From 47236c10ab35d377d27d77b19d55488009cc312b Mon Sep 17 00:00:00 2001 From: Tim Ross Date: Sat, 19 Oct 2024 13:26:12 -0400 Subject: [PATCH] fix: TestHeadlessDoesNotAddKeysToAgent --- tool/tsh/common/tsh_test.go | 57 +++++++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 22 deletions(-) diff --git a/tool/tsh/common/tsh_test.go b/tool/tsh/common/tsh_test.go index 1ab91417dc08b..bbd8529a03368 100644 --- a/tool/tsh/common/tsh_test.go +++ b/tool/tsh/common/tsh_test.go @@ -2980,32 +2980,45 @@ func TestHeadlessDoesNotAddKeysToAgent(t *testing.T) { alice.SetRoles([]string{"node-access"}) sshHostname := "test-ssh-host" - rootAuth, rootProxy := makeTestServers(t, withBootstrap(nodeAccess, alice), withConfig(func(cfg *servicecfg.Config) { - cfg.Hostname = sshHostname - cfg.SSH.Enabled = true - cfg.SSH.Addr = utils.NetAddr{AddrNetwork: "tcp", Addr: net.JoinHostPort("127.0.0.1", ports.Pop())} - })) - proxyAddr, err := rootProxy.ProxyWebAddr() - require.NoError(t, err) + server := testserver.MakeTestServer(t, + testserver.WithConfig(func(cfg *servicecfg.Config) { + cfg.Hostname = sshHostname + cfg.Auth.Enabled = true + cfg.Proxy.Enabled = true + cfg.SSH.Enabled = true + cfg.SSH.DisableCreateHostUser = true + cfg.Auth.BootstrapResources = []types.Resource{nodeAccess, alice} + cfg.Auth.Preference = &types.AuthPreferenceV2{ + Metadata: types.Metadata{ + Labels: map[string]string{types.OriginLabel: types.OriginConfigFile}, + }, + Spec: types.AuthPreferenceSpecV2{ + Type: constants.Local, + SecondFactor: constants.SecondFactorOptional, + Webauthn: &types.Webauthn{ + RPID: "127.0.0.1", + }, + AllowHeadless: types.NewBoolOption(true), + }, + } + })) - _, err = rootAuth.GetAuthServer().UpsertAuthPreference(ctx, &types.AuthPreferenceV2{ - Spec: types.AuthPreferenceSpecV2{ - Type: constants.Local, - SecondFactor: constants.SecondFactorOptional, - Webauthn: &types.Webauthn{ - RPID: "127.0.0.1", - }, - }, - }) + require.EventuallyWithT(t, func(t *assert.CollectT) { + found, err := server.GetAuthServer().GetNodes(ctx, apidefaults.Namespace) + assert.NoError(t, err) + assert.Len(t, found, 1) + }, 10*time.Second, 100*time.Millisecond) + + proxyAddr, err := server.ProxyWebAddr() require.NoError(t, err) go func() { - if err := approveAllAccessRequests(ctx, rootAuth.GetAuthServer()); err != nil { + // Ensure the context is canceled, so that Run calls don't block + defer cancel() + if err := approveAllAccessRequests(ctx, server.GetAuthServer()); err != nil { assert.ErrorIs(t, err, context.Canceled, "unexpected error from approveAllAccessRequests") } - // Cancel the context, so Run calls don't block - cancel() }() err = Run(ctx, []string{ @@ -3018,10 +3031,10 @@ func TestHeadlessDoesNotAddKeysToAgent(t *testing.T) { "--add-keys-to-agent=yes", fmt.Sprintf("%s@%s", user.Username, sshHostname), "echo", "test", - }, CliOption(func(cf *CLIConf) error { - cf.MockHeadlessLogin = mockHeadlessLogin(t, rootAuth.GetAuthServer(), alice) + }, func(cf *CLIConf) error { + cf.MockHeadlessLogin = mockHeadlessLogin(t, server.GetAuthServer(), alice) return nil - })) + }) require.NoError(t, err) keys, err := agentKeyring.List()