Skip to content

Commit

Permalink
PWX-37574: Updating sdk test certs. (#2450) (#2451)
Browse files Browse the repository at this point in the history
* PWX-37574: Generating test certs.

* Updating sdk_test to use require instead of assert

---------

Signed-off-by: Priyanshu Pandey <[email protected]>
  • Loading branch information
pp511 authored Jun 6, 2024
1 parent 10c2b08 commit 75ac074
Show file tree
Hide file tree
Showing 6 changed files with 190 additions and 150 deletions.
100 changes: 50 additions & 50 deletions api/server/sdk/sdk_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ import (
"github.com/portworx/kvdb"
"github.com/portworx/kvdb/mem"
"github.com/sirupsen/logrus"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/metadata"
Expand Down Expand Up @@ -91,15 +91,15 @@ func setupMockDriver(tester *testServer, t *testing.T) {

// Register mock driver
err = volumedrivers.Register(mockDriverName, nil)
assert.Nil(t, err)
require.Nil(t, err)
}

func setupMockBucketDriver(tester *testServer, t *testing.T) {
var err error
driverMap := make(map[string]bucket.BucketDriver)
driverMap[DefaultDriverName] = tester.b
tester.server.UseBucketDrivers(driverMap)
assert.Nil(t, err)
require.Nil(t, err)
}

func newTestServer(t *testing.T) *testServer {
Expand All @@ -116,12 +116,12 @@ func newTestServer(t *testing.T) *testServer {
setupMockDriver(tester, t)

kv, err := kvdb.New(mem.Name, "policy", []string{}, nil, kvdb.LogFatalErrorCB)
assert.NoError(t, err)
require.NoError(t, err)
kvdb.SetInstance(kv)
// Init storage policy manager
_, err = policy.Init()
sp, err := policy.Inst()
assert.NotNil(t, sp)
require.NotNil(t, sp)

// Setup simple driver
os.Remove(testUds)
Expand All @@ -145,7 +145,7 @@ func newTestServer(t *testing.T) *testServer {
RoundRobinBalancer: loadbalancer.NewNullBalancer(),
})

assert.Nil(t, err)
require.Nil(t, err)

tester.m.EXPECT().StartVolumeWatcher().Return().Times(1)
tester.m.EXPECT().GetVolumeWatcher(&api.VolumeLocator{}, make(map[string]string)).DoAndReturn(func(a *api.VolumeLocator, l map[string]string) (chan *api.Volume, error) {
Expand All @@ -155,24 +155,24 @@ func newTestServer(t *testing.T) *testServer {
}).Times(1)

err = tester.server.Start()
assert.Nil(t, err)
require.Nil(t, err)

// Read the CA cert data
caCertdata, err := ioutil.ReadFile("test_certs/insecure_ca.crt")
assert.Nil(t, err)
require.Nil(t, err)

// Get TLS dial options
dopts, err := grpcserver.GetTlsDialOptions(caCertdata)
assert.Nil(t, err)
require.Nil(t, err)

// Setup a connection to the driver
tester.conn, err = grpcserver.Connect("localhost:"+tester.port, dopts)
assert.Nil(t, err)
require.Nil(t, err)

// Setup REST gateway
mux, err := tester.server.restGateway.restServerSetupHandlers()
assert.NoError(t, err)
assert.NotNil(t, mux)
require.NoError(t, err)
require.NotNil(t, mux)
tester.gw = httptest.NewServer(mux)

// Add mock bucket driver to the server
Expand All @@ -194,15 +194,15 @@ func newTestServerAuth(t *testing.T) *testServer {
setupMockDriver(tester, t)

kv, err := kvdb.New(mem.Name, "policy", []string{}, nil, kvdb.LogFatalErrorCB)
assert.NoError(t, err)
require.NoError(t, err)
kvdb.SetInstance(kv)
// Init storage policy manager
_, err = policy.Init()
sp, err := policy.Inst()
assert.NotNil(t, sp)
require.NotNil(t, sp)

rm, err := role.NewSdkRoleManager(kv)
assert.NoError(t, err)
require.NoError(t, err)

selfsignedJwt, err := auth.NewJwtAuth(&auth.JwtAuthConfig{
SharedSecret: []byte(testSharedSecret),
Expand Down Expand Up @@ -233,7 +233,7 @@ func newTestServerAuth(t *testing.T) *testServer {
},
},
})
assert.Nil(t, err)
require.Nil(t, err)
tester.m.EXPECT().StartVolumeWatcher().Return().Times(1)
tester.m.EXPECT().GetVolumeWatcher(&api.VolumeLocator{}, make(map[string]string)).DoAndReturn(func(a *api.VolumeLocator, l map[string]string) (chan *api.Volume, error) {
ch := make(chan *api.Volume, 1)
Expand All @@ -242,24 +242,24 @@ func newTestServerAuth(t *testing.T) *testServer {
}).Times(1)

err = tester.server.Start()
assert.Nil(t, err)
require.Nil(t, err)

