2022-09-05 03:06:08 -04:00
|
|
|
/*
|
|
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
*/
|
|
|
|
|
2022-03-22 11:03:15 -04:00
|
|
|
package cmd
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"context"
|
2022-11-24 04:57:58 -05:00
|
|
|
"encoding/hex"
|
2022-07-01 04:57:29 -04:00
|
|
|
"encoding/json"
|
2022-07-05 08:14:11 -04:00
|
|
|
"errors"
|
2023-09-29 08:01:40 -04:00
|
|
|
"fmt"
|
2023-05-30 07:47:36 -04:00
|
|
|
"io"
|
2022-06-21 11:59:12 -04:00
|
|
|
"net"
|
2022-03-22 11:03:15 -04:00
|
|
|
"strconv"
|
|
|
|
"strings"
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
2022-09-21 07:47:57 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/bootstrapper/initproto"
|
2022-10-11 06:24:33 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
|
2023-08-08 09:42:06 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/cli/internal/cmd/pathprefix"
|
2023-08-02 09:49:40 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/cli/internal/helm"
|
2023-09-25 10:19:43 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/cli/internal/state"
|
2023-05-03 05:11:53 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/atls"
|
2022-11-15 09:40:49 -05:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
|
2023-06-09 09:41:02 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
|
2022-09-21 07:47:57 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
|
2022-11-09 08:43:48 -05:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/cloud/gcpshared"
|
2022-09-21 07:47:57 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/config"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/constants"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/file"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/grpc/atlscredentials"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/grpc/testdialer"
|
2023-03-02 09:08:31 -05:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/kms/uri"
|
2022-09-21 07:47:57 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/license"
|
2023-01-04 04:46:29 -05:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/logger"
|
2023-09-19 07:50:00 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/semver"
|
2023-03-02 09:08:31 -05:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/versions"
|
2022-03-22 11:03:15 -04:00
|
|
|
"github.com/spf13/afero"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/require"
|
2022-06-21 11:59:12 -04:00
|
|
|
"google.golang.org/grpc"
|
2023-09-29 08:01:40 -04:00
|
|
|
"k8s.io/client-go/tools/clientcmd"
|
|
|
|
k8sclientapi "k8s.io/client-go/tools/clientcmd/api"
|
2022-03-22 11:03:15 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestInitArgumentValidation(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
|
|
|
|
2022-06-08 02:14:28 -04:00
|
|
|
cmd := NewInitCmd()
|
2022-03-22 11:03:15 -04:00
|
|
|
assert.NoError(cmd.ValidateArgs(nil))
|
|
|
|
assert.Error(cmd.ValidateArgs([]string{"something"}))
|
|
|
|
assert.Error(cmd.ValidateArgs([]string{"sth", "sth"}))
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestInitialize(t *testing.T) {
|
2023-09-29 08:01:40 -04:00
|
|
|
require := require.New(t)
|
|
|
|
|
|
|
|
respKubeconfig := k8sclientapi.Config{
|
|
|
|
Clusters: map[string]*k8sclientapi.Cluster{
|
|
|
|
"cluster": {
|
|
|
|
Server: "https://192.0.2.1:6443",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
respKubeconfigBytes, err := clientcmd.Write(respKubeconfig)
|
|
|
|
require.NoError(err)
|
|
|
|
|
2022-08-23 11:49:55 -04:00
|
|
|
gcpServiceAccKey := &gcpshared.ServiceAccountKey{
|
2023-08-03 07:54:48 -04:00
|
|
|
Type: "service_account",
|
|
|
|
ProjectID: "project_id",
|
|
|
|
PrivateKeyID: "key_id",
|
|
|
|
PrivateKey: "key",
|
|
|
|
ClientEmail: "client_email",
|
|
|
|
ClientID: "client_id",
|
|
|
|
AuthURI: "auth_uri",
|
|
|
|
TokenURI: "token_uri",
|
|
|
|
AuthProviderX509CertURL: "cert",
|
|
|
|
ClientX509CertURL: "client_cert",
|
2022-08-23 11:49:55 -04:00
|
|
|
}
|
2023-05-30 07:47:36 -04:00
|
|
|
testInitResp := &initproto.InitSuccessResponse{
|
2023-09-29 08:01:40 -04:00
|
|
|
Kubeconfig: respKubeconfigBytes,
|
2022-06-21 11:59:12 -04:00
|
|
|
OwnerId: []byte("ownerID"),
|
|
|
|
ClusterId: []byte("clusterID"),
|
2022-03-22 11:03:15 -04:00
|
|
|
}
|
2022-08-23 11:49:55 -04:00
|
|
|
serviceAccPath := "/test/service-account.json"
|
2022-03-22 11:03:15 -04:00
|
|
|
|
|
|
|
testCases := map[string]struct {
|
2022-10-11 06:24:33 -04:00
|
|
|
provider cloudprovider.Provider
|
|
|
|
idFile *clusterid.File
|
2022-08-31 07:57:59 -04:00
|
|
|
configMutator func(*config.Config)
|
|
|
|
serviceAccKey *gcpshared.ServiceAccountKey
|
|
|
|
initServerAPI *stubInitServer
|
2022-11-25 04:02:12 -05:00
|
|
|
retriable bool
|
2022-08-31 07:57:59 -04:00
