Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revamping rekor e2e - part 4 of N #1218

Merged
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -90,8 +90,8 @@ jobs:

- name: CLI
run: ./tests/e2e-test.sh
- name: PKG-CLI # this will a WIP to move all the CLI tests to the pkg repo
run: ./pkg/e2e-test.sh
- name: Refactor-e2e # this will a WIP to move all the tests to respective packages
run: ./e2e-test.sh
- name: Upload logs if they exist
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
if: failure()
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ logid
!rekor-cli/
rekor-cli
rekor-server
!rekor-server/
/tests/rekor-server
/server
swagger
Expand Down
52 changes: 52 additions & 0 deletions cmd/rekor-server/e2e_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
//
// Copyright 2022 The Sigstore Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//go:build e2e

package main

import (
"io/ioutil"
"path/filepath"
"testing"

"github.com/sigstore/rekor/pkg/util"
)

func TestDuplicates(t *testing.T) {
artifactPath := filepath.Join(t.TempDir(), "artifact")
sigPath := filepath.Join(t.TempDir(), "signature.asc")

util.CreatedPGPSignedArtifact(t, artifactPath, sigPath)

// Write the public key to a file
pubPath := filepath.Join(t.TempDir(), "pubKey.asc")
if err := ioutil.WriteFile(pubPath, []byte(util.PubKey), 0644); err != nil {
t.Fatal(err)
}

// Now upload to rekor!
out := util.RunCli(t, "upload", "--artifact", artifactPath, "--signature", sigPath, "--public-key", pubPath)
util.OutputContains(t, out, "Created entry at")

// Now upload the same one again, we should get a dupe entry.
out = util.RunCli(t, "upload", "--artifact", artifactPath, "--signature", sigPath, "--public-key", pubPath)
util.OutputContains(t, out, "Entry already exists")

// Now do a new one, we should get a new entry
util.CreatedPGPSignedArtifact(t, artifactPath, sigPath)
out = util.RunCli(t, "upload", "--artifact", artifactPath, "--signature", sigPath, "--public-key", pubPath)
util.OutputContains(t, out, "Created entry at")
}
2 changes: 1 addition & 1 deletion pkg/e2e-test.sh → e2e-test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ REKORTMPDIR="$(mktemp -d -t rekor_test.XXXXXX)"
cp $dir/rekor-cli $REKORTMPDIR/rekor-cli
touch $REKORTMPDIR.rekor.yaml
trap "rm -rf $REKORTMPDIR" EXIT
if ! REKORTMPDIR=$REKORTMPDIR go test -tags=e2e ./pkg/...; then
if ! REKORTMPDIR=$REKORTMPDIR go test -tags=e2e $(go list ./... | grep -v ./tests) ; then
docker-compose logs --no-color > /tmp/docker-compose.log
exit 1
fi
Expand Down
121 changes: 121 additions & 0 deletions pkg/pki/minisign/minisign_e2e_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
//
// Copyright 2022 The Sigstore Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//go:build e2e

package minisign

import (
"path/filepath"
"reflect"
"strings"
"testing"

"github.com/sigstore/rekor/pkg/util"
)

func TestMinisign(t *testing.T) {
// Create a keypair
keyPath := filepath.Join(t.TempDir(), "minisign.key")
pubPath := filepath.Join(t.TempDir(), "minisign.pub")

// Set an empty password, we have to hit enter twice to confirm
util.Run(t, "\n\n", "minisign", "-G", "-s", keyPath, "-p", pubPath)

// Create a random artifact and sign it.
artifactPath := filepath.Join(t.TempDir(), "artifact")
sigPath := filepath.Join(t.TempDir(), "signature.asc")
util.CreateArtifact(t, artifactPath)

// Send in one empty password over stdin
out := util.Run(t, "\n", "minisign", "-S", "-s", keyPath, "-m", artifactPath, "-x", sigPath)
t.Log(out)

