/* Copyright (c) Edgeless Systems GmbH SPDX-License-Identifier: AGPL-3.0-only */ package openstack import ( "context" "errors" "fmt" "testing" "github.com/edgelesssys/constellation/v2/internal/cloud/metadata" "github.com/edgelesssys/constellation/v2/internal/role" "github.com/gophercloud/gophercloud" "github.com/gophercloud/gophercloud/openstack/compute/v2/servers" "github.com/gophercloud/gophercloud/openstack/networking/v2/subnets" "github.com/gophercloud/gophercloud/pagination" "github.com/stretchr/testify/assert" ) func TestSelf(t *testing.T) { someErr := fmt.Errorf("failed") testCases := map[string]struct { imds imdsAPI want metadata.InstanceMetadata wantErr bool }{ "success": { imds: &stubIMDSClient{ nameResult: "name", providerIDResult: "providerID", roleResult: role.ControlPlane, vpcIPResult: "192.0.2.1", }, want: metadata.InstanceMetadata{ Name: "name", ProviderID: "providerID", Role: role.ControlPlane, VPCIP: "192.0.2.1", }, }, "fail to get name": { imds: &stubIMDSClient{ nameErr: someErr, providerIDResult: "providerID", roleResult: role.ControlPlane, vpcIPResult: "192.0.2.1", }, wantErr: true, }, "fail to get provider ID": { imds: &stubIMDSClient{ nameResult: "name", providerIDErr: someErr, roleResult: role.ControlPlane, vpcIPResult: "192.0.2.1", }, wantErr: true, }, "fail to get role": { imds: &stubIMDSClient{ nameResult: "name", providerIDResult: "providerID", roleErr: someErr, vpcIPResult: "192.0.2.1", }, wantErr: true, }, "fail to get VPC IP": { imds: &stubIMDSClient{ nameResult: "name", providerIDResult: "providerID", roleResult: role.ControlPlane, vpcIPErr: someErr, }, wantErr: true, }, } for name, tc := range testCases { t.Run(name, func(t *testing.T) { assert := assert.New(t) c := &Cloud{imds: tc.imds} got, err := c.Self(context.Background()) if tc.wantErr { assert.Error(err) } else { assert.NoError(err) assert.Equal(tc.want, got) } }) } } func TestList(t *testing.T) { someErr := fmt.Errorf("failed") // newTestAddrs returns a set of raw server addresses as we would get from // a ListServers call and as expected by the parseSeverAddresses function. // The hardcoded addresses don't match what we are looking for. A valid // address can be injected. You can pass a second valid address to test // that the first valid one is chosen. newTestAddrs := func(vpcIP1, vpcIP2 string) map[string]any { return map[string]any{ "network1": []any{ map[string]any{ "addr": "198.51.100.0", "version": 4, "OS-EXT-IPS:type": "fixed", "OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:0c:0c:0c", }, }, "network2": []any{ map[string]any{ "addr": "192.0.2.1", "version": 4, "OS-EXT-IPS:type": "floating", "OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:0c:0c:0c", }, map[string]any{ "addr": "2001:db8:3333:4444:5555:6666:7777:8888", "version": 6, "OS-EXT-IPS:type": "fixed", "OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:0c:0c:0c", }, map[string]any{ "addr": vpcIP1, "version": 4, "OS-EXT-IPS:type": "fixed", "OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:0c:0c:0c", }, map[string]any{ "addr": vpcIP2, "version": 4, "OS-EXT-IPS:type": "fixed", "OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:0c:0c:0c", }, }, } } testCases := map[string]struct { imds imdsAPI api serversAPI want []metadata.InstanceMetadata wantErr bool }{ "success": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ serversPager: newSeverPager([]servers.Server{ { Name: "name1", ID: "id1", Tags: &[]string{"constellation-role-control-plane", "constellation-uid-7777"}, Addresses: newTestAddrs("192.0.2.5", ""), }, { Name: "name2", ID: "id2", Tags: &[]string{"constellation-role-worker", "constellation-uid-7777"}, Addresses: newTestAddrs("192.0.2.6", "192.0.2.99"), }, { Name: "name3", ID: "id3", Tags: &[]string{"constellation-role-worker", "constellation-uid-8888"}, Addresses: newTestAddrs("198.51.100.1", ""), }, }, nil), subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), }, want: []metadata.InstanceMetadata{ { Name: "name1", ProviderID: "id1", Role: role.ControlPlane, VPCIP: "192.0.2.5", }, { Name: "name2", ProviderID: "id2", Role: role.Worker, VPCIP: "192.0.2.6", }, }, }, "no servers found": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ serversPager: newSeverPager([]servers.Server{}, nil), subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), }, wantErr: true, }, "imds uid error": { imds: &stubIMDSClient{uidErr: someErr}, wantErr: true, }, "list subnets error": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ subnetsPager: stubPager{allPagesErr: someErr}, }, wantErr: true, }, "extract subnets error": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ subnetsPager: newSubnetPager([]subnets.Subnet{}, someErr), }, wantErr: true, }, "multiple subnets error": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ subnetsPager: newSubnetPager([]subnets.Subnet{ {CIDR: "192.0.2.0/24"}, {CIDR: "198.51.100.0/24"}, }, nil), }, wantErr: true, }, "parse subnet error": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "notAnIP"}}, nil), }, wantErr: true, }, "list servers error": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ serversPager: stubPager{allPagesErr: someErr}, subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), }, wantErr: true, }, "extract servers error": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ serversPager: newSeverPager([]servers.Server{}, someErr), subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), }, wantErr: true, }, "sever with empty name skipped": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ serversPager: newSeverPager([]servers.Server{ { ID: "id1", Tags: &[]string{"constellation-role-control-plane", "constellation-uid-7777"}, Addresses: newTestAddrs("192.0.2.5", ""), }, }, nil), subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), }, wantErr: true, }, "sever with nil tags skipped": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ serversPager: newSeverPager([]servers.Server{ { Name: "name1", ID: "id1", Addresses: newTestAddrs("192.0.2.5", ""), }, }, nil), subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), }, wantErr: true, }, "server with empty ID skipped": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ serversPager: newSeverPager([]servers.Server{ { Name: "name1", Tags: &[]string{"constellation-role-control-plane", "constellation-uid-7777"}, Addresses: newTestAddrs("192.0.2.5", ""), }, }, nil), subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), }, wantErr: true, }, "server with unknown role skipped": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ serversPager: newSeverPager([]servers.Server{ { Name: "name1", ID: "id1", Tags: &[]string{"constellation-role-unknown", "constellation-uid-7777"}, Addresses: newTestAddrs("192.0.2.5", ""), }, }, nil), subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), }, wantErr: true, }, "server without role skipped": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ serversPager: newSeverPager([]servers.Server{ { Name: "name1", ID: "id1", Tags: &[]string{"constellation-uid-7777"}, Addresses: newTestAddrs("192.0.2.5", ""), }, }, nil), subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), }, wantErr: true, }, "server without parseable addresses skipped": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ serversPager: newSeverPager([]servers.Server{ { Name: "name1", ID: "id1", Tags: &[]string{"constellation-role-control-plane", "constellation-uid-7777"}, Addresses: map[string]any{"foo": "bar"}, }, }, nil), subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), }, wantErr: true, }, "server addresses contains in": { imds: &stubIMDSClient{uidResult: "uid"}, api: &stubServersClient{ serversPager: newSeverPager([]servers.Server{ { Name: "name1", ID: "id1", Tags: &[]string{"constellation-role-control-plane", "constellation-uid-7777"}, Addresses: newTestAddrs("invalidIP", ""), }, }, nil), subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), }, wantErr: true, }, } for name, tc := range testCases { t.Run(name, func(t *testing.T) { assert := assert.New(t) c := &Cloud{imds: tc.imds, api: tc.api} got, err := c.List(context.Background()) if tc.wantErr { assert.Error(err) } else { assert.NoError(err) assert.Equal(tc.want, got) } }) } } func TestUID(t *testing.T) { testCases := map[string]struct { imds *stubIMDSClient want string wantErr bool }{ "error returned from IMDS client": { imds: &stubIMDSClient{uidErr: errors.New("failed")}, wantErr: true, }, "UID returned from IMDS client": { imds: &stubIMDSClient{uidResult: "uid"}, want: "uid", }, } for name, tc := range testCases { t.Run(name, func(t *testing.T) { assert := assert.New(t) c := &Cloud{imds: tc.imds} got, err := c.UID(context.Background()) if tc.wantErr { assert.Error(err) } else { assert.NoError(err) assert.Equal(tc.want, got) } }) } } func TestInitSecretHash(t *testing.T) { testCases := map[string]struct { imds *stubIMDSClient want []byte wantErr bool }{ "error returned from IMDS client": { imds: &stubIMDSClient{initSecretHashErr: errors.New("failed")}, wantErr: true, }, "initSecretHash returned from IMDS client": { imds: &stubIMDSClient{initSecretHashResult: "initSecretHash"}, want: []byte("initSecretHash"), }, } for name, tc := range testCases { t.Run(name, func(t *testing.T) { assert := assert.New(t) c := &Cloud{imds: tc.imds} got, err := c.InitSecretHash(context.Background()) if tc.wantErr { assert.Error(err) } else { assert.NoError(err) assert.Equal(tc.want, got) } }) } } func TestGetLoadBalancerEndpoint(t *testing.T) { // newTestAddrs returns a set of raw server addresses as we would get from // a ListServers call and as expected by the parseSeverAddresses function. // The hardcoded addresses don't match what we are looking for. A valid // address can be injected. You can pass a second valid address to test // that the first valid one is chosen. newTestAddrs := func(floatingIP1, floatingIP2 string, fixedIP1 string) map[string]any { return map[string]any{ "network1": []any{ map[string]any{ "addr": "192.0.2.2", "version": 4, "OS-EXT-IPS:type": "floating", "OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:0c:0c:0c", }, }, "network2": []any{ map[string]any{ "addr": fixedIP1, "version": 4, "OS-EXT-IPS:type": "fixed", "OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:0c:0c:0c", }, map[string]any{ "addr": "2001:db8:3333:4444:5555:6666:7777:8888", "version": 6, "OS-EXT-IPS:type": "floating", "OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:0c:0c:0c", }, map[string]any{ "addr": floatingIP1, "version": 4, "OS-EXT-IPS:type": "floating", "OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:0c:0c:0c", }, map[string]any{ "addr": floatingIP2, "version": 4, "OS-EXT-IPS:type": "floating", "OS-EXT-IPS-MAC:mac_addr": "fa:16:3e:0c:0c:0c", }, }, } } testCases := map[string]struct { imds *stubIMDSClient api *stubServersClient want string wantErr bool }{ "error returned from IMDS client": { imds: &stubIMDSClient{uidErr: errors.New("failed")}, wantErr: true, }, "error returned from getSubnetCIDR": { imds: &stubIMDSClient{}, api: &stubServersClient{ subnetsPager: newSubnetPager(nil, errors.New("failed")), }, wantErr: true, }, "error returned from getServers": { imds: &stubIMDSClient{}, api: &stubServersClient{ subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), serversPager: newSeverPager(nil, errors.New("failed")), }, wantErr: true, }, "sever with empty name skipped": { imds: &stubIMDSClient{}, api: &stubServersClient{ subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), serversPager: newSeverPager([]servers.Server{ { ID: "id1", Tags: &[]string{"constellation-role-control-plane", "constellation-uid-7777"}, Addresses: newTestAddrs("198.51.100.0", "", "192.0.2.1"), }, }, nil), }, wantErr: true, }, "server with empty ID skipped": { imds: &stubIMDSClient{}, api: &stubServersClient{ subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), serversPager: newSeverPager([]servers.Server{ { Name: "name1", Tags: &[]string{"constellation-role-control-plane", "constellation-uid-7777"}, Addresses: newTestAddrs("198.51.100.0", "", "192.0.2.1"), }, }, nil), }, wantErr: true, }, "sever with nil tags skipped": { imds: &stubIMDSClient{}, api: &stubServersClient{ subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), serversPager: newSeverPager([]servers.Server{ { Name: "name1", ID: "id1", Addresses: newTestAddrs("198.51.100.0", "", "192.0.2.1"), }, }, nil), }, wantErr: true, }, "server has invalid address": { imds: &stubIMDSClient{}, api: &stubServersClient{ subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), serversPager: newSeverPager([]servers.Server{ { Name: "name1", ID: "id1", Tags: &[]string{"constellation-role-control-plane", "constellation-uid-7777"}, Addresses: newTestAddrs("", "", "invalidIP"), }, }, nil), }, wantErr: true, }, "server without parseable addresses skipped": { imds: &stubIMDSClient{}, api: &stubServersClient{ subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), serversPager: newSeverPager([]servers.Server{ { Name: "name1", ID: "id1", Tags: &[]string{"constellation-role-control-plane", "constellation-uid-7777"}, Addresses: map[string]any{ "somekey": "invalid", }, }, }, nil), }, wantErr: true, }, "invalid endpoint returned from server addresses": { imds: &stubIMDSClient{}, api: &stubServersClient{ subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), serversPager: newSeverPager([]servers.Server{ { Name: "name1", ID: "id1", Tags: &[]string{"constellation-role-control-plane", "constellation-uid-7777"}, Addresses: newTestAddrs("invalidIP", "", "192.0.2.1"), }, }, nil), }, wantErr: true, }, "valid endpoint returned from server addresses not in subnet CIDR": { imds: &stubIMDSClient{}, api: &stubServersClient{ subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), serversPager: newSeverPager([]servers.Server{ { Name: "name1", ID: "id1", Tags: &[]string{"constellation-role-control-plane", "constellation-uid-7777"}, Addresses: newTestAddrs("198.51.100.0", "", "192.0.2.1"), }, }, nil), }, want: "198.51.100.0", }, "first valid endpoint returned from server addresses not in subnet CIDR": { imds: &stubIMDSClient{}, api: &stubServersClient{ subnetsPager: newSubnetPager([]subnets.Subnet{{CIDR: "192.0.2.0/24"}}, nil), serversPager: newSeverPager([]servers.Server{ { Name: "name1", ID: "id1", Tags: &[]string{"constellation-role-control-plane", "constellation-uid-7777"}, Addresses: newTestAddrs("198.51.100.0", "198.51.100.1", "192.0.2.1"), }, }, nil), }, want: "198.51.100.0", }, } for name, tc := range testCases { t.Run(name, func(t *testing.T) { assert := assert.New(t) c := &Cloud{ imds: tc.imds, api: tc.api, } got, err := c.GetLoadBalancerEndpoint(context.Background()) if tc.wantErr { assert.Error(err) } else { assert.NoError(err) assert.Equal(tc.want, got) } }) } } // newSubnetPager returns a subnet pager as we would get from a ListSubnets. func newSubnetPager(nets []subnets.Subnet, err error) stubPager { return stubPager{ page: subnets.SubnetPage{ LinkedPageBase: pagination.LinkedPageBase{ PageResult: pagination.PageResult{ Result: gophercloud.Result{ Body: struct { Subnets []subnets.Subnet `json:"subnets"` }{nets}, Err: err, }, }, }, }, } } // newSeverPager returns a server pager as we would get from a ListServers. func newSeverPager(srvs []servers.Server, err error) stubPager { return stubPager{ page: servers.ServerPage{ LinkedPageBase: pagination.LinkedPageBase{ PageResult: pagination.PageResult{ Result: gophercloud.Result{ Body: struct { Servers []servers.Server `json:"servers"` }{srvs}, Err: err, }, }, }, }, } }