|
|
|
masterSecretShouldExist bool
|
|
|
|
wantErr bool
|
2022-03-22 11:03:15 -04:00
|
|
|
}{
|
|
|
|
"initialize some gcp instances": {
|
2022-10-11 06:24:33 -04:00
|
|
|
provider: cloudprovider.GCP,
|
|
|
|
idFile: &clusterid.File{IP: "192.0.2.1"},
|
2022-08-25 09:12:08 -04:00
|
|
|
configMutator: func(c *config.Config) { c.Provider.GCP.ServiceAccountKeyPath = serviceAccPath },
|
|
|
|
serviceAccKey: gcpServiceAccKey,
|
2023-09-25 06:10:07 -04:00
|
|
|
initServerAPI: &stubInitServer{res: []*initproto.InitResponse{{Kind: &initproto.InitResponse_InitSuccess{InitSuccess: testInitResp}}}},
|
2022-03-22 11:03:15 -04:00
|
|
|
},
|
|
|
|
"initialize some azure instances": {
|
2022-10-11 06:24:33 -04:00
|
|
|
provider: cloudprovider.Azure,
|
|
|
|
idFile: &clusterid.File{IP: "192.0.2.1"},
|
2023-09-25 06:10:07 -04:00
|
|
|
initServerAPI: &stubInitServer{res: []*initproto.InitResponse{{Kind: &initproto.InitResponse_InitSuccess{InitSuccess: testInitResp}}}},
|
2022-04-12 08:20:46 -04:00
|
|
|
},
|
2022-05-02 04:54:54 -04:00
|
|
|
"initialize some qemu instances": {
|
2022-10-11 06:24:33 -04:00
|
|
|
provider: cloudprovider.QEMU,
|
|
|
|
idFile: &clusterid.File{IP: "192.0.2.1"},
|
2023-09-25 06:10:07 -04:00
|
|
|
initServerAPI: &stubInitServer{res: []*initproto.InitResponse{{Kind: &initproto.InitResponse_InitSuccess{InitSuccess: testInitResp}}}},
|
2022-06-21 11:59:12 -04:00
|
|
|
},
|
2022-11-25 04:02:12 -05:00
|
|
|
"non retriable error": {
|
|
|
|
provider: cloudprovider.QEMU,
|
|
|
|
idFile: &clusterid.File{IP: "192.0.2.1"},
|
2023-09-25 06:10:07 -04:00
|
|
|
initServerAPI: &stubInitServer{initErr: &nonRetriableError{err: assert.AnError}},
|
|
|
|
retriable: false,
|
|
|
|
masterSecretShouldExist: true,
|
|
|
|
wantErr: true,
|
|
|
|
},
|
|
|
|
"non retriable error with failed log collection": {
|
|
|
|
provider: cloudprovider.QEMU,
|
|
|
|
idFile: &clusterid.File{IP: "192.0.2.1"},
|
|
|
|
initServerAPI: &stubInitServer{
|
|
|
|
res: []*initproto.InitResponse{
|
|
|
|
{
|
|
|
|
Kind: &initproto.InitResponse_InitFailure{
|
|
|
|
InitFailure: &initproto.InitFailureResponse{
|
|
|
|
Error: "error",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Kind: &initproto.InitResponse_InitFailure{
|
|
|
|
InitFailure: &initproto.InitFailureResponse{
|
|
|
|
Error: "error",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2022-11-25 04:02:12 -05:00
|
|
|
retriable: false,
|
|
|
|
masterSecretShouldExist: true,
|
|
|
|
wantErr: true,
|
|
|
|
},
|
2022-10-11 06:24:33 -04:00
|
|
|
"empty id file": {
|
|
|
|
provider: cloudprovider.GCP,
|
|
|
|
idFile: &clusterid.File{},
|
2022-08-25 09:12:08 -04:00
|
|
|
initServerAPI: &stubInitServer{},
|
2022-11-25 04:02:12 -05:00
|
|
|
retriable: true,
|
2022-08-25 09:12:08 -04:00
|
|
|
wantErr: true,
|
2022-07-29 04:01:10 -04:00
|
|
|
},
|
2022-10-11 06:24:33 -04:00
|
|
|
"no id file": {
|
2022-11-25 04:02:12 -05:00
|
|
|
provider: cloudprovider.GCP,
|
|
|
|
retriable: true,
|
|
|
|
wantErr: true,
|
2022-07-05 08:14:11 -04:00
|
|
|
},
|
|
|
|
"init call fails": {
|
2022-10-11 06:24:33 -04:00
|
|
|
provider: cloudprovider.GCP,
|
|
|
|
idFile: &clusterid.File{IP: "192.0.2.1"},
|
2023-09-19 07:50:00 -04:00
|
|
|
initServerAPI: &stubInitServer{initErr: assert.AnError},
|
2022-11-25 04:02:12 -05:00
|
|
|
retriable: true,
|
2022-08-25 09:12:08 -04:00
|
|
|
wantErr: true,
|
2022-07-05 08:14:11 -04:00
|
|
|
},
|
2023-02-13 05:54:38 -05:00
|
|
|
"k8s version without v works": {
|
|
|
|
provider: cloudprovider.Azure,
|
|
|
|
idFile: &clusterid.File{IP: "192.0.2.1"},
|
2023-09-25 06:10:07 -04:00
|
|
|
initServerAPI: &stubInitServer{res: []*initproto.InitResponse{{Kind: &initproto.InitResponse_InitSuccess{InitSuccess: testInitResp}}}},
|
2023-09-19 07:50:00 -04:00
|
|
|
configMutator: func(c *config.Config) {
|
|
|
|
res, err := versions.NewValidK8sVersion(strings.TrimPrefix(string(versions.Default), "v"), true)
|
2023-09-29 08:01:40 -04:00
|
|
|
require.NoError(err)
|
2023-09-19 07:50:00 -04:00
|
|
|
c.KubernetesVersion = res
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"outdated k8s patch version doesn't work": {
|
|
|
|
provider: cloudprovider.Azure,
|
|
|
|
idFile: &clusterid.File{IP: "192.0.2.1"},
|
2023-09-25 06:10:07 -04:00
|
|
|
initServerAPI: &stubInitServer{res: []*initproto.InitResponse{{Kind: &initproto.InitResponse_InitSuccess{InitSuccess: testInitResp}}}},
|
2023-09-19 07:50:00 -04:00
|
|
|
configMutator: func(c *config.Config) {
|
|
|
|
v, err := semver.New(versions.SupportedK8sVersions()[0])
|
2023-09-29 08:01:40 -04:00
|
|
|
require.NoError(err)
|
2023-09-19 07:50:00 -04:00
|
|
|
outdatedPatchVer := semver.NewFromInt(v.Major(), v.Minor(), v.Patch()-1, "").String()
|
|
|
|
