/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
package cmd
import (
"bytes"
"fmt"
"testing"
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
"github.com/edgelesssys/constellation/v2/internal/config"
"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/versions"
"github.com/spf13/afero"
"github.com/spf13/cobra"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"golang.org/x/mod/semver"
"gopkg.in/yaml.v3"
)
func TestConfigGenerateKubernetesVersion(t *testing.T) {
testCases := map[string]struct {
version string
wantErr bool
}{
"success": {
version: semver.MajorMinor(string(versions.Default)),
},
"no semver": {
version: "asdf",
wantErr: true,
},
"not supported": {
version: "1111",
wantErr: true,
},
}
for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
assert := assert.New(t)
require := require.New(t)
fileHandler := file.NewHandler(afero.NewMemMapFs())
cmd := newConfigGenerateCmd()
err := cmd.Flags().Set("kubernetes", tc.version)
require.NoError(err)
cg := &configGenerateCmd{log: logger.NewTest(t)}
err = cg.configGenerate(cmd, fileHandler, cloudprovider.Unknown, "")
if tc.wantErr {
assert.Error(err)
return
}
assert.NoError(err)
})
}
}
func TestConfigGenerateDefault(t *testing.T) {
assert := assert.New(t)
require := require.New(t)
fileHandler := file.NewHandler(afero.NewMemMapFs())
cmd := newConfigGenerateCmd()
cg := &configGenerateCmd{log: logger.NewTest(t)}
require.NoError(cg.configGenerate(cmd, fileHandler, cloudprovider.Unknown, ""))
var readConfig config.Config
err := fileHandler.ReadYAML(constants.ConfigFilename, &readConfig)
assert.NoError(err)
assert.Equal(*config.Default(), readConfig)
}
func TestConfigGenerateDefaultProviderSpecific(t *testing.T) {
providers := []cloudprovider.Provider{
cloudprovider.AWS,
cloudprovider.Azure,
cloudprovider.GCP,
cloudprovider.OpenStack,
}
for _, provider := range providers {
t.Run(provider.String(), func(t *testing.T) {
assert := assert.New(t)
require := require.New(t)
fileHandler := file.NewHandler(afero.NewMemMapFs())
cmd := newConfigGenerateCmd()
wantConf := config.Default()
wantConf.RemoveProviderAndAttestationExcept(provider)
cg := &configGenerateCmd{log: logger.NewTest(t)}
require.NoError(cg.configGenerate(cmd, fileHandler, provider, ""))
var readConfig config.Config
err := fileHandler.ReadYAML(constants.ConfigFilename, &readConfig)
assert.NoError(err)
assert.Equal(*wantConf, readConfig)
})
}
}
func TestConfigGenerateWithStackIt(t *testing.T) {
openStackProviders := []string{"stackit"}
for _, openStackProvider := range openStackProviders {
t.Run(openStackProvider, func(t *testing.T) {
assert := assert.New(t)
require := require.New(t)
fileHandler := file.NewHandler(afero.NewMemMapFs())
cmd := newConfigGenerateCmd()
wantConf := config.Default().WithOpenStackProviderDefaults(openStackProvider)
wantConf.RemoveProviderAndAttestationExcept(cloudprovider.OpenStack)
cg := &configGenerateCmd{log: logger.NewTest(t)}
require.NoError(cg.configGenerate(cmd, fileHandler, cloudprovider.OpenStack, openStackProvider))
var readConfig config.Config
err := fileHandler.ReadYAML(constants.ConfigFilename, &readConfig)
assert.NoError(err)
assert.Equal(*wantConf, readConfig)
})
}
}
func TestConfigGenerateDefaultExists(t *testing.T) {
require := require.New(t)
fileHandler := file.NewHandler(afero.NewMemMapFs())
require.NoError(fileHandler.Write(constants.ConfigFilename, []byte("foobar"), file.OptNone))
cmd := newConfigGenerateCmd()
cg := &configGenerateCmd{log: logger.NewTest(t)}
require.Error(cg.configGenerate(cmd, fileHandler, cloudprovider.Unknown, ""))
}
func TestConfigGenerateFileFlagRemoved(t *testing.T) {
require := require.New(t)
fileHandler := file.NewHandler(afero.NewMemMapFs())
cmd := newConfigGenerateCmd()
cmd.ResetFlags()
cg := &configGenerateCmd{log: logger.NewTest(t)}
require.Error(cg.configGenerate(cmd, fileHandler, cloudprovider.Unknown, ""))
}
func TestConfigGenerateStdOut(t *testing.T) {
assert := assert.New(t)
