util: address golangci-lint for kms

addressing golangci-lint issues for
the kms related code.

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
Madhu Rajanna 2024-04-04 10:55:00 +02:00 committed by mergify[bot]
parent 48d2e2ce2d
commit 2465310543
11 changed files with 64 additions and 67 deletions

View File

@ -19,11 +19,11 @@ package kms
import ( import (
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/require"
) )
func TestAWSMetadataKMSRegistered(t *testing.T) { func TestAWSMetadataKMSRegistered(t *testing.T) {
t.Parallel() t.Parallel()
_, ok := kmsManager.providers[kmsTypeAWSMetadata] _, ok := kmsManager.providers[kmsTypeAWSMetadata]
assert.True(t, ok) require.True(t, ok)
} }

View File

@ -19,11 +19,11 @@ package kms
import ( import (
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/require"
) )
func TestAWSSTSMetadataKMSRegistered(t *testing.T) { func TestAWSSTSMetadataKMSRegistered(t *testing.T) {
t.Parallel() t.Parallel()
_, ok := kmsManager.providers[kmsTypeAWSSTSMetadata] _, ok := kmsManager.providers[kmsTypeAWSSTSMetadata]
assert.True(t, ok) require.True(t, ok)
} }

View File

@ -19,11 +19,11 @@ package kms
import ( import (
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/require"
) )
func TestAzureKMSRegistered(t *testing.T) { func TestAzureKMSRegistered(t *testing.T) {
t.Parallel() t.Parallel()
_, ok := kmsManager.providers[kmsTypeAzure] _, ok := kmsManager.providers[kmsTypeAzure]
assert.True(t, ok) require.True(t, ok)
} }

View File

@ -19,11 +19,11 @@ package kms
import ( import (
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/require"
) )
func TestKeyProtectMetadataKMSRegistered(t *testing.T) { func TestKeyProtectMetadataKMSRegistered(t *testing.T) {
t.Parallel() t.Parallel()
_, ok := kmsManager.providers[kmsTypeKeyProtectMetadata] _, ok := kmsManager.providers[kmsTypeKeyProtectMetadata]
assert.True(t, ok) require.True(t, ok)
} }

View File

@ -19,11 +19,11 @@ package kms
import ( import (
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/require"
) )
func TestKMIPKMSRegistered(t *testing.T) { func TestKMIPKMSRegistered(t *testing.T) {
t.Parallel() t.Parallel()
_, ok := kmsManager.providers[kmsTypeKMIP] _, ok := kmsManager.providers[kmsTypeKMIP]
assert.True(t, ok) require.True(t, ok)
} }

View File

@ -19,7 +19,7 @@ package kms
import ( import (
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/require"
) )
func noinitKMS(args ProviderInitArgs) (EncryptionKMS, error) { func noinitKMS(args ProviderInitArgs) (EncryptionKMS, error) {
@ -47,9 +47,9 @@ func TestRegisterProvider(t *testing.T) {
for _, test := range tests { for _, test := range tests {
provider := test.provider provider := test.provider
if test.panics { if test.panics {
assert.Panics(t, func() { RegisterProvider(provider) }) require.Panics(t, func() { RegisterProvider(provider) })
} else { } else {
assert.True(t, RegisterProvider(provider)) require.True(t, RegisterProvider(provider))
} }
} }
} }

View File

@ -20,7 +20,7 @@ import (
"errors" "errors"
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/require"
) )
func TestSetConfigInt(t *testing.T) { func TestSetConfigInt(t *testing.T) {
@ -81,7 +81,7 @@ func TestSetConfigInt(t *testing.T) {
t.Errorf("setConfigInt() error = %v, wantErr %v", err, currentTT.err) t.Errorf("setConfigInt() error = %v, wantErr %v", err, currentTT.err)
} }
if err != nil { if err != nil {
assert.NotEqual(t, currentTT.value, currentTT.args.option) require.NotEqual(t, currentTT.value, currentTT.args.option)
} }
}) })
} }

View File

@ -20,7 +20,6 @@ import (
"context" "context"
"testing" "testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -32,24 +31,24 @@ func TestNewSecretsKMS(t *testing.T) {
kms, err := newSecretsKMS(ProviderInitArgs{ kms, err := newSecretsKMS(ProviderInitArgs{
Secrets: secrets, Secrets: secrets,
}) })
assert.Error(t, err) require.Error(t, err)
assert.Nil(t, kms) require.Nil(t, kms)
// set a passphrase and it should pass // set a passphrase and it should pass
secrets[encryptionPassphraseKey] = "plaintext encryption key" secrets[encryptionPassphraseKey] = "plaintext encryption key"
kms, err = newSecretsKMS(ProviderInitArgs{ kms, err = newSecretsKMS(ProviderInitArgs{
Secrets: secrets, Secrets: secrets,
}) })
assert.NotNil(t, kms) require.NotNil(t, kms)
assert.NoError(t, err) require.NoError(t, err)
} }
func TestGenerateNonce(t *testing.T) { func TestGenerateNonce(t *testing.T) {
t.Parallel() t.Parallel()
size := 64 size := 64
nonce, err := generateNonce(size) nonce, err := generateNonce(size)
assert.Equal(t, size, len(nonce)) require.Len(t, nonce, size)
assert.NoError(t, err) require.NoError(t, err)
} }
func TestGenerateCipher(t *testing.T) { func TestGenerateCipher(t *testing.T) {
@ -59,8 +58,8 @@ func TestGenerateCipher(t *testing.T) {
salt := "unique-id-for-the-volume" salt := "unique-id-for-the-volume"
aead, err := generateCipher(passphrase, salt) aead, err := generateCipher(passphrase, salt)
assert.NoError(t, err) require.NoError(t, err)
assert.NotNil(t, aead) require.NotNil(t, aead)
} }
func TestInitSecretsMetadataKMS(t *testing.T) { func TestInitSecretsMetadataKMS(t *testing.T) {
@ -73,16 +72,16 @@ func TestInitSecretsMetadataKMS(t *testing.T) {
// passphrase it not set, init should fail // passphrase it not set, init should fail
kms, err := initSecretsMetadataKMS(args) kms, err := initSecretsMetadataKMS(args)
assert.Error(t, err) require.Error(t, err)
assert.Nil(t, kms) require.Nil(t, kms)
// set a passphrase to get a working KMS // set a passphrase to get a working KMS
args.Secrets[encryptionPassphraseKey] = "my-passphrase-from-kubernetes" args.Secrets[encryptionPassphraseKey] = "my-passphrase-from-kubernetes"
kms, err = initSecretsMetadataKMS(args) kms, err = initSecretsMetadataKMS(args)
assert.NoError(t, err) require.NoError(t, err)
require.NotNil(t, kms) require.NotNil(t, kms)
assert.Equal(t, DEKStoreMetadata, kms.RequiresDEKStore()) require.Equal(t, DEKStoreMetadata, kms.RequiresDEKStore())
} }
func TestWorkflowSecretsMetadataKMS(t *testing.T) { func TestWorkflowSecretsMetadataKMS(t *testing.T) {
@ -98,7 +97,7 @@ func TestWorkflowSecretsMetadataKMS(t *testing.T) {
volumeID := "csi-vol-1b00f5f8-b1c1-11e9-8421-9243c1f659f0" volumeID := "csi-vol-1b00f5f8-b1c1-11e9-8421-9243c1f659f0"
kms, err := initSecretsMetadataKMS(args) kms, err := initSecretsMetadataKMS(args)
assert.NoError(t, err) require.NoError(t, err)
require.NotNil(t, kms) require.NotNil(t, kms)
// plainDEK is the (LUKS) passphrase for the volume // plainDEK is the (LUKS) passphrase for the volume
@ -107,25 +106,25 @@ func TestWorkflowSecretsMetadataKMS(t *testing.T) {
ctx := context.TODO() ctx := context.TODO()
encryptedDEK, err := kms.EncryptDEK(ctx, volumeID, plainDEK) encryptedDEK, err := kms.EncryptDEK(ctx, volumeID, plainDEK)
assert.NoError(t, err) require.NoError(t, err)
assert.NotEqual(t, "", encryptedDEK) require.NotEqual(t, "", encryptedDEK)
assert.NotEqual(t, plainDEK, encryptedDEK) require.NotEqual(t, plainDEK, encryptedDEK)
// with an incorrect volumeID, decrypting should fail // with an incorrect volumeID, decrypting should fail
decryptedDEK, err := kms.DecryptDEK(ctx, "incorrect-volumeID", encryptedDEK) decryptedDEK, err := kms.DecryptDEK(ctx, "incorrect-volumeID", encryptedDEK)
assert.Error(t, err) require.Error(t, err)
assert.Equal(t, "", decryptedDEK) require.Equal(t, "", decryptedDEK)
assert.NotEqual(t, plainDEK, decryptedDEK) require.NotEqual(t, plainDEK, decryptedDEK)
// with the right volumeID, decrypting should return the plainDEK // with the right volumeID, decrypting should return the plainDEK
decryptedDEK, err = kms.DecryptDEK(ctx, volumeID, encryptedDEK) decryptedDEK, err = kms.DecryptDEK(ctx, volumeID, encryptedDEK)
assert.NoError(t, err) require.NoError(t, err)
assert.NotEqual(t, "", decryptedDEK) require.NotEqual(t, "", decryptedDEK)
assert.Equal(t, plainDEK, decryptedDEK) require.Equal(t, plainDEK, decryptedDEK)
} }
func TestSecretsMetadataKMSRegistered(t *testing.T) { func TestSecretsMetadataKMSRegistered(t *testing.T) {
t.Parallel() t.Parallel()
_, ok := kmsManager.providers[kmsTypeSecretsMetadata] _, ok := kmsManager.providers[kmsTypeSecretsMetadata]
assert.True(t, ok) require.True(t, ok)
} }

