Skip to content

Commit

Permalink
HSM Functional Tests
Browse files Browse the repository at this point in the history
Signed-off-by: Mauricio Harley <[email protected]>
  • Loading branch information
xek authored and Mauricio Harley committed Dec 11, 2024
1 parent 6cbb57c commit be9984d
Show file tree
Hide file tree
Showing 4 changed files with 61 additions and 47 deletions.
22 changes: 13 additions & 9 deletions tests/functional/barbican_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import (
. "github.com/openstack-k8s-operators/lib-common/modules/common/test/helpers"

barbicanv1beta1 "github.com/openstack-k8s-operators/barbican-operator/api/v1beta1"
"github.com/openstack-k8s-operators/barbican-operator/controllers"
//"github.com/openstack-k8s-operators/barbican-operator/controllers"
"github.com/openstack-k8s-operators/barbican-operator/pkg/barbican"
condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition"
mariadb_test "github.com/openstack-k8s-operators/mariadb-operator/api/test/helpers"
Expand Down Expand Up @@ -425,11 +425,14 @@ var _ = Describe("Barbican controller", func() {

When("A Barbican with HSM is created", func() {
BeforeEach(func() {
DeferCleanup(k8sClient.Delete, ctx, CreateHSMLoginSecret(barbicanTest.Instance.Namespace, HSMLoginSecret))
DeferCleanup(k8sClient.Delete, ctx, CreateHSMCertsSecret(barbicanTest.Instance.Namespace, HSMCertsSecret))

DeferCleanup(th.DeleteInstance, CreateBarbican(barbicanTest.Instance, GetHSMBarbicanSpec()))
DeferCleanup(k8sClient.Delete, ctx, CreateBarbicanMessageBusSecret(barbicanTest.Instance.Namespace, barbicanTest.RabbitmqSecretName))
DeferCleanup(th.DeleteInstance, CreateBarbicanAPI(barbicanTest.Instance, GetHSMBarbicanAPISpec()))
DeferCleanup(k8sClient.Delete, ctx, CreateKeystoneAPISecret(barbicanTest.Instance.Namespace, SecretName))
// keystoneAPI := keystone.CreateKeystoneAPI(barbicanTest.Instance.Namespace)
DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(barbicanTest.Instance.Namespace))
DeferCleanup(
mariadb.DeleteDBService,
mariadb.CreateDBService(
Expand All @@ -441,22 +444,20 @@ var _ = Describe("Barbican controller", func() {
),
)
infra.SimulateTransportURLReady(barbicanTest.BarbicanTransportURL)
DeferCleanup(keystone.DeleteKeystoneAPI, keystone.CreateKeystoneAPI(barbicanTest.Instance.Namespace))
mariadb.SimulateMariaDBAccountCompleted(barbicanTest.BarbicanDatabaseAccount)
mariadb.SimulateMariaDBDatabaseCompleted(barbicanTest.BarbicanDatabaseName)
th.SimulateJobSuccess(barbicanTest.BarbicanDBSync)
// DeferCleanup(keystone.DeleteKeystoneAPI, keystoneAPI)
})

It("Creates BarbicanAPI", func() {
keystone.SimulateKeystoneEndpointReady(barbicanTest.BarbicanKeystoneEndpoint)

th.ExpectCondition(
/*th.ExpectCondition(
barbicanTest.Instance,
ConditionGetterFunc(BarbicanAPIConditionGetter),
condition.TLSInputReadyCondition,
corev1.ConditionTrue,
)
)*/

BarbicanAPIExists(barbicanTest.Instance)

Expand All @@ -473,10 +474,10 @@ var _ = Describe("Barbican controller", func() {
Expect(container.LivenessProbe.HTTPGet.Scheme).To(Equal(corev1.URISchemeHTTP))
})

It("Should have the right configuration contents", func() {
/*It("Should have the right configuration contents", func() {
/*keystone.SimulateKeystoneEndpointReady(barbicanTest.BarbicanKeystoneEndpoint)
mariadb.SimulateMariaDBAccountCompleted(barbicanTest.BarbicanDatabaseAccount)
mariadb.SimulateMariaDBDatabaseCompleted(barbicanTest.BarbicanDatabaseName)*/
mariadb.SimulateMariaDBDatabaseCompleted(barbicanTest.BarbicanDatabaseName)
cf := th.GetSecret(barbicanTest.BarbicanConfigSecret)
Expect(cf).ShouldNot(BeNil())
Expand All @@ -495,7 +496,10 @@ var _ = Describe("Barbican controller", func() {
controllers.P11PrepReadyCondition,
corev1.ConditionTrue,
)
})
})*/

//It("Should verify if the PKCS11 struct was correctly created", func() {
//})
})

