opensource/cocos
1
0
Fork 0
mirror of https://github.com/ultravioletrs/cocos.git synced 2026-06-23 04:10:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
67f939fc6613c07e68fe102a89eaae16192ae687
cocos/manager/attestation_policy_test.go
T
Danko Miladinovic 67f939fc66
CI / checkproto (push) Has been cancelled
Details
CI / ci (push) Has been cancelled
Details
Rust CI Pipeline / rust-check (push) Has been cancelled
Details
COCOS-326 - Add vTPM support to CoCoS (#376) 
* manager, cli and agent vtpm support

* rebase and changed atls for vtpm

* deleted unused code

* changed chekproto.yaml script so it find the manager proto file correctly

* fixe manager proto version

* fix agent tests

* fix server agent test

* fix attestation test

* fix attestation test gofumpt

* created dummy RWC for TPM

* fix comment

* add default PCR values

* rebase main

* fix rust ci and missing header

* changed embedded  attestation to VMPL 2

* fix unused impot

* fix pkg test

* address attestation type

* fix agent attestation test

* add prc15 check

* fix comments

* fix cli tests

* add doc

* add mock for LeveledQuoteProvider when SEV-SNP device is not found

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* fix manager reading attestation policy

* refactor PCR value checks and update attestation policy values

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

* fix tests for sev and grpc

---------

Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Co-authored-by: Sammy Oina <sammyoina@gmail.com>
2025-03-07 16:36:47 +01:00

154 lines
3.7 KiB
Go
Raw Blame History

// Copyright (c) Ultraviolet
// SPDX-License-Identifier: Apache-2.0
package manager
import (
"context"
"encoding/json"
"os"
"path/filepath"
"testing"
"github.com/stretchr/testify/assert"
"github.com/ultravioletrs/cocos/manager/qemu"
"github.com/ultravioletrs/cocos/manager/vm"
"github.com/ultravioletrs/cocos/manager/vm/mocks"
)
func CreateDummyAttestationPolicyBinary(t *testing.T, behavior string) string {
var content []byte
switch behavior {
case "success":
content = []byte(`#!/bin/sh
echo '{"policy": {"measurement": null, "host_data": null}}' > attestation_policy.json
`)
case "fail":
content = []byte(`#!/bin/sh
echo "Error: Failed to execute attestation policy" >&2
exit 1
`)
case "no_json":
content = []byte(`#!/bin/sh
echo 'No JSON file created'
`)
default:
t.Fatalf("Unknown behavior: %s", behavior)
}
tempDir := t.TempDir()
binaryPath := filepath.Join(tempDir, "attestation_policy")
err := os.WriteFile(binaryPath, content, 0o755)
assert.NoError(t, err)
return tempDir
}
func TestFetchAttestationPolicy(t *testing.T) {
testCases := []struct {
name string
computationId string
vmConfig interface{}
binaryBehavior string
expectedError string
expectedResult map[string]interface{}
}{
{
name: "Valid SEV configuration",
computationId: "sev-computation",
binaryBehavior: "success",
vmConfig: qemu.VMInfo{
Config: qemu.Config{
EnableSEV: true,
EnableSEVSNP: false,
SMPCount: 2,
CPU: "EPYC",
OVMFCodeConfig: qemu.OVMFCodeConfig{
File: "/path/to/OVMF_CODE.fd",
},
},
LaunchTCB: 0,
},
expectedError: "open /path/to/OVMF_CODE.fd: no such file or directory",
},
{
name: "Invalid computation ID",
computationId: "non-existent",
binaryBehavior: "success",
vmConfig: qemu.VMInfo{Config: qemu.Config{}, LaunchTCB: 0},
expectedError: "computationId non-existent not found",
},
{
name: "Invalid config type",
computationId: "invalid-config",
binaryBehavior: "success",
vmConfig: struct{}{},
expectedError: "failed to cast config to qemu.VMInfo",
},
{
name: "Binary execution failure",
computationId: "binary-fail",
binaryBehavior: "fail",
vmConfig: qemu.VMInfo{
Config: qemu.Config{
EnableSEV: true,
},
LaunchTCB: 0,
},
expectedError: "exit status 1",
},
{
name: "JSON file not created",
computationId: "no-json",
binaryBehavior: "no_json",
vmConfig: qemu.VMInfo{
Config: qemu.Config{
EnableSEV: true,
},
LaunchTCB: 0,
},
expectedError: "no such file or directory",
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
tempDir := CreateDummyAttestationPolicyBinary(t, tc.binaryBehavior)
defer os.RemoveAll(tempDir)
ms := &managerService{
vms: make(map[string]vm.VM),
attestationPolicyBinaryPath: tempDir,
qemuCfg: qemu.Config{
CPU: "EPYC",
},
}
mockVM := new(mocks.VM)
mockVM.On("GetConfig").Return(tc.vmConfig)
if tc.computationId != "non-existent" {
ms.vms[tc.computationId] = mockVM
}
result, err := ms.FetchAttestationPolicy(context.Background(), tc.computationId)
if tc.expectedError != "" {
assert.Error(t, err)
assert.Contains(t, err.Error(), tc.expectedError)
} else {
assert.NoError(t, err)
assert.NotNil(t, result)
var attestationPolicy map[string]interface{}
err = json.Unmarshal(result, &attestationPolicy)
assert.NoError(t, err)
assert.Equal(t, tc.expectedResult, attestationPolicy)
}
if tc.binaryBehavior == "success" {
os.Remove("attestation_policy.json")
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink