From f563ae3a111bc6ce32598284dc6690fecfa96cc7 Mon Sep 17 00:00:00 2001 From: SimoneFiorani Date: Thu, 28 Mar 2024 14:20:27 +0100 Subject: [PATCH] feat: unit tests added Signed-off-by: SimoneFiorani --- .../container/provider/ContainerInstance.java | 2 +- .../provider/ContainerInstanceOptions.java | 2 +- .../ContainerInstanceOptionsTest.java | 15 +++++++ .../provider/ContainerInstanceTest.java | 39 ++++++++++++++++++- 4 files changed, 55 insertions(+), 3 deletions(-) diff --git a/kura/org.eclipse.kura.container.provider/src/main/java/org/eclipse/kura/container/provider/ContainerInstance.java b/kura/org.eclipse.kura.container.provider/src/main/java/org/eclipse/kura/container/provider/ContainerInstance.java index 06d9a37a9a8..69f727e8b41 100644 --- a/kura/org.eclipse.kura.container.provider/src/main/java/org/eclipse/kura/container/provider/ContainerInstance.java +++ b/kura/org.eclipse.kura.container.provider/src/main/java/org/eclipse/kura/container/provider/ContainerInstance.java @@ -354,7 +354,7 @@ private void startMicroservice(final ContainerInstanceOptions options) { final ContainerConfiguration containerConfiguration = options.getEnforcementDigest().isPresent() ? options.getContainerConfiguration() - : options.getContainerConfiguration(signatureExtractedDigest); + : options.getContainerConfigurationBySignature(signatureExtractedDigest); int retries = 0; while ((unlimitedRetries || retries < maxRetries) && !Thread.currentThread().isInterrupted()) { diff --git a/kura/org.eclipse.kura.container.provider/src/main/java/org/eclipse/kura/container/provider/ContainerInstanceOptions.java b/kura/org.eclipse.kura.container.provider/src/main/java/org/eclipse/kura/container/provider/ContainerInstanceOptions.java index 928f2c0d88b..51321609f9d 100644 --- a/kura/org.eclipse.kura.container.provider/src/main/java/org/eclipse/kura/container/provider/ContainerInstanceOptions.java +++ b/kura/org.eclipse.kura.container.provider/src/main/java/org/eclipse/kura/container/provider/ContainerInstanceOptions.java @@ -394,7 +394,7 @@ public ContainerConfiguration getContainerConfiguration() { .setRuntime(getRuntime()).setEnforcementDigest(getEnforcementDigest()).build(); } - public ContainerConfiguration getContainerConfiguration(String signatureExtractedDigest) { + public ContainerConfiguration getContainerConfigurationBySignature(String signatureExtractedDigest) { Optional finalEnforcementDigest = (!signatureExtractedDigest.equals("?")) ? Optional.of(signatureExtractedDigest) diff --git a/kura/test/org.eclipse.kura.container.provider.test/src/test/java/org/eclipse/kura/container/provider/ContainerInstanceOptionsTest.java b/kura/test/org.eclipse.kura.container.provider.test/src/test/java/org/eclipse/kura/container/provider/ContainerInstanceOptionsTest.java index e1d64729b0d..c0e7b539c15 100644 --- a/kura/test/org.eclipse.kura.container.provider.test/src/test/java/org/eclipse/kura/container/provider/ContainerInstanceOptionsTest.java +++ b/kura/test/org.eclipse.kura.container.provider.test/src/test/java/org/eclipse/kura/container/provider/ContainerInstanceOptionsTest.java @@ -764,6 +764,17 @@ public void testEnforcementDigest() { thenEnforcementDigestIs("sha256:test"); } + @Test + public void testGetContainerConfigurationBySignature() { + givenDefaultProperties(); + givenConfigurableGenericDockerServiceOptions(); + + whenGetContainerConfigurationBySignature("sha256:extractedThroughSignatureVerification"); + + thenEnforcementDigestIs("sha256:extractedThroughSignatureVerification"); + + } + private void testMemoryOption(String stringValue, Long longValue) { givenDefaultProperties(); givenMemoryProperty(stringValue); @@ -1024,6 +1035,10 @@ private void whenGetContainerDescriptor() { this.containerDescriptor = this.cgdso.getContainerConfiguration(); } + private void whenGetContainerConfigurationBySignature(String signatureExtractedDigest) { + this.containerDescriptor = this.cgdso.getContainerConfigurationBySignature(signatureExtractedDigest); + } + private