mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-08 19:47:45 +00:00
4eaa3163b6
# Which Problems Are Solved We identified the need of caching. Currently we have a number of places where we use different ways of caching, like go maps or LRU. We might also want shared chaches in the future, like Redis-based or in special SQL tables. # How the Problems Are Solved Define a generic Cache interface which allows different implementations. - A noop implementation is provided and enabled as. - An implementation using go maps is provided - disabled in defaults.yaml - enabled in integration tests - Authz middleware instance objects are cached using the interface. # Additional Changes - Enabled integration test command raceflag - Fix a race condition in the limits integration test client - Fix a number of flaky integration tests. (Because zitadel is super fast now!) 🎸 🚀 # Additional Context Related to https://github.com/zitadel/zitadel/issues/8648
246 lines
9.0 KiB
Go
246 lines
9.0 KiB
Go
//go:build integration
|
|
|
|
package system_test
|
|
|
|
import (
|
|
"context"
|
|
"math/rand"
|
|
"sync"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
"google.golang.org/protobuf/types/known/durationpb"
|
|
"google.golang.org/protobuf/types/known/timestamppb"
|
|
|
|
"github.com/zitadel/zitadel/internal/integration"
|
|
"github.com/zitadel/zitadel/pkg/grpc/admin"
|
|
"github.com/zitadel/zitadel/pkg/grpc/auth"
|
|
"github.com/zitadel/zitadel/pkg/grpc/management"
|
|
"github.com/zitadel/zitadel/pkg/grpc/system"
|
|
)
|
|
|
|
func TestServer_Limits_AuditLogRetention(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
isoInstance := integration.NewInstance(CTX)
|
|
iamOwnerCtx := isoInstance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
|
userID, projectID, appID, projectGrantID := seedObjects(iamOwnerCtx, t, isoInstance.Client)
|
|
beforeTime := time.Now()
|
|
farPast := timestamppb.New(beforeTime.Add(-10 * time.Hour).UTC())
|
|
zeroCounts := &eventCounts{}
|
|
seededCount := requireEventually(t, iamOwnerCtx, isoInstance.Client, userID, projectID, appID, projectGrantID, func(c assert.TestingT, counts *eventCounts) {
|
|
counts.assertAll(c, "seeded events are > 0", assert.Greater, zeroCounts)
|
|
}, "wait for seeded event assertions to pass")
|
|
produceEvents(iamOwnerCtx, t, isoInstance.Client, userID, appID, projectID, projectGrantID)
|
|
addedCount := requireEventually(t, iamOwnerCtx, isoInstance.Client, userID, projectID, appID, projectGrantID, func(c assert.TestingT, counts *eventCounts) {
|
|
counts.assertAll(c, "added events are > seeded events", assert.Greater, seededCount)
|
|
}, "wait for added event assertions to pass")
|
|
_, err := integration.SystemClient().SetLimits(CTX, &system.SetLimitsRequest{
|
|
InstanceId: isoInstance.ID(),
|
|
AuditLogRetention: durationpb.New(time.Now().Sub(beforeTime)),
|
|
})
|
|
require.NoError(t, err)
|
|
var limitedCounts *eventCounts
|
|
requireEventually(t, iamOwnerCtx, isoInstance.Client, userID, projectID, appID, projectGrantID, func(c assert.TestingT, counts *eventCounts) {
|
|
counts.assertAll(c, "limited events < added events", assert.Less, addedCount)
|
|
counts.assertAll(c, "limited events > 0", assert.Greater, zeroCounts)
|
|
limitedCounts = counts
|
|
}, "wait for limited event assertions to pass")
|
|
listedEvents, err := isoInstance.Client.Admin.ListEvents(iamOwnerCtx, &admin.ListEventsRequest{CreationDateFilter: &admin.ListEventsRequest_From{
|
|
From: farPast,
|
|
}})
|
|
require.NoError(t, err)
|
|