// Now upload to the log!
out = util.RunCli(t, "upload", "--artifact", artifactPath, "--signature", sigPath,
"--public-key", pubPath, "--pki-format", "minisign")
util.OutputContains(t, out, "Created entry at")

uuidA := util.GetUUIDFromUploadOutput(t, out)

out = util.RunCli(t, "verify", "--artifact", artifactPath, "--signature", sigPath,
"--public-key", pubPath, "--pki-format", "minisign")
util.OutputContains(t, out, "Inclusion Proof")

out = util.RunCli(t, "search", "--public-key", pubPath, "--pki-format", "minisign")
util.OutputContains(t, out, uuidA)

// crease a second artifact and sign it
artifactPath_B := filepath.Join(t.TempDir(), "artifact2")
util.CreateArtifact(t, artifactPath_B)
out = util.Run(t, "\n", "minisign", "-S", "-s", keyPath, "-m", artifactPath_B, "-x", sigPath)
// Now upload to the log!
out = util.RunCli(t, "upload", "--artifact", artifactPath_B, "--signature", sigPath,
"--public-key", pubPath, "--pki-format", "minisign")
util.OutputContains(t, out, "Created entry at")
uuidB := util.GetUUIDFromUploadOutput(t, out)

tests := []struct {
name string
expectedUuidACount int
expectedUuidBCount int
artifact string
operator string
}{
{
name: "artifact A AND signature should return artifact A",
expectedUuidACount: 1,
expectedUuidBCount: 0,
artifact: artifactPath,
operator: "and",
},
{
name: "artifact A OR signature should return artifact A and B",
expectedUuidACount: 1,
expectedUuidBCount: 1,
artifact: artifactPath,
operator: "or",
},
{
name: "artifact B AND signature should return artifact B",
expectedUuidACount: 0,
expectedUuidBCount: 1,
artifact: artifactPath_B,
operator: "and",
},
{
name: "artifact B OR signature should return artifact A and B",
expectedUuidACount: 1,
expectedUuidBCount: 1,
artifact: artifactPath_B,
operator: "or",
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
out = util.RunCli(t, "search", "--public-key", pubPath, "--pki-format", "minisign",
"--operator", test.operator, "--artifact", test.artifact)

expected := map[string]int{uuidA: test.expectedUuidACount, uuidB: test.expectedUuidBCount}
actual := map[string]int{
uuidA: strings.Count(out, uuidA),
uuidB: strings.Count(out, uuidB),
}
if !reflect.DeepEqual(expected, actual) {
t.Errorf("expected to find %v, found %v", expected, actual)
}
})
}
}
64 changes: 64 additions & 0 deletions pkg/pki/ssh/e2e_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
//
// Copyright 2022 The Sigstore Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//go:build e2e

package ssh

import (
"github.com/sigstore/rekor/pkg/util"
"io/ioutil"
"path/filepath"
"strings"
"testing"
)

func TestSSH(t *testing.T) {
td := t.TempDir()
// Create a keypair
keyPath := filepath.Join(td, "id_rsa")
pubPath := filepath.Join(td, "id_rsa.pub")

if err := ioutil.WriteFile(pubPath, []byte(publicKey), 0600); err != nil {
t.Fatal(err)
}
if err := ioutil.WriteFile(keyPath, []byte(privateKey), 0600); err != nil {
t.Fatal(err)
}

// Create a random artifact and sign it.
artifactPath := filepath.Join(td, "artifact")
sigPath := filepath.Join(td, "signature.sig")
artifact := util.CreateArtifact(t, artifactPath)

sig := SSHSign(t, strings.NewReader(artifact))
if err := ioutil.WriteFile(sigPath, []byte(sig), 0600); err != nil {
t.Fatal(err)
}

// Now upload to the log!
out := util.RunCli(t, "upload", "--artifact", artifactPath, "--signature", sigPath,
"--public-key", pubPath, "--pki-format", "ssh")
util.OutputContains(t, out, "Created entry at")

uuid := util.GetUUIDFromUploadOutput(t, out)

out = util.RunCli(t, "verify", "--artifact", artifactPath, "--signature", sigPath,
"--public-key", pubPath, "--pki-format", "ssh")
util.OutputContains(t, out, "Inclusion Proof")

out = util.RunCli(t, "search", "--public-key", pubPath, "--pki-format", "ssh")
util.OutputContains(t, out, uuid)
}
11 changes: 4 additions & 7 deletions tests/ssh.go → pkg/pki/ssh/ssh_e2e_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,22 +14,19 @@
// limitations under the License.

