Skip to content

Commit

Permalink
Fix some test typos.
Browse files Browse the repository at this point in the history
  • Loading branch information
rboyer committed Jan 18, 2019
1 parent 884b2e0 commit 2dea3e2
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 17 deletions.
4 changes: 2 additions & 2 deletions agent/xds/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -364,12 +364,12 @@ func (s *Server) Check(ctx context.Context, r *envoyauthz.CheckRequest) (*envoya
if err != nil {
// Treat this as an auth error since Envoy has sent something it considers
// valid, it's just not an identity we trust.
return deniedResponse("Destination Principal is not a valid Connect identitiy")
return deniedResponse("Destination Principal is not a valid Connect identity")
}

destID, ok := dest.(*connect.SpiffeIDService)
if !ok {
return deniedResponse("Destination Principal is not a valid Service identitiy")
return deniedResponse("Destination Principal is not a valid Service identity")
}

// For now we don't validate the trust domain of the _destination_ at all -
Expand Down
30 changes: 15 additions & 15 deletions agent/xds/server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ func (m *testManager) Watch(proxyID string) (<-chan *proxycfg.ConfigSnapshot, pr
// AssertWatchCancelled checks that the most recent call to a Watch cancel func
// was from the specified proxyID and that one is made in a short time. This
// probably won't work if you are running multiple Watches in parallel on
// multiple proxyIDS due to timing/ordering issues but I dont think we need to
// multiple proxyIDS due to timing/ordering issues but I don't think we need to
// do that.
func (m *testManager) AssertWatchCancelled(t *testing.T, proxyID string) {
t.Helper()
Expand Down Expand Up @@ -162,11 +162,11 @@ func TestServer_StreamAggregatedResources_BasicProtocol(t *testing.T) {
// And should get a response immediately.
assertResponseSent(t, envoy.stream.sendCh, expectListenerJSON(t, snap, "", 1, 3))

// Now send Route request along with next listner one
// Now send Route request along with next listener one
envoy.SendReq(t, RouteType, 0, 0)
envoy.SendReq(t, ListenerType, 1, 3)

// We don't serve routes yet so this shoould block with no response
// We don't serve routes yet so this should block with no response
assertChanBlocked(t, envoy.stream.sendCh)

// WOOP! Envoy now has full connect config. Lets verify that if we update it,
Expand All @@ -179,7 +179,7 @@ func TestServer_StreamAggregatedResources_BasicProtocol(t *testing.T) {
mgr.DeliverConfig(t, "web-sidecar-proxy", snap)

// All 3 response that have something to return should return with new version
// note that the ordering is not determinisic in general. Trying to make this
// note that the ordering is not deterministic in general. Trying to make this
// test order-agnostic though is a massive pain since we are comparing
// non-identical JSON strings (so can simply sort by anything) and because we
// don't know the order the nonces will be assigned. For now we rely and
Expand All @@ -189,21 +189,21 @@ func TestServer_StreamAggregatedResources_BasicProtocol(t *testing.T) {
assertResponseSent(t, envoy.stream.sendCh, expectEndpointsJSON(t, snap, "", 2, 5))
assertResponseSent(t, envoy.stream.sendCh, expectListenerJSON(t, snap, "", 2, 6))

// Let's pretent that Envoy doesn't like that new listener config. It will ACK
// Let's pretend that Envoy doesn't like that new listener config. It will ACK
// all the others (same version) but NACK the listener. This is the most
// subtle part of xDS and the server implementation so I'll elaborate. A full
// description of the protocol can be found at
// https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md.
// Envoy delays making a followup reqeest for a type until after it has
// Envoy delays making a followup request for a type until after it has
// processed and applied the last response. The next request then will include
// the nonce in the last response which acknowledges _recieving_ and handling
// the nonce in the last response which acknowledges _receiving_ and handling
// that response. It also includes the currently applied version. If all is
// good and it successfully applies the config, then the version in the next
// response will be the same version just sent. This is considered to be an
// ACK of that version for that type. If envoy fails to apply the config for
// some reason, it will still acknowledge that it received it (still return
// the responses nonce), but will show the previous version it's still using.
// This is considered a NACK. It's impotant that the server pay attention to
// This is considered a NACK. It's important that the server pay attention to
// the _nonce_ and not the version when deciding what to send otherwise a bad
// version that can't be applied in Envoy will cause a busy loop.
//
Expand Down Expand Up @@ -489,7 +489,7 @@ func assertChanBlocked(t *testing.T, ch chan *envoy.DiscoveryResponse) {
t.Helper()
select {
case r := <-ch:
t.Fatalf("chan should block but recieved: %v", r)
t.Fatalf("chan should block but received: %v", r)
case <-time.After(10 * time.Millisecond):
return
}
Expand All @@ -501,12 +501,12 @@ func assertResponseSent(t *testing.T, ch chan *envoy.DiscoveryResponse, wantJSON
case r := <-ch:
assertResponse(t, r, wantJSON)
case <-time.After(50 * time.Millisecond):
t.Fatalf("no response recieved after 50ms")
t.Fatalf("no response received after 50ms")
}
}

// assertResponse is a helper to test a envoy.DiscoveryResponse matches the
// JSON representaion we expect. We use JSON because the responses use protobuf
// JSON representation we expect. We use JSON because the responses use protobuf
// Any type which includes binary protobuf encoding and would make creating
// expected structs require the same code that is under test!
func assertResponse(t *testing.T, r *envoy.DiscoveryResponse, wantJSON string) {
Expand All @@ -519,7 +519,7 @@ func assertResponse(t *testing.T, r *envoy.DiscoveryResponse, wantJSON string) {
require.JSONEqf(t, wantJSON, gotJSON, "got:\n%s", gotJSON)
}

func TestServer_StreamAggregatedResources_ACLEnforcment(t *testing.T) {
func TestServer_StreamAggregatedResources_ACLEnforcement(t *testing.T) {

tests := []struct {
name string
Expand All @@ -529,7 +529,7 @@ func TestServer_StreamAggregatedResources_ACLEnforcment(t *testing.T) {
wantDenied bool
}{
// Note that although we've stubbed actual ACL checks in the testManager
// ConnectAuthorize mock, by asserting against specifc reason strings here
// ConnectAuthorize mock, by asserting against specific reason strings here
// even in the happy case which can't match the default one returned by the
// mock we are implicitly validating that the implementation used the
// correct token from the context.
Expand Down Expand Up @@ -685,15 +685,15 @@ func TestServer_Check(t *testing.T) {
destPrincipal: "not-a-spiffe-id",
// Should never make it to authz call.
wantDenied: true,
wantReason: "Destination Principal is not a valid Connect identitiy",
wantReason: "Destination Principal is not a valid Connect identity",
},
{
name: "dest not a service URI",
source: "web",
destPrincipal: "spiffe://trust-domain.consul",
// Should never make it to authz call.
wantDenied: true,
wantReason: "Destination Principal is not a valid Service identitiy",
wantReason: "Destination Principal is not a valid Service identity",
},
{
name: "ACL not got permission for authz call",
Expand Down

0 comments on commit 2dea3e2

Please sign in to comment.