Add concurrency workflow config | fix broken test due to golang ver

.github/workflows/test.yml

@@ -10,6 +10,10 @@ on:
   schedule:
     - cron: '0 0 * * *'
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   ci:
     uses: smallstep/workflows/.github/workflows/goCI.yml@main

authority/provisioner/acme_118_test.go

@@ -0,0 +1,80 @@
+//go:build go1.18
+// +build go1.18
+
+package provisioner
+
+import (
+	"bytes"
+	"crypto/x509"
+	"os"
+	"testing"
+)
+
+func TestACME_GetAttestationRoots(t *testing.T) {
+	appleCA, err := os.ReadFile("testdata/certs/apple-att-ca.crt")
+	if err != nil {
+		t.Fatal(err)
+	}
+	yubicoCA, err := os.ReadFile("testdata/certs/yubico-piv-ca.crt")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	pool := x509.NewCertPool()
+	pool.AppendCertsFromPEM(appleCA)
+	pool.AppendCertsFromPEM(yubicoCA)
+
+	type fields struct {
+		Type             string
+		Name             string
+		AttestationRoots []byte
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		want   *x509.CertPool
+		want1  bool
+	}{
+		{"ok", fields{"ACME", "acme", bytes.Join([][]byte{appleCA, yubicoCA}, []byte("\n"))}, pool, true},
+		{"nil", fields{"ACME", "acme", nil}, nil, false},
+		{"empty", fields{"ACME", "acme", []byte{}}, nil, false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := &ACME{
+				Type:             tt.fields.Type,
+				Name:             tt.fields.Name,
+				AttestationRoots: tt.fields.AttestationRoots,
+			}
+			if err := p.Init(Config{
+				Claims:    globalProvisionerClaims,
+				Audiences: testAudiences,
+			}); err != nil {
+				t.Fatal(err)
+			}
+			got, got1 := p.GetAttestationRoots()
+			switch {
+			case tt.want == nil && got == nil:
+				break
+			case tt.want == nil && got != nil, tt.want != nil && got == nil:
+				t.Errorf("ACME.GetAttestationRoots() got = %v, want %v", got, tt.want)
+			default:
+				gotSubjects := got.Subjects()
+				wantSubjects := tt.want.Subjects()
+				if len(gotSubjects) != len(wantSubjects) {
+					t.Errorf("ACME.GetAttestationRoots() got = %v, want %v", got, tt.want)
+				} else {
+					for i, gotSub := range gotSubjects {
+						if !bytes.Equal(gotSub, wantSubjects[i]) {
+							t.Errorf("ACME.GetAttestationRoots() got = %v, want %v", got, tt.want)
+							break
+						}
+					}
+				}
+			}
+			if got1 != tt.want1 {
+				t.Errorf("ACME.GetAttestationRoots() got1 = %v, want %v", got1, tt.want1)
+			}
+		})
+	}
+}

authority/provisioner/acme_119_test.go

@@ -0,0 +1,66 @@
+//go:build !go1.18
+// +build !go1.18
+
+package provisioner
+
+import (
+	"bytes"
+	"crypto/x509"
+	"os"
+	"testing"
+)
+
+func TestACME_GetAttestationRoots(t *testing.T) {
+	appleCA, err := os.ReadFile("testdata/certs/apple-att-ca.crt")
+	if err != nil {
+		t.Fatal(err)
+	}
+	yubicoCA, err := os.ReadFile("testdata/certs/yubico-piv-ca.crt")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	pool := x509.NewCertPool()
+	pool.AppendCertsFromPEM(appleCA)
+	pool.AppendCertsFromPEM(yubicoCA)
+
+	type fields struct {
+		Type             string
+		Name             string
+		AttestationRoots []byte
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		want   *x509.CertPool
+		want1  bool
+	}{
+		{"ok", fields{"ACME", "acme", bytes.Join([][]byte{appleCA, yubicoCA}, []byte("\n"))}, pool, true},
+		{"nil", fields{"ACME", "acme", nil}, nil, false},
+		{"empty", fields{"ACME", "acme", []byte{}}, nil, false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := &ACME{
+				Type:             tt.fields.Type,
+				Name:             tt.fields.Name,
+				AttestationRoots: tt.fields.AttestationRoots,
+			}
+			if err := p.Init(Config{
+				Claims:    globalProvisionerClaims,
+				Audiences: testAudiences,
+			}); err != nil {
+				t.Fatal(err)
+			}
+			got, got1 := p.GetAttestationRoots()
+			if tt.want == nil && got != nil {
+				t.Errorf("ACME.GetAttestationRoots() got = %v, want %v", got, tt.want)
+			} else if !tt.want.Equal(got) {
+				t.Errorf("ACME.GetAttestationRoots() got = %v, want %v", got, tt.want)
+			}
+			if got1 != tt.want1 {
+				t.Errorf("ACME.GetAttestationRoots() got1 = %v, want %v", got1, tt.want1)
+			}
+		})
+	}
+}