//go:build e2e
// +build e2e

package e2e
package ssh

import (
"bytes"
"io"
"io/ioutil"
"testing"

"github.com/sigstore/rekor/pkg/pki/ssh"
)

var (
// Generated with "ssh-keygen -C test@rekor.dev -f id_rsa"
sshPrivateKey = `-----BEGIN OPENSSH PRIVATE KEY-----
privateKey = `-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEA16H5ImoRO7mr41r8Z8JFBdu6jIM+6XU8M0r9F81RuhLYqzr9zw1n
LeGCqFxPXNBKm8ZyH2BCsBHsbXbwe85IMHM3SUh8X/9fI0Lpi5/xbqAproFUpNR+UJYv6s
Expand Down Expand Up @@ -68,7 +65,7 @@ lL4qHtXBEzaT8okkcGZBHdSx3gk4TzCsEDOP7ZZPLq42lpKMK10zFPTMd0maXtJDYKU/b4
gAATvvPoylyYUAAAAOdGVzdEByZWtvci5kZXYBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----
`
sshPublicKey = `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXofkiahE7uavjWvxnwkUF27qMgz7pdTwzSv0XzVG6EtirOv3PDWct4YKoXE9c0EqbxnIfYEKwEextdvB7zkgwczdJSHxf/18jQumLn/FuoCmugVSk1H5Qli/qzwBpaTnOk3WuakGuoYUl8ZAokKKgOKLA0aZJ1WRQ2ZCZggA3EkwNZiY17y9Q6HqdgQcH6XN8aAMADNVJdMAJb33hSRJjjsAPTmzBTishP8lYDoGRSsSE7/8XRBCEV5E4I8mI9GElcZwV/1KJx98mpH8QvMzXM1idFcwPRtt1NTAOshwgUU0Fu1x8lU5RQIa6ZKW36qNQLvLxy/BscC7B/mdLptoDs/ot9NimUXZcgCR1a2Q3o7Wi6jIgcgJcyV10Nba81ol4RdN4qPHnVZIzuo+dBkqwG3CMtB4Rj84+Qi+7zyU01hIPreoxQDXaayiGPBUUIiAlW9gsiuRWJzNnu3cvuWDLVfQIkjh7Wug58z+v2NOJ7IMdyERillhzDcvVHaq14+U= test@rekor.dev
publicKey = `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXofkiahE7uavjWvxnwkUF27qMgz7pdTwzSv0XzVG6EtirOv3PDWct4YKoXE9c0EqbxnIfYEKwEextdvB7zkgwczdJSHxf/18jQumLn/FuoCmugVSk1H5Qli/qzwBpaTnOk3WuakGuoYUl8ZAokKKgOKLA0aZJ1WRQ2ZCZggA3EkwNZiY17y9Q6HqdgQcH6XN8aAMADNVJdMAJb33hSRJjjsAPTmzBTishP8lYDoGRSsSE7/8XRBCEV5E4I8mI9GElcZwV/1KJx98mpH8QvMzXM1idFcwPRtt1NTAOshwgUU0Fu1x8lU5RQIa6ZKW36qNQLvLxy/BscC7B/mdLptoDs/ot9NimUXZcgCR1a2Q3o7Wi6jIgcgJcyV10Nba81ol4RdN4qPHnVZIzuo+dBkqwG3CMtB4Rj84+Qi+7zyU01hIPreoxQDXaayiGPBUUIiAlW9gsiuRWJzNnu3cvuWDLVfQIkjh7Wug58z+v2NOJ7IMdyERillhzDcvVHaq14+U= test@rekor.dev
`
)

Expand All @@ -78,7 +75,7 @@ func SSHSign(t *testing.T, m io.Reader) []byte {
if err != nil {
t.Fatal(err)
}
sig, err := ssh.Sign(sshPrivateKey, bytes.NewReader(data))
sig, err := Sign(privateKey, bytes.NewReader(data))
if err != nil {
t.Fatal(err)
}
Expand Down
Loading