// Read the CA cert data
caCertdata, err := ioutil.ReadFile("test_certs/insecure_ca.crt")
assert.Nil(t, err)
require.Nil(t, err)

// Get TLS dial options
dopts, err := grpcserver.GetTlsDialOptions(caCertdata)
assert.Nil(t, err)
require.Nil(t, err)

// Setup a connection to the driver
tester.conn, err = grpcserver.Connect("localhost:"+tester.port, dopts)
assert.Nil(t, err)
require.Nil(t, err)

// Setup REST gateway
mux, err := tester.server.restGateway.restServerSetupHandlers()
assert.NoError(t, err)
assert.NotNil(t, mux)
require.NoError(t, err)
require.NotNil(t, mux)
tester.gw = httptest.NewServer(mux)
return tester
}
Expand Down Expand Up @@ -359,18 +359,18 @@ func TestSdkGateway(t *testing.T) {

// Check we can get the swagger.json file
res, err := http.Get(s.GatewayURL() + "/swagger.json")
assert.NoError(t, err)
assert.Equal(t, http.StatusOK, res.StatusCode)
require.NoError(t, err)
require.Equal(t, http.StatusOK, res.StatusCode)

// Check we get the swagger-ui
res, err = http.Get(s.GatewayURL() + "/swagger-ui")
assert.NoError(t, err)
assert.Equal(t, http.StatusOK, res.StatusCode)
require.NoError(t, err)
require.Equal(t, http.StatusOK, res.StatusCode)

// Check unhandled address
res, err = http.Get(s.GatewayURL() + "/this-should-not-work")
assert.NoError(t, err)
assert.Equal(t, http.StatusNotFound, res.StatusCode)
require.NoError(t, err)
require.Equal(t, http.StatusNotFound, res.StatusCode)

// Check the gateway works
// First setup the mock
Expand All @@ -386,8 +386,8 @@ func TestSdkGateway(t *testing.T) {

// Then send the request
res, err = http.Get(s.GatewayURL() + "/v1/clusters/inspectcurrent")
assert.NoError(t, err)
assert.Equal(t, http.StatusOK, res.StatusCode)
require.NoError(t, err)
require.Equal(t, http.StatusOK, res.StatusCode)

// Setup mock for CORS request
s.MockCluster().EXPECT().Enumerate().Return(cluster, nil).Times(1)
Expand All @@ -396,12 +396,12 @@ func TestSdkGateway(t *testing.T) {
// Try cross-origin reqeuest, should get allowed
reqOrigin := "openstorage.io"
req, err := http.NewRequest("GET", s.GatewayURL()+"/v1/clusters/inspectcurrent", nil)
assert.NoError(t, err)
require.NoError(t, err)
req.Header.Add("origin", reqOrigin)

resp, err := http.DefaultClient.Do(req)
assert.NoError(t, err)
assert.Equal(t, "*", resp.Header.Get("Access-Control-Allow-Origin"))
require.NoError(t, err)
require.Equal(t, "*", resp.Header.Get("Access-Control-Allow-Origin"))

}

Expand Down Expand Up @@ -431,7 +431,7 @@ func TestSdkWithNoVolumeDriverThenAddOne(t *testing.T) {

// Setup SDK Server with no volume driver
alert, err := alerts.NewFilterDeleter()
assert.NoError(t, err)
require.NoError(t, err)

sp, err := policy.Inst()
os.Remove(testUds)
Expand All @@ -456,25 +456,25 @@ func TestSdkWithNoVolumeDriverThenAddOne(t *testing.T) {
},
},
})
assert.Nil(t, err)
require.Nil(t, err)

err = server.Start()
assert.Nil(t, err)
require.Nil(t, err)
defer func() {
server.Stop()
}()

// Read the CA cert data
caCertdata, err := ioutil.ReadFile("test_certs/insecure_ca.crt")
assert.Nil(t, err)
require.Nil(t, err)

