/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
package cmd
import (
"bytes"
"context"
"errors"
"io"
"net/http"
"strings"
"testing"
"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
"github.com/edgelesssys/constellation/v2/internal/config"
"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/logger"
consemver "github.com/edgelesssys/constellation/v2/internal/semver"
"github.com/spf13/afero"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
// TestBuildString checks that the resulting user output is as expected. Slow part is the Sscanf in parseCanonicalSemver().
func TestBuildString(t *testing.T) {
testCases := map[string]struct {
upgrade versionUpgrade
expected string
wantError bool
}{
"update everything": {
upgrade: versionUpgrade{
newServices: consemver.NewFromInt(2, 5, 0, ""),
newImages: map[string]measurements.M{
"v2.5.0": measurements.DefaultsFor(cloudprovider.QEMU, variant.QEMUVTPM{}),
},
newKubernetes: []string{"v1.24.12", "v1.25.6"},
newCLI: []consemver.Semver{consemver.NewFromInt(2, 5, 0, ""), consemver.NewFromInt(2, 6, 0, "")},
currentServices: consemver.NewFromInt(2, 4, 0, ""),
currentImage: consemver.NewFromInt(2, 4, 0, ""),
currentKubernetes: consemver.NewFromInt(1, 24, 5, ""),
currentCLI: consemver.NewFromInt(2, 4, 0, ""),
},
expected: "The following updates are available with this CLI:\n Kubernetes: v1.24.5 --> v1.24.12 v1.25.6\n Images:\n v2.4.0 --> v2.5.0\n Includes these measurements:\n 4:\n expected: \"1234123412341234123412341234123412341234123412341234123412341234\"\n warnOnly: false\n 8:\n expected: \"0000000000000000000000000000000000000000000000000000000000000000\"\n warnOnly: false\n 9:\n expected: \"1234123412341234123412341234123412341234123412341234123412341234\"\n warnOnly: false\n 11:\n expected: \"0000000000000000000000000000000000000000000000000000000000000000\"\n warnOnly: false\n 12:\n expected: \"1234123412341234123412341234123412341234123412341234123412341234\"\n warnOnly: false\n 13:\n expected: \"0000000000000000000000000000000000000000000000000000000000000000\"\n warnOnly: false\n 15:\n expected: \"0000000000000000000000000000000000000000000000000000000000000000\"\n warnOnly: false\n \n Services: v2.4.0 --> v2.5.0\n",
},
"cli incompatible with K8s": {
upgrade: versionUpgrade{
newCLI: []consemver.Semver{consemver.NewFromInt(2, 5, 0, ""), consemver.NewFromInt(2, 6, 0, "")},
currentCLI: consemver.NewFromInt(2, 4, 0, ""),
},
expected: "There are newer CLIs available (v2.5.0 v2.6.0), however, you need to upgrade your cluster's Kubernetes version first.\n",
},
"cli compatible with K8s": {
upgrade: versionUpgrade{
newCompatibleCLI: []consemver.Semver{consemver.NewFromInt(2, 5, 0, ""), consemver.NewFromInt(2, 6, 0, "")},
currentCLI: consemver.NewFromInt(2, 4, 0, ""),
},
expected: "Newer CLI versions that are compatible with your cluster are: v2.5.0 v2.6.0\n",
},
"k8s only": {
upgrade: versionUpgrade{
newKubernetes: []string{"v1.24.12", "v1.25.6"},
currentKubernetes: consemver.NewFromInt(1, 24, 5, ""),
},
expected: "The following updates are available with this CLI:\n Kubernetes: v1.24.5 --> v1.24.12 v1.25.6\n",
},
"no upgrades": {
upgrade: versionUpgrade{
newServices: consemver.Semver{},
newImages: map[string]measurements.M{},
newKubernetes: []string{},
newCLI: []consemver.Semver{},
currentServices: consemver.NewFromInt(2, 5, 0, ""),
currentImage: consemver.NewFromInt(2, 5, 0, ""),
currentKubernetes: consemver.NewFromInt(1, 25, 6, ""),
currentCLI: consemver.NewFromInt(2, 5, 0, ""),
},
expected: "You are up to date.\n",
},
"no upgrades #2": {
upgrade: versionUpgrade{},
expected: "You are up to date.\n",
},
}
for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
assert := assert.New(t)
result, err := tc.upgrade.buildString()
if tc.wantError {
assert.Error(err)
return
}
assert.NoError(err)
assert.Equal(tc.expected, result)
})
}
}
func TestGetCompatibleImageMeasurements(t *testing.T) {
assert := assert.New(t)
require := require.New(t)
csp := cloudprovider.Azure
attestationVariant := variant.AzureSEVSNP{}
versionZero, err := versionsapi.NewVersion("-", "stable", "v0.0.0", versionsapi.VersionKindImage)
require.NoError(err)