View File

@ -20,13 +20,13 @@ import (
"errors" "errors"
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/require"
) )
func TestVaultTenantSAKMSRegistered(t *testing.T) { func TestVaultTenantSAKMSRegistered(t *testing.T) {
t.Parallel() t.Parallel()
_, ok := kmsManager.providers[kmsTypeVaultTenantSA] _, ok := kmsManager.providers[kmsTypeVaultTenantSA]
assert.True(t, ok) require.True(t, ok)
} }
func TestTenantSAParseConfig(t *testing.T) { func TestTenantSAParseConfig(t *testing.T) {

View File

@ -22,7 +22,6 @@ import (
"testing" "testing"
loss "github.com/libopenstorage/secrets" loss "github.com/libopenstorage/secrets"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -113,8 +112,8 @@ func TestDefaultVaultDestroyKeys(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
keyContext := vc.getDeleteKeyContext() keyContext := vc.getDeleteKeyContext()
destroySecret, ok := keyContext[loss.DestroySecret] destroySecret, ok := keyContext[loss.DestroySecret]
assert.NotEqual(t, destroySecret, "") require.NotEqual(t, "", destroySecret)
assert.True(t, ok) require.True(t, ok)
// setting vaultDestroyKeys to !true should remove the loss.DestroySecret entry // setting vaultDestroyKeys to !true should remove the loss.DestroySecret entry
config["vaultDestroyKeys"] = "false" config["vaultDestroyKeys"] = "false"
@ -122,11 +121,11 @@ func TestDefaultVaultDestroyKeys(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
keyContext = vc.getDeleteKeyContext() keyContext = vc.getDeleteKeyContext()
_, ok = keyContext[loss.DestroySecret] _, ok = keyContext[loss.DestroySecret]
assert.False(t, ok) require.False(t, ok)
} }
func TestVaultKMSRegistered(t *testing.T) { func TestVaultKMSRegistered(t *testing.T) {
t.Parallel() t.Parallel()
_, ok := kmsManager.providers[kmsTypeVault] _, ok := kmsManager.providers[kmsTypeVault]
assert.True(t, ok) require.True(t, ok)
} }

