opensource/cocos
1
0
Fork 0
mirror of https://github.com/ultravioletrs/cocos.git synced 2026-06-23 04:10:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
207bfd99af4b308a1609f3439317fbd83145f106
cocos/pkg/clients/http/client_test.go
T
Sammy Kerata Oina 207bfd99af COCOS-525-487 - Refactor attestation and atls (#562) 
* Refactor attestation handling to remove quoteprovider dependency

- Removed references to quoteprovider in various files, replacing them with vtpm where necessary.
- Updated function signatures and implementations to use SEVNonce instead of quoteprovider.Nonce.
- Introduced new vtpm package to handle SEV-related attestation logic, including fetching and verifying attestation reports.
- Adjusted tests to reflect changes in the attestation logic and ensure compatibility with the new structure.
- Deleted the now redundant quoteprovider/sev_test.go file.

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* fix: Add veraison/go-cose dependency to go.mod

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* feat: Introduce TLS package for enhanced security configuration and refactor client code to utilize new TLS utilities

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

---------

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
2026-02-18 11:53:04 +01:00

294 lines
7.8 KiB
Go
Raw Blame History

// Copyright (c) Ultraviolet
// SPDX-License-Identifier: Apache-2.0
package http
import (
"net/http"
"testing"
"time"
"github.com/stretchr/testify/assert"
"github.com/ultravioletrs/cocos/pkg/clients"
"github.com/ultravioletrs/cocos/pkg/tls"
)
func TestConfig_Configuration(t *testing.T) {
config := clients.StandardClientConfig{
URL: "http://localhost:8080",
Timeout: 30 * time.Second,
ClientCert: "cert.pem",
ClientKey: "key.pem",
ServerCAFile: "ca.pem",
}
result := config.Config()
assert.Equal(t, config, result)
assert.Equal(t, "http://localhost:8080", result.URL)
assert.Equal(t, 30*time.Second, result.Timeout)
assert.Equal(t, "cert.pem", result.ClientCert)
assert.Equal(t, "key.pem", result.ClientKey)
assert.Equal(t, "ca.pem", result.ServerCAFile)
}
func TestAgentClientConfig_Configuration(t *testing.T) {
agentConfig := &clients.AttestedClientConfig{
StandardClientConfig: clients.StandardClientConfig{
URL: "https://agent.example.com",
Timeout: 60 * time.Second,
ClientCert: "agent-cert.pem",
ClientKey: "agent-key.pem",
ServerCAFile: "agent-ca.pem",
},
AttestationPolicy: "policy.json",
AttestedTLS: true,
ProductName: "Milan",
}
result := agentConfig.Config()
assert.Equal(t, agentConfig.StandardClientConfig, result)
assert.Equal(t, "https://agent.example.com", result.URL)
assert.Equal(t, 60*time.Second, result.Timeout)
assert.Equal(t, "agent-cert.pem", result.ClientCert)
assert.Equal(t, "agent-key.pem", result.ClientKey)
assert.Equal(t, "agent-ca.pem", result.ServerCAFile)
}
func TestProxyClientConfig_Configuration(t *testing.T) {
proxyConfig := clients.StandardClientConfig{
URL: "http://proxy.example.com",
Timeout: 45 * time.Second,
ClientCert: "proxy-cert.pem",
ClientKey: "proxy-key.pem",
ServerCAFile: "proxy-ca.pem",
}
result := proxyConfig
assert.Equal(t, proxyConfig, result)
assert.Equal(t, "http://proxy.example.com", result.URL)
assert.Equal(t, 45*time.Second, result.Timeout)
}
func TestNewClient_Success(t *testing.T) {
tests := []struct {
name string
config clients.ClientConfiguration
}{
{
name: "Basic config",
config: clients.StandardClientConfig{
URL: "http://localhost:8080",
Timeout: 30 * time.Second,
},
},
{
name: "Agent config without attested TLS",
config: &clients.AttestedClientConfig{
StandardClientConfig: clients.StandardClientConfig{
URL: "https://agent.example.com",
Timeout: 60 * time.Second,
},
AttestedTLS: false,
},
},
{
name: "Proxy config",
config: clients.StandardClientConfig{
URL: "http://proxy.example.com",
Timeout: 45 * time.Second,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
client, err := NewClient(tt.config)
assert.NoError(t, err)
assert.NotNil(t, client)
assert.NotNil(t, client.Transport())
assert.Equal(t, tt.config.Config().Timeout, client.Timeout())
})
}
}
func TestClient_Transport(t *testing.T) {
config := clients.StandardClientConfig{
URL: "http://localhost:8080",
Timeout: 30 * time.Second,
}
client, err := NewClient(config)
assert.NoError(t, err)
transport := client.Transport()
assert.NotNil(t, transport)
