VenConnClient: fix failing tests and use a single envtest process

Author: maelvls

pkg/agent/config_test.go

@@ -155,7 +155,7 @@ func Test_ValidateAndCombineConfig(t *testing.T) {
 		)
 		assert.EqualError(t, err, testutil.Undent(`
 			no auth mode specified. You can use one of four auth modes:
-			 - Use --venafi-cloud with --credentials-file or --client-id with --private-key-path to use the Venafi Cloud Key Pair Service Account mode.
+			 - Use (--venafi-cloud with --credentials-file) or (--client-id with --private-key-path) to use the Venafi Cloud Key Pair Service Account mode.
 			 - Use --venafi-connection for the Venafi Cloud VenafiConnection mode.
 			 - Use --credentials-file alone if you want to use the Jetstack Secure OAuth mode.
 			 - Use --api-token if you want to use the Jetstack Secure API Token mode.
@@ -196,6 +196,7 @@ func Test_ValidateAndCombineConfig(t *testing.T) {
 			Server:         "http://example.com",
 			OrganizationID: "example",
 			EndpointPath:   "api/v1/data",
+			BackoffMaxTime: 10 * time.Minute,
 		}
 		require.NoError(t, err)
 		assert.Equal(t, expect, got)
@@ -221,7 +222,7 @@ func Test_ValidateAndCombineConfig(t *testing.T) {
 				  uploader_id: test-agent
 				  upload_path: "/testing/path"
 			`)),
-			withCmdLineFlags("--venafi-cloud", "--credentials-file", credsPath, "--backoff-max-time", "5m"),
+			withCmdLineFlags("--venafi-cloud", "--credentials-file", credsPath, "--backoff-max-time", "99m"),
 		)
 		expect := CombinedConfig{
 			Server: "http://localhost:8080",
@@ -234,7 +235,7 @@ func Test_ValidateAndCombineConfig(t *testing.T) {
 			UploadPath:     "/testing/path",
 			AuthMode:       VenafiCloudKeypair,
 			ClusterID:      "the cluster name",
-			BackoffMaxTime: 5 * time.Minute,
+			BackoffMaxTime: 99 * time.Minute,
 		}
 		require.NoError(t, err)
 		assert.Equal(t, expect, got)
@@ -337,7 +338,7 @@ func Test_ValidateAndCombineConfig(t *testing.T) {
 				`)),
 			withCmdLineFlags("--credentials-file", path))
 		require.NoError(t, err)
-		assert.Equal(t, CombinedConfig{Server: "https://api.venafi.eu", Period: time.Hour, OrganizationID: "foo", ClusterID: "bar", AuthMode: JetstackSecureOAuth}, got)
+		assert.Equal(t, CombinedConfig{Server: "https://api.venafi.eu", Period: time.Hour, OrganizationID: "foo", ClusterID: "bar", AuthMode: JetstackSecureOAuth, BackoffMaxTime: 10 * time.Minute}, got)
 		assert.IsType(t, &client.OAuthClient{}, cl)
 	})
 
@@ -411,7 +412,7 @@ func Test_ValidateAndCombineConfig(t *testing.T) {
 			`)),
 			withCmdLineFlags("--client-id", "5bc7d07c-45da-11ef-a878-523f1e1d7de1", "--private-key-path", path))
 		require.NoError(t, err)
-		assert.Equal(t, CombinedConfig{Server: "https://api.venafi.eu", Period: time.Hour, AuthMode: VenafiCloudKeypair, ClusterID: "the cluster name", UploadPath: "/foo/bar"}, got)
+		assert.Equal(t, CombinedConfig{Server: "https://api.venafi.eu", Period: time.Hour, AuthMode: VenafiCloudKeypair, ClusterID: "the cluster name", UploadPath: "/foo/bar", BackoffMaxTime: 10 * time.Minute}, got)
 		assert.IsType(t, &client.VenafiCloudClient{}, cl)
 	})
 