c.KubernetesVersion = versions.ValidK8sVersion(outdatedPatchVer)
|
|
|
|
},
|
|
|
|
wantErr: true,
|
|
|
|
retriable: true, // doesn't need to show retriable error message
|
2023-02-13 05:54:38 -05:00
|
|
|
},
|
2022-03-22 11:03:15 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
for name, tc := range testCases {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
2022-08-23 11:49:55 -04:00
|
|
|
// Networking
|
2022-06-21 11:59:12 -04:00
|
|
|
netDialer := testdialer.NewBufconnDialer()
|
2023-05-03 05:11:53 -04:00
|
|
|
newDialer := func(atls.Validator) *dialer.Dialer {
|
2022-08-09 08:04:40 -04:00
|
|
|
return dialer.New(nil, nil, netDialer)
|
|
|
|
}
|
2022-06-21 11:59:12 -04:00
|
|
|
serverCreds := atlscredentials.New(nil, nil)
|
|
|
|
initServer := grpc.NewServer(grpc.Creds(serverCreds))
|
|
|
|
initproto.RegisterAPIServer(initServer, tc.initServerAPI)
|
2022-06-29 09:26:29 -04:00
|
|
|
port := strconv.Itoa(constants.BootstrapperPort)
|
2022-06-21 11:59:12 -04:00
|
|
|
listener := netDialer.GetListener(net.JoinHostPort("192.0.2.1", port))
|
|
|
|
go initServer.Serve(listener)
|
|
|
|
defer initServer.GracefulStop()
|
|
|
|
|
2022-08-23 11:49:55 -04:00
|
|
|
// Command
|
2022-06-08 02:14:28 -04:00
|
|
|
cmd := NewInitCmd()
|
2022-03-22 11:03:15 -04:00
|
|
|
var out bytes.Buffer
|
|
|
|
cmd.SetOut(&out)
|
|
|
|
var errOut bytes.Buffer
|
|
|
|
cmd.SetErr(&errOut)
|
2022-08-12 09:59:45 -04:00
|
|
|
|
2022-08-23 11:49:55 -04:00
|
|
|
// Flags
|
2023-08-04 07:53:51 -04:00
|
|
|
cmd.Flags().String("workspace", "", "") // register persistent flag manually
|
|
|
|
cmd.Flags().Bool("force", true, "") // register persistent flag manually
|
2022-04-12 08:20:46 -04:00
|
|
|
|
2022-08-23 11:49:55 -04:00
|
|
|
// File system preparation
|
|
|
|
fs := afero.NewMemMapFs()
|
|
|
|
fileHandler := file.NewHandler(fs)
|
2022-10-11 06:24:33 -04:00
|
|
|
config := defaultConfigWithExpectedMeasurements(t, config.Default(), tc.provider)
|
2022-08-23 11:49:55 -04:00
|
|
|
if tc.configMutator != nil {
|
|
|
|
tc.configMutator(config)
|
|
|
|
}
|
|
|
|
require.NoError(fileHandler.WriteYAML(constants.ConfigFilename, config, file.OptNone))
|
2022-08-25 09:12:08 -04:00
|
|
|
if tc.idFile != nil {
|
2022-10-11 06:24:33 -04:00
|
|
|
tc.idFile.CloudProvider = tc.provider
|
2023-08-04 07:53:51 -04:00
|
|
|
require.NoError(fileHandler.WriteJSON(constants.ClusterIDsFilename, tc.idFile, file.OptNone))
|
2022-08-23 11:49:55 -04:00
|
|
|
}
|
|
|
|
if tc.serviceAccKey != nil {
|
|
|
|
require.NoError(fileHandler.WriteJSON(serviceAccPath, tc.serviceAccKey, file.OptNone))
|
|
|
|
}
|
|
|
|
|
2022-03-22 11:03:15 -04:00
|
|
|
ctx := context.Background()
|
|
|
|
ctx, cancel := context.WithTimeout(ctx, 4*time.Second)
|
|
|
|
defer cancel()
|
2022-06-28 05:19:03 -04:00
|
|
|
cmd.SetContext(ctx)
|
2023-09-25 10:19:43 -04:00
|
|
|
i := newInitCmd(&stubShowInfrastructure{}, fileHandler, &nopSpinner{}, nil, logger.NewTest(t))
|
2023-08-24 10:40:47 -04:00
|
|
|
err := i.initialize(cmd, newDialer, &stubLicenseClient{}, stubAttestationFetcher{},
|
2023-08-23 02:14:39 -04:00
|
|
|
func(io.Writer, string, debugLog) (attestationConfigApplier, error) {
|
|
|
|
return &stubAttestationApplier{}, nil
|
2023-08-24 10:40:47 -04:00
|
|
|
}, func(_ string, _ debugLog) (helmApplier, error) {
|
|
|
|
return &stubApplier{}, nil
|
|
|
|
})
|
2022-03-22 11:03:15 -04:00
|
|
|
|
2022-04-26 10:54:05 -04:00
|
|
|
if tc.wantErr {
|
2022-03-22 11:03:15 -04:00
|
|
|
assert.Error(err)
|
2022-11-25 04:02:12 -05:00
|
|
|
if !tc.retriable {
|
|
|
|
assert.Contains(errOut.String(), "This error is not recoverable")
|
|
|
|
} else {
|
|
|
|
assert.Empty(errOut.String())
|
|
|
|
}
|
2022-08-31 07:57:59 -04:00
|
|
|
if !tc.masterSecretShouldExist {
|
|
|
|
_, err = fileHandler.Stat(constants.MasterSecretFilename)
|
|
|
|
assert.Error(err)
|
|
|
|
}
|
2022-06-21 11:59:12 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
require.NoError(err)
|
2022-07-26 04:58:39 -04:00
|
|
|
// assert.Contains(out.String(), base64.StdEncoding.EncodeToString([]byte("ownerID")))
|
2022-11-24 04:57:58 -05:00
|
|
|
assert.Contains(out.String(), hex.EncodeToString([]byte("clusterID")))
|
2023-03-02 09:08:31 -05:00
|
|
|
var secret uri.MasterSecret
|
2022-08-31 07:57:59 -04:00
|
|
|
assert.NoError(fileHandler.ReadJSON(constants.MasterSecretFilename, &secret))
|
|
|
|
assert.NotEmpty(secret.Key)
|
|
|
|
assert.NotEmpty(secret.Salt)
|
2022-03-22 11:03:15 -04:00
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-08-24 10:40:47 -04:00
|
|
|
type stubApplier struct {
|
|
|
|
err error
|
|
|
|
}
|
|
|
|
|
2023-09-25 10:19:43 -04:00
|
|
|
func (s stubApplier) PrepareApply(_ *config.Config, _ clusterid.File, _ helm.Options, _ state.Infrastructure, _ string, _ uri.MasterSecret) (helm.Applier, bool, error) {