// Get TLS dial options
dopts, err := grpcserver.GetTlsDialOptions(caCertdata)
assert.Nil(t, err)
require.Nil(t, err)

// Setup a connection to the driver
conn, err := grpc.Dial("localhost:"+tester.port, dopts...)
assert.Nil(t, err)
require.Nil(t, err)

// Setup API names that depend on the volume driver
// To get the names, look at api.pb.go and search for grpc.Invoke or c.cc.Invoke
Expand Down Expand Up @@ -519,29 +519,29 @@ func TestSdkWithNoVolumeDriverThenAddOne(t *testing.T) {
// does not panic using a nil point to a driver
for _, api := range apis {
err = conn.Invoke(context.Background(), api, nil, nil)
assert.Error(t, err)
require.Error(t, err)
serverError, ok := status.FromError(err)
assert.True(t, ok)
assert.Equal(t, serverError.Code(), codes.Unavailable)
assert.Contains(t, serverError.Message(), "Resource")
require.True(t, ok)
require.Equal(t, serverError.Code(), codes.Unavailable)
require.Contains(t, serverError.Message(), "Resource")
}

// Check the driver is not loaded
identities := api.NewOpenStorageIdentityClient(conn)
id, err := identities.Version(context.Background(), &api.SdkIdentityVersionRequest{})
assert.NoError(t, err)
assert.Contains(t, id.GetVersion().GetDriver(), "no driver")
require.NoError(t, err)
require.Contains(t, id.GetVersion().GetDriver(), "no driver")

// Now add the volume driver
d, err := volumedrivers.Get("fake")
assert.NoError(t, err)
require.NoError(t, err)
driverMap := map[string]volume.VolumeDriver{"fake": d, DefaultDriverName: d}
server.UseVolumeDrivers(driverMap)

// Identify that the driver is now running
id, err = identities.Version(context.Background(), &api.SdkIdentityVersionRequest{})
assert.NoError(t, err)
assert.Equal(t, "fake", id.GetVersion().GetDriver())
require.NoError(t, err)
require.Equal(t, "fake", id.GetVersion().GetDriver())

