[JENKINS-73139] Converting tests to com.sun.net.httpserver
#54
Conversation
to be used in OpenShiftBearerTokenCredentialTest
and removed all the usaged of jetty server for doing moocks
…to using-in-memory-mock-httpserver
…ry mock server - setting <maven.compiler.release>17</maven.compiler.release> <jenkins-test-harness.version>2250.v03a_1295b_0a_30</jenkins-test-harness.version> <jenkins.version>2.472</jenkins.version>
nevingeorgesunny
changed the title
pom.xml
Outdated
| <bom.artifactId>bom-2.426.x</bom.artifactId> | ||
| <bom.version>3208.vb_21177d4b_cd9</bom.version> |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
...a/org/jenkinsci/plugins/kubernetes/credentials/OpenShiftBearerTokenCredentialMockServer.java
Show resolved
Hide resolved
pom.xml
Outdated
| <bom.artifactId>bom-2.426.x</bom.artifactId> | ||
| <bom.version>3208.vb_21177d4b_cd9</bom.version> |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
| server.start(); | ||
| mockserverBaseUrl = "http:/"+server.getAddress()+"/"; |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
There was a problem hiding this comment.
I confirmed that it generates a valid URL. Question answered. The code is correct.
Yes, the code is correct, but it is illegible.
… package seem to use 4 space indentation. fixing this
| server.setConnectors(new Connector[]{serverConnector, sslConnector}); | ||
| private void setupHttps(HttpsServer httpsServer) throws Exception { | ||
| SSLContext sslContext = SSLContext.getInstance("TLS"); | ||
| KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); |
There was a problem hiding this comment.
This changes the original behaviour in some cases, see https://android.googlesource.com/platform/external/jetty/+/refs/heads/marshmallow-dev/src/java/org/eclipse/jetty/util/ssl/SslContextFactory.java#95 in some fips environments that property may be used.
And this can be applied to other parts, for example you are forcing a "tls" for SslContext but the original code may not be doing that or allow the algorithm to be overriden by a system property... This kind of things are important as we may be removing the ability for a fips env to override things.
There was a problem hiding this comment.
Not a relevant comment I think. The purpose of the test is to ensure that TLS is in use and that TLS verification is not disabled. There are no changes to production code, so the only question is whether the effectiveness of the test is reduced. The test previously didn't require a FIPS compliant machine but verified FIPS compliance as described above, and the same conditions are true after this refactoring, so there is no issue here.
| /** | ||
| * Author: Nevin Sunny | ||
| * Date: 13/08/24 | ||
| * Time: 11:24 am | ||
| */ |
| String responseToClient = "{\n" + " \"issuer\": \"" | ||
| + scheme + "://" + hostname + ":" + port + "/\",\n" + " \"authorization_endpoint\": \"" | ||
| + scheme + "://" + hostname + ":" + port + matcher.group(1) + "/oauth/authorize\",\n" | ||
| + " \"token_endpoint\": \"" | ||
| + scheme + "://" + hostname + ":" + port + "/oauth/token\",\n" + " \"scopes_supported\": [\n" | ||
| + " \"user:check-access\",\n" | ||
| + " \"user:full\",\n" | ||
| + " \"user:info\",\n" | ||
| + " \"user:list-projects\",\n" | ||
| + " \"user:list-scoped-projects\"\n" | ||
| + " ],\n" | ||
| + " \"response_types_supported\": [\n" | ||
| + " \"code\",\n" | ||
| + " \"token\"\n" | ||
| + " ],\n" | ||
| + " \"grant_types_supported\": [\n" | ||
| + " \"authorization_code\",\n" | ||
| + " \"implicit\"\n" | ||
| + " ],\n" | ||
| + " \"code_challenge_methods_supported\": [\n" | ||
| + " \"plain\",\n" | ||
| + " \"S256\"\n" | ||
| + " ]\n" | ||
| + "}"; |
There was a problem hiding this comment.
Could be great to update the plugin to Java 17 so you could use String Blocks here.
That would require to update jenkins.version and build configuration but might worth the change imo. What do you think @MarkEWaite ?
Maybe for later ?
There was a problem hiding this comment.
When I tried to mix general purpose Java 17 upgrades with Spring Security 6.x Upgrade work it did not end well for me. I tried to do that mixing with the git client plugin experiment with JGit 7.0.0 that requires Java 17. I was stacking two patches (one for JGit 7.0.0 and requiring Jenkins 2.463 minimum version and the other requiring the Jelly 12 EE 9 pre-release from the tip of the jakarta branch) and the addition of the Java 17 changes made me discard both of those changes and start with fresh branches.
I think that in general we should avoid making general Java 17 changes so that we don't delay these pull requests that are time critical.
In this case, the plugin does not need to require Java 17, so the Java 17 changes would actually break the plugin.
There was a problem hiding this comment.
Totally fine by me. This can be a "cleanup" task later on when we know everything is ok with the plugin.
Co-authored-by: Mark Waite <mark.earl.waite@gmail.com>
Co-authored-by: Mark Waite <mark.earl.waite@gmail.com>
The comment is unnecessary because it restates the code without providing any additional reasoning.
basil
changed the title
com.sun.net.httpserver
This test was previously listening on all interfaces before this change. Keep the same behavior after this change to avoid unrelated code change during a routine refactoring.
Overview
This PR refactors the OpenShiftBearerTokenCredentialTest.java test class by updating the approach to API mocking by using an in-memory server instead of jetty server.
Testing done
Running locally and in the pr builder against
2.472-rc35224.f615612a_1850as2.472has not yet been releasedThis is expected to fail in PR builder until
2.472is releasedKey Changes
Switch from Jetty Server to In-Memory HTTP Server:
com.sun.net.httpserverfor in-memory HTTP server-based mocking. This change simplifies the test setup and improves performance by using an in-memory server that runs within the test process.AbstractOpenShiftBearerTokenCredentialFIPSTesta HttpsServer or a HttpServer is created based on the schemeCloses #44
Closes #56