|
2023-08-24 10:40:47 -04:00
|
|
|
return stubRunner{}, false, s.err
|
|
|
|
}
|
|
|
|
|
|
|
|
type stubRunner struct{}
|
|
|
|
|
|
|
|
func (s stubRunner) Apply(_ context.Context) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-09-08 06:02:16 -04:00
|
|
|
func (s stubRunner) SaveCharts(_ string, _ file.Handler) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-05-30 07:47:36 -04:00
|
|
|
func TestGetLogs(t *testing.T) {
|
|
|
|
someErr := errors.New("failed")
|
|
|
|
|
|
|
|
testCases := map[string]struct {
|
|
|
|
resp initproto.API_InitClient
|
|
|
|
fh file.Handler
|
|
|
|
wantedOutput []byte
|
|
|
|
wantErr bool
|
|
|
|
}{
|
|
|
|
"success": {
|
|
|
|
resp: stubInitClient{res: bytes.NewReader([]byte("asdf"))},
|
|
|
|
fh: file.NewHandler(afero.NewMemMapFs()),
|
|
|
|
wantedOutput: []byte("asdf"),
|
|
|
|
},
|
|
|
|
"receive error": {
|
|
|
|
resp: stubInitClient{err: someErr},
|
|
|
|
fh: file.NewHandler(afero.NewMemMapFs()),
|
|
|
|
wantErr: true,
|
|
|
|
},
|
|
|
|
"nil log": {
|
|
|
|
resp: stubInitClient{res: bytes.NewReader([]byte{1}), setResNil: true},
|
|
|
|
fh: file.NewHandler(afero.NewMemMapFs()),
|
|
|
|
wantErr: true,
|
|
|
|
},
|
|
|
|
"failed write": {
|
|
|
|
resp: stubInitClient{res: bytes.NewReader([]byte("asdf"))},
|
|
|
|
fh: file.NewHandler(afero.NewReadOnlyFs(afero.NewMemMapFs())),
|
|
|
|
wantErr: true,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for name, tc := range testCases {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
|
|
|
|
|
|
|
doer := initDoer{
|
|
|
|
fh: tc.fh,
|
|
|
|
log: logger.NewTest(t),
|
|
|
|
}
|
|
|
|
|
|
|
|
err := doer.getLogs(tc.resp)
|
|
|
|
|
|
|
|
if tc.wantErr {
|
|
|
|
assert.Error(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
text, err := tc.fh.Read(constants.ErrorLog)
|
|
|
|
|
|
|
|
if tc.wantedOutput == nil {
|
|
|
|
assert.Error(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
assert.Equal(tc.wantedOutput, text)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-22 11:03:15 -04:00
|
|
|
func TestWriteOutput(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
2023-02-10 08:59:44 -05:00
|
|
|
require := require.New(t)
|
2022-03-22 11:03:15 -04:00
|
|
|
|
2023-09-29 08:01:40 -04:00
|
|
|
clusterEndpoint := "cluster-endpoint"
|
|
|
|
|
|
|
|
expectedKubeconfig := k8sclientapi.Config{
|
|
|
|
Clusters: map[string]*k8sclientapi.Cluster{
|
|
|
|
"cluster": {
|
|
|
|
Server: fmt.Sprintf("https://%s:6443", clusterEndpoint),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
expectedKubeconfigBytes, err := clientcmd.Write(expectedKubeconfig)
|
|
|
|
require.NoError(err)
|
|
|
|
|
|
|
|
respKubeconfig := k8sclientapi.Config{
|
|
|
|
Clusters: map[string]*k8sclientapi.Cluster{
|
|
|
|
"cluster": {
|
|
|
|
Server: "https://192.0.2.1:6443",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
respKubeconfigBytes, err := clientcmd.Write(respKubeconfig)
|
|
|
|
require.NoError(err)
|
|
|
|
|
2022-06-21 11:59:12 -04:00
|
|
|
resp := &initproto.InitResponse{
|
2023-05-30 07:47:36 -04:00
|
|
|
Kind: &initproto.InitResponse_InitSuccess{
|
|
|
|
InitSuccess: &initproto.InitSuccessResponse{
|
|
|
|
OwnerId: []byte("ownerID"),
|
|
|
|
ClusterId: []byte("clusterID"),
|
2023-09-29 08:01:40 -04:00
|
|
|
Kubeconfig: respKubeconfigBytes,
|
2023-05-30 07:47:36 -04:00
|
|
|
},
|
|
|
|
},
|
2022-03-22 11:03:15 -04:00
|
|
|
}
|
2022-07-01 04:57:29 -04:00
|
|
|
|
2023-05-30 07:47:36 -04:00
|
|
|
ownerID := hex.EncodeToString(resp.GetInitSuccess().GetOwnerId())
|
|
|
|
clusterID := hex.EncodeToString(resp.GetInitSuccess().GetClusterId())
|
2022-07-05 08:14:11 -04:00
|
|
|
|
2022-10-11 06:24:33 -04:00
|
|
|
expectedIDFile := clusterid.File{
|
2022-07-05 08:14:11 -04:00
|
|
|
ClusterID: clusterID,
|
|
|
|
OwnerID: ownerID,
|
2023-09-29 08:01:40 -04:00
|
|
|
IP: clusterEndpoint,
|
2022-10-11 06:24:33 -04:00
|
|
|
UID: "test-uid",
|
2022-07-01 04:57:29 -04:00
|
|
|
}
|
|
|
|
|
2022-03-22 11:03:15 -04:00
|
|
|
var out bytes.Buffer
|
|
|
|
testFs := afero.NewMemMapFs()
|
|
|
|
fileHandler := file.NewHandler(testFs)
|
|
|
|
|
2022-10-11 06:24:33 -04:00
|
|
|
idFile := clusterid.File{
|
|
|
|
UID: "test-uid",
|
2023-09-29 08:01:40 -04:00
|
|
|
IP: clusterEndpoint,
|
2022-10-11 06:24:33 -04:00
|
|
|
}
|
2023-08-24 10:40:47 -04:00
|
|
|
i := newInitCmd(nil, fileHandler, &nopSpinner{}, &stubMerger{}, logger.NewTest(t))
|
2023-09-29 08:01:40 -04:00
|
|
|
err = i.writeOutput(idFile, resp.GetInitSuccess(), false, &out)
|
2023-02-10 08:59:44 -05:00
|
|
|
require.NoError(err)
|
2022-07-26 04:58:39 -04:00
|
|
|
// assert.Contains(out.String(), ownerID)
|
2022-07-05 08:14:11 -04:00
|
|
|
assert.Contains(out.String(), clusterID)
|
