Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FI-2980 Release Preparation #2

Merged
merged 47 commits into from
Aug 13, 2024
Merged

FI-2980 Release Preparation #2

merged 47 commits into from
Aug 13, 2024

Conversation

alisawallace
Copy link
Collaborator

@alisawallace alisawallace commented Aug 5, 2024
edited
Loading

Summary

This is the final PR prior to releasing the test kit. Updates include disabling the use of auto-generated certs and general cleanup of test inputs and descriptions.

Concerns of Note

  • Tests may be run at 3 group levels which complicates inputs and descriptions
    • Current levels
      • suite level (both auth flow groups)
      • auth flow group level (test groups 1 or 2)
      • individual discovery, registration, and authentication step of each auth flow (1.1, 1.2, 1.3, etc.)
  • I tried to balance providing users with enough information to use the test kit successfully and not overwhelming them, but given the inherent complexity of this IG ad number of options in it, I worry it leans towards the overwhelming side

Testing Guidance

  • All spec tests are passing
  • Main interest for feedback is reviewing the test kit in the web app and making sure it looks good

@alisawallace
Bug fix: certs may have more than one SAN entry
619c27e
@alisawallace
Removed use of auto generated certs, udpdated DCR input instructions
5ed7401
@alisawallace
Reuse group input instructions in parent group's input instructions
df23fdf
@alisawallace
Small edits to input instructions/descriptions
2546358
@alisawallace
Input order and description updates
1df0d2e
@alisawallace
Updated token exchanges tests to accept multiple client certs instead…
27ae05a 
… of just one
@alisawallace
Refactor to use input parsing method
ee3cc56
@alisawallace
Update input labels, descriptions to reflect auth flow if warranted
bc40399
@alisawallace
Update suite-level input instructions
11bcaf6
@alisawallace
Add links to auth flow group descriptions, fix use of group-specific …
0cbd600 
…inputs
@alisawallace
More updates, improved links/references to test descriptions
4b56f12
@alisawallace
Updated signed_metdata_contents spec test to use custom JWT instead o…
7fc82d8 
…f ref server response
@alisawallace alisawallace requested review from arscan and Jammjammjamm and removed request for arscan August 7, 2024 17:12
Jammjammjamm
Jammjammjamm reviewed Aug 9, 2024
View reviewed changes
Copy link
Contributor

@Jammjammjamm Jammjammjamm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be really helpful if the behavior changes were in their own PR separate from the release prep.

@alisawallace alisawallace changed the base branch from FI-2912-server-cert-trust to main August 9, 2024 17:15
@alisawallace
Copy link
Collaborator Author

It would be really helpful if the behavior changes were in their own PR separate from the release prep.

Some of the behavior changes I included in the PR summary were taken care of in the last PR, so I updated the summary.
I also still have a little bit of cleanup to do (get unit tests and linter passing) before I will remove the draft status.

My understanding of this PR is that it's the catch-all for anything we need to do to clean up the test kit prior to release. This includes temporarily disabling the use of auto-generated certs. There isn't much impact to the underlying behavior of the code, since it's just removing the inclusion of the generate_certs test from test groups and commenting out a custom route that's no longer needed. Rather, the majority of the changes are to the test and input descriptions that are already getting polished and reviewed for release.

So with that said, would you still like me to break up this PR, and if so, could you clarify what counts as release prep vs needing its own PR?

@alisawallace alisawallace changed the title [DRAFT] FI-2980 Release Preparation FI-2980 Release Preparation Aug 9, 2024
@alisawallace
Copy link
Collaborator Author

@Jammjammjamm I completed the following:

  • Fixed the nil safety concern in signed_metadata_contents_test.rb
  • Ordered the inputs based on your TODO, which fixed the ordering problem (thank you)
  • Updated the gemspec file and added the use of a version.rb file based on what was in SMART App Launch test kit - I ran the test kit from scratch, including bundle install, and everything worked on my machine
  • Moved the Inferno certs to spec/fixtures (since they are only used for unit testing for the time being)
  • Mocking the CRL endpoint:
    • Updated the Inferno certs to include a mock CRL endpoint
    • Created a CRL file signed by the Inferno CA
    • Updated the generate_certs.sh script to add CRL creation
    • Updated unit tests to mock the GET request for the CRL file and use Inferno certs instead of EMR Direct test certs
    • Removed the EMR Direct cert files from the test kit

I think that is everything we discussed, it's ready for re-review now - thanks!
I think this addresses everything we discussed, now ready for re-review - thanks!

Jammjammjamm
Jammjammjamm reviewed Aug 13, 2024
View reviewed changes
lib/udap_security/default_cert_file_loader.rb Outdated
@@ -1,25 +1,25 @@
module UDAPSecurity
class DefaultCertFileLoader
def self.load_default_ca_pem_file
raw_cert = File.read(File.join(File.dirname(__FILE__), 'certs/InfernoCA.pem'))
raw_cert = File.read(File.join(File.dirname(__FILE__), '../../spec/fixtures/InfernoCA.pem'))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These files should live in lib if they're being read by a file in lib.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the reminder, completely forgot about the default file loader module being in lib. I moved only the files being read via the module to the lib/udap_security/certs directory and kept all the other stuff pertaining to certs in the spec/fixtures directory, then updated the generate_certs.sh script to automatically move the necessary files from fixtures to lib/certs once generated.

Jammjammjamm
Jammjammjamm reviewed Aug 13, 2024
View reviewed changes
udap_security_test_kit.gemspec
spec.license = 'Apache-2.0'
spec.add_runtime_dependency 'inferno_core', '>= 0.4.2'
spec.add_runtime_dependency 'jwt', '~> 2.3'
spec.required_ruby_version = Gem::Requirement.new('>= 3.1.2')
spec.metadata['homepage_uri'] = spec.homepage
spec.metadata['source_code_uri'] = 'https://gitlab.mitre.org/inferno/udap-test-kit'
spec.metadata['source_code_uri'] = 'https://github.com/inferno-framework/udap-security-test-kit'
spec.files = [
Dir['lib/**/*.rb'],
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test kit requires some other file types too, right?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated the gemspec to account for the .key and .pem files needed in lib/certs (not sure I did so correctly).

Relating to my other comment on moving the certs back to lib: the cert and CRL generation process requires several config files, so I left all of that stuff in the fixtures directory and only included the files being read by the DefaultCertFileLoader module to lib. All the other stuff in fixtures is only ever used by either the shell script or the spec tests.

@alisawallace alisawallace merged commit 2608c1b into main Aug 13, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jammjammjamm Jammjammjamm Jammjammjamm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alisawallace @Jammjammjamm