client := newTestClient(func(req *http.Request) *http.Response {
if strings.HasSuffix(req.URL.String(), "v0.0.0/image/measurements.json") {
return &http.Response{
StatusCode: http.StatusOK,
Body: io.NopCloser(strings.NewReader(`{"version": "v0.0.0","ref": "-","stream": "stable","list": [{"csp": "Azure","attestationVariant": "azure-sev-snp","measurements": {"0": {"expected": "0000000000000000000000000000000000000000000000000000000000000000","warnOnly": false}}}]}`)),
Header: make(http.Header),
}
}
if strings.HasSuffix(req.URL.String(), "v0.0.0/image/measurements.json.sig") {
return &http.Response{
StatusCode: http.StatusOK,
Body: io.NopCloser(strings.NewReader("MEQCIGRR7RaSMs892Ta06/Tz7LqPUxI05X4wQcP+nFFmZtmaAiBNl9X8mUKmUBfxg13LQBfmmpw6JwYQor5hOwM3NFVPAg==")),
Header: make(http.Header),
}
}
return &http.Response{
StatusCode: http.StatusNotFound,
Body: io.NopCloser(strings.NewReader("Not found.")),
Header: make(http.Header),
}
})
upgrades, err := getCompatibleImageMeasurements(context.Background(), &bytes.Buffer{}, client, &stubCosignVerifier{}, singleUUIDVerifier(), csp, attestationVariant, versionZero, logger.NewTest(t))
assert.NoError(err)
for _, measurement := range upgrades {
assert.NotEmpty(measurement)
}
}
func TestUpgradeCheck(t *testing.T) {
require := require.New(t)
v2_3, err := versionsapi.NewVersion("-", "stable", "v2.3.0", versionsapi.VersionKindImage)
require.NoError(err)
v2_5, err := versionsapi.NewVersion("-", "stable", "v2.5.0", versionsapi.VersionKindImage)
require.NoError(err)
collector := stubVersionCollector{
supportedServicesVersions: consemver.NewFromInt(2, 5, 0, ""),
supportedImages: []versionsapi.Version{v2_3},
supportedImageVersions: map[string]measurements.M{
"v2.3.0": measurements.DefaultsFor(cloudprovider.GCP, variant.GCPSEVES{}),
},
supportedK8sVersions: []string{"v1.24.5", "v1.24.12", "v1.25.6"},
currentServicesVersions: consemver.NewFromInt(2, 4, 0, ""),
currentImageVersion: consemver.NewFromInt(2, 4, 0, ""),
currentK8sVersion: consemver.NewFromInt(1, 24, 5, ""),
currentCLIVersion: consemver.NewFromInt(2, 4, 0, ""),
images: []versionsapi.Version{v2_5},
newCLIVersionsList: []consemver.Semver{consemver.NewFromInt(2, 5, 0, ""), consemver.NewFromInt(2, 6, 0, "")},
}
testCases := map[string]struct {
collector stubVersionCollector
csp cloudprovider.Provider
checker stubTerraformChecker
cliVersion string
wantError bool
}{
"upgrades gcp": {
collector: collector,
checker: stubTerraformChecker{},
csp: cloudprovider.GCP,
cliVersion: "v1.0.0",
},
"terraform plan err": {
collector: collector,
checker: stubTerraformChecker{
planErr: assert.AnError,
},
csp: cloudprovider.GCP,
cliVersion: "v1.0.0",
wantError: true,
},
"terraform rollback err, log only": {
collector: collector,
checker: stubTerraformChecker{
rollbackErr: assert.AnError,
},
csp: cloudprovider.GCP,
cliVersion: "v1.0.0",
},
}
for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
assert := assert.New(t)
fileHandler := file.NewHandler(afero.NewMemMapFs())
cfg := defaultConfigWithExpectedMeasurements(t, config.Default(), tc.csp)
require.NoError(fileHandler.WriteYAML(constants.ConfigFilename, cfg))
checkCmd := upgradeCheckCmd{
canUpgradeCheck: true,
collect: &tc.collector,
terraformChecker: tc.checker,
fileHandler: fileHandler,
log: logger.NewTest(t),
}
cmd := newUpgradeCheckCmd()
err := checkCmd.upgradeCheck(cmd, stubAttestationFetcher{})
if tc.wantError {
assert.Error(err)
return
}
assert.NoError(err)
})
}
}
type stubVersionCollector struct {
supportedServicesVersions consemver.Semver
supportedImages []versionsapi.Version
supportedImageVersions map[string]measurements.M
supportedK8sVersions []string
supportedCLIVersions []consemver.Semver
currentServicesVersions consemver.Semver
currentImageVersion consemver.Semver
currentK8sVersion consemver.Semver
currentCLIVersion consemver.Semver
images []versionsapi.Version
newCLIVersionsList []consemver.Semver
newCompatibleCLIVersionsList []consemver.Semver
someErr error
}
func (s *stubVersionCollector) newMeasurements(_ context.Context, _ cloudprovider.Provider, _ variant.Variant, _ []versionsapi.Version) (map[string]measurements.M, error) {
return s.supportedImageVersions, nil
}