authority/provisioner/acme_test.go

@@ -1,3 +1,6 @@
+//go:build !go1.18
+// +build !go1.18
+
 package provisioner
 
 import (
@@ -371,58 +374,3 @@ func TestACME_IsAttestationFormatEnabled(t *testing.T) {
 		})
 	}
 }
-
-func TestACME_GetAttestationRoots(t *testing.T) {
-	appleCA, err := os.ReadFile("testdata/certs/apple-att-ca.crt")
-	if err != nil {
-		t.Fatal(err)
-	}
-	yubicoCA, err := os.ReadFile("testdata/certs/yubico-piv-ca.crt")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	pool := x509.NewCertPool()
-	pool.AppendCertsFromPEM(appleCA)
-	pool.AppendCertsFromPEM(yubicoCA)
-
-	type fields struct {
-		Type             string
-		Name             string
-		AttestationRoots []byte
-	}
-	tests := []struct {
-		name   string
-		fields fields
-		want   *x509.CertPool
-		want1  bool
-	}{
-		{"ok", fields{"ACME", "acme", bytes.Join([][]byte{appleCA, yubicoCA}, []byte("\n"))}, pool, true},
-		{"nil", fields{"ACME", "acme", nil}, nil, false},
-		{"empty", fields{"ACME", "acme", []byte{}}, nil, false},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			p := &ACME{
-				Type:             tt.fields.Type,
-				Name:             tt.fields.Name,
-				AttestationRoots: tt.fields.AttestationRoots,
-			}
-			if err := p.Init(Config{
-				Claims:    globalProvisionerClaims,
-				Audiences: testAudiences,
-			}); err != nil {
-				t.Fatal(err)
-			}
-			got, got1 := p.GetAttestationRoots()
-			if tt.want == nil && got != nil {
-				t.Errorf("ACME.GetAttestationRoots() got = %v, want %v", got, tt.want)
-			} else if !tt.want.Equal(got) {
-				t.Errorf("ACME.GetAttestationRoots() got = %v, want %v", got, tt.want)
-			}
-			if got1 != tt.want1 {
-				t.Errorf("ACME.GetAttestationRoots() got1 = %v, want %v", got1, tt.want1)
-			}
-		})
-	}
-}

policy/options_117_test.go

@@ -1,125 +0,0 @@
-//go:build !go1.18
-// +build !go1.18
-
-package policy
-
-import "testing"
-
-func Test_normalizeAndValidateURIDomainConstraint(t *testing.T) {
-	tests := []struct {
-		name       string
-		constraint string
-		want       string
-		wantErr    bool
-	}{
-		{
-			name:       "fail/empty-constraint",
-			constraint: "",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/scheme-https",
-			constraint: `https://*.local`,
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/too-many-asterisks",
-			constraint: "**.local",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/empty-label",
-			constraint: "..local",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/empty-reverse",
-			constraint: ".",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/no-asterisk",
-			constraint: ".example.com",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/domain-with-port",
-			constraint: "host.local:8443",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/ipv4",
-			constraint: "127.0.0.1",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/ipv6-brackets",
-			constraint: "[::1]",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/ipv6-no-brackets",
-			constraint: "::1",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/ipv6-no-brackets",
-			constraint: "[::1",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/idna-internationalized-domain-name-lookup",
-			constraint: `\00local`,
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "ok/wildcard",
-			constraint: "*.local",
-			want:       ".local",
-			wantErr:    false,
-		},
-		{
-			name:       "ok/specific-domain",
-			constraint: "example.local",
-			want:       "example.local",
-			wantErr:    false,
-		},
-		{
-			name:       "ok/idna-internationalized-domain-name-lookup",
-			constraint: `*.bücher.example.com`,
-			want:       ".xn--bcher-kva.example.com",
-			wantErr:    false,
-		},
-		{
-			// IDNA2003 vs. 2008 deviation: https://unicode.org/reports/tr46/#Deviations results
-			// in a difference between Go 1.18 and lower versions. Go 1.18 expects ".xn--fa-hia.de"; not .fass.de.
-			name:       "ok/idna-internationalized-domain-name-lookup-deviation",
-			constraint: `*.faß.de`,
-			want:       ".fass.de",
-			wantErr:    false,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got, err := normalizeAndValidateURIDomainConstraint(tt.constraint)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("normalizeAndValidateURIDomainConstraint() error = %v, wantErr %v", err, tt.wantErr)
-			}
-			if got != tt.want {
-				t.Errorf("normalizeAndValidateURIDomainConstraint() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}