assert.LessOrEqual(t, len(listedEvents.GetEvents()), limitedCounts.all, "ListEvents with from query older than retention doesn't return more events")
|
|
listedEvents, err = isoInstance.Client.Admin.ListEvents(iamOwnerCtx, &admin.ListEventsRequest{CreationDateFilter: &admin.ListEventsRequest_Range{Range: &admin.ListEventsRequestCreationDateRange{
|
|
Since: farPast,
|
|
}}})
|
|
require.NoError(t, err)
|
|
assert.LessOrEqual(t, len(listedEvents.GetEvents()), limitedCounts.all, "ListEvents with since query older than retention doesn't return more events")
|
|
_, err = integration.SystemClient().ResetLimits(CTX, &system.ResetLimitsRequest{
|
|
InstanceId: isoInstance.ID(),
|
|
})
|
|
require.NoError(t, err)
|
|
requireEventually(t, iamOwnerCtx, isoInstance.Client, userID, projectID, appID, projectGrantID, func(c assert.TestingT, counts *eventCounts) {
|
|
counts.assertAll(c, "with reset limit, added events are > seeded events", assert.Greater, seededCount)
|
|
}, "wait for reset event assertions to pass")
|
|
}
|
|
|
|
func requireEventually(
|
|
t *testing.T,
|
|
ctx context.Context,
|
|
cc *integration.Client,
|
|
userID, projectID, appID, projectGrantID string,
|
|
assertCounts func(assert.TestingT, *eventCounts),
|
|
msg string,
|
|
) (counts *eventCounts) {
|
|
countTimeout := 30 * time.Second
|
|
assertTimeout := countTimeout + time.Second
|
|
countCtx, cancel := context.WithTimeout(ctx, time.Minute)
|
|
defer cancel()
|
|
require.EventuallyWithT(t, func(c *assert.CollectT) {
|
|
counts = countEvents(countCtx, c, cc, userID, projectID, appID, projectGrantID)
|
|
assertCounts(c, counts)
|
|
}, assertTimeout, time.Second, msg)
|
|
return counts
|
|
}
|
|
|
|
var runes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
|
|
|
|
func randomString(resourceType string, n int) string {
|
|
b := make([]rune, n)
|
|
for i := range b {
|
|
b[i] = runes[rand.Intn(len(runes))]
|
|
}
|
|
return "test" + resourceType + "-" + string(b)
|
|
}
|
|
|
|
func seedObjects(ctx context.Context, t *testing.T, cc *integration.Client) (string, string, string, string) {
|
|
t.Helper()
|
|
project, err := cc.Mgmt.AddProject(ctx, &management.AddProjectRequest{
|
|
Name: randomString("project", 5),
|
|
})
|
|
require.NoError(t, err)
|
|
app, err := cc.Mgmt.AddOIDCApp(ctx, &management.AddOIDCAppRequest{
|
|
Name: randomString("app", 5),
|
|
ProjectId: project.GetId(),
|
|
})
|
|
org, err := cc.Mgmt.AddOrg(ctx, &management.AddOrgRequest{
|
|
Name: randomString("org", 5),
|
|
})
|
|
require.NoError(t, err)
|
|
role := randomString("role", 5)
|
|
require.NoError(t, err)
|
|
_, err = cc.Mgmt.AddProjectRole(ctx, &management.AddProjectRoleRequest{
|
|
ProjectId: project.GetId(),
|
|
RoleKey: role,
|
|
DisplayName: role,
|
|
})
|
|
require.NoError(t, err)
|
|
projectGrant, err := cc.Mgmt.AddProjectGrant(ctx, &management.AddProjectGrantRequest{
|
|
ProjectId: project.GetId(),
|
|
GrantedOrgId: org.GetId(),
|
|
RoleKeys: []string{role},
|
|
})
|
|
require.NoError(t, err)
|
|
user, err := cc.Auth.GetMyUser(ctx, &auth.GetMyUserRequest{})
|
|
require.NoError(t, err)
|
|
userID := user.GetUser().GetId()
|
|
requireUserEvent(ctx, t, cc, userID)
|
|
return userID, project.GetId(), app.GetAppId(), projectGrant.GetGrantId()
|
|
}
|
|
|
|
func produceEvents(ctx context.Context, t *testing.T, cc *integration.Client, machineID, appID, projectID, grantID string) {
|
|
t.Helper()
|
|
_, err := cc.Mgmt.UpdateOrg(ctx, &management.UpdateOrgRequest{
|
|
Name: randomString("org", 5),
|
|
})
|
|
require.NoError(t, err)
|
|
_, err = cc.Mgmt.UpdateProject(ctx, &management.UpdateProjectRequest{
|
|
Id: projectID,
|
|
Name: randomString("project", 5),
|
|
