mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-17 20:00:23 +00:00
util: address golangci-lint for kms
addressing golangci-lint issues for the kms related code. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
parent
48d2e2ce2d
commit
2465310543
@ -19,11 +19,11 @@ package kms
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestAWSMetadataKMSRegistered(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, ok := kmsManager.providers[kmsTypeAWSMetadata]
|
||||
assert.True(t, ok)
|
||||
require.True(t, ok)
|
||||
}
|
||||
|
@ -19,11 +19,11 @@ package kms
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestAWSSTSMetadataKMSRegistered(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, ok := kmsManager.providers[kmsTypeAWSSTSMetadata]
|
||||
assert.True(t, ok)
|
||||
require.True(t, ok)
|
||||
}
|
||||
|
@ -19,11 +19,11 @@ package kms
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestAzureKMSRegistered(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, ok := kmsManager.providers[kmsTypeAzure]
|
||||
assert.True(t, ok)
|
||||
require.True(t, ok)
|
||||
}
|
||||
|
@ -19,11 +19,11 @@ package kms
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestKeyProtectMetadataKMSRegistered(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, ok := kmsManager.providers[kmsTypeKeyProtectMetadata]
|
||||
assert.True(t, ok)
|
||||
require.True(t, ok)
|
||||
}
|
||||
|
@ -19,11 +19,11 @@ package kms
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestKMIPKMSRegistered(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, ok := kmsManager.providers[kmsTypeKMIP]
|
||||
assert.True(t, ok)
|
||||
require.True(t, ok)
|
||||
}
|
||||
|
@ -19,7 +19,7 @@ package kms
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func noinitKMS(args ProviderInitArgs) (EncryptionKMS, error) {
|
||||
@ -47,9 +47,9 @@ func TestRegisterProvider(t *testing.T) {
|
||||
for _, test := range tests {
|
||||
provider := test.provider
|
||||
if test.panics {
|
||||
assert.Panics(t, func() { RegisterProvider(provider) })
|
||||
require.Panics(t, func() { RegisterProvider(provider) })
|
||||
} else {
|
||||
assert.True(t, RegisterProvider(provider))
|
||||
require.True(t, RegisterProvider(provider))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -20,7 +20,7 @@ import (
|
||||
"errors"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestSetConfigInt(t *testing.T) {
|
||||
@ -81,7 +81,7 @@ func TestSetConfigInt(t *testing.T) {
|
||||
t.Errorf("setConfigInt() error = %v, wantErr %v", err, currentTT.err)
|
||||
}
|
||||
if err != nil {
|
||||
assert.NotEqual(t, currentTT.value, currentTT.args.option)
|
||||
require.NotEqual(t, currentTT.value, currentTT.args.option)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
@ -20,7 +20,6 @@ import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
@ -32,24 +31,24 @@ func TestNewSecretsKMS(t *testing.T) {
|
||||
kms, err := newSecretsKMS(ProviderInitArgs{
|
||||
Secrets: secrets,
|
||||
})
|
||||
assert.Error(t, err)
|
||||
assert.Nil(t, kms)
|
||||
require.Error(t, err)
|
||||
require.Nil(t, kms)
|
||||
|
||||
// set a passphrase and it should pass
|
||||
secrets[encryptionPassphraseKey] = "plaintext encryption key"