2022-06-21 11:59:12 -04:00
|
|
|
assert.Contains(out.String(), constants.AdminConfFilename)
|
2022-03-22 11:03:15 -04:00
|
|
|
|
|
|
|
afs := afero.Afero{Fs: testFs}
|
2022-04-06 04:36:58 -04:00
|
|
|
adminConf, err := afs.ReadFile(constants.AdminConfFilename)
|
2022-03-22 11:03:15 -04:00
|
|
|
assert.NoError(err)
|
2023-09-29 08:01:40 -04:00
|
|
|
assert.Contains(string(adminConf), clusterEndpoint)
|
|
|
|
assert.Equal(string(expectedKubeconfigBytes), string(adminConf))
|
2022-07-01 04:57:29 -04:00
|
|
|
|
2023-08-04 07:53:51 -04:00
|
|
|
idsFile, err := afs.ReadFile(constants.ClusterIDsFilename)
|
2022-07-01 04:57:29 -04:00
|
|
|
assert.NoError(err)
|
2022-10-11 06:24:33 -04:00
|
|
|
var testIDFile clusterid.File
|
2022-07-08 04:59:59 -04:00
|
|
|
err = json.Unmarshal(idsFile, &testIDFile)
|
2022-07-01 04:57:29 -04:00
|
|
|
assert.NoError(err)
|
2022-07-08 04:59:59 -04:00
|
|
|
assert.Equal(expectedIDFile, testIDFile)
|
2023-08-04 07:53:51 -04:00
|
|
|
out.Reset()
|
|
|
|
require.NoError(afs.Remove(constants.AdminConfFilename))
|
2023-02-10 08:59:44 -05:00
|
|
|
|
2023-08-04 07:53:51 -04:00
|
|
|
// test custom workspace
|
2023-08-08 09:42:06 -04:00
|
|
|
i.pf = pathprefix.New("/some/path")
|
|
|
|
err = i.writeOutput(idFile, resp.GetInitSuccess(), true, &out)
|
2023-08-04 07:53:51 -04:00
|
|
|
require.NoError(err)
|
|
|
|
// assert.Contains(out.String(), ownerID)
|
|
|
|
assert.Contains(out.String(), clusterID)
|
2023-08-16 09:38:40 -04:00
|
|
|
assert.Contains(out.String(), i.pf.PrefixPrintablePath(constants.AdminConfFilename))
|
2023-02-10 08:59:44 -05:00
|
|
|
out.Reset()
|
2023-08-04 07:53:51 -04:00
|
|
|
// File is written to current working dir, we simply pass the workspace for generating readable user output
|
2023-02-10 08:59:44 -05:00
|
|
|
require.NoError(afs.Remove(constants.AdminConfFilename))
|
2023-08-08 09:42:06 -04:00
|
|
|
i.pf = pathprefix.PathPrefixer{}
|
2023-08-04 07:53:51 -04:00
|
|
|
|
|
|
|
// test config merging
|
2023-08-08 09:42:06 -04:00
|
|
|
err = i.writeOutput(idFile, resp.GetInitSuccess(), true, &out)
|
2023-02-10 08:59:44 -05:00
|
|
|
require.NoError(err)
|
|
|
|
// assert.Contains(out.String(), ownerID)
|
|
|
|
assert.Contains(out.String(), clusterID)
|
|
|
|
assert.Contains(out.String(), constants.AdminConfFilename)
|
|
|
|
assert.Contains(out.String(), "Constellation kubeconfig merged with default config")
|
|
|
|
assert.Contains(out.String(), "You can now connect to your cluster")
|
2023-08-04 07:53:51 -04:00
|
|
|
out.Reset()
|
|
|
|
require.NoError(afs.Remove(constants.AdminConfFilename))
|
2023-02-10 08:59:44 -05:00
|
|
|
|
|
|
|
// test config merging with env vars set
|
|
|
|
i.merger = &stubMerger{envVar: "/some/path/to/kubeconfig"}
|
2023-08-08 09:42:06 -04:00
|
|
|
err = i.writeOutput(idFile, resp.GetInitSuccess(), true, &out)
|
2023-02-10 08:59:44 -05:00
|
|
|
require.NoError(err)
|
|
|
|
// assert.Contains(out.String(), ownerID)
|
|
|
|
assert.Contains(out.String(), clusterID)
|
|
|
|
assert.Contains(out.String(), constants.AdminConfFilename)
|
|
|
|
assert.Contains(out.String(), "Constellation kubeconfig merged with default config")
|
|
|
|
assert.Contains(out.String(), "Warning: KUBECONFIG environment variable is set")
|
2022-03-22 11:03:15 -04:00
|
|
|
}
|
|
|
|
|
2023-08-04 07:53:51 -04:00
|
|
|
func TestGenerateMasterSecret(t *testing.T) {
|
2022-03-22 11:03:15 -04:00
|
|
|
testCases := map[string]struct {
|
2022-07-29 03:52:47 -04:00
|
|
|
createFileFunc func(handler file.Handler) error
|
|
|
|
fs func() afero.Fs
|
|
|
|
wantErr bool
|
2022-03-22 11:03:15 -04:00
|
|
|
}{
|
2023-08-04 07:53:51 -04:00
|
|
|
"file already exists": {
|
|
|
|
fs: afero.NewMemMapFs,
|
2022-07-29 03:52:47 -04:00
|
|
|
createFileFunc: func(handler file.Handler) error {
|
|
|
|
return handler.WriteJSON(
|
2023-08-04 07:53:51 -04:00
|
|
|
constants.MasterSecretFilename,
|
2023-03-02 09:08:31 -05:00
|
|
|
uri.MasterSecret{Key: []byte("constellation-master-secret"), Salt: []byte("constellation-32Byte-length-salt")},
|
2022-07-29 03:52:47 -04:00
|
|
|
file.OptNone,
|
|
|
|
)
|
|
|
|
},
|
2023-08-04 07:53:51 -04:00
|
|
|
wantErr: true,
|
2022-03-22 11:03:15 -04:00
|
|
|
},
|
|
|
|
"file does not exist": {
|
2022-07-29 03:52:47 -04:00
|
|
|
createFileFunc: func(handler file.Handler) error { return nil },
|
|
|
|
fs: afero.NewMemMapFs,
|
2023-08-04 07:53:51 -04:00
|
|
|
wantErr: false,
|
2022-03-22 11:03:15 -04:00
|
|
|
},
|
|
|
|
"file not writeable": {
|
2022-07-29 03:52:47 -04:00
|
|
|
createFileFunc: func(handler file.Handler) error { return nil },
|
|
|
|
fs: func() afero.Fs { return afero.NewReadOnlyFs(afero.NewMemMapFs()) },
|
|
|
|
wantErr: true,
|
