constellation/state/keyservice/keyservice_test.go

package keyservice

import (
	"context"
	"errors"
	"net"
	"testing"
	"time"

	"github.com/edgelesssys/constellation/bootstrapper/role"
	"github.com/edgelesssys/constellation/internal/atls"
	"github.com/edgelesssys/constellation/internal/cloud/metadata"
	"github.com/edgelesssys/constellation/internal/grpc/atlscredentials"
	"github.com/edgelesssys/constellation/internal/logger"
	"github.com/edgelesssys/constellation/internal/oid"
	"github.com/edgelesssys/constellation/joinservice/joinproto"
	"github.com/edgelesssys/constellation/state/keyservice/keyproto"
	"github.com/stretchr/testify/assert"
	"go.uber.org/goleak"
	"google.golang.org/grpc"
	"google.golang.org/grpc/test/bufconn"
	testclock "k8s.io/utils/clock/testing"
)

func TestMain(m *testing.M) {
	goleak.VerifyTestMain(m)
}

func TestRequestKeyLoop(t *testing.T) {
	clockstep := struct{}{}
	someErr := errors.New("failed")
	defaultInstance := metadata.InstanceMetadata{
		Name:       "test-instance",
		ProviderID: "/test/provider",
		Role:       role.ControlPlane,
		PrivateIPs: []string{"192.0.2.1"},
	}

	testCases := map[string]struct {
		answers []any
	}{
		"success": {
			answers: []any{
				listAnswer{listResponse: []metadata.InstanceMetadata{defaultInstance}},
				issueRejoinTicketAnswer{stateDiskKey: []byte{0x1}, measurementSecret: []byte{0x2}},
				pushStateDiskKeyAnswer{},
			},
		},
		"recover metadata list error": {
			answers: []any{
				listAnswer{err: someErr},
				clockstep,
				listAnswer{listResponse: []metadata.InstanceMetadata{defaultInstance}},
				issueRejoinTicketAnswer{stateDiskKey: []byte{0x1}, measurementSecret: []byte{0x2}},
				pushStateDiskKeyAnswer{},
			},
		},
		"recover issue rejoin ticket error": {
			answers: []any{
				listAnswer{listResponse: []metadata.InstanceMetadata{defaultInstance}},
				issueRejoinTicketAnswer{err: someErr},
				clockstep,
				listAnswer{listResponse: []metadata.InstanceMetadata{defaultInstance}},
				issueRejoinTicketAnswer{stateDiskKey: []byte{0x1}, measurementSecret: []byte{0x2}},
				pushStateDiskKeyAnswer{},
			},
		},
		"recover push key error": {
			answers: []any{
				listAnswer{listResponse: []metadata.InstanceMetadata{defaultInstance}},
				issueRejoinTicketAnswer{stateDiskKey: []byte{0x1}, measurementSecret: []byte{0x2}},
				pushStateDiskKeyAnswer{err: someErr},
				clockstep,
				listAnswer{listResponse: []metadata.InstanceMetadata{defaultInstance}},
				issueRejoinTicketAnswer{stateDiskKey: []byte{0x1}, measurementSecret: []byte{0x2}},
				pushStateDiskKeyAnswer{},
			},
		},
	}

	for name, tc := range testCases {
		t.Run(name, func(t *testing.T) {
			metadataServer := newStubMetadataServer()
			joinServer := newStubJoinAPIServer()
			keyServer := newStubKeyAPIServer()

			listener := bufconn.Listen(1024)
			defer listener.Close()
			creds := atlscredentials.New(atls.NewFakeIssuer(oid.Dummy{}), nil)
			grpcServer := grpc.NewServer(grpc.Creds(creds))
			joinproto.RegisterAPIServer(grpcServer, joinServer)
			keyproto.RegisterAPIServer(grpcServer, keyServer)
			go grpcServer.Serve(listener)
			defer grpcServer.GracefulStop()

			clock := testclock.NewFakeClock(time.Now())
			keyReceived := make(chan struct{}, 1)
			keyWaiter := &KeyAPI{
				listenAddr:  "192.0.2.1:30090",
				log:         logger.NewTest(t),
				metadata:    metadataServer,
				keyReceived: keyReceived,
				clock:       clock,
				timeout:     1 * time.Second,
				interval:    1 * time.Second,
			}
			grpcOpts := []grpc.DialOption{
				grpc.WithContextDialer(func(ctx context.Context, s string) (net.Conn, error) {
					return listener.DialContext(ctx)
				}),
			}