})
|
|
require.NoError(t, err)
|
|
_, err = cc.Mgmt.UpdateApp(ctx, &management.UpdateAppRequest{
|
|
AppId: appID,
|
|
ProjectId: projectID,
|
|
Name: randomString("app", 5),
|
|
})
|
|
require.NoError(t, err)
|
|
requireUserEvent(ctx, t, cc, machineID)
|
|
_, err = cc.Mgmt.UpdateProjectGrant(ctx, &management.UpdateProjectGrantRequest{
|
|
ProjectId: projectID,
|
|
GrantId: grantID,
|
|
})
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
func requireUserEvent(ctx context.Context, t *testing.T, cc *integration.Client, machineID string) {
|
|
_, err := cc.Mgmt.UpdateMachine(ctx, &management.UpdateMachineRequest{
|
|
UserId: machineID,
|
|
Name: randomString("machine", 5),
|
|
})
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
type eventCounts struct {
|
|
all, myUser, aUser, grant, project, app, org int
|
|
}
|
|
|
|
func (e *eventCounts) assertAll(c assert.TestingT, name string, compare assert.ComparisonAssertionFunc, than *eventCounts) {
|
|
compare(c, e.all, than.all, name+"ListEvents")
|
|
compare(c, e.myUser, than.myUser, name+"ListMyUserChanges")
|
|
compare(c, e.aUser, than.aUser, name+"ListUserChanges")
|
|
compare(c, e.grant, than.grant, name+"ListProjectGrantChanges")
|
|
compare(c, e.project, than.project, name+"ListProjectChanges")
|
|
compare(c, e.app, than.app, name+"ListAppChanges")
|
|
compare(c, e.org, than.org, name+"ListOrgChanges")
|
|
}
|
|
|
|
func countEvents(ctx context.Context, t assert.TestingT, cc *integration.Client, userID, projectID, appID, grantID string) *eventCounts {
|
|
counts := new(eventCounts)
|
|
var wg sync.WaitGroup
|
|
wg.Add(7)
|
|
|
|
var mutex sync.Mutex
|
|
assertResultLocked := func(err error, f func(counts *eventCounts)) {
|
|
mutex.Lock()
|
|
assert.NoError(t, err)
|
|
f(counts)
|
|
mutex.Unlock()
|
|
}
|
|
|
|
go func() {
|
|
defer wg.Done()
|
|
result, err := cc.Admin.ListEvents(ctx, &admin.ListEventsRequest{})
|
|
assertResultLocked(err, func(counts *eventCounts) {
|
|
counts.all = len(result.GetEvents())
|
|
})
|
|
}()
|
|
go func() {
|
|
defer wg.Done()
|
|
result, err := cc.Auth.ListMyUserChanges(ctx, &auth.ListMyUserChangesRequest{})
|
|
assertResultLocked(err, func(counts *eventCounts) {
|
|
counts.myUser = len(result.GetResult())
|
|
})
|
|
}()
|
|
go func() {
|
|
defer wg.Done()
|
|
result, err := cc.Mgmt.ListUserChanges(ctx, &management.ListUserChangesRequest{UserId: userID})
|
|
assertResultLocked(err, func(counts *eventCounts) {
|
|
counts.aUser = len(result.GetResult())
|
|
})
|
|
}()
|
|
go func() {
|
|
defer wg.Done()
|
|
result, err := cc.Mgmt.ListAppChanges(ctx, &management.ListAppChangesRequest{ProjectId: projectID, AppId: appID})
|
|
assertResultLocked(err, func(counts *eventCounts) {
|
|
counts.app = len(result.GetResult())
|
|
})
|
|
}()
|
|
go func() {
|
|
defer wg.Done()
|
|
result, err := cc.Mgmt.ListOrgChanges(ctx, &management.ListOrgChangesRequest{})
|
|
assertResultLocked(err, func(counts *eventCounts) {
|
|
counts.org = len(result.GetResult())
|
|
})
|
|
}()
|
|
go func() {
|
|
defer wg.Done()
|
|
result, err := cc.Mgmt.ListProjectChanges(ctx, &management.ListProjectChangesRequest{ProjectId: projectID})
|
|
assertResultLocked(err, func(counts *eventCounts) {
|
|
counts.project = len(result.GetResult())
|
|
})
|
|
}()
|
|
go func() {
|
|
defer wg.Done()
|
|
result, err := cc.Mgmt.ListProjectGrantChanges(ctx, &management.ListProjectGrantChangesRequest{ProjectId: projectID, GrantId: grantID})
|
|
assertResultLocked(err, func(counts *eventCounts) {
|
|
counts.grant = len(result.GetResult())
|
|
})
|
|
}()
|
|
wg.Wait()
|
|
return counts
|
|
}
|