Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-07 14:32:17 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update GCP KMS tests and implementation

Browse source 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2022-03-25 11:02:02 +01:00 committed by Daniel Weiße
parent fefff8ee92
commit f1299a40f4
4 changed files with 364 additions and 293 deletions
Download patch file Download diff file Expand all files Collapse all files

15
kms/test/gcp_test.go
View file

@ -12,6 +12,7 @@ import (
"github.com/edgelesssys/constellation/kms/kms/gcp"
"github.com/edgelesssys/constellation/kms/storage"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1"
)
@ -27,15 +28,18 @@ func TestCreateGcpKEK(t *testing.T) {
t.Skip("Skipping Google KMS key creation test")
}
assert := assert.New(t)
require := require.New(t)
store := storage.NewMemMapStorage()
kekName := addSuffix("test-kek")
dekName := "test-dek"
kmsClient := gcp.New(gcpProjectID, gcpLocation, gcpKeyRing, store, kmspb.ProtectionLevel_SOFTWARE)
ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
defer cancel()
kmsClient, err := gcp.New(ctx, gcpProjectID, gcpLocation, gcpKeyRing, store, kmspb.ProtectionLevel_SOFTWARE)
require.NoError(err)
// Key name is random, but there is a chance we try to create a key that already exists, in that case the test fails
assert.NoError(kmsClient.CreateKEK(ctx, kekName, nil))
@ -57,16 +61,19 @@ func TestImportGcpKEK(t *testing.T) {
t.Skip("Skipping Google KMS key import test")
}
assert := assert.New(t)
require := require.New(t)
store := storage.NewMemMapStorage()
kekName := addSuffix("test-kek")
kekData := []byte{0x52, 0xFD, 0xFC, 0x07, 0x21, 0x82, 0x65, 0x4F, 0x16, 0x3F, 0x5F, 0x0F, 0x9A, 0x62, 0x1D, 0x72, 0x95, 0x66, 0xC7, 0x4D, 0x10, 0x03, 0x7C, 0x4D, 0x7B, 0xBB, 0x04, 0x07, 0xD1, 0xE2, 0xC6, 0x49}
dekName := "test-dek"
kmsClient := gcp.New(gcpProjectID, gcpLocation, gcpKeyRing, store, kmspb.ProtectionLevel_SOFTWARE)
ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
defer cancel()
kmsClient, err := gcp.New(ctx, gcpProjectID, gcpLocation, gcpKeyRing, store, kmspb.ProtectionLevel_SOFTWARE)
require.NoError(err)
assert.NoError(kmsClient.CreateKEK(ctx, kekName, kekData))
res, err := kmsClient.GetDEK(ctx, kekName, dekName, config.SymmetricKeyLength)