pr feedback

edgelesssys · Nov 28, 2023 · 6e6063a · 6e6063a
1 parent 5580ee0
commit 6e6063a
Show file tree

Hide file tree

Showing 8 changed files with 39 additions and 73 deletions.
diff --git a/cli/internal/cmd/configfetchmeasurements.go b/cli/internal/cmd/configfetchmeasurements.go
@@ -112,8 +112,7 @@ func runConfigFetchMeasurements(cmd *cobra.Command, _ []string) error {
 }
 
 func (cfm *configFetchMeasurementsCmd) configFetchMeasurements(
-	cmd *cobra.Command,
-	fileHandler file.Handler, fetcher attestationconfigapi.Fetcher,
+	cmd *cobra.Command, fileHandler file.Handler, fetcher attestationconfigapi.Fetcher,
 ) error {
 	if !cfm.canFetchMeasurements {
 		cmd.PrintErrln("Fetching measurements is not supported in the OSS build of the Constellation CLI. Consult the documentation for instructions on where to download the enterprise version.")

diff --git a/cli/internal/cmd/configfetchmeasurements_test.go b/cli/internal/cmd/configfetchmeasurements_test.go
@@ -153,11 +153,16 @@ func newTestClient(fn roundTripFunc) *http.Client {
 func TestConfigFetchMeasurements(t *testing.T) {
 	testCases := map[string]struct {
 		insecureFlag bool
+		err          error
 		wantErr      bool
-		isRekorErr   bool
 	}{
+		"no error succeeds": {},
 		"failing rekor verify should not result in error": {
-			isRekorErr: true,
+			err: measurements.ErrRekor,
+		},
+		"error other than Rekor fails": {
+			err:     assert.AnError,
+			wantErr: true,
 		},
 	}
 
@@ -174,7 +179,8 @@ func TestConfigFetchMeasurements(t *testing.T) {
 
 			err := fileHandler.WriteYAML(constants.ConfigFilename, gcpConfig, file.OptMkdirAll)
 			require.NoError(err)
-			cfm := &configFetchMeasurementsCmd{canFetchMeasurements: true, log: logger.NewTest(t), verifyFetcher: stubVerifyFetcher{isRekorErr: tc.isRekorErr}}
+			fetcher := stubVerifyFetcher{err: tc.err}
+			cfm := &configFetchMeasurementsCmd{canFetchMeasurements: true, log: logger.NewTest(t), verifyFetcher: fetcher}
 			cfm.flags.insecure = tc.insecureFlag
 			cfm.flags.force = true
 
@@ -189,14 +195,11 @@ func TestConfigFetchMeasurements(t *testing.T) {
 }
 
 type stubVerifyFetcher struct {
-	isRekorErr bool
+	err error
 }
 
 func (f stubVerifyFetcher) FetchAndVerifyMeasurements(_ context.Context, _ string, _ cloudprovider.Provider, _ variant.Variant, _ bool) (measurements.M, error) {
-	if f.isRekorErr {
-		return nil, measurements.ErrRekor
-	}
-	return nil, nil
+	return nil, f.err
 }
 
 type stubAttestationFetcher struct{}

diff --git a/internal/attestation/measurements/measurements_test.go b/internal/attestation/measurements/measurements_test.go
@@ -10,8 +10,6 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
-	"errors"
-	"fmt"
 	"io"
 	"net/http"
 	"net/url"
@@ -1045,8 +1043,3 @@ func TestMeasurementsCompare(t *testing.T) {
 		})
 	}
 }
-
-func TestRekorErrCheck(t *testing.T) {
-	err := fmt.Errorf("%w: %w", ErrRekor, errors.New("test"))
-	assert.ErrorIs(t, err, ErrRekor)
-}
diff --git a/terraform-provider-constellation/docs/data-sources/attestation.md b/terraform-provider-constellation/docs/data-sources/attestation.md
@@ -13,30 +13,11 @@ The data source to fetch measurements from a configured cloud provider and image
 ## Example Usage
 
 ```terraform
-terraform {
-  required_providers {
-    constellation = {
-      source = "registry.terraform.io/edgelesssys/constellation"
-    }
-  }
-}
-
-provider "constellation" {
-}
-
 data "constellation_attestation" "test" {
   csp                 = "aws"
   attestation_variant = "aws-sev-snp"
   image_version       = "v2.13.0"
 }
-
-output "measurements" {
-  value = data.constellation_attestation.test.measurements
-}
-
-output "attestation" {
-  value = data.constellation_attestation.test.attestation
-}
 ```
 