require := require.New(t)
fileHandler := file.NewHandler(afero.NewMemMapFs())
var outBuffer bytes.Buffer
cmd := newConfigGenerateCmd()
cmd.SetOut(&outBuffer)
require.NoError(cmd.Flags().Set("file", "-"))
cg := &configGenerateCmd{log: logger.NewTest(t)}
require.NoError(cg.configGenerate(cmd, fileHandler, cloudprovider.Unknown, ""))
var readConfig config.Config
require.NoError(yaml.NewDecoder(&outBuffer).Decode(&readConfig))
assert.Equal(*config.Default(), readConfig)
}
func TestNoValidProviderAttestationCombination(t *testing.T) {
assert := assert.New(t)
tests := []struct {
provider cloudprovider.Provider
attestation variant.Variant
}{
{cloudprovider.Azure, variant.AWSNitroTPM{}},
{cloudprovider.AWS, variant.AzureTrustedLaunch{}},
{cloudprovider.GCP, variant.AWSNitroTPM{}},
{cloudprovider.QEMU, variant.GCPSEVES{}},
{cloudprovider.OpenStack, variant.AWSNitroTPM{}},
}
for _, test := range tests {
t.Run("", func(t *testing.T) {
_, err := createConfigWithAttestationType(test.provider, "", test.attestation)
assert.Error(err)
})
}
}
func TestValidProviderAttestationCombination(t *testing.T) {
defaultAttestation := config.Default().Attestation
tests := []struct {
provider cloudprovider.Provider
attestation variant.Variant
expected config.AttestationConfig
}{
{
cloudprovider.Azure,
variant.AzureTrustedLaunch{},
config.AttestationConfig{AzureTrustedLaunch: defaultAttestation.AzureTrustedLaunch},
},
{
cloudprovider.Azure,
variant.AzureSEVSNP{},
config.AttestationConfig{AzureSEVSNP: defaultAttestation.AzureSEVSNP},
},
{
cloudprovider.AWS,
variant.AWSSEVSNP{},
config.AttestationConfig{AWSSEVSNP: defaultAttestation.AWSSEVSNP},
},
{
cloudprovider.AWS,
variant.AWSNitroTPM{},
config.AttestationConfig{AWSNitroTPM: defaultAttestation.AWSNitroTPM},
},
{
cloudprovider.GCP,
variant.GCPSEVES{},
config.AttestationConfig{GCPSEVES: defaultAttestation.GCPSEVES},
},
{
cloudprovider.QEMU,
variant.QEMUVTPM{},
config.AttestationConfig{QEMUVTPM: defaultAttestation.QEMUVTPM},
},
{
cloudprovider.OpenStack,
variant.QEMUVTPM{},
config.AttestationConfig{QEMUVTPM: defaultAttestation.QEMUVTPM},
},
}
for _, test := range tests {
t.Run(fmt.Sprintf("Provider:%s,Attestation:%s", test.provider, test.attestation), func(t *testing.T) {
sut, err := createConfigWithAttestationType(test.provider, "", test.attestation)
assert := assert.New(t)
assert.NoError(err)
assert.Equal(test.expected, sut.Attestation)
})
}
}
func TestAttestationArgument(t *testing.T) {
defaultAttestation := config.Default().Attestation
tests := []struct {
name string
provider cloudprovider.Provider
expectErr bool
expectedCfg config.AttestationConfig
setFlag func(*cobra.Command) error
}{
{
name: "InvalidAttestationArgument",
provider: cloudprovider.Unknown,
expectErr: true,
setFlag: func(cmd *cobra.Command) error {
return cmd.Flags().Set("attestation", "unknown")
},
},
{
name: "ValidAttestationArgument",
provider: cloudprovider.Azure,
expectErr: false,
setFlag: func(cmd *cobra.Command) error {
return cmd.Flags().Set("attestation", "azure-trustedlaunch")
},
expectedCfg: config.AttestationConfig{AzureTrustedLaunch: defaultAttestation.AzureTrustedLaunch},
},
{
name: "WithoutAttestationArgument",
provider: cloudprovider.Azure,
expectErr: false,
setFlag: func(cmd *cobra.Command) error {
return nil
},
expectedCfg: config.AttestationConfig{AzureSEVSNP: defaultAttestation.AzureSEVSNP},
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
require := assert.New(t)
assert := assert.New(t)
cmd := newConfigGenerateCmd()
require.NoError(test.setFlag(cmd))
fileHandler := file.NewHandler(afero.NewMemMapFs())
cg := &configGenerateCmd{log: logger.NewTest(t)}
err := cg.configGenerate(cmd, fileHandler, test.provider, "")
if test.expectErr {
assert.Error(err)
} else {
assert.NoError(err)
var readConfig config.Config
require.NoError(fileHandler.ReadYAML(constants.ConfigFilename, &readConfig))
assert.Equal(test.expectedCfg, readConfig.Attestation)
}
})
}
}