKey = currNodeCreds . CertificatePublicKeyPkix
currKeyId , err := nodeenrollment . KeyIdFromPkix ( currNodeCreds . CertificatePublicKeyPkix )
@ -155,5 +173,6 @@ func TestRotationTicking(t *testing.T) {
require . NotNil ( w . Worker ( ) . GrpcClientConn )
require . NoError ( w . Worker ( ) . GrpcClientConn . Close ( ) )
require . NoError ( w . Worker ( ) . StartControllerConnections ( ) )
rotationCount ++
}
}