From 52591f0f5d73dea38f2ccb8819492bcc13ef6db4 Mon Sep 17 00:00:00 2001 From: John Kjell Date: Mon, 16 Dec 2024 12:35:56 -0600 Subject: [PATCH] bug(fulcio): Fixes #535 Signed-off-by: John Kjell --- signer/fulcio/fulcio.go | 5 +---- signer/fulcio/fulcio_test.go | 13 ++++++++++++- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/signer/fulcio/fulcio.go b/signer/fulcio/fulcio.go index a58cdc6b..1c7c5c6e 100644 --- a/signer/fulcio/fulcio.go +++ b/signer/fulcio/fulcio.go @@ -432,10 +432,7 @@ func newClient(fulcioURL string, fulcioPort int, isInsecure bool) (fulciopb.CACl creds := credentials.NewTLS(tlsConfig) // Set up the gRPC dial options - dialOpts := []grpc.DialOption{ - grpc.WithAuthority(u.Hostname()), - } - + dialOpts := []grpc.DialOption{} if isInsecure { dialOpts = append(dialOpts, grpc.WithTransportCredentials(insecure.NewCredentials())) } else { diff --git a/signer/fulcio/fulcio_test.go b/signer/fulcio/fulcio_test.go index fe133d29..4ee96bb7 100644 --- a/signer/fulcio/fulcio_test.go +++ b/signer/fulcio/fulcio_test.go @@ -199,8 +199,19 @@ func TestSigner(t *testing.T) { require.NotNil(t, signer) provider = New(WithFulcioURL("https://test"), WithToken(token)) _, err = provider.Signer(ctx) + + // A bad url is getting system-specific dns error messages + // This checks for one of those messages + dnsErrChecker := func(err error) bool { + if strings.Contains(err.Error(), "zero addresses") || + strings.Contains(err.Error(), "record lookup error") { + return true + } + return false + } + //this should be a tranport err since we cant actually test on 443 which is the default - require.ErrorContains(t, err, "lookup test") + require.True(t, dnsErrChecker(err)) // Test signer with token read from file // NOTE: this function could be refactored to accept a fileSystem or io.Reader so reading the file can be mocked,