2022-03-22 11:03:15 -04:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for name, tc := range testCases {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
|
|
|
require := require.New(t)
|
|
|
|
|
|
|
|
fileHandler := file.NewHandler(tc.fs())
|
2022-07-29 03:52:47 -04:00
|
|
|
require.NoError(tc.createFileFunc(fileHandler))
|
2022-03-22 11:03:15 -04:00
|
|
|
|
|
|
|
var out bytes.Buffer
|
2023-08-24 10:40:47 -04:00
|
|
|
i := newInitCmd(nil, fileHandler, nil, nil, logger.NewTest(t))
|
2023-08-08 09:42:06 -04:00
|
|
|
secret, err := i.generateMasterSecret(&out)
|
2022-03-22 11:03:15 -04:00
|
|
|
|
2022-04-26 10:54:05 -04:00
|
|
|
if tc.wantErr {
|
2022-03-22 11:03:15 -04:00
|
|
|
assert.Error(err)
|
|
|
|
} else {
|
|
|
|
assert.NoError(err)
|
|
|
|
|
2023-08-04 07:53:51 -04:00
|
|
|
require.Contains(out.String(), constants.MasterSecretFilename)
|
2022-03-22 11:03:15 -04:00
|
|
|
|
2023-03-02 09:08:31 -05:00
|
|
|
var masterSecret uri.MasterSecret
|
2023-08-04 07:53:51 -04:00
|
|
|
require.NoError(fileHandler.ReadJSON(constants.MasterSecretFilename, &masterSecret))
|
2022-07-29 03:52:47 -04:00
|
|
|
assert.Equal(masterSecret.Key, secret.Key)
|
|
|
|
assert.Equal(masterSecret.Salt, secret.Salt)
|
2022-03-22 11:03:15 -04:00
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-08-09 08:04:40 -04:00
|
|
|
func TestAttestation(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
|
|
|
require := require.New(t)
|
|
|
|
|
2023-09-25 06:10:07 -04:00
|
|
|
initServerAPI := &stubInitServer{res: []*initproto.InitResponse{
|
|
|
|
{
|
|
|
|
Kind: &initproto.InitResponse_InitSuccess{
|
|
|
|
InitSuccess: &initproto.InitSuccessResponse{
|
|
|
|
Kubeconfig: []byte("kubeconfig"),
|
|
|
|
OwnerId: []byte("ownerID"),
|
|
|
|
ClusterId: []byte("clusterID"),
|
|
|
|
},
|
2023-05-30 07:47:36 -04:00
|
|
|
},
|
|
|
|
},
|
2022-08-09 08:04:40 -04:00
|
|
|
}}
|
2022-10-11 06:24:33 -04:00
|
|
|
existingIDFile := &clusterid.File{IP: "192.0.2.4", CloudProvider: cloudprovider.QEMU}
|
2022-08-09 08:04:40 -04:00
|
|
|
|
|
|
|
netDialer := testdialer.NewBufconnDialer()
|
|
|
|
|
|
|
|
issuer := &testIssuer{
|
2023-03-29 03:30:13 -04:00
|
|
|
Getter: variant.QEMUVTPM{},
|
2022-11-24 04:57:58 -05:00
|
|
|
pcrs: map[uint32][]byte{
|
|
|
|
0: bytes.Repeat([]byte{0xFF}, 32),
|
|
|
|
1: bytes.Repeat([]byte{0xFF}, 32),
|
|
|
|
2: bytes.Repeat([]byte{0xFF}, 32),
|
|
|
|
3: bytes.Repeat([]byte{0xFF}, 32),
|
2022-08-09 08:04:40 -04:00
|
|
|
},
|
|
|
|
}
|
|
|
|
serverCreds := atlscredentials.New(issuer, nil)
|
|
|
|
initServer := grpc.NewServer(grpc.Creds(serverCreds))
|
|
|
|
initproto.RegisterAPIServer(initServer, initServerAPI)
|
|
|
|
port := strconv.Itoa(constants.BootstrapperPort)
|
2022-07-29 04:01:10 -04:00
|
|
|
listener := netDialer.GetListener(net.JoinHostPort("192.0.2.4", port))
|
2022-08-09 08:04:40 -04:00
|
|
|
go initServer.Serve(listener)
|
|
|
|
defer initServer.GracefulStop()
|
|
|
|
|
|
|
|
cmd := NewInitCmd()
|
2023-08-04 07:53:51 -04:00
|
|
|
cmd.Flags().String("workspace", "", "") // register persistent flag manually
|
|
|
|
cmd.Flags().Bool("force", true, "") // register persistent flag manually
|
2022-08-09 08:04:40 -04:00
|
|
|
var out bytes.Buffer
|
|
|
|
cmd.SetOut(&out)
|
|
|
|
var errOut bytes.Buffer
|
|
|
|
cmd.SetErr(&errOut)
|
|
|
|
|
|
|
|
fs := afero.NewMemMapFs()
|
|
|
|
fileHandler := file.NewHandler(fs)
|
2023-08-04 07:53:51 -04:00
|
|
|
require.NoError(fileHandler.WriteJSON(constants.ClusterIDsFilename, existingIDFile, file.OptNone))
|
2022-08-09 08:04:40 -04:00
|
|
|
|
|
|
|
cfg := config.Default()
|
2023-06-27 12:24:35 -04:00
|
|
|
cfg.Image = "v0.0.0" // is the default version of the the CLI (before build injects the real version)
|
2023-05-17 10:53:56 -04:00
|
|
|
cfg.RemoveProviderAndAttestationExcept(cloudprovider.QEMU)
|
2023-03-10 05:33:06 -05:00
|
|
|
cfg.Attestation.QEMUVTPM.Measurements[0] = measurements.WithAllBytes(0x00, measurements.Enforce, measurements.PCRMeasurementLength)
|
|
|
|
cfg.Attestation.QEMUVTPM.Measurements[1] = measurements.WithAllBytes(0x11, measurements.Enforce, measurements.PCRMeasurementLength)
|
|
|
|
cfg.Attestation.QEMUVTPM.Measurements[2] = measurements.WithAllBytes(0x22, measurements.Enforce, measurements.PCRMeasurementLength)
|
|
|
|
cfg.Attestation.QEMUVTPM.Measurements[3] = measurements.WithAllBytes(0x33, measurements.Enforce, measurements.PCRMeasurementLength)
|
|
|
|
cfg.Attestation.QEMUVTPM.Measurements[4] = measurements.WithAllBytes(0x44, measurements.Enforce, measurements.PCRMeasurementLength)
|
|
|
|
cfg.Attestation.QEMUVTPM.Measurements[9] = measurements.WithAllBytes(0x99, measurements.Enforce, measurements.PCRMeasurementLength)
|
|
|
|
cfg.Attestation.QEMUVTPM.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce, measurements.PCRMeasurementLength)