 <!-- schema generated by tfplugindocs -->

diff --git a/...orm-provider-constellation/examples/data-sources/constellation_attestation/data-source.tf b/...orm-provider-constellation/examples/data-sources/constellation_attestation/data-source.tf
@@ -1,24 +1,5 @@
-terraform {
-  required_providers {
-    constellation = {
-      source = "registry.terraform.io/edgelesssys/constellation"
-    }
-  }
-}
-
-provider "constellation" {
-}
-
 data "constellation_attestation" "test" {
   csp                 = "aws"
   attestation_variant = "aws-sev-snp"
   image_version       = "v2.13.0"
 }
-
-output "measurements" {
-  value = data.constellation_attestation.test.measurements
-}
-
-output "attestation" {
-  value = data.constellation_attestation.test.attestation
-}
diff --git a/terraform-provider-constellation/internal/provider/attestation_data_source.go b/terraform-provider-constellation/internal/provider/attestation_data_source.go
@@ -178,13 +178,20 @@ func (d *AttestationDataSource) Read(ctx context.Context, req datasource.ReadReq
 
 	csp := cloudprovider.FromString(data.CSP.ValueString())
 	if csp == cloudprovider.Unknown {
-		resp.Diagnostics.AddError("Unknown CSP", fmt.Sprintf("Unknown CSP: %s", data.CSP.ValueString()))
+		resp.Diagnostics.AddAttributeError(
+			path.Root("csp"),
+			"Invalid CSP",
+			fmt.Sprintf("Invalid CSP: %s", data.CSP.ValueString()),
+		)
 		return
 	}
 	attestationVariant, err := variant.FromString(data.AttestationVariant.ValueString())
 	if err != nil {
-		resp.Diagnostics.AddError("Unknown Attestation Variant",
-			fmt.Sprintf("Unknown Attestation Variant: %s", data.AttestationVariant.ValueString()))
+		resp.Diagnostics.AddAttributeError(
+			path.Root("attestation_variant"),
+			"Invalid Attestation Variant",
+			fmt.Sprintf("Invalid attestation variant: %s", data.CSP.ValueString()),
+		)
 		return
 	}
 	if attestationVariant.Equal(variant.AzureSEVSNP{}) || attestationVariant.Equal(variant.AWSSEVSNP{}) {
@@ -193,8 +200,11 @@ func (d *AttestationDataSource) Read(ctx context.Context, req datasource.ReadReq
 			resp.Diagnostics.AddError("Fetching SNP Version numbers", err.Error())
 			return
 		}
-		tfSnpVersions := convertSNPAttestationTfStateCompatible(resp, attestationVariant, snpVersions)
-		diags := resp.State.SetAttribute(ctx, path.Root("attestation"), tfSnpVersions)
+		tfSnpAttestation, err := convertSNPAttestationTfStateCompatible(attestationVariant, snpVersions)
+		if err != nil {
+			resp.Diagnostics.AddError("Converting SNP attestation", err.Error())
+		}
+		diags := resp.State.SetAttribute(ctx, path.Root("attestation"), tfSnpAttestation)
 		resp.Diagnostics.Append(diags...)
 		if resp.Diagnostics.HasError() {
 			return
@@ -221,9 +231,9 @@ func (d *AttestationDataSource) Read(ctx context.Context, req datasource.ReadReq
 	tflog.Trace(ctx, "read constellation attestation data source")
 }
 