@@ -432,7 +433,7 @@ func Test_ValidateAndCombineConfig(t *testing.T) {
 			`)),
 			withCmdLineFlags("--venafi-cloud", "--credentials-file", credsPath))
 		require.NoError(t, err)
-		assert.Equal(t, CombinedConfig{Server: "https://api.venafi.eu", Period: time.Hour, AuthMode: VenafiCloudKeypair, ClusterID: "the cluster name", UploadPath: "/foo/bar"}, got)
+		assert.Equal(t, CombinedConfig{Server: "https://api.venafi.eu", Period: time.Hour, AuthMode: VenafiCloudKeypair, ClusterID: "the cluster name", UploadPath: "/foo/bar", BackoffMaxTime: 10 * time.Minute}, got)
 	})
 
 	t.Run("venafi-cloud-keypair-auth: venafi-cloud.upload_path field is required", func(t *testing.T) {
@@ -503,12 +504,13 @@ func Test_ValidateAndCombineConfig(t *testing.T) {
 			withCmdLineFlags("--install-namespace", "venafi", "--venafi-connection", "venafi-components"))
 		require.NoError(t, err)
 		assert.Equal(t, CombinedConfig{
-			Period:      1 * time.Hour,
-			ClusterID:   "the cluster name",
-			AuthMode:    VenafiCloudVenafiConnection,
-			VenConnName: "venafi-components",
-			VenConnNS:   "venafi",
-			InstallNS:   "venafi",
+			Period:         1 * time.Hour,
+			ClusterID:      "the cluster name",
+			AuthMode:       VenafiCloudVenafiConnection,
+			VenConnName:    "venafi-components",
+			VenConnNS:      "venafi",
+			InstallNS:      "venafi",
+			BackoffMaxTime: 10 * time.Minute,
 		}, got)
 		assert.IsType(t, &client.VenConnClient{}, cl)
 	})

pkg/client/client_venafi_cloud.go

@@ -84,11 +84,11 @@ const (
 // to authenticate to the backend API.
 func NewVenafiCloudClient(agentMetadata *api.AgentMetadata, credentials *VenafiSvcAccountCredentials, baseURL string, uploaderID string, uploadPath string) (*VenafiCloudClient, error) {
 	if err := credentials.Validate(); err != nil {
-		return nil, fmt.Errorf("cannot create VenafiCloudClient: %v", err)
+		return nil, fmt.Errorf("cannot create VenafiCloudClient: %w", err)
 	}
 	privateKey, jwtSigningAlg, err := parsePrivateKeyAndExtractSigningMethod(credentials.PrivateKeyFile)
 	if err != nil {
-		return nil, fmt.Errorf("error parsing private key file %v", err)
+		return nil, fmt.Errorf("while parsing private key file: %w", err)
 	}
 	if baseURL == "" {
 		return nil, fmt.Errorf("cannot create VenafiCloudClient: baseURL cannot be empty")
@@ -380,7 +380,7 @@ func parsePrivateKeyFromPemFile(privateKeyFilePath string) (crypto.PrivateKey, e
 
 	der, _ := pem.Decode(pkBytes)
 	if der == nil {
-		return nil, fmt.Errorf("error decoding private key from pem file %q", privateKeyFilePath)
+		return nil, fmt.Errorf("while decoding the PEM-encoded private key %v, its content were: %s", privateKeyFilePath, string(pkBytes))
 	}
 
 	if key, err := x509.ParsePKCS1PrivateKey(der.Bytes); err == nil {
@@ -391,13 +391,13 @@ func parsePrivateKeyFromPemFile(privateKeyFilePath string) (crypto.PrivateKey, e
 		case *rsa.PrivateKey, *ecdsa.PrivateKey, ed25519.PrivateKey:
 			return key, nil
 		default:
-			return nil, fmt.Errorf("found unknown private key type in PKCS#8 wrapping")
+			return nil, fmt.Errorf("found unknown private key type in PKCS#8 wrapping: %T", key)
 		}
 	}
 	if key, err := x509.ParseECPrivateKey(der.Bytes); err == nil {
 		return key, nil
 	}
-	return nil, fmt.Errorf("failed to parse private key")
+	return nil, fmt.Errorf("while parsing EC private: %w", err)
 }
 
 func parsePrivateKeyAndExtractSigningMethod(privateKeyFile string) (crypto.PrivateKey, jwt.SigningMethod, error) {