|
||||
kms, err = newSecretsKMS(ProviderInitArgs{
|
||||
Secrets: secrets,
|
||||
})
|
||||
assert.NotNil(t, kms)
|
||||
assert.NoError(t, err)
|
||||
require.NotNil(t, kms)
|
||||
require.NoError(t, err)
|
||||
}
|
||||
|
||||
func TestGenerateNonce(t *testing.T) {
|
||||
t.Parallel()
|
||||
size := 64
|
||||
nonce, err := generateNonce(size)
|
||||
assert.Equal(t, size, len(nonce))
|
||||
assert.NoError(t, err)
|
||||
require.Len(t, nonce, size)
|
||||
require.NoError(t, err)
|
||||
}
|
||||
|
||||
func TestGenerateCipher(t *testing.T) {
|
||||
@ -59,8 +58,8 @@ func TestGenerateCipher(t *testing.T) {
|
||||
salt := "unique-id-for-the-volume"
|
||||
|
||||
aead, err := generateCipher(passphrase, salt)
|
||||
assert.NoError(t, err)
|
||||
assert.NotNil(t, aead)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, aead)
|
||||
}
|
||||
|
||||
func TestInitSecretsMetadataKMS(t *testing.T) {
|
||||
@ -73,16 +72,16 @@ func TestInitSecretsMetadataKMS(t *testing.T) {
|
||||
|
||||
// passphrase it not set, init should fail
|
||||
kms, err := initSecretsMetadataKMS(args)
|
||||
assert.Error(t, err)
|
||||
assert.Nil(t, kms)
|
||||
require.Error(t, err)
|
||||
require.Nil(t, kms)
|
||||
|
||||
// set a passphrase to get a working KMS
|
||||
args.Secrets[encryptionPassphraseKey] = "my-passphrase-from-kubernetes"
|
||||
|
||||
kms, err = initSecretsMetadataKMS(args)
|
||||
assert.NoError(t, err)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, kms)
|
||||
assert.Equal(t, DEKStoreMetadata, kms.RequiresDEKStore())
|
||||
require.Equal(t, DEKStoreMetadata, kms.RequiresDEKStore())
|
||||
}
|
||||
|
||||
func TestWorkflowSecretsMetadataKMS(t *testing.T) {
|
||||
@ -98,7 +97,7 @@ func TestWorkflowSecretsMetadataKMS(t *testing.T) {
|
||||
volumeID := "csi-vol-1b00f5f8-b1c1-11e9-8421-9243c1f659f0"
|
||||
|
||||
kms, err := initSecretsMetadataKMS(args)
|
||||
assert.NoError(t, err)
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, kms)
|
||||
|
||||
// plainDEK is the (LUKS) passphrase for the volume
|
||||
@ -107,25 +106,25 @@ func TestWorkflowSecretsMetadataKMS(t *testing.T) {
|
||||
ctx := context.TODO()
|
||||
|
||||
encryptedDEK, err := kms.EncryptDEK(ctx, volumeID, plainDEK)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEqual(t, "", encryptedDEK)
|
||||
assert.NotEqual(t, plainDEK, encryptedDEK)
|
||||
require.NoError(t, err)
|
||||
require.NotEqual(t, "", encryptedDEK)
|
||||
require.NotEqual(t, plainDEK, encryptedDEK)
|
||||
|
||||
// with an incorrect volumeID, decrypting should fail
|
||||
decryptedDEK, err := kms.DecryptDEK(ctx, "incorrect-volumeID", encryptedDEK)
|
||||
assert.Error(t, err)
|
||||
assert.Equal(t, "", decryptedDEK)
|
||||
assert.NotEqual(t, plainDEK, decryptedDEK)
|
||||
require.Error(t, err)
|
||||
require.Equal(t, "", decryptedDEK)
|
||||
require.NotEqual(t, plainDEK, decryptedDEK)
|
||||
|
||||
// with the right volumeID, decrypting should return the plainDEK
|
||||
decryptedDEK, err = kms.DecryptDEK(ctx, volumeID, encryptedDEK)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEqual(t, "", decryptedDEK)
|
||||
assert.Equal(t, plainDEK, decryptedDEK)
|
||||
require.NoError(t, err)