|
2022-08-09 08:04:40 -04:00
|
|
|
require.NoError(fileHandler.WriteYAML(constants.ConfigFilename, cfg, file.OptNone))
|
|
|
|
|
2023-05-03 05:11:53 -04:00
|
|
|
newDialer := func(v atls.Validator) *dialer.Dialer {
|
|
|
|
validator := &testValidator{
|
|
|
|
Getter: variant.QEMUVTPM{},
|
|
|
|
pcrs: cfg.GetAttestationConfig().GetMeasurements(),
|
|
|
|
}
|
|
|
|
return dialer.New(nil, validator, netDialer)
|
|
|
|
}
|
|
|
|
|
2022-08-09 08:04:40 -04:00
|
|
|
ctx := context.Background()
|
|
|
|
ctx, cancel := context.WithTimeout(ctx, 4*time.Second)
|
|
|
|
defer cancel()
|
|
|
|
cmd.SetContext(ctx)
|
|
|
|
|
2023-08-24 10:40:47 -04:00
|
|
|
i := newInitCmd(nil, fileHandler, &nopSpinner{}, nil, logger.NewTest(t))
|
|
|
|
err := i.initialize(cmd, newDialer, &stubLicenseClient{}, stubAttestationFetcher{},
|
2023-08-23 02:14:39 -04:00
|
|
|
func(io.Writer, string, debugLog) (attestationConfigApplier, error) {
|
|
|
|
return &stubAttestationApplier{}, nil
|
2023-08-24 10:40:47 -04:00
|
|
|
}, func(_ string, _ debugLog) (helmApplier, error) {
|
|
|
|
return &stubApplier{}, nil
|
|
|
|
})
|
2022-08-09 08:04:40 -04:00
|
|
|
assert.Error(err)
|
|
|
|
// make sure the error is actually a TLS handshake error
|
|
|
|
assert.Contains(err.Error(), "transport: authentication handshake failed")
|
|
|
|
}
|
|
|
|
|
|
|
|
type testValidator struct {
|
2023-03-29 03:30:13 -04:00
|
|
|
variant.Getter
|
2022-11-15 09:40:49 -05:00
|
|
|
pcrs measurements.M
|
2022-08-09 08:04:40 -04:00
|
|
|
}
|
|
|
|
|
2023-03-29 03:06:10 -04:00
|
|
|
func (v *testValidator) Validate(_ context.Context, attDoc []byte, _ []byte) ([]byte, error) {
|
2022-08-09 08:04:40 -04:00
|
|
|
var attestation struct {
|
|
|
|
UserData []byte
|
2022-11-24 04:57:58 -05:00
|
|
|
PCRs map[uint32][]byte
|
2022-08-09 08:04:40 -04:00
|
|
|
}
|
|
|
|
if err := json.Unmarshal(attDoc, &attestation); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
for k, pcr := range v.pcrs {
|
2022-11-24 04:57:58 -05:00
|
|
|
if !bytes.Equal(attestation.PCRs[k], pcr.Expected[:]) {
|
2022-08-09 08:04:40 -04:00
|
|
|
return nil, errors.New("invalid PCR value")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return attestation.UserData, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type testIssuer struct {
|
2023-03-29 03:30:13 -04:00
|
|
|
variant.Getter
|
2022-11-24 04:57:58 -05:00
|
|
|
pcrs map[uint32][]byte
|
2022-08-09 08:04:40 -04:00
|
|
|
}
|
|
|
|
|
2023-03-29 03:06:10 -04:00
|
|
|
func (i *testIssuer) Issue(_ context.Context, userData []byte, _ []byte) ([]byte, error) {
|
2022-08-09 08:04:40 -04:00
|
|
|
return json.Marshal(
|
|
|
|
struct {
|
|
|
|
UserData []byte
|
2022-11-24 04:57:58 -05:00
|
|
|
PCRs map[uint32][]byte
|
2022-08-09 08:04:40 -04:00
|
|
|
}{
|
|
|
|
UserData: userData,
|
|
|
|
PCRs: i.pcrs,
|
|
|
|
},
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2022-06-21 11:59:12 -04:00
|
|
|
type stubInitServer struct {
|
2023-09-25 06:10:07 -04:00
|
|
|
res []*initproto.InitResponse
|
2023-05-30 07:47:36 -04:00
|
|
|
initErr error
|
2022-03-22 11:03:15 -04:00
|
|
|
|
2022-06-21 11:59:12 -04:00
|
|
|
initproto.UnimplementedAPIServer
|
2022-03-22 11:03:15 -04:00
|
|
|
}
|
2022-03-29 05:38:14 -04:00
|
|
|
|
2023-05-30 07:47:36 -04:00
|
|
|
func (s *stubInitServer) Init(_ *initproto.InitRequest, stream initproto.API_InitServer) error {
|
2023-09-25 06:10:07 -04:00
|
|
|
for _, r := range s.res {
|
|
|
|
_ = stream.Send(r)
|
|
|
|
}
|
2023-05-30 07:47:36 -04:00
|
|
|
return s.initErr
|
2022-03-29 05:38:14 -04:00
|
|
|
}
|
2022-08-12 09:59:45 -04:00
|
|
|
|
2023-02-10 08:59:44 -05:00
|
|
|
type stubMerger struct {
|
|
|
|
envVar string
|
|
|
|
mergeErr error
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *stubMerger) mergeConfigs(string, file.Handler) error {
|
|
|
|
return m.mergeErr
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *stubMerger) kubeconfigEnvVar() string {
|
|
|
|
return m.envVar
|
|
|
|
}
|
|
|
|
|
2022-08-23 11:49:55 -04:00
|
|
|
func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, csp cloudprovider.Provider) *config.Config {
|
2022-08-12 09:59:45 -04:00
|
|
|
t.Helper()
|
2022-08-23 11:49:55 -04:00
|
|
|
|
2023-08-02 04:27:43 -04:00
|
|
|
conf.RemoveProviderAndAttestationExcept(csp)
|
|
|
|
|
2023-07-25 08:20:25 -04:00
|
|
|
conf.Image = constants.BinaryVersion().String()
|
2023-02-10 07:27:22 -05:00
|
|
|
conf.Name = "kubernetes"
|
2022-11-22 12:47:08 -05:00
|
|
|
|
2023-08-02 04:43:25 -04:00
|
|
|
var zone, instanceType, diskType string
|
2022-08-23 11:49:55 -04:00
|
|
|
switch csp {
|
|
|
|
case cloudprovider.Azure:
|
|
|
|
conf.Provider.Azure.SubscriptionID = "01234567-0123-0123-0123-0123456789ab"
|
|
|
|
conf.Provider.Azure.TenantID = "01234567-0123-0123-0123-0123456789ab"