assert.IsType(t, &http.Transport{}, transport)
assert.Equal(t, 100, transport.MaxIdleConns)
assert.Equal(t, 90*time.Second, transport.IdleConnTimeout)
assert.Equal(t, 10*time.Second, transport.TLSHandshakeTimeout)
}
func TestClient_Secure(t *testing.T) {
tests := []struct {
name string
config clients.ClientConfiguration
expected string
}{
{
name: "Without TLS",
config: clients.StandardClientConfig{
URL: "http://localhost:8080",
Timeout: 30 * time.Second,
},
expected: tls.WithoutTLS.String(),
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
client, err := NewClient(tt.config)
assert.NoError(t, err)
secure := client.Secure()
assert.Equal(t, tt.expected, secure)
})
}
}
func TestClient_Timeout(t *testing.T) {
expectedTimeout := 45 * time.Second
config := clients.StandardClientConfig{
URL: "http://localhost:8080",
Timeout: expectedTimeout,
}
client, err := NewClient(config)
assert.NoError(t, err)
timeout := client.Timeout()
assert.Equal(t, expectedTimeout, timeout)
}
func TestCreateTransport_DefaultSettings(t *testing.T) {
config := clients.StandardClientConfig{
URL: "http://localhost:8080",
Timeout: 30 * time.Second,
}
transport, security, err := createTransport(config)
assert.NoError(t, err)
assert.NotNil(t, transport)
assert.Equal(t, tls.WithoutTLS, security)
assert.Equal(t, 100, transport.MaxIdleConns)
assert.Equal(t, 90*time.Second, transport.IdleConnTimeout)
assert.Equal(t, 10*time.Second, transport.TLSHandshakeTimeout)
assert.Nil(t, transport.TLSClientConfig)
}
func TestCreateTransport_ATLSError(t *testing.T) {
config := &clients.AttestedClientConfig{
StandardClientConfig: clients.StandardClientConfig{
URL: "https://agent.example.com",
Timeout: 60 * time.Second,
},
AttestationPolicy: "invalid",
AttestedTLS: true,
ProductName: "Milan",
}
transport, security, err := createTransport(config)
assert.Error(t, err)
assert.Nil(t, transport)
assert.Equal(t, tls.WithoutTLS, security)
assert.Contains(t, err.Error(), "failed to stat attestation policy")
}
func TestCreateTransport_BasicTLSError(t *testing.T) {
config := clients.StandardClientConfig{
URL: "https://example.com",
Timeout: 30 * time.Second,
ServerCAFile: "invalid",
}
transport, security, err := createTransport(config)
assert.Error(t, err)
assert.Nil(t, transport)
assert.Equal(t, tls.WithoutTLS, security)
assert.Contains(t, err.Error(), "failed to load root ca file")
}
func TestClientInterface_Implementation(t *testing.T) {
config := clients.StandardClientConfig{
URL: "http://localhost:8080",
Timeout: 30 * time.Second,
}
client, err := NewClient(config)
assert.NoError(t, err)
// Verify that client implements the Client interface
var _ Client = client
// Test all interface methods
assert.NotNil(t, client.Transport())
assert.NotEmpty(t, client.Secure())
assert.Greater(t, client.Timeout(), time.Duration(0))
}
func TestAgentClientConfig_FieldAccess(t *testing.T) {
config := &clients.AttestedClientConfig{
StandardClientConfig: clients.StandardClientConfig{
URL: "https://agent.example.com",
Timeout: 60 * time.Second,
},
AttestationPolicy: "test-policy",
AttestedTLS: true,
ProductName: "TestProduct",
}
assert.Equal(t, "test-policy", config.AttestationPolicy)
assert.True(t, config.AttestedTLS)
assert.Equal(t, "TestProduct", config.ProductName)
assert.Equal(t, "https://agent.example.com", config.URL)
assert.Equal(t, 60*time.Second, config.Timeout)
}
func TestProxyClientConfig_FieldAccess(t *testing.T) {
config := clients.StandardClientConfig{
URL: "http://proxy.example.com",
Timeout: 45 * time.Second,
ClientCert: "proxy-cert.pem",
ClientKey: "proxy-key.pem",
ServerCAFile: "proxy-ca.pem",
}
assert.Equal(t, "http://proxy.example.com", config.URL)
assert.Equal(t, 45*time.Second, config.Timeout)
assert.Equal(t, "proxy-cert.pem", config.ClientCert)
assert.Equal(t, "proxy-key.pem", config.ClientKey)
assert.Equal(t, "proxy-ca.pem", config.ServerCAFile)
}
func TestClientConfiguration_Interface(t *testing.T) {
// Test that all config types implement ClientConfiguration interface
var configs []clients.ClientConfiguration
configs = append(configs, clients.StandardClientConfig{})
configs = append(configs, &clients.AttestedClientConfig{})
for i, config := range configs {
t.Run(t.Name()+"_"+string(rune(i+'0')), func(t *testing.T) {
result := config.Config()
assert.IsType(t, clients.StandardClientConfig{}, result)
})
}
}
Reference in New Issue View Git Blame Copy Permalink