policy/options_118_test.go

@@ -1,125 +0,0 @@
-//go:build go1.18
-// +build go1.18
-
-package policy
-
-import "testing"
-
-func Test_normalizeAndValidateURIDomainConstraint(t *testing.T) {
-	tests := []struct {
-		name       string
-		constraint string
-		want       string
-		wantErr    bool
-	}{
-		{
-			name:       "fail/empty-constraint",
-			constraint: "",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/scheme-https",
-			constraint: `https://*.local`,
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/too-many-asterisks",
-			constraint: "**.local",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/empty-label",
-			constraint: "..local",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/empty-reverse",
-			constraint: ".",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/domain-with-port",
-			constraint: "host.local:8443",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/no-asterisk",
-			constraint: ".example.com",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/ipv4",
-			constraint: "127.0.0.1",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/ipv6-brackets",
-			constraint: "[::1]",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/ipv6-no-brackets",
-			constraint: "::1",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/ipv6-no-brackets",
-			constraint: "[::1",
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "fail/idna-internationalized-domain-name-lookup",
-			constraint: `\00local`,
-			want:       "",
-			wantErr:    true,
-		},
-		{
-			name:       "ok/wildcard",
-			constraint: "*.local",
-			want:       ".local",
-			wantErr:    false,
-		},
-		{
-			name:       "ok/specific-domain",
-			constraint: "example.local",
-			want:       "example.local",
-			wantErr:    false,
-		},
-		{
-			name:       "ok/idna-internationalized-domain-name-lookup",
-			constraint: `*.bücher.example.com`,
-			want:       ".xn--bcher-kva.example.com",
-			wantErr:    false,
-		},
-		{
-			// IDNA2003 vs. 2008 deviation: https://unicode.org/reports/tr46/#Deviations results
-			// in a difference between Go 1.18 and lower versions. Go 1.18 expects ".xn--fa-hia.de"; not .fass.de.
-			name:       "ok/idna-internationalized-domain-name-lookup-deviation",
-			constraint: `*.faß.de`,
-			want:       ".xn--fa-hia.de",
-			wantErr:    false,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got, err := normalizeAndValidateURIDomainConstraint(tt.constraint)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("normalizeAndValidateURIDomainConstraint() error = %v, wantErr %v", err, tt.wantErr)
-			}
-			if got != tt.want {
-				t.Errorf("normalizeAndValidateURIDomainConstraint() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}

policy/options_test.go

@@ -658,3 +658,122 @@ func TestNew(t *testing.T) {
 		})
 	}
 }
+
+func Test_normalizeAndValidateURIDomainConstraint(t *testing.T) {
+	tests := []struct {
+		name       string
+		constraint string
+		want       string
+		wantErr    bool
+	}{
+		{
+			name:       "fail/empty-constraint",
+			constraint: "",
+			want:       "",
+			wantErr:    true,
+		},
+		{
+			name:       "fail/scheme-https",
+			constraint: `https://*.local`,
+			want:       "",
+			wantErr:    true,
+		},
+		{
+			name:       "fail/too-many-asterisks",
+			constraint: "**.local",
+			want:       "",
+			wantErr:    true,
+		},
+		{
+			name:       "fail/empty-label",
+			constraint: "..local",
+			want:       "",
+			wantErr:    true,
+		},
+		{
+			name:       "fail/empty-reverse",
+			constraint: ".",
+			want:       "",
+			wantErr:    true,
+		},
+		{
+			name:       "fail/domain-with-port",
+			constraint: "host.local:8443",
+			want:       "",
+			wantErr:    true,
+		},
+		{
+			name:       "fail/no-asterisk",
+			constraint: ".example.com",
+			want:       "",
+			wantErr:    true,
+		},
+		{
+			name:       "fail/ipv4",
+			constraint: "127.0.0.1",
+			want:       "",
+			wantErr:    true,
+		},
+		{
+			name:       "fail/ipv6-brackets",
+			constraint: "[::1]",
+			want:       "",
+			wantErr:    true,
+		},
+		{
+			name:       "fail/ipv6-no-brackets",
+			constraint: "::1",
+			want:       "",
+			wantErr:    true,
+		},
+		{
+			name:       "fail/ipv6-no-brackets",
+			constraint: "[::1",
+			want:       "",
+			wantErr:    true,
+		},
+		{
+			name:       "fail/idna-internationalized-domain-name-lookup",
+			constraint: `\00local`,
+			want:       "",
+			wantErr:    true,
+		},
+		{
+			name:       "ok/wildcard",
+			constraint: "*.local",
+			want:       ".local",
+			wantErr:    false,
+		},
+		{
+			name:       "ok/specific-domain",
+			constraint: "example.local",
+			want:       "example.local",
+			wantErr:    false,
+		},
+		{
+			name:       "ok/idna-internationalized-domain-name-lookup",
+			constraint: `*.bücher.example.com`,
+			want:       ".xn--bcher-kva.example.com",
+			wantErr:    false,
+		},
+		{
+			// IDNA2003 vs. 2008 deviation: https://unicode.org/reports/tr46/#Deviations results
+			// in a difference between Go 1.18 and lower versions. Go 1.18 expects ".xn--fa-hia.de"; not .fass.de.
+			name:       "ok/idna-internationalized-domain-name-lookup-deviation",
+			constraint: `*.faß.de`,
+			want:       ".xn--fa-hia.de",
+			wantErr:    false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := normalizeAndValidateURIDomainConstraint(tt.constraint)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("normalizeAndValidateURIDomainConstraint() error = %v, wantErr %v", err, tt.wantErr)
+			}
+			if got != tt.want {
+				t.Errorf("normalizeAndValidateURIDomainConstraint() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}