|
|
|
|
conf.Provider.Azure.Location = "test-location"
|
|
|
|
conf.Provider.Azure.UserAssignedIdentity = "test-identity"
|
2022-08-25 09:12:08 -04:00
|
|
|
conf.Provider.Azure.ResourceGroup = "test-resource-group"
|
2023-03-10 05:33:06 -05:00
|
|
|
conf.Attestation.AzureSEVSNP.Measurements[4] = measurements.WithAllBytes(0x44, measurements.Enforce, measurements.PCRMeasurementLength)
|
|
|
|
conf.Attestation.AzureSEVSNP.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce, measurements.PCRMeasurementLength)
|
|
|
|
conf.Attestation.AzureSEVSNP.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce, measurements.PCRMeasurementLength)
|
2023-08-02 04:43:25 -04:00
|
|
|
instanceType = "Standard_DC4as_v5"
|
|
|
|
diskType = "StandardSSD_LRS"
|
2022-08-23 11:49:55 -04:00
|
|
|
case cloudprovider.GCP:
|
|
|
|
conf.Provider.GCP.Region = "test-region"
|
|
|
|
conf.Provider.GCP.Project = "test-project"
|
|
|
|
conf.Provider.GCP.Zone = "test-zone"
|
2022-09-11 10:09:05 -04:00
|
|
|
conf.Provider.GCP.ServiceAccountKeyPath = "test-key-path"
|
2023-03-10 05:33:06 -05:00
|
|
|
conf.Attestation.GCPSEVES.Measurements[4] = measurements.WithAllBytes(0x44, measurements.Enforce, measurements.PCRMeasurementLength)
|
|
|
|
conf.Attestation.GCPSEVES.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce, measurements.PCRMeasurementLength)
|
|
|
|
conf.Attestation.GCPSEVES.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce, measurements.PCRMeasurementLength)
|
2023-08-02 04:43:25 -04:00
|
|
|
zone = "europe-west3-b"
|
|
|
|
instanceType = "n2d-standard-4"
|
|
|
|
diskType = "pd-ssd"
|
2022-08-23 11:49:55 -04:00
|
|
|
case cloudprovider.QEMU:
|
2023-03-10 05:33:06 -05:00
|
|
|
conf.Attestation.QEMUVTPM.Measurements[4] = measurements.WithAllBytes(0x44, measurements.Enforce, measurements.PCRMeasurementLength)
|
|
|
|
conf.Attestation.QEMUVTPM.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce, measurements.PCRMeasurementLength)
|
|
|
|
conf.Attestation.QEMUVTPM.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce, measurements.PCRMeasurementLength)
|
2022-08-23 11:49:55 -04:00
|
|
|
}
|
|
|
|
|
2023-08-02 04:43:25 -04:00
|
|
|
for groupName, group := range conf.NodeGroups {
|
|
|
|
group.Zone = zone
|
|
|
|
group.InstanceType = instanceType
|
|
|
|
group.StateDiskType = diskType
|
|
|
|
conf.NodeGroups[groupName] = group
|
|
|
|
}
|
|
|
|
|
2022-08-23 11:49:55 -04:00
|
|
|
return conf
|
2022-08-12 09:59:45 -04:00
|
|
|
}
|
2022-08-16 10:06:38 -04:00
|
|
|
|
|
|
|
type stubLicenseClient struct{}
|
|
|
|
|
2023-03-20 06:03:36 -04:00
|
|
|
func (c *stubLicenseClient) QuotaCheck(_ context.Context, _ license.QuotaCheckRequest) (license.QuotaCheckResponse, error) {
|
2022-08-25 08:06:29 -04:00
|
|
|
return license.QuotaCheckResponse{
|
|
|
|
Quota: 25,
|
2022-08-16 10:06:38 -04:00
|
|
|
}, nil
|
|
|
|
}
|
2023-05-30 07:47:36 -04:00
|
|
|
|
|
|
|
type stubInitClient struct {
|
|
|
|
res io.Reader
|
|
|
|
err error
|
|
|
|
setResNil bool
|
|
|
|
grpc.ClientStream
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c stubInitClient) Recv() (*initproto.InitResponse, error) {
|
|
|
|
if c.err != nil {
|
|
|
|
return &initproto.InitResponse{}, c.err
|
|
|
|
}
|
|
|
|
|
|
|
|
text := make([]byte, 1024)
|
|
|
|
n, err := c.res.Read(text)
|
|
|
|
text = text[:n]
|
|
|
|
|
|
|
|
res := &initproto.InitResponse{
|
|
|
|
Kind: &initproto.InitResponse_Log{
|
|
|
|
Log: &initproto.LogResponseType{
|
|
|
|
Log: text,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
if c.setResNil {
|
|
|
|
res = &initproto.InitResponse{
|
|
|
|
Kind: &initproto.InitResponse_Log{
|
|
|
|
Log: &initproto.LogResponseType{
|
|
|
|
Log: nil,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return res, err
|
|
|
|
}
|
2023-07-31 04:53:05 -04:00
|
|
|
|
2023-09-25 10:19:43 -04:00
|
|
|
type stubShowInfrastructure struct{}
|
2023-08-03 07:54:48 -04:00
|
|
|
|
2023-09-25 10:19:43 -04:00
|
|
|
func (s *stubShowInfrastructure) ShowInfrastructure(_ context.Context, csp cloudprovider.Provider) (state.Infrastructure, error) {
|
|
|
|
res := state.Infrastructure{}
|
2023-08-03 07:54:48 -04:00
|
|
|
switch csp {
|
|
|
|
case cloudprovider.Azure:
|
2023-09-25 10:19:43 -04:00
|
|
|
res.Azure = &state.Azure{}
|
2023-08-03 07:54:48 -04:00
|
|
|
case cloudprovider.GCP:
|
2023-09-25 10:19:43 -04:00
|
|
|
res.GCP = &state.GCP{}
|
2023-08-03 07:54:48 -04:00
|
|
|
}
|
|
|
|
return res, nil
|
|
|
|
}
|
2023-08-23 02:14:39 -04:00
|
|
|
|
|
|
|
type stubAttestationApplier struct {
|
|
|
|
applyErr error
|
|
|
|
}
|
|
|
|
|
|
|
|
func (a *stubAttestationApplier) ApplyJoinConfig(_ context.Context, _ config.AttestationCfg, _ []byte) error {
|
|
|
|
return a.applyErr
|
|
|
|
}
|