Refactor CLI to make it testable using testscript
#1426
Conversation
github-actions
bot
added
the
needs triage
hslatman
force-pushed
the
herman/testscript
branch
from
4fc2791 to
b69ee0e
Compare
hslatman
force-pushed
the
herman/testscript
branch
3 times, most recently
from
ae24576 to
4832304
Compare
In CI the TTY is not available, and will result in this error: `error reading password: error allocating terminal: open /dev/tty: no such device or address` We prevent this by using the `--password-file` flag.
hslatman
force-pushed
the
herman/testscript
branch
from
4832304 to
6de4059
Compare
hslatman
force-pushed
the
herman/testscript
branch
from
6de4059 to
298ff27
Compare
hslatman
force-pushed
the
herman/testscript
branch
from
f229d6a to
1a494ce
Compare
hslatman
force-pushed
the
herman/testscript
branch
from
eb550ee to
92a5eab
Compare
hslatman
force-pushed
the
herman/testscript
branch
from
92a5eab to
2944159
Compare
internal/cmd/main.go
Outdated
There was a problem hiding this comment.
We should probably rename this file and main_test.go to something different. Cobra usually names this file root.go.
internal/cmd/main.go
Outdated
| app.Name = "step" | ||
| app.HelpName = "step" |
There was a problem hiding this comment.
Although this was like this before, in some OSs the step binary is distributed as step-cli, can this be a problem here? We could allow to inject the value using -X ldflags, using step by default.
There was a problem hiding this comment.
I don't know if it can be a problem, but it can now be set with 279e638. Using the same name for both seemed sufficient to me.
| signer, err := keyutil.GenerateDefaultSigner() | ||
| require.NoError(t, err) | ||
| csrBytes, err := x509.CreateCertificateRequest(rand.Reader, &x509.CertificateRequest{Subject: pkix.Name{CommonName: "test"}}, signer) | ||
| require.NoError(t, err) | ||
| csr, err := x509.ParseCertificateRequest(csrBytes) | ||
| require.NoError(t, err) | ||
| caSigner, err := keyutil.GenerateDefaultSigner() | ||
| require.NoError(t, err) | ||
| tmpl := &x509.Certificate{ | ||
| Subject: pkix.Name{CommonName: "test-ca"}, | ||
| SerialNumber: big.NewInt(1), | ||
| IsCA: true, | ||
| MaxPathLen: 1, | ||
| BasicConstraintsValid: true, | ||
| KeyUsage: x509.KeyUsageCertSign, | ||
| } | ||
| caCertBytes, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, caSigner.Public(), caSigner) | ||
| require.NoError(t, err) | ||
| caCert, err := x509.ParseCertificate(caCertBytes) | ||
| require.NoError(t, err) |
There was a problem hiding this comment.
You could use minica to make this shorter.
There was a problem hiding this comment.
minica didn't give me access to the caSigner key, which this test needs to write out to disk
| @@ -0,0 +1,2 @@ | |||
| exec step certificate sign test.csr cacert.pem cakey.pem | |||
| stdout '-----BEGIN CERTIFICATE-----' | |||
There was a problem hiding this comment.
As an improvement a custom checker can also be implemented.
There was a problem hiding this comment.
Yes, great suggestion 🙂: 1932842
There was a problem hiding this comment.
We can add tests using --no-password --insecure, also making sure that --no-password required --insecure.
There was a problem hiding this comment.
The same can be applied to other files.
| # P-256 sign with subtle flag | ||
| exec step crypto jwt sign -key p256.pem -iss TestIssuer -aud TestAudience -sub TestSubject -nbf 1 -iat 1 -exp 1 -subtle | ||
| stdout 'eyJhbGciOiJFUzI1NiIsImtpZCI6Ii1pZ1pNalRCdkhFRG02bjkxQkgwT0k4ZUhqQko2b0I3UlpIZFA0RE81U0EiLCJ0eXAiOiJKV1QifQ' | ||
|
|
There was a problem hiding this comment.
To be consistent, I think we can remove an extra new line here
This PR refactors the CLI and its integration tests to use the testscript package.
As part of that, this PR:
testscriptDSLintegrationbuild tag