// This part of the test we cannot simply send nils for request and response
// because real data is being passed. Therefore, a single call will satisfy that
Expand All @@ -554,6 +554,6 @@ func TestSdkWithNoVolumeDriverThenAddOne(t *testing.T) {
HaLevel: 1,
},
})
assert.NoError(t, err)
assert.True(t, len(r.GetVolumeId()) != 0)
require.NoError(t, err)
require.True(t, len(r.GetVolumeId()) != 0)
}
48 changes: 29 additions & 19 deletions api/server/sdk/test_certs/insecure_ca.crt
Original file line number Diff line number Diff line change
@@ -1,21 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIJAI6emGCW7kplMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
Q29tcGFueSBMdGQxDTALBgNVBAMMBHB4dXAwHhcNMTkwODI0MDEyMzE1WhcNNDcw
MTA4MDEyMzE1WjBRMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5
MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMQ0wCwYDVQQDDARweHVwMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmzy8sygifVaoFFbxpNIk39n
ybtiYBOIGa/AacACDw3opBnRLBd+uSY8P/nPFg3s3ZSs4b/kykHo+kMfK8m1BT7a
3d4e4COcansb3qtp62ipEnp58e0dcJis0kTcvovStLN0gTin+IHfQtfQrVzw51KL
134dNUeon0A6oSaXvnx0p3gMg9cS8L6l9Ih09/8hNVxm1KTYam1XXHf8vdi3RI5B
9ClbDdiFvNjYvDJP//Bao+4yJrbyasRgmJBACLWbTxxp6Ph04WnxHdE2HYcxDmcP
Esn3R/x5bQSQJr3gILS75sh3Xr0djbmdpKwi8zG7jzOuLeRdRu4uYWOzP6xJ+QID
AQABo1AwTjAdBgNVHQ4EFgQUf7e2yL163c1SafdrzORVTEGDU4AwHwYDVR0jBBgw
FoAUf7e2yL163c1SafdrzORVTEGDU4AwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAX9gOeYdP/hbuTDJVRR4ipQrjhAW496vW0FIcSGG11H/P8PNidAQx
veOXWEwKRZbSO+TxMbXw+fE+URstDq8eEQK7ns0yZve4GbeB+PVMyjRuc1hI/uR3
wzTuYsEtGhXlojLkLaS8O6ARMwg11maBca3N4V7IlD/eNNtTqMiSNvYimpIEOKUj
lvkx32Wi2bcSyAdqHkRGN3AArrzEz+ybtoSFC9M6/Xsduc/68bIZztZveuacmt9T
jCUt3FvwQhhoN2Ax6F60864QiMiPE5y9iFcoCQWz9yPb47qSr79SlqhOzKNAgE6R
x/sTw+ZJP3ucSLJ5Fkxp5H8EzXv0HsS1fA==
MIIFazCCA1OgAwIBAgIUVS/Aw6irbOH1D9CH6CE1Jc03Zy4wDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA2MDUyMjEzNTZaFw0yNTA2
MDUyMjEzNTZaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQC/drW5RzHQfw4Miauxd3beAmKJ9uRYO3PxZdLPGa64
qlGtG6KUe9OQ7S+L6t2zfODrDsN4tio0oZxO4yIhHBvUoQfZvGpSFNG2TNDfHENT
NjWn43CoE4poNKwxi/X40FYovhDs21exgoirVcD9l4HE9hWiiC6gjri18nD82j68
fsEy+7IMVlOrH1wCr2oFLzYB0/gKIfrScCmiJ4tHwyZ1Yz3gR5eZjQbAVRH0Q71t
FkY/Cn2hlMD7JnUuzbPhVDX4PKw9lnF50zd1S2l50M6L3EEhB3zNCiFGqCYBiJIm
a8X3SHfH2KfN7pr6y5wbX9q82w2nhwM6O8bVFv82tk1mvUAFABK/gcDnyuPS34cu
9E3+0f8V0wafWq0j0+k0XXVfdWqxf81zdvUIO/NlON4TOquWZZhdS29SrHHFhmxx
ASWzkgEo9yMh7KMFUYRPk5yyswytO3pirfb38ZI+zlxrllTenCIKXjomvfgiEtUw
HpdynJpP9+WKEiLOxp0ku729viHcXtjDWFwBfZmn6JsYj7Z+kQxHPlwj8ZouIQGE
OsWiqyZcosZP2nwztFJJxR32Nir/F/c3RCOGXn7Yib9BtFuYmubQ/gSs+gMTIlfO
vYII71VwtKRAZNqMCLlbC1CdlMwa0iTifBdMJoCKlCiCkHqo+UqctReGgaLGmpc9
lQIDAQABo1MwUTAdBgNVHQ4EFgQUciihBrmFuLSgedhOIqLL71VedRowHwYDVR0j
BBgwFoAUciihBrmFuLSgedhOIqLL71VedRowDwYDVR0TAQH/BAUwAwEB/zANBgkq
hkiG9w0BAQsFAAOCAgEAn2lsOLx1p1ushZf37TZZ7KrDyLS2RWUWY07U1RGp9YiR
xDxiHYzpZdK6b5KPRvxEGUgYKcbQjlH+3O51Y0ORWnj4xjvlF+5uveH+bVYOChsR
Oyu2d24lgDGENwPvVtnzXzYPlIXalEWQVv/BR0c5H+yUwrHEzqavS7gafiQ+LqhQ
Gzo+NuIUdNusEt4Dcna8WcEf4CwgLgbV7wtl4/z/jCWjYc+CDEpmpNdzRIzSbVP2
jrN29G0BlIkO9FGtVNYAQ8wd3dhU0tbzfhXnou8Dju0nyyjCYXBxOGd7ME1JjAFV
nRFcSMh9NjqFcJSMjrLu7CCey0FSSF87q5Bct4VkI99t0Z3Sa7MQyOgA8pNCjPcc
thLwPNa+1faWiv7tDQ6UriwZoWQEKVHogRS6qTVPXL0crXKGIaZAOdKYc6aJ7lqe
NJT3eezb9o6Mduvc3ssj8o0lxAx46uyKr951Haapv7GL+blJ6IZXWWs+rL87+W7a
w26vsaFUSwzvhF0UYEzyO7kAMRKHvtdDCeV7659cpRiDI+PfOsTiaTcfYp1CMj68
LiXOrMRd03tqd2RZjnBTvwZYAOvCwLPE1gaGUb/CMynQkqq63cmPq+TYzS1bgPbc
UFX9IBZMKRMZfKlranMNEAnIcf766RY3p2E3fSATfySlEsBw1/d1JltCYs/bGdw=
-----END CERTIFICATE-----
Loading

0 comments on commit 75ac074

Please sign in to comment.