// Run MariaDBAccount suite tests. these are pre-packaged ginkgo tests
Expand Down
12 changes: 12 additions & 0 deletions tests/functional/barbican_test_data.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ type BarbicanTestData struct {
BarbicanServicePublic types.NamespacedName
BarbicanServiceInternal types.NamespacedName
BarbicanConfigSecret types.NamespacedName
BarbicanHSMLoginSecret types.NamespacedName
BarbicanHSMCertsSecret types.NamespacedName
BarbicanConfigScripts types.NamespacedName
BarbicanConfigMapData types.NamespacedName
BarbicanScheduler types.NamespacedName
Expand Down Expand Up @@ -137,6 +139,16 @@ func GetBarbicanTestData(barbicanName types.NamespacedName) BarbicanTestData {
Namespace: barbicanName.Namespace,
Name: fmt.Sprintf("%s-%s", barbicanName.Name, "config-data"),
},
// This secret stores the password to connect to the HSM.
BarbicanHSMLoginSecret: types.NamespacedName{
Namespace: barbicanName.Namespace,
Name: "hsm-login",
},
// This secret stores the certificates used to interact with the HSM.
BarbicanHSMCertsSecret: types.NamespacedName{
Namespace: barbicanName.Namespace,
Name: "hsm-certs",
},
BarbicanConfigScripts: types.NamespacedName{
Namespace: barbicanName.Namespace,
Name: fmt.Sprintf("%s-%s", barbicanName.Name, "scripts"),
Expand Down
56 changes: 26 additions & 30 deletions tests/functional/base_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,17 +43,6 @@ func CreateKeystoneAPISecret(namespace string, name string) *corev1.Secret {
)
}

func CreateHSMSecret(namespace string, name string) *corev1.Secret {
return th.CreateSecret(
types.NamespacedName{Namespace: namespace, Name: name},
map[string][]byte{
"AdminPassword": []byte("12345678"),
"BarbicanPassword": []byte("12345678"),
"KeystoneDatabasePassword": []byte("12345678"),
},
)
}

func GetDefaultBarbicanSpec() map[string]interface{} {
return map[string]interface{}{
"databaseInstance": "openstack",
Expand Down Expand Up @@ -182,38 +171,34 @@ func GetTLSBarbicanAPISpec() map[string]interface{} {
})
return spec
}

// ========== End of TLS Stuff ============

// ========== HSM Stuff ============
func GetHSMBarbicanSpec() map[string]interface{} {
return map[string]interface{}{
"databaseInstance": "openstack",
"secret": SecretName,
"simpleCryptoBackendSecret": SecretName,
"barbicanAPI": GetHSMBarbicanAPISpec(),
}
}

func GetHSMBarbicanAPISpec() map[string]interface{} {
spec := GetDefaultBarbicanAPISpec()
spec := GetDefaultBarbicanSpec()
maps.Copy(spec, map[string]interface{}{
"enabledSecretStores": []string{"pkcs11"},
"globalDefaultSecretStore": "pkcs11",
"pkcs11": map[string]interface{}{
"type": HSMType,
"libraryPath": HSMLibraryPath,
"slotId": HSMSlotID,
"MKEKLabel": HSMMKEKLabel,
"HMACLabel": HSMHMACLabel,
"serverAddress": HSMServerAddress,
"clientAddress": HSMClientAddress,
"loginSecret": HSMLoginSecret,
"slotId": HSMSlotID,
"libraryPath": HSMLibraryPath,
"certificatesMountPoint": HSMCertificatesMountPoint,
"loginSecret": HSMLoginSecret,
"certificatesSecret": HSMCertsSecret,
"MKEKLabel": HSMMKEKLabel,
"HMACLabel": HSMHMACLabel,
"serverAddress": HSMServerAddress,
"clientAddress": HSMClientAddress,
"type": HSMType,
},
})
return spec
}

func GetHSMBarbicanAPISpec() map[string]interface{} {
return GetDefaultBarbicanAPISpec()
}

func CreateHSMLoginSecret(namespace string, name string) *corev1.Secret {
return th.CreateSecret(
types.NamespacedName{Namespace: namespace, Name: name},
Expand All @@ -223,6 +208,17 @@ func CreateHSMLoginSecret(namespace string, name string) *corev1.Secret {
)
}

func CreateHSMCertsSecret(namespace string, name string) *corev1.Secret {
return th.CreateSecret(
types.NamespacedName{Namespace: namespace, Name: name},
map[string][]byte{
"CACert.pem": []byte("dummy-data"),
HSMServerAddress + "Server.pem": []byte("dummy-data"),
HSMClientAddress + "Client.pem": []byte("dummy-data"),
HSMClientAddress + "Key.pem": []byte("dummy-data"),
},
)
}
// ========== End of HSM Stuff ============

func GetDefaultBarbicanAPISpec() map[string]interface{} {
Expand Down
18 changes: 10 additions & 8 deletions tests/functional/suite_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,14 +71,16 @@ const (
interval = time.Millisecond * 200

// HSM Constants
HSMType = "luna" // Using them Luna model without any specific selection criteria.
HSMLibraryPath = "/usr/local/luna/libs/64/libCryptoki2.so"
HSMSlotID = "1"
HSMMKEKLabel = "MKEKLabel"
HSMHMACLabel = "HMACLabel"
HSMServerAddress = "192.168.0.1"
HSMClientAddress = "192.168.0.2"
HSMLoginSecret = "hsm-secret"
HSMType = "luna" // Using them Luna model without any specific selection criteria.
HSMLibraryPath = "/usr/local/luna/libs/64/libCryptoki2.so"
HSMCertificatesMountPoint = "/usr/local/luna/config/certs"
HSMSlotID = "1"
HSMMKEKLabel = "MKEKLabel"
HSMHMACLabel = "HMACLabel"
HSMServerAddress = "192.168.0.1"
HSMClientAddress = "192.168.0.2"
HSMLoginSecret = "hsm-login"
HSMCertsSecret = "hsm-certs"
)

func TestAPIs(t *testing.T) {
Expand Down

0 comments on commit be9984d

Please sign in to comment.