View File

@ -25,7 +25,6 @@ import (
"github.com/hashicorp/vault/api" "github.com/hashicorp/vault/api"
loss "github.com/libopenstorage/secrets" loss "github.com/libopenstorage/secrets"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -205,18 +204,18 @@ func TestTransformConfig(t *testing.T) {
config, err := transformConfig(cm) config, err := transformConfig(cm)
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, config["encryptionKMSType"], cm["KMS_PROVIDER"]) require.Equal(t, cm["KMS_PROVIDER"], config["encryptionKMSType"])
assert.Equal(t, config["vaultAddress"], cm["VAULT_ADDR"]) require.Equal(t, cm["VAULT_ADDR"], config["vaultAddress"])
assert.Equal(t, config["vaultBackend"], cm["VAULT_BACKEND"]) require.Equal(t, cm["VAULT_BACKEND"], config["vaultBackend"])
assert.Equal(t, config["vaultBackendPath"], cm["VAULT_BACKEND_PATH"]) require.Equal(t, cm["VAULT_BACKEND_PATH"], config["vaultBackendPath"])
assert.Equal(t, config["vaultDestroyKeys"], cm["VAULT_DESTROY_KEYS"]) require.Equal(t, cm["VAULT_DESTROY_KEYS"], config["vaultDestroyKeys"])
assert.Equal(t, config["vaultCAFromSecret"], cm["VAULT_CACERT"]) require.Equal(t, cm["VAULT_CACERT"], config["vaultCAFromSecret"])
assert.Equal(t, config["vaultTLSServerName"], cm["VAULT_TLS_SERVER_NAME"]) require.Equal(t, cm["VAULT_TLS_SERVER_NAME"], config["vaultTLSServerName"])
assert.Equal(t, config["vaultClientCertFromSecret"], cm["VAULT_CLIENT_CERT"]) require.Equal(t, cm["VAULT_CLIENT_CERT"], config["vaultClientCertFromSecret"])
assert.Equal(t, config["vaultClientCertKeyFromSecret"], cm["VAULT_CLIENT_KEY"]) require.Equal(t, cm["VAULT_CLIENT_KEY"], config["vaultClientCertKeyFromSecret"])
assert.Equal(t, config["vaultAuthNamespace"], cm["VAULT_AUTH_NAMESPACE"]) require.Equal(t, cm["VAULT_AUTH_NAMESPACE"], config["vaultAuthNamespace"])
assert.Equal(t, config["vaultNamespace"], cm["VAULT_NAMESPACE"]) require.Equal(t, cm["VAULT_NAMESPACE"], config["vaultNamespace"])
assert.Equal(t, config["vaultCAVerify"], "false") require.Equal(t, "false", config["vaultCAVerify"])
} }
func TestTransformConfigDefaults(t *testing.T) { func TestTransformConfigDefaults(t *testing.T) {
@ -226,15 +225,15 @@ func TestTransformConfigDefaults(t *testing.T) {
config, err := transformConfig(cm) config, err := transformConfig(cm)
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, config["encryptionKMSType"], cm["KMS_PROVIDER"]) require.Equal(t, cm["KMS_PROVIDER"], config["encryptionKMSType"])
assert.Equal(t, config["vaultDestroyKeys"], vaultDefaultDestroyKeys) require.Equal(t, vaultDefaultDestroyKeys, config["vaultDestroyKeys"])
assert.Equal(t, config["vaultCAVerify"], strconv.FormatBool(vaultDefaultCAVerify)) require.Equal(t, strconv.FormatBool(vaultDefaultCAVerify), config["vaultCAVerify"])
} }
func TestVaultTokensKMSRegistered(t *testing.T) { func TestVaultTokensKMSRegistered(t *testing.T) {
t.Parallel() t.Parallel()
_, ok := kmsManager.providers[kmsTypeVaultTokens] _, ok := kmsManager.providers[kmsTypeVaultTokens]
assert.True(t, ok) require.True(t, ok)
} }
func TestSetTenantAuthNamespace(t *testing.T) { func TestSetTenantAuthNamespace(t *testing.T) {
@ -259,7 +258,7 @@ func TestSetTenantAuthNamespace(t *testing.T) {
kms.setTenantAuthNamespace(config) kms.setTenantAuthNamespace(config)
assert.Equal(tt, vaultNamespace, config["vaultAuthNamespace"]) require.Equal(tt, vaultNamespace, config["vaultAuthNamespace"])
}) })
t.Run("inherit vaultAuthNamespace", func(tt *testing.T) { t.Run("inherit vaultAuthNamespace", func(tt *testing.T) {
@ -283,7 +282,7 @@ func TestSetTenantAuthNamespace(t *testing.T) {
// when inheriting from the global config, the config of the // when inheriting from the global config, the config of the
// tenant should not have vaultAuthNamespace configured // tenant should not have vaultAuthNamespace configured
assert.Equal(tt, nil, config["vaultAuthNamespace"]) require.Nil(tt, config["vaultAuthNamespace"])
}) })
t.Run("unset vaultAuthNamespace", func(tt *testing.T) { t.Run("unset vaultAuthNamespace", func(tt *testing.T) {
@ -306,7 +305,7 @@ func TestSetTenantAuthNamespace(t *testing.T) {
// global vaultAuthNamespace is not set, tenant // global vaultAuthNamespace is not set, tenant
// vaultAuthNamespace will be configured as vaultNamespace by // vaultAuthNamespace will be configured as vaultNamespace by
// default // default
assert.Equal(tt, nil, config["vaultAuthNamespace"]) require.Nil(tt, config["vaultAuthNamespace"])
}) })
t.Run("no vaultNamespace", func(tt *testing.T) { t.Run("no vaultNamespace", func(tt *testing.T) {
@ -326,6 +325,6 @@ func TestSetTenantAuthNamespace(t *testing.T) {
kms.setTenantAuthNamespace(config) kms.setTenantAuthNamespace(config)
assert.Equal(tt, nil, config["vaultAuthNamespace"]) require.Nil(tt, config["vaultAuthNamespace"])
}) })
} }