			// Start the request loop under tests.
			done := make(chan struct{})
			go func() {
				defer close(done)
				keyWaiter.requestKeyLoop("1234", grpcOpts...)
			}()

			// Play test case answers.
			for _, answ := range tc.answers {
				switch answ := answ.(type) {
				case listAnswer:
					metadataServer.listAnswerC <- answ
				case issueRejoinTicketAnswer:
					joinServer.issueRejoinTicketAnswerC <- answ
				case pushStateDiskKeyAnswer:
					keyServer.pushStateDiskKeyAnswerC <- answ
				default:
					clock.Step(time.Second)
				}
			}

			// Stop the request loop.
			keyReceived <- struct{}{}
		})
	}
}

func TestPushStateDiskKey(t *testing.T) {
	testCases := map[string]struct {
		testAPI *KeyAPI
		request *keyproto.PushStateDiskKeyRequest
		wantErr bool
	}{
		"success": {
			testAPI: &KeyAPI{keyReceived: make(chan struct{}, 1)},
			request: &keyproto.PushStateDiskKeyRequest{StateDiskKey: []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"), MeasurementSecret: []byte("BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB")},
		},
		"key already set": {
			testAPI: &KeyAPI{
				keyReceived: make(chan struct{}, 1),
				key:         []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"),
			},
			request: &keyproto.PushStateDiskKeyRequest{StateDiskKey: []byte("BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"), MeasurementSecret: []byte("CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC")},
			wantErr: true,
		},
		"incorrect size of pushed key": {
			testAPI: &KeyAPI{keyReceived: make(chan struct{}, 1)},
			request: &keyproto.PushStateDiskKeyRequest{StateDiskKey: []byte("AAAAAAAAAAAAAAAA"), MeasurementSecret: []byte("BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB")},
			wantErr: true,
		},
		"incorrect size of measurement secret": {
			testAPI: &KeyAPI{keyReceived: make(chan struct{}, 1)},
			request: &keyproto.PushStateDiskKeyRequest{StateDiskKey: []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"), MeasurementSecret: []byte("BBBBBBBBBBBBBBBB")},
			wantErr: true,
		},
	}

	for name, tc := range testCases {
		t.Run(name, func(t *testing.T) {
			assert := assert.New(t)

			tc.testAPI.log = logger.NewTest(t)
			_, err := tc.testAPI.PushStateDiskKey(context.Background(), tc.request)
			if tc.wantErr {
				assert.Error(err)
			} else {
				assert.NoError(err)
				assert.Equal(tc.request.StateDiskKey, tc.testAPI.key)
			}
		})
	}
}

func TestResetKey(t *testing.T) {
	api := New(logger.NewTest(t), nil, nil, time.Second, time.Millisecond)

	api.key = []byte{0x1, 0x2, 0x3}
	api.ResetKey()
	assert.Nil(t, api.key)
}

type stubMetadataServer struct {
	listAnswerC chan listAnswer
}

func newStubMetadataServer() *stubMetadataServer {
	return &stubMetadataServer{
		listAnswerC: make(chan listAnswer),
	}
}

func (s *stubMetadataServer) List(context.Context) ([]metadata.InstanceMetadata, error) {
	answer := <-s.listAnswerC
	return answer.listResponse, answer.err
}

type listAnswer struct {
	listResponse []metadata.InstanceMetadata
	err          error
}

type stubJoinAPIServer struct {
	issueRejoinTicketAnswerC chan issueRejoinTicketAnswer
	joinproto.UnimplementedAPIServer
}

func newStubJoinAPIServer() *stubJoinAPIServer {
	return &stubJoinAPIServer{
		issueRejoinTicketAnswerC: make(chan issueRejoinTicketAnswer),
	}
}

func (s *stubJoinAPIServer) IssueRejoinTicket(context.Context, *joinproto.IssueRejoinTicketRequest) (*joinproto.IssueRejoinTicketResponse, error) {
	answer := <-s.issueRejoinTicketAnswerC
	resp := &joinproto.IssueRejoinTicketResponse{
		StateDiskKey:      answer.stateDiskKey,
		MeasurementSecret: answer.measurementSecret,
	}
	return resp, answer.err
}

type issueRejoinTicketAnswer struct {
	stateDiskKey      []byte
	measurementSecret []byte
	err               error
}

type stubKeyAPIServer struct {
	pushStateDiskKeyAnswerC chan pushStateDiskKeyAnswer
	keyproto.UnimplementedAPIServer
}

func newStubKeyAPIServer() *stubKeyAPIServer {
	return &stubKeyAPIServer{
		pushStateDiskKeyAnswerC: make(chan pushStateDiskKeyAnswer),
	}
}

func (s *stubKeyAPIServer) PushStateDiskKey(context.Context, *keyproto.PushStateDiskKeyRequest) (*keyproto.PushStateDiskKeyResponse, error) {
	answer := <-s.pushStateDiskKeyAnswerC
	return &keyproto.PushStateDiskKeyResponse{}, answer.err
}

type pushStateDiskKeyAnswer struct {
	err error
}
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`package keyservice`

			`import (`
			`"context"`
			`"errors"`
			`"net"`
			`"testing"`
			`"time"`

Rename coordinator to bootstrapper and rename roles 2022-06-29 09:26:29 -04:00			`"github.com/edgelesssys/constellation/bootstrapper/role"`
Move aTLS fakes into atls package 2022-06-15 09:58:23 -04:00			`"github.com/edgelesssys/constellation/internal/atls"`
Bootstrapper 2022-06-29 10:17:23 -04:00			`"github.com/edgelesssys/constellation/internal/cloud/metadata"`
Dynamic grpc client credentials (#204) * Add an aTLS wrapper for grpc credentials * Move grpc dialers to internal and use aTLS grpc credentials Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-13 05:40:27 -04:00			`"github.com/edgelesssys/constellation/internal/grpc/atlscredentials"`
Replace logging with default logging interface (#233) * Add test logger * Refactor access manager logging * Refactor activation service logging * Refactor debugd logging * Refactor kms server logging * Refactor disk-mapper logging Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 10:51:30 -04:00			`"github.com/edgelesssys/constellation/internal/logger"`
Move aTLS fakes into atls package 2022-06-15 09:58:23 -04:00			`"github.com/edgelesssys/constellation/internal/oid"`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`"github.com/edgelesssys/constellation/joinservice/joinproto"`
AB#1903 Add grpc interface to push decryption keys Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-11 08:25:19 -04:00			`"github.com/edgelesssys/constellation/state/keyservice/keyproto"`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`"github.com/stretchr/testify/assert"`
Add goleak to all tests (#227) * Run goleak as part of all tests We are already using goleak in various tests. This commit adds a TestMain to all remaining tests and calls goleak.VerifyTestMain in them. * Add goleak to debugd/deploy package and fix bug. * Run go mod tidy * Fix integration tests * Move goleak invocation for mount integration test * Ignore leak in state integration tests Co-authored-by: Fabian Kammel <fk@edgelss.systems> 2022-06-30 09:24:36 -04:00			`"go.uber.org/goleak"`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`"google.golang.org/grpc"`
			`"google.golang.org/grpc/test/bufconn"`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`testclock "k8s.io/utils/clock/testing"`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`)`

Add goleak to all tests (#227) * Run goleak as part of all tests We are already using goleak in various tests. This commit adds a TestMain to all remaining tests and calls goleak.VerifyTestMain in them. * Add goleak to debugd/deploy package and fix bug. * Run go mod tidy * Fix integration tests * Move goleak invocation for mount integration test * Ignore leak in state integration tests Co-authored-by: Fabian Kammel <fk@edgelss.systems> 2022-06-30 09:24:36 -04:00			`func TestMain(m *testing.M) {`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`goleak.VerifyTestMain(m)`
Add goleak to all tests (#227) * Run goleak as part of all tests We are already using goleak in various tests. This commit adds a TestMain to all remaining tests and calls goleak.VerifyTestMain in them. * Add goleak to debugd/deploy package and fix bug. * Run go mod tidy * Fix integration tests * Move goleak invocation for mount integration test * Ignore leak in state integration tests Co-authored-by: Fabian Kammel <fk@edgelss.systems> 2022-06-30 09:24:36 -04:00			`}`