-func convertSNPAttestationTfStateCompatible(resp *datasource.ReadResponse, attestationVariant variant.Variant,
+func convertSNPAttestationTfStateCompatible(attestationVariant variant.Variant,
 	snpVersions attestationconfigapi.SEVSNPVersionAPI,
-) sevSnpAttestation {
+) (tfSnpAttestation sevSnpAttestation, err error) {
 	var cert config.Certificate
 	switch attestationVariant.(type) {
 	case variant.AWSSEVSNP:
@@ -233,9 +243,9 @@ func convertSNPAttestationTfStateCompatible(resp *datasource.ReadResponse, attes
 	}
 	certBytes, err := cert.MarshalJSON()
 	if err != nil {
-		resp.Diagnostics.AddError("Marshalling AMD Root Key", err.Error())
+		return tfSnpAttestation, err
 	}
-	tfSnpVersions := sevSnpAttestation{
+	tfSnpAttestation = sevSnpAttestation{
 		BootloaderVersion: snpVersions.Bootloader,
 		TEEVersion:        snpVersions.TEE,
 		SNPVersion:        snpVersions.SNP,
@@ -245,17 +255,20 @@ func convertSNPAttestationTfStateCompatible(resp *datasource.ReadResponse, attes
 	if attestationVariant.Equal(variant.AzureSEVSNP{}) {
 		firmwareCfg := config.DefaultForAzureSEVSNP().FirmwareSignerConfig
 		keyDigestAny, err := firmwareCfg.AcceptedKeyDigests.MarshalYAML()
-		keyDigest := keyDigestAny.([]string)
 		if err != nil {
-			resp.Diagnostics.AddError("Marshalling Accepted Key Digests", err.Error())
+			return tfSnpAttestation, err
+		}
+		keyDigest, ok := keyDigestAny.([]string)
+		if !ok {
+			return tfSnpAttestation, errors.New("reading Accepted Key Digests: could not convert to []string")
 		}
-		tfSnpVersions.AzureSNPFirmwareSignerConfig = azureSnpFirmwareSignerConfig{
+		tfSnpAttestation.AzureSNPFirmwareSignerConfig = azureSnpFirmwareSignerConfig{
 			AcceptedKeyDigests: keyDigest,
 			EnforcementPolicy:  firmwareCfg.EnforcementPolicy.String(),
 			MAAURL:             firmwareCfg.MAAURL,
 		}
 	}
-	return tfSnpVersions
+	return tfSnpAttestation, nil
 }
 
 func convertMeasurementsTfStateCompatible(m measurements.M) map[string]measurement {

diff --git a/terraform-provider-constellation/internal/provider/provider.go b/terraform-provider-constellation/internal/provider/provider.go
@@ -71,7 +71,7 @@ func (p *ConstellationProvider) Configure(ctx context.Context, req provider.Conf
 	config := datastruct.ProviderData{}
 
 	// Make the clients available during data source and resource "Configure" methods.
-	// resp.DataSourceData = config // TODO check with moritz
+	resp.DataSourceData = config
 	resp.ResourceData = config
 }
 

diff --git a/terraform-provider-constellation/internal/provider/provider_test.go b/terraform-provider-constellation/internal/provider/provider_test.go
@@ -34,10 +34,6 @@ var testAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServe
 // bazelSetTerraformBinaryPath sets the path to the Terraform binary for
 // acceptance testing when running under Bazel.
 func bazelSetTerraformBinaryPath(t *testing.T) {
-	if !runsUnderBazel() {
-		return
-	}
-
 	if v := os.Getenv("TF_ACC"); v != "1" {
 		t.Fatal("TF_ACC must be set to \"1\" for acceptance tests")
 	}