func (s *stubVersionCollector) currentVersions(_ context.Context) (currentVersionInfo, error) {
return currentVersionInfo{
service: s.currentServicesVersions,
image: s.currentImageVersion,
k8s: s.currentK8sVersion,
cli: s.currentCLIVersion,
}, s.someErr
}
func (s *stubVersionCollector) supportedVersions(_ context.Context, _, _ consemver.Semver) (supportedVersionInfo, error) {
return supportedVersionInfo{
service: s.supportedServicesVersions,
image: s.supportedImages,
k8s: s.supportedK8sVersions,
cli: s.supportedCLIVersions,
}, s.someErr
}
func (s *stubVersionCollector) newImages(_ context.Context, _ consemver.Semver) ([]versionsapi.Version, error) {
return s.images, nil
}
func (s *stubVersionCollector) newerVersions(_ context.Context, _ []string) ([]versionsapi.Version, error) {
return s.images, nil
}
func (s *stubVersionCollector) newCLIVersions(_ context.Context) ([]consemver.Semver, error) {
return s.newCLIVersionsList, nil
}
func (s *stubVersionCollector) filterCompatibleCLIVersions(_ context.Context, _ []consemver.Semver, _ consemver.Semver) ([]consemver.Semver, error) {
return s.newCompatibleCLIVersionsList, nil
}
type stubTerraformChecker struct {
tfDiff bool
planErr error
rollbackErr error
}
func (s stubTerraformChecker) Plan(_ context.Context, _ *config.Config) (bool, error) {
return s.tfDiff, s.planErr
}
func (s stubTerraformChecker) RestoreWorkspace() error {
return s.rollbackErr
}
func TestNewCLIVersions(t *testing.T) {
someErr := errors.New("some error")
minorList := func() versionsapi.List {
return versionsapi.List{
Versions: []string{"v0.2.0"},
}
}
patchList := func() versionsapi.List {
return versionsapi.List{
Versions: []string{"v0.2.1"},
}
}
emptyVerList := func() versionsapi.List {
return versionsapi.List{}
}
verCollector := func(minorList, patchList versionsapi.List, verListErr error) versionCollector {
return versionCollector{
cliVersion: consemver.NewFromInt(0, 1, 0, ""),
versionsapi: stubVersionFetcher{
minorList: minorList,
patchList: patchList,
versionListErr: verListErr,
},
}
}
testCases := map[string]struct {
verCollector versionCollector
wantErr bool
}{
"works": {
verCollector: verCollector(minorList(), patchList(), nil),
},
"empty versions list": {
verCollector: verCollector(emptyVerList(), emptyVerList(), nil),
},
"version list error": {
verCollector: verCollector(minorList(), patchList(), someErr),
wantErr: true,
},
}
for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
require := require.New(t)
_, err := tc.verCollector.newCLIVersions(context.Background())
if tc.wantErr {
require.Error(err)
return
}
require.NoError(err)
})
}
}
func TestFilterCompatibleCLIVersions(t *testing.T) {
someErr := errors.New("some error")
verCollector := func(cliInfoErr error) versionCollector {
return versionCollector{
cliVersion: consemver.NewFromInt(0, 1, 0, ""),
versionsapi: stubVersionFetcher{
cliInfoErr: cliInfoErr,
},
}
}
testCases := map[string]struct {
verCollector versionCollector
cliPatchVersions []consemver.Semver
wantErr bool
}{
"works": {
verCollector: verCollector(nil),
cliPatchVersions: []consemver.Semver{consemver.NewFromInt(0, 1, 1, "")},
},
"cli info error": {
verCollector: verCollector(someErr),
cliPatchVersions: []consemver.Semver{consemver.NewFromInt(0, 1, 1, "")},
wantErr: true,
},
}
for name, tc := range testCases {
t.Run(name, func(t *testing.T) {
require := require.New(t)
_, err := tc.verCollector.filterCompatibleCLIVersions(context.Background(), tc.cliPatchVersions, consemver.NewFromInt(1, 24, 5, ""))
if tc.wantErr {
require.Error(err)
return
}
require.NoError(err)
})
}
}
type stubVersionFetcher struct {
minorList versionsapi.List
patchList versionsapi.List
versionListErr error
cliInfoErr error
}
func (f stubVersionFetcher) FetchVersionList(_ context.Context, list versionsapi.List) (versionsapi.List, error) {
switch list.Granularity {
case versionsapi.GranularityMajor:
return f.minorList, f.versionListErr
case versionsapi.GranularityMinor:
return f.patchList, f.versionListErr
}
return versionsapi.List{}, f.versionListErr
}
func (f stubVersionFetcher) FetchCLIInfo(_ context.Context, _ versionsapi.CLIInfo) (versionsapi.CLIInfo, error) {
return versionsapi.CLIInfo{}, f.cliInfoErr
}