|
||||
require.NotEqual(t, "", decryptedDEK)
|
||||
require.Equal(t, plainDEK, decryptedDEK)
|
||||
}
|
||||
|
||||
func TestSecretsMetadataKMSRegistered(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, ok := kmsManager.providers[kmsTypeSecretsMetadata]
|
||||
assert.True(t, ok)
|
||||
require.True(t, ok)
|
||||
}
|
||||
|
@ -20,13 +20,13 @@ import (
|
||||
"errors"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestVaultTenantSAKMSRegistered(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, ok := kmsManager.providers[kmsTypeVaultTenantSA]
|
||||
assert.True(t, ok)
|
||||
require.True(t, ok)
|
||||
}
|
||||
|
||||
func TestTenantSAParseConfig(t *testing.T) {
|
||||
|
@ -22,7 +22,6 @@ import (
|
||||
"testing"
|
||||
|
||||
loss "github.com/libopenstorage/secrets"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
@ -113,8 +112,8 @@ func TestDefaultVaultDestroyKeys(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
keyContext := vc.getDeleteKeyContext()
|
||||
destroySecret, ok := keyContext[loss.DestroySecret]
|
||||
assert.NotEqual(t, destroySecret, "")
|
||||
assert.True(t, ok)
|
||||
require.NotEqual(t, "", destroySecret)
|
||||
require.True(t, ok)
|
||||
|
||||
// setting vaultDestroyKeys to !true should remove the loss.DestroySecret entry
|
||||
config["vaultDestroyKeys"] = "false"
|
||||
@ -122,11 +121,11 @@ func TestDefaultVaultDestroyKeys(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
keyContext = vc.getDeleteKeyContext()
|
||||
_, ok = keyContext[loss.DestroySecret]
|
||||
assert.False(t, ok)
|
||||
require.False(t, ok)
|
||||
}
|
||||
|
||||
func TestVaultKMSRegistered(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, ok := kmsManager.providers[kmsTypeVault]
|
||||
assert.True(t, ok)
|
||||
require.True(t, ok)
|
||||
}
|
||||
|
@ -25,7 +25,6 @@ import (
|
||||
|
||||
"github.com/hashicorp/vault/api"
|
||||
loss "github.com/libopenstorage/secrets"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
@ -205,18 +204,18 @@ func TestTransformConfig(t *testing.T) {
|
||||
|
||||
config, err := transformConfig(cm)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, config["encryptionKMSType"], cm["KMS_PROVIDER"])
|
||||
assert.Equal(t, config["vaultAddress"], cm["VAULT_ADDR"])
|
||||
assert.Equal(t, config["vaultBackend"], cm["VAULT_BACKEND"])
|
||||
assert.Equal(t, config["vaultBackendPath"], cm["VAULT_BACKEND_PATH"])
|
||||
assert.Equal(t, config["vaultDestroyKeys"], cm["VAULT_DESTROY_KEYS"])
|
||||
assert.Equal(t, config["vaultCAFromSecret"], cm["VAULT_CACERT"])
|
||||
assert.Equal(t, config["vaultTLSServerName"], cm["VAULT_TLS_SERVER_NAME"])
|
||||
assert.Equal(t, config["vaultClientCertFromSecret"], cm["VAULT_CLIENT_CERT"])
|
||||
assert.Equal(t, config["vaultClientCertKeyFromSecret"], cm["VAULT_CLIENT_KEY"])
|
||||
assert.Equal(t, config["vaultAuthNamespace"], cm["VAULT_AUTH_NAMESPACE"])
|
||||
assert.Equal(t, config["vaultNamespace"], cm["VAULT_NAMESPACE"])
|
||||
assert.Equal(t, config["vaultCAVerify"], "false")
|
||||
require.Equal(t, cm["KMS_PROVIDER"], config["encryptionKMSType"])
|
||||
require.Equal(t, cm["VAULT_ADDR"], config["vaultAddress"])
|
||||