AB#1903 Add grpc interface to push decryption keys Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-11 08:25:19 -04:00			`func TestRequestKeyLoop(t *testing.T) {`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`clockstep := struct{}{}`
			`someErr := errors.New("failed")`
Bootstrapper 2022-06-29 10:17:23 -04:00			`defaultInstance := metadata.InstanceMetadata{`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`Name: "test-instance",`
			`ProviderID: "/test/provider",`
Rename coordinator to bootstrapper and rename roles 2022-06-29 09:26:29 -04:00			`Role: role.ControlPlane,`
replace flannel with cilium 2022-05-24 04:04:42 -04:00			`PrivateIPs: []string{"192.0.2.1"},`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`}`

			`testCases := map[string]struct {`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`answers []any`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`}{`
			`"success": {`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`answers: []any{`
			`listAnswer{listResponse: []metadata.InstanceMetadata{defaultInstance}},`
			`issueRejoinTicketAnswer{stateDiskKey: []byte{0x1}, measurementSecret: []byte{0x2}},`
			`pushStateDiskKeyAnswer{},`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`},`
			`},`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`"recover metadata list error": {`
			`answers: []any{`
			`listAnswer{err: someErr},`
			`clockstep,`
			`listAnswer{listResponse: []metadata.InstanceMetadata{defaultInstance}},`
			`issueRejoinTicketAnswer{stateDiskKey: []byte{0x1}, measurementSecret: []byte{0x2}},`
			`pushStateDiskKeyAnswer{},`
			`},`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`},`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`"recover issue rejoin ticket error": {`
			`answers: []any{`
			`listAnswer{listResponse: []metadata.InstanceMetadata{defaultInstance}},`
			`issueRejoinTicketAnswer{err: someErr},`
			`clockstep,`
			`listAnswer{listResponse: []metadata.InstanceMetadata{defaultInstance}},`
			`issueRejoinTicketAnswer{stateDiskKey: []byte{0x1}, measurementSecret: []byte{0x2}},`
			`pushStateDiskKeyAnswer{},`
			`},`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`},`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`"recover push key error": {`
			`answers: []any{`
			`listAnswer{listResponse: []metadata.InstanceMetadata{defaultInstance}},`
			`issueRejoinTicketAnswer{stateDiskKey: []byte{0x1}, measurementSecret: []byte{0x2}},`
			`pushStateDiskKeyAnswer{err: someErr},`
			`clockstep,`
			`listAnswer{listResponse: []metadata.InstanceMetadata{defaultInstance}},`
			`issueRejoinTicketAnswer{stateDiskKey: []byte{0x1}, measurementSecret: []byte{0x2}},`
			`pushStateDiskKeyAnswer{},`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`},`
			`},`
			`}`

			`for name, tc := range testCases {`
			`t.Run(name, func(t *testing.T) {`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`metadataServer := newStubMetadataServer()`
			`joinServer := newStubJoinAPIServer()`
			`keyServer := newStubKeyAPIServer()`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`listener := bufconn.Listen(1024)`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`defer listener.Close()`
Move aTLS fakes into atls package 2022-06-15 09:58:23 -04:00			`creds := atlscredentials.New(atls.NewFakeIssuer(oid.Dummy{}), nil)`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`grpcServer := grpc.NewServer(grpc.Creds(creds))`
			`joinproto.RegisterAPIServer(grpcServer, joinServer)`
			`keyproto.RegisterAPIServer(grpcServer, keyServer)`
			`go grpcServer.Serve(listener)`
			`defer grpcServer.GracefulStop()`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`clock := testclock.NewFakeClock(time.Now())`
			`keyReceived := make(chan struct{}, 1)`
AB#1903 Add grpc interface to push decryption keys Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-11 08:25:19 -04:00			`keyWaiter := &KeyAPI{`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`listenAddr: "192.0.2.1:30090",`
Replace logging with default logging interface (#233) * Add test logger * Refactor access manager logging * Refactor activation service logging * Refactor debugd logging * Refactor kms server logging * Refactor disk-mapper logging Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 10:51:30 -04:00			`log: logger.NewTest(t),`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`metadata: metadataServer,`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`keyReceived: keyReceived,`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`clock: clock,`
			`timeout: 1 * time.Second,`
			`interval: 1 * time.Second,`
			`}`
			`grpcOpts := []grpc.DialOption{`
			`grpc.WithContextDialer(func(ctx context.Context, s string) (net.Conn, error) {`
			`return listener.DialContext(ctx)`
			`}),`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`}`

Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`// Start the request loop under tests.`
			`done := make(chan struct{})`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`go func() {`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`defer close(done)`
			`keyWaiter.requestKeyLoop("1234", grpcOpts...)`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`}()`

Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`// Play test case answers.`
			`for _, answ := range tc.answers {`
			`switch answ := answ.(type) {`
			`case listAnswer:`
			`metadataServer.listAnswerC <- answ`
			`case issueRejoinTicketAnswer:`
			`joinServer.issueRejoinTicketAnswerC <- answ`
			`case pushStateDiskKeyAnswer:`
			`keyServer.pushStateDiskKeyAnswerC <- answ`
			`default:`
			`clock.Step(time.Second)`
			`}`
			`}`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`// Stop the request loop.`
			`keyReceived <- struct{}{}`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`})`
			`}`
			`}`

AB#1903 Add grpc interface to push decryption keys Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-11 08:25:19 -04:00			`func TestPushStateDiskKey(t *testing.T) {`
			`testCases := map[string]struct {`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`testAPI *KeyAPI`
			`request *keyproto.PushStateDiskKeyRequest`
			`wantErr bool`
AB#1903 Add grpc interface to push decryption keys Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-11 08:25:19 -04:00			`}{`
			`"success": {`
			`testAPI: &KeyAPI{keyReceived: make(chan struct{}, 1)},`
AB#2200 Merge Owner and Cluster ID (#282) * Merge Owner and Cluster ID into single value * Remove aTLS from KMS, as it is no longer used for cluster external communication * Update verify command to use cluster-id instead of unique-id flag * Remove owner ID from init output Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-07-26 04:58:39 -04:00			`request: &keyproto.PushStateDiskKeyRequest{StateDiskKey: []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"), MeasurementSecret: []byte("BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB")},`
AB#1903 Add grpc interface to push decryption keys Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-11 08:25:19 -04:00			`},`
			`"key already set": {`
			`testAPI: &KeyAPI{`
			`keyReceived: make(chan struct{}, 1),`
			`key: []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"),`
			`},`
AB#2200 Merge Owner and Cluster ID (#282) * Merge Owner and Cluster ID into single value * Remove aTLS from KMS, as it is no longer used for cluster external communication * Update verify command to use cluster-id instead of unique-id flag * Remove owner ID from init output Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-07-26 04:58:39 -04:00			`request: &keyproto.PushStateDiskKeyRequest{StateDiskKey: []byte("BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"), MeasurementSecret: []byte("CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC")},`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`wantErr: true,`
AB#1903 Add grpc interface to push decryption keys Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-11 08:25:19 -04:00			`},`
			`"incorrect size of pushed key": {`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`testAPI: &KeyAPI{keyReceived: make(chan struct{}, 1)},`
AB#2200 Merge Owner and Cluster ID (#282) * Merge Owner and Cluster ID into single value * Remove aTLS from KMS, as it is no longer used for cluster external communication * Update verify command to use cluster-id instead of unique-id flag * Remove owner ID from init output Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-07-26 04:58:39 -04:00			`request: &keyproto.PushStateDiskKeyRequest{StateDiskKey: []byte("AAAAAAAAAAAAAAAA"), MeasurementSecret: []byte("BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB")},`
			`wantErr: true,`
			`},`
			`"incorrect size of measurement secret": {`
			`testAPI: &KeyAPI{keyReceived: make(chan struct{}, 1)},`
			`request: &keyproto.PushStateDiskKeyRequest{StateDiskKey: []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"), MeasurementSecret: []byte("BBBBBBBBBBBBBBBB")},`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`wantErr: true,`
AB#1903 Add grpc interface to push decryption keys Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-11 08:25:19 -04:00			`},`
			`}`

			`for name, tc := range testCases {`
			`t.Run(name, func(t *testing.T) {`
			`assert := assert.New(t)`

Replace logging with default logging interface (#233) * Add test logger * Refactor access manager logging * Refactor activation service logging * Refactor debugd logging * Refactor kms server logging * Refactor disk-mapper logging Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 10:51:30 -04:00			`tc.testAPI.log = logger.NewTest(t)`
AB#1903 Add grpc interface to push decryption keys Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-11 08:25:19 -04:00			`_, err := tc.testAPI.PushStateDiskKey(context.Background(), tc.request)`
Ref/want err from err expected (#82) consistent naming for test values using 'want' instead of 'expect/ed' 2022-04-26 10:54:05 -04:00			`if tc.wantErr {`
AB#1903 Add grpc interface to push decryption keys Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-11 08:25:19 -04:00			`assert.Error(err)`
			`} else {`
			`assert.NoError(err)`
			`assert.Equal(tc.request.StateDiskKey, tc.testAPI.key)`
			`}`
			`})`
			`}`
			`}`

			`func TestResetKey(t *testing.T) {`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`api := New(logger.NewTest(t), nil, nil, time.Second, time.Millisecond)`
AB#1903 Add grpc interface to push decryption keys Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-11 08:25:19 -04:00
			`api.key = []byte{0x1, 0x2, 0x3}`
			`api.ResetKey()`
			`assert.Nil(t, api.key)`
			`}`

Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`type stubMetadataServer struct {`
			`listAnswerC chan listAnswer`
			`}`

			`func newStubMetadataServer() *stubMetadataServer {`
			`return &stubMetadataServer{`
			`listAnswerC: make(chan listAnswer),`
			`}`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`}`

Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`func (s *stubMetadataServer) List(context.Context) ([]metadata.InstanceMetadata, error) {`
			`answer := <-s.listAnswerC`
			`return answer.listResponse, answer.err`
AB#1902 Ping Coordinator from initramfs for key (#53) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-12 08:24:36 -04:00			`}`

Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`type listAnswer struct {`
Bootstrapper 2022-06-29 10:17:23 -04:00			`listResponse []metadata.InstanceMetadata`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`err error`
			`}`

			`type stubJoinAPIServer struct {`
			`issueRejoinTicketAnswerC chan issueRejoinTicketAnswer`
			`joinproto.UnimplementedAPIServer`
			`}`

			`func newStubJoinAPIServer() *stubJoinAPIServer {`
			`return &stubJoinAPIServer{`
			`issueRejoinTicketAnswerC: make(chan issueRejoinTicketAnswer),`
			`}`
			`}`

			`func (s stubJoinAPIServer) IssueRejoinTicket(context.Context, joinproto.IssueRejoinTicketRequest) (*joinproto.IssueRejoinTicketResponse, error) {`
			`answer := <-s.issueRejoinTicketAnswerC`
			`resp := &joinproto.IssueRejoinTicketResponse{`
			`StateDiskKey: answer.stateDiskKey,`
			`MeasurementSecret: answer.measurementSecret,`
			`}`
			`return resp, answer.err`
			`}`

			`type issueRejoinTicketAnswer struct {`
			`stateDiskKey []byte`
			`measurementSecret []byte`
			`err error`
			`}`

			`type stubKeyAPIServer struct {`
			`pushStateDiskKeyAnswerC chan pushStateDiskKeyAnswer`
			`keyproto.UnimplementedAPIServer`
			`}`

			`func newStubKeyAPIServer() *stubKeyAPIServer {`
			`return &stubKeyAPIServer{`
			`pushStateDiskKeyAnswerC: make(chan pushStateDiskKeyAnswer),`
			`}`
			`}`

			`func (s stubKeyAPIServer) PushStateDiskKey(context.Context, keyproto.PushStateDiskKeyRequest) (*keyproto.PushStateDiskKeyResponse, error) {`
			`answer := <-s.pushStateDiskKeyAnswerC`
			`return &keyproto.PushStateDiskKeyResponse{}, answer.err`
AB#1903 Add grpc interface to push decryption keys Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-11 08:25:19 -04:00			`}`

Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00			`type pushStateDiskKeyAnswer struct {`
			`err error`
AB#1903 Add grpc interface to push decryption keys Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-11 08:25:19 -04:00			`}`