void thenEnabledStateIs(boolean b) { assertEquals(b, this.enabled); } diff --git a/kura/test/org.eclipse.kura.container.provider.test/src/test/java/org/eclipse/kura/container/provider/ContainerInstanceTest.java b/kura/test/org.eclipse.kura.container.provider.test/src/test/java/org/eclipse/kura/container/provider/ContainerInstanceTest.java index c27dc010060..e2125aadd34 100644 --- a/kura/test/org.eclipse.kura.container.provider.test/src/test/java/org/eclipse/kura/container/provider/ContainerInstanceTest.java +++ b/kura/test/org.eclipse.kura.container.provider.test/src/test/java/org/eclipse/kura/container/provider/ContainerInstanceTest.java @@ -57,6 +57,7 @@ public class ContainerInstanceTest { private static final String CONTAINER_VERIFY_TLOG = "container.signature.verify.transparency.log"; private static final String CONTAINER_REGISTRY_USERNAME = "registry.username"; private static final String CONTAINER_REGISTRY_PASSWORD = "registry.password"; + private static final String CONTAINER_ENFORCEMENT_DIGEST = "enforcement.digest"; private static final ValidationResult FAILED_VALIDATION = new ValidationResult(); @@ -399,7 +400,8 @@ public void signatureValidationWorksWithThrowingValidationService() throws KuraE } @Test - public void signatureValidationWorksWithAuthentication() throws KuraException, InterruptedException { + public void signatureValidationWorksWithAuthenticationWhenNoDigestProvided() + throws KuraException, InterruptedException { givenContainerOrchestratorWithNoRunningContainers(); givenContainerOrchestratorReturningOnStart("1234"); givenContainerInstanceWith(this.mockContainerOrchestrationService); @@ -425,6 +427,34 @@ public void signatureValidationWorksWithAuthentication() throws KuraException, I new PasswordRegistryCredentials(Optional.empty(), "username", new Password("password"))); } + @Test + public void signatureValidationNotCalledIfDigestProvided() throws KuraException, InterruptedException { + givenContainerOrchestratorWithNoRunningContainers(); + givenContainerOrchestratorReturningOnStart("1234"); + givenContainerInstanceWith(this.mockContainerOrchestrationService); + + givenContainerSignatureValidationServiceReturningFailureForAuthenticated("nginx", "latest"); + givenContainerInstanceWith(this.mockContainerSignatureValidationService); + + givenPropertiesWith(CONTAINER_ENABLED, true); + givenPropertiesWith(CONTAINER_NAME, "pippo"); + givenPropertiesWith(CONTAINER_IMAGE, "nginx"); + givenPropertiesWith(CONTAINER_IMAGE_TAG, "latest"); + givenPropertiesWith(CONTAINER_TRUST_ANCHOR, "aRealTrustAnchor ;)"); + givenPropertiesWith(CONTAINER_VERIFY_TLOG, true); + givenPropertiesWith(CONTAINER_REGISTRY_USERNAME, "username"); + givenPropertiesWith(CONTAINER_REGISTRY_PASSWORD, "password"); + givenPropertiesWith(CONTAINER_ENFORCEMENT_DIGEST, "sha256:test"); + + whenActivateInstanceIsCalledWith(this.properties); + + thenNoExceptionOccurred(); + thenWaitForContainerInstanceToBecome(CONTAINER_STATE_CREATED); + thenStartContainerWasCalledWith(this.properties); + thenAuthenticatedVerifySignatureWasNeverCalledFor("nginx", "latest", "aRealTrustAnchor ;)", true, + new PasswordRegistryCredentials(Optional.empty(), "username", new Password("password"))); + } + @After public void tearDown() { this.containerInstance.deactivate(); @@ -609,6 +639,13 @@ private void thenAuthenticatedVerifySignatureWasCalledFor(String imageName, Stri verifyTlog, passwordRegistryCredentials); } + private void thenAuthenticatedVerifySignatureWasNeverCalledFor(String imageName, String imageTag, + String trustAnchor, boolean verifyTlog, PasswordRegistryCredentials passwordRegistryCredentials) + throws KuraException { + verify(this.mockContainerSignatureValidationService, never()).verify(imageName, imageTag, trustAnchor, + verifyTlog, passwordRegistryCredentials); + } + private void thenNoExceptionOccurred() { String errorMessage = "Empty message"; if (Objects.nonNull(this.occurredException)) {