require.Equal(t, cm["VAULT_BACKEND"], config["vaultBackend"])
|
||||
require.Equal(t, cm["VAULT_BACKEND_PATH"], config["vaultBackendPath"])
|
||||
require.Equal(t, cm["VAULT_DESTROY_KEYS"], config["vaultDestroyKeys"])
|
||||
require.Equal(t, cm["VAULT_CACERT"], config["vaultCAFromSecret"])
|
||||
require.Equal(t, cm["VAULT_TLS_SERVER_NAME"], config["vaultTLSServerName"])
|
||||
require.Equal(t, cm["VAULT_CLIENT_CERT"], config["vaultClientCertFromSecret"])
|
||||
require.Equal(t, cm["VAULT_CLIENT_KEY"], config["vaultClientCertKeyFromSecret"])
|
||||
require.Equal(t, cm["VAULT_AUTH_NAMESPACE"], config["vaultAuthNamespace"])
|
||||
require.Equal(t, cm["VAULT_NAMESPACE"], config["vaultNamespace"])
|
||||
require.Equal(t, "false", config["vaultCAVerify"])
|
||||
}
|
||||
|
||||
func TestTransformConfigDefaults(t *testing.T) {
|
||||
@ -226,15 +225,15 @@ func TestTransformConfigDefaults(t *testing.T) {
|
||||
|
||||
config, err := transformConfig(cm)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, config["encryptionKMSType"], cm["KMS_PROVIDER"])
|
||||
assert.Equal(t, config["vaultDestroyKeys"], vaultDefaultDestroyKeys)
|
||||
assert.Equal(t, config["vaultCAVerify"], strconv.FormatBool(vaultDefaultCAVerify))
|
||||
require.Equal(t, cm["KMS_PROVIDER"], config["encryptionKMSType"])
|
||||
require.Equal(t, vaultDefaultDestroyKeys, config["vaultDestroyKeys"])
|
||||
require.Equal(t, strconv.FormatBool(vaultDefaultCAVerify), config["vaultCAVerify"])
|
||||
}
|
||||
|
||||
func TestVaultTokensKMSRegistered(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, ok := kmsManager.providers[kmsTypeVaultTokens]
|
||||
assert.True(t, ok)
|
||||
require.True(t, ok)
|
||||
}
|
||||
|
||||
func TestSetTenantAuthNamespace(t *testing.T) {
|
||||
@ -259,7 +258,7 @@ func TestSetTenantAuthNamespace(t *testing.T) {
|
||||
|
||||
kms.setTenantAuthNamespace(config)
|
||||
|
||||
assert.Equal(tt, vaultNamespace, config["vaultAuthNamespace"])
|
||||
require.Equal(tt, vaultNamespace, config["vaultAuthNamespace"])
|
||||
})
|
||||
|
||||
t.Run("inherit vaultAuthNamespace", func(tt *testing.T) {
|
||||
@ -283,7 +282,7 @@ func TestSetTenantAuthNamespace(t *testing.T) {
|
||||
|
||||
// when inheriting from the global config, the config of the
|
||||
// tenant should not have vaultAuthNamespace configured
|
||||
assert.Equal(tt, nil, config["vaultAuthNamespace"])
|
||||
require.Nil(tt, config["vaultAuthNamespace"])
|
||||
})
|
||||
|
||||
t.Run("unset vaultAuthNamespace", func(tt *testing.T) {
|
||||
@ -306,7 +305,7 @@ func TestSetTenantAuthNamespace(t *testing.T) {
|
||||
// global vaultAuthNamespace is not set, tenant
|
||||
// vaultAuthNamespace will be configured as vaultNamespace by
|
||||
// default
|
||||
assert.Equal(tt, nil, config["vaultAuthNamespace"])
|
||||
require.Nil(tt, config["vaultAuthNamespace"])
|
||||
})
|
||||
|
||||
t.Run("no vaultNamespace", func(tt *testing.T) {
|
||||
@ -326,6 +325,6 @@ func TestSetTenantAuthNamespace(t *testing.T) {
|
||||
|
||||
kms.setTenantAuthNamespace(config)
|
||||
|
||||
assert.Equal(tt, nil, config["vaultAuthNamespace"])
|
||||
require.Nil(tt, config["vaultAuthNamespace"])
|
||||
})
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user