github.com/zntrio/harp/v2@v2.0.9/pkg/tasks/container/seal_test.go (about) 1 // Licensed to Elasticsearch B.V. under one or more contributor 2 // license agreements. See the NOTICE file distributed with 3 // this work for additional information regarding copyright 4 // ownership. Elasticsearch B.V. licenses this file to you under 5 // the Apache License, Version 2.0 (the "License"); you may 6 // not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, 12 // software distributed under the License is distributed on an 13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 // KIND, either express or implied. See the License for the 15 // specific language governing permissions and limitations 16 // under the License. 17 18 package container 19 20 import ( 21 "context" 22 "errors" 23 "io" 24 "testing" 25 26 "github.com/awnumar/memguard" 27 fuzz "github.com/google/gofuzz" 28 29 "github.com/zntrio/harp/v2/pkg/sdk/cmdutil" 30 "github.com/zntrio/harp/v2/pkg/tasks" 31 ) 32 33 func TestSealTask_Run_V1(t *testing.T) { 34 pub := "v1.sk.qKXPnUP6-2Bb_4nYnmxOXyCdN4IV3AR5HooB33N3g2E" 35 36 type fields struct { 37 ContainerReader tasks.ReaderProvider 38 SealedContainerWriter tasks.WriterProvider 39 OutputWriter tasks.WriterProvider 40 PeerPublicKeys []string 41 DCKDMasterKey string 42 DCKDTarget string 43 JSONOutput bool 44 DisableContainerIdentity bool 45 PreSharedKey *memguard.LockedBuffer 46 } 47 type args struct { 48 ctx context.Context 49 } 50 tests := []struct { 51 name string 52 fields fields 53 args args 54 wantErr bool 55 }{ 56 { 57 name: "nil", 58 wantErr: true, 59 }, 60 { 61 name: "nil containerReader", 62 fields: fields{ 63 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 64 }, 65 wantErr: true, 66 }, 67 { 68 name: "nil sealedContainerWriter", 69 fields: fields{ 70 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 71 SealedContainerWriter: nil, 72 }, 73 wantErr: true, 74 }, 75 { 76 name: "nil outputWriter", 77 fields: fields{ 78 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 79 SealedContainerWriter: cmdutil.DiscardWriter(), 80 OutputWriter: nil, 81 }, 82 wantErr: true, 83 }, 84 { 85 name: "no public keys", 86 fields: fields{ 87 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 88 SealedContainerWriter: cmdutil.DiscardWriter(), 89 OutputWriter: cmdutil.DiscardWriter(), 90 PeerPublicKeys: []string{}, 91 }, 92 wantErr: true, 93 }, 94 { 95 name: "containerReader error", 96 fields: fields{ 97 ContainerReader: cmdutil.FileReader("non-existent.bundle"), 98 SealedContainerWriter: cmdutil.DiscardWriter(), 99 OutputWriter: cmdutil.DiscardWriter(), 100 PeerPublicKeys: []string{pub}, 101 }, 102 wantErr: true, 103 }, 104 { 105 name: "containerReader not a bundle", 106 fields: fields{ 107 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.json"), 108 SealedContainerWriter: cmdutil.DiscardWriter(), 109 OutputWriter: cmdutil.DiscardWriter(), 110 PeerPublicKeys: []string{pub}, 111 }, 112 wantErr: true, 113 }, 114 { 115 name: "sealedContainerWriter error", 116 fields: fields{ 117 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 118 SealedContainerWriter: func(ctx context.Context) (io.Writer, error) { 119 return nil, errors.New("test") 120 }, 121 OutputWriter: cmdutil.DiscardWriter(), 122 PeerPublicKeys: []string{pub}, 123 }, 124 wantErr: true, 125 }, 126 { 127 name: "sealedContainerWriter closed", 128 fields: fields{ 129 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 130 SealedContainerWriter: func(ctx context.Context) (io.Writer, error) { 131 return cmdutil.NewClosedWriter(), nil 132 }, 133 OutputWriter: cmdutil.DiscardWriter(), 134 PeerPublicKeys: []string{pub}, 135 }, 136 wantErr: true, 137 }, 138 // --------------------------------------------------------------------- 139 { 140 name: "valid", 141 fields: fields{ 142 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 143 SealedContainerWriter: cmdutil.DiscardWriter(), 144 OutputWriter: cmdutil.DiscardWriter(), 145 PeerPublicKeys: []string{pub}, 146 }, 147 wantErr: false, 148 }, 149 { 150 name: "valid with psk", 151 fields: fields{ 152 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 153 SealedContainerWriter: cmdutil.DiscardWriter(), 154 OutputWriter: cmdutil.DiscardWriter(), 155 PeerPublicKeys: []string{pub}, 156 PreSharedKey: memguard.NewBufferFromBytes([]byte("Kw6tb0QWUH3vueG5uCvS6lAnUa00a5-lsM2aqOZk3MFvoDTUUyhjIdb6ZAG7eQt3LJ1QnJQQAZBLVGXQkx33kg")), 157 }, 158 wantErr: false, 159 }, 160 } 161 for _, tt := range tests { 162 t.Run(tt.name, func(t *testing.T) { 163 tr := &SealTask{ 164 ContainerReader: tt.fields.ContainerReader, 165 SealedContainerWriter: tt.fields.SealedContainerWriter, 166 OutputWriter: tt.fields.OutputWriter, 167 PeerPublicKeys: tt.fields.PeerPublicKeys, 168 DCKDMasterKey: tt.fields.DCKDMasterKey, 169 DCKDTarget: tt.fields.DCKDTarget, 170 JSONOutput: tt.fields.JSONOutput, 171 DisableContainerIdentity: tt.fields.DisableContainerIdentity, 172 SealVersion: 1, 173 PreSharedKey: tt.fields.PreSharedKey, 174 } 175 if err := tr.Run(tt.args.ctx); (err != nil) != tt.wantErr { 176 t.Errorf("SealTask.Run() error = %v, wantErr %v", err, tt.wantErr) 177 } 178 }) 179 } 180 } 181 182 func TestSealTask_Run_V2(t *testing.T) { 183 pk := "v2.sk.A0V1xCxGNtVAE9EVhaKi-pIADhd1in8xV_FI5Y0oHSHLAkew9gDAqiALSd6VgvBCbQ" 184 185 type fields struct { 186 ContainerReader tasks.ReaderProvider 187 SealedContainerWriter tasks.WriterProvider 188 OutputWriter tasks.WriterProvider 189 PeerPublicKeys []string 190 DCKDMasterKey string 191 DCKDTarget string 192 JSONOutput bool 193 DisableContainerIdentity bool 194 PreSharedKey *memguard.LockedBuffer 195 } 196 type args struct { 197 ctx context.Context 198 } 199 tests := []struct { 200 name string 201 fields fields 202 args args 203 wantErr bool 204 }{ 205 { 206 name: "nil", 207 wantErr: true, 208 }, 209 { 210 name: "nil containerReader", 211 fields: fields{ 212 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 213 }, 214 wantErr: true, 215 }, 216 { 217 name: "nil sealedContainerWriter", 218 fields: fields{ 219 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 220 SealedContainerWriter: nil, 221 }, 222 wantErr: true, 223 }, 224 { 225 name: "nil outputWriter", 226 fields: fields{ 227 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 228 SealedContainerWriter: cmdutil.DiscardWriter(), 229 OutputWriter: nil, 230 }, 231 wantErr: true, 232 }, 233 { 234 name: "no public keys", 235 fields: fields{ 236 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 237 SealedContainerWriter: cmdutil.DiscardWriter(), 238 OutputWriter: cmdutil.DiscardWriter(), 239 PeerPublicKeys: []string{}, 240 }, 241 wantErr: true, 242 }, 243 { 244 name: "containerReader error", 245 fields: fields{ 246 ContainerReader: cmdutil.FileReader("non-existent.bundle"), 247 SealedContainerWriter: cmdutil.DiscardWriter(), 248 OutputWriter: cmdutil.DiscardWriter(), 249 PeerPublicKeys: []string{pk}, 250 }, 251 wantErr: true, 252 }, 253 { 254 name: "containerReader not a bundle", 255 fields: fields{ 256 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.json"), 257 SealedContainerWriter: cmdutil.DiscardWriter(), 258 OutputWriter: cmdutil.DiscardWriter(), 259 PeerPublicKeys: []string{pk}, 260 }, 261 wantErr: true, 262 }, 263 { 264 name: "sealedContainerWriter error", 265 fields: fields{ 266 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 267 SealedContainerWriter: func(ctx context.Context) (io.Writer, error) { 268 return nil, errors.New("test") 269 }, 270 OutputWriter: cmdutil.DiscardWriter(), 271 PeerPublicKeys: []string{pk}, 272 }, 273 wantErr: true, 274 }, 275 { 276 name: "sealedContainerWriter closed", 277 fields: fields{ 278 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 279 SealedContainerWriter: func(ctx context.Context) (io.Writer, error) { 280 return cmdutil.NewClosedWriter(), nil 281 }, 282 OutputWriter: cmdutil.DiscardWriter(), 283 PeerPublicKeys: []string{pk}, 284 }, 285 wantErr: true, 286 }, 287 // --------------------------------------------------------------------- 288 { 289 name: "valid", 290 fields: fields{ 291 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 292 SealedContainerWriter: cmdutil.DiscardWriter(), 293 OutputWriter: cmdutil.DiscardWriter(), 294 PeerPublicKeys: []string{pk}, 295 }, 296 wantErr: false, 297 }, 298 { 299 name: "valid with psk", 300 fields: fields{ 301 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 302 SealedContainerWriter: cmdutil.DiscardWriter(), 303 OutputWriter: cmdutil.DiscardWriter(), 304 PeerPublicKeys: []string{pk}, 305 PreSharedKey: memguard.NewBufferFromBytes([]byte("Kw6tb0QWUH3vueG5uCvS6lAnUa00a5-lsM2aqOZk3MFvoDTUUyhjIdb6ZAG7eQt3LJ1QnJQQAZBLVGXQkx33kg")), 306 }, 307 wantErr: false, 308 }, 309 } 310 for _, tt := range tests { 311 t.Run(tt.name, func(t *testing.T) { 312 tr := &SealTask{ 313 ContainerReader: tt.fields.ContainerReader, 314 SealedContainerWriter: tt.fields.SealedContainerWriter, 315 OutputWriter: tt.fields.OutputWriter, 316 PeerPublicKeys: tt.fields.PeerPublicKeys, 317 DCKDMasterKey: tt.fields.DCKDMasterKey, 318 DCKDTarget: tt.fields.DCKDTarget, 319 JSONOutput: tt.fields.JSONOutput, 320 DisableContainerIdentity: tt.fields.DisableContainerIdentity, 321 SealVersion: 2, 322 PreSharedKey: tt.fields.PreSharedKey, 323 } 324 if err := tr.Run(tt.args.ctx); (err != nil) != tt.wantErr { 325 t.Errorf("SealTask.Run() error = %v, wantErr %v", err, tt.wantErr) 326 } 327 }) 328 } 329 } 330 331 func TestSealTask_Fuzz(t *testing.T) { 332 tsk := &SealTask{ 333 ContainerReader: cmdutil.FileReader("../../../test/fixtures/bundles/complete.bundle"), 334 SealedContainerWriter: cmdutil.DiscardWriter(), 335 OutputWriter: cmdutil.DiscardWriter(), 336 PeerPublicKeys: []string{}, 337 DisableContainerIdentity: true, 338 } 339 340 // Making sure the function never panics 341 for i := 0; i < 50; i++ { 342 f := fuzz.New() 343 344 // Prepare arguments 345 f.Fuzz(&tsk.PeerPublicKeys) 346 347 // Execute 348 tsk.Run(context.Background()) 349 } 350 }