Skip to content

Commit

Permalink
More testing, cleanup
Browse files Browse the repository at this point in the history
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
  • Loading branch information
riyazdf committed Aug 2, 2016
1 parent cc9d381 commit 00e92ea
Show file tree
Hide file tree
Showing 8 changed files with 120 additions and 33 deletions.
13 changes: 13 additions & 0 deletions client/helpers_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"bytes"
"crypto/sha256"
"encoding/json"
"net/http"
"testing"
"time"

Expand Down Expand Up @@ -1019,3 +1020,15 @@ func TestAllNotNearExpiry(t *testing.T) {
require.NotContains(t, a.String(), "snapshot is nearing expiry, you should re-sign the role metadata", "Snapshot should not show near expiry")
require.NotContains(t, a.String(), "timestamp", "there should be no logrus warnings pertaining to timestamp")
}

func TestRotateRemoteKeyOffline(t *testing.T) {
// without a valid roundtripper, rotation should fail since we cannot initialize a HTTPStore
key, err := rotateRemoteKey("invalidURL", "gun", data.CanonicalSnapshotRole, nil)
require.Error(t, err)
require.Nil(t, key)

// if the underlying remote store is faulty and cannot rotate keys, we should get back the error
key, err = rotateRemoteKey("https://notary-server", "gun", data.CanonicalSnapshotRole, http.DefaultTransport)
require.Error(t, err)
require.Nil(t, key)
}
7 changes: 2 additions & 5 deletions server/handlers/default_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -193,8 +193,8 @@ func TestRotateKeyHandlerInvalidRole(t *testing.T) {
}
}

// Rotating the key fails if we don't pass a valid key algorithm, or if it isn't Ed25519
func TestRotateKeyHandlerNonED25519(t *testing.T) {
// Rotating the key fails if we don't pass a valid key algorithm
func TestRotateKeyHandlerInvalidKeyAlgo(t *testing.T) {
roles := []string{data.CanonicalTimestampRole, data.CanonicalSnapshotRole}
req := &http.Request{Body: ioutil.NopCloser(bytes.NewBuffer(nil))}

Expand All @@ -205,9 +205,6 @@ func TestRotateKeyHandlerNonED25519(t *testing.T) {
invalidKeyAlgoState.keyAlgo = "notactuallyakeyalgorithm"
err := rotateKeyHandler(getContext(invalidKeyAlgoState), recorder, req, vars)
require.Error(t, err)
invalidKeyAlgoState.keyAlgo = data.ECDSAKey
err = rotateKeyHandler(getContext(invalidKeyAlgoState), recorder, req, vars)
require.Error(t, err)
}
}

Expand Down
41 changes: 41 additions & 0 deletions server/snapshot/snapshot_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"bytes"
"crypto/sha256"
"encoding/hex"
"fmt"
"testing"
"time"

Expand Down Expand Up @@ -51,6 +52,46 @@ func TestGetSnapshotKeyCreate(t *testing.T) {
require.NotNil(t, k2, "Key should not be nil")
}

type FailingStore struct {
*storage.MemStorage
}

func (f FailingStore) GetCurrent(role, gun string) (*time.Time, []byte, error) {
return nil, nil, fmt.Errorf("failing store failed")
}

func TestGetSnapshotKeyCreateWithFailingStore(t *testing.T) {
store := FailingStore{storage.NewMemStorage()}
crypto := signed.NewEd25519()
k, err := GetOrCreateSnapshotKey("gun", store, crypto, data.ED25519Key)
require.Error(t, err, "Expected error")
require.Nil(t, k, "Key should be nil")
}

type CorruptedStore struct {
*storage.MemStorage
}

func (c CorruptedStore) GetCurrent(role, gun string) (*time.Time, []byte, error) {
return &time.Now(), []byte("junk"), nil
}

func TestGetTimestampKeyCreateWithCorruptedStore(t *testing.T) {
store := CorruptedStore{storage.NewMemStorage()}
crypto := signed.NewEd25519()
k, err := GetOrCreateTimestampKey("gun", store, crypto, data.ED25519Key)
require.Error(t, err, "Expected error")
require.Nil(t, k, "Key should be nil")
}

func TestGetSnapshotKeyCreateWithInvalidAlgo(t *testing.T) {
store := storage.NewMemStorage()
crypto := signed.NewEd25519()
k, err := GetOrCreateSnapshotKey("gun", store, crypto, "notactuallyanalgorithm")
require.Error(t, err, "Expected error")
require.Nil(t, k, "Key should be nil")
}

func TestGetSnapshotKeyExisting(t *testing.T) {

repo, crypto, err := testutils.EmptyRepo("gun")
Expand Down
10 changes: 4 additions & 6 deletions server/storage/rethinkdb.go
Original file line number Diff line number Diff line change
Expand Up @@ -267,12 +267,10 @@ func (rdb RethinkDB) Bootstrap() error {

// CheckHealth checks that all tables and databases exist and are query-able
func (rdb RethinkDB) CheckHealth() error {
for _, table := range []string{TUFFilesRethinkTable.Name} {
res, err := gorethink.DB(rdb.dbName).Table(table).Info().Run(rdb.sess)
if err != nil {
return fmt.Errorf("%s is unavailable, or missing one or more tables, or permissions are incorrectly set", rdb.dbName)
}
defer res.Close()
res, err := gorethink.DB(rdb.dbName).Table(TUFFilesRethinkTable.Name).Info().Run(rdb.sess)
if err != nil {
return fmt.Errorf("%s is unavailable, or missing one or more tables, or permissions are incorrectly set", rdb.dbName)
}
defer res.Close()
return nil
}
22 changes: 8 additions & 14 deletions server/storage/sqldb.go
Original file line number Diff line number Diff line change
Expand Up @@ -159,21 +159,15 @@ func (db *SQLStorage) Delete(gun string) error {
return db.Unscoped().Where(&TUFFile{Gun: gun}).Delete(TUFFile{}).Error
}

// CheckHealth asserts that both required tables are present
// CheckHealth asserts that the tuf_files table is present
func (db *SQLStorage) CheckHealth() error {
interfaces := []interface {
TableName() string
}{&TUFFile{}}

for _, model := range interfaces {
tableOk := db.HasTable(model)
if db.Error != nil {
return db.Error
}
if !tableOk {
return fmt.Errorf(
"Cannot access table: %s", model.TableName())
}
tableOk := db.HasTable(&TUFFile{})
if db.Error != nil {
return db.Error
}
if !tableOk {
return fmt.Errorf(
"Cannot access table: %s", TUFFile{}.TableName())
}
return nil
}
8 changes: 3 additions & 5 deletions server/storage/sqldb_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,9 @@ func SetupSQLDB(t *testing.T, dbtype, dburl string) *SQLStorage {

// verify that the tables are empty
var count int
for _, model := range [1]interface{}{&TUFFile{}} {
query := dbStore.DB.Model(model).Count(&count)
require.NoError(t, query.Error)
require.Equal(t, 0, count)
}
query := dbStore.DB.Model(&TUFFile{}).Count(&count)
require.NoError(t, query.Error)
require.Equal(t, 0, count)
return dbStore
}

Expand Down
44 changes: 42 additions & 2 deletions server/timestamp/timestamp_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,16 @@ package timestamp

import (
"bytes"
"fmt"
"testing"
"time"

"github.com/docker/go/canonical/json"
"github.com/docker/notary/server/storage"
"github.com/docker/notary/tuf/data"
"github.com/docker/notary/tuf/signed"
"github.com/docker/notary/tuf/testutils"
"github.com/stretchr/testify/require"

"github.com/docker/notary/server/storage"
)

func TestTimestampExpired(t *testing.T) {
Expand Down Expand Up @@ -226,3 +226,43 @@ func TestCreateTimestampNoKeyInCrypto(t *testing.T) {
require.Error(t, err)
require.IsType(t, signed.ErrInsufficientSignatures{}, err)
}

type FailingStore struct {
*storage.MemStorage
}

func (f FailingStore) GetCurrent(role, gun string) (*time.Time, []byte, error) {
return nil, nil, fmt.Errorf("failing store failed")
}

func TestGetTimestampKeyCreateWithFailingStore(t *testing.T) {
store := FailingStore{storage.NewMemStorage()}
crypto := signed.NewEd25519()
k, err := GetOrCreateTimestampKey("gun", store, crypto, data.ED25519Key)
require.Error(t, err, "Expected error")
require.Nil(t, k, "Key should be nil")
}

type CorruptedStore struct {
*storage.MemStorage
}

func (c CorruptedStore) GetCurrent(role, gun string) (*time.Time, []byte, error) {
return &time.Now(), []byte("junk"), nil
}

func TestGetTimestampKeyCreateWithCorruptedStore(t *testing.T) {
store := CorruptedStore{storage.NewMemStorage()}
crypto := signed.NewEd25519()
k, err := GetOrCreateTimestampKey("gun", store, crypto, data.ED25519Key)
require.Error(t, err, "Expected error")
require.Nil(t, k, "Key should be nil")
}

func TestGetSnapshotKeyCreateWithInvalidAlgo(t *testing.T) {
store := storage.NewMemStorage()
crypto := signed.NewEd25519()
k, err := GetOrCreateTimestampKey("gun", store, crypto, "notactuallyanalgorithm")
require.Error(t, err, "Expected error")
require.Nil(t, k, "Key should be nil")
}
8 changes: 7 additions & 1 deletion signer/keydbstore/keydbstore_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,14 +144,20 @@ func testMarkKeyActive(t *testing.T, dbStore keyActivator) (data.PrivateKey, dat
func testGetPendingKey(t *testing.T, dbStore keyActivator) (data.PrivateKey, data.PrivateKey) {
// Create a test key and add it to the db such that it will be pending (never marked active)
keyInfo := trustmanager.KeyInfo{Role: data.CanonicalSnapshotRole, Gun: "gun"}

// There should be no keys to start
retrievedKey, err := dbStore.GetPendingKey(keyInfo)
require.Error(t, err)
require.Nil(t, retrievedKey)

pendingTestKey, err := utils.GenerateECDSAKey(rand.Reader)
require.NoError(t, err)
requireGetKeyFailure(t, dbStore, pendingTestKey.ID())
err = dbStore.AddKey(keyInfo, pendingTestKey)
require.NoError(t, err)
requireGetKeySuccess(t, dbStore, data.CanonicalSnapshotRole, pendingTestKey)

retrievedKey, err := dbStore.GetPendingKey(keyInfo)
retrievedKey, err = dbStore.GetPendingKey(keyInfo)
require.NoError(t, err)
require.Equal(t, pendingTestKey.Public(), retrievedKey.Public())

Expand Down

0 comments on commit 00e92ea

Please sign in to comment.