Add unit tests for ccnp-server

- Add unit tests for ccnp-server - Update ccnp-server-deployment.yaml Signed-off-by: Yanbo0101 <[email protected]>
cc-api · Mar 4, 2024 · 5fc0f24 · 5fc0f24
1 parent 551f0ec
commit 5fc0f24
Show file tree

Hide file tree

Showing 3 changed files with 314 additions and 5 deletions.
diff --git a/deployment/kubernetes/manifests/ccnp-server-deployment.yaml b/deployment/kubernetes/manifests/ccnp-server-deployment.yaml
@@ -26,8 +26,6 @@ spec:
       - name: ccnp-server
         image: docker.io/library/ccnp-server:latest
         imagePullPolicy: IfNotPresent
-        securityContext:
-          privileged: true
         livenessProbe:
           exec:
             command: ["/usr/bin/grpc-health-probe", "-addr=unix:/run/ccnp/uds/ccnp-server.sock"]
@@ -46,11 +44,11 @@ spec:
           - name: proc
             mountPath: /proc
           - name: eventlog-entry
-            mountPath: /sys/firmware/acpi/tables/CCEL
+            mountPath: /run/firmware/acpi/tables/CCEL
           - name: eventlog-data
-            mountPath: /sys/firmware/acpi/tables/data/CCEL
+            mountPath: /run/firmware/acpi/tables/data/CCEL
           - name: ima-data
-            mountPath: /sys/kernel/security/
+            mountPath: /run/kernel/security/
       volumes:
         - name: proc
           hostPath:

diff --git a/service/ccnp-server/Cargo.toml b/service/ccnp-server/Cargo.toml
@@ -30,6 +30,7 @@ openssl = "0.10.63"
 
 [dev-dependencies]
 serial_test = { version ="2.0.0" }
+tower = { version = "0.4", features = ["util"] }
 
 [build-dependencies]
 tonic-build = "0.9"
diff --git a/service/ccnp-server/src/main.rs b/service/ccnp-server/src/main.rs
@@ -75,3 +75,313 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         .await?;
     Ok(())
 }
+
+#[cfg(test)]
+mod ccnp_server_test{
+    use super::*;
+    use serial_test::serial;
+    use policy::PolicyConfig;
+    use tower::service_fn;
+    use service::Service;
+    use std::fs::read_to_string;
+    use tokio::net::{UnixListener, UnixStream};
+    use tokio_stream::wrappers::UnixListenerStream;
+    use tonic::transport::{Server, Endpoint, Uri};
+    use ccnp_pb::{ccnp_client::CcnpClient, GetCcReportRequest, GetCcMeasurementRequest, GetCcEventlogRequest};
+
+    async fn creat_server() {
+        let sock = String::from("/tmp/ccnp-server.sock");
+        let policy_path = String::from("./configs/policy.yaml");
+        let policy = PolicyConfig::new(policy_path);
+
+        let _ = std::fs::remove_file(sock.clone());
+        let uds = match UnixListener::bind(sock.clone()) {
+            Ok(r) => r,
+            Err(e) => panic!("[ccnp-server]: bind UDS socket error: {:?}", e),
+        };
+
+        let uds_stream = UnixListenerStream::new(uds);
+        assert!(set_sock_perm(&sock.clone()).is_ok(), "set_perm failed");
+
+        let service = Service::new(policy);
+        tokio::spawn(async {
+            Server::builder()
+            .add_service(CcnpServer::new(service))
+            .serve_with_incoming(uds_stream)
+            .await
+            .unwrap();
+        });
+    }
+
+    async fn create_client() -> CcnpClient<Channel> {
+
+        let channel = Endpoint::try_from("http://[::]:40081")
+        .unwrap()
+       .connect_with_connector(service_fn(|_: Uri| {
+           let path = "/tmp/ccnp-server.sock";
+          UnixStream::connect(path)
+       }))
+       .await
+       .unwrap();
+
+        let client = CcnpClient::new(channel);
+        return client;
+    }
+
+    fn get_container_id() -> String {
+        let mountinfo = "/proc/self/mountinfo".to_string();
+        let docker_pattern = "/docker/containers/";
+        let k8s_pattern = "/kubelet/pods/";
+
+        let data_lines: Vec<String> = read_to_string(mountinfo)
+            .unwrap()
+            .lines()
+            .map(String::from)
+            .collect();
+
+        for line in data_lines {
+            if line.contains(docker_pattern){
+                let element = line.split(docker_pattern).last();
+                if element.is_some() {
+                    let (id, _) = element.unwrap().split_once('/').unwrap();
+                    return id.to_string();
+                } 
+            }
+
+            if line.contains(k8s_pattern) {
+                let element = line.split(k8s_pattern).last();
+                if element.is_some() {
+                    let (left, _) = element.unwrap().split_once('/').unwrap();
+                    let id = left.replace('-', "_");
+                    return id;
+                }
+            }
+        }
+        return "".to_string();
+    }
+
+    #[tokio::test]
+    #[serial]
+    async fn request_to_cc_report_normal() {
+        creat_server().await;
+        let mut client = create_client().await;
+
+        let container_id = get_container_id();
+        assert_ne!(container_id.len(), 0);
+
+        let request = tonic::Request::new(GetCcReportRequest {
+            container_id: container_id,
+            user_data: Some(base64::encode("123456781234567812345678123456781234567812345678")),
+            nonce: Some("12345678".to_string()),
+        });
+
+        let response = client.get_cc_report(request).await.unwrap().into_inner();
+        assert_eq!(response.cc_type, 1);
+        assert_ne!(response.cc_report.len(), 0);
+    }
+
+    #[tokio::test]
+    #[serial]
+    async fn request_to_cc_report_empty_container_id() {
+        creat_server().await;
+        let mut client = create_client().await;
+
+        let request = tonic::Request::new(GetCcReportRequest {
+            container_id: "".to_string(),
+            user_data: Some(base64::encode("123456781234567812345678123456781234567812345678")),
+            nonce: Some("12345678".to_string()),
+        });
+
+        let result = client.get_cc_report(request).await;
+        assert!(result.is_err(), "Excepted an error");
+    }
+
+    #[tokio::test]
+    #[serial]
+    async fn request_to_cc_report_empty_user_data() {
+        creat_server().await;
+        let mut client = create_client().await;
+
+        let container_id = get_container_id();
+        assert_ne!(container_id.len(), 0);
+
+        let request = tonic::Request::new(GetCcReportRequest {
+            container_id: container_id,
+            user_data: Some("".to_string()),
+            nonce: Some("12345678".to_string()),
+        });
+
+        let response = client.get_cc_report(request).await.unwrap().into_inner();
+        assert_eq!(response.cc_type, 1);
+        assert_ne!(response.cc_report.len(), 0);
+    }
+
+    #[tokio::test]
+    #[serial]
+    async fn request_to_cc_report_empty_nonce() {
+        creat_server().await;
+        let mut client = create_client().await;
+
+        let container_id = get_container_id();
+        assert_ne!(container_id.len(), 0);
+
+        let request = tonic::Request::new(GetCcReportRequest {
+            container_id: container_id,
+            user_data: Some(base64::encode("123456781234567812345678123456781234567812345678")),
+            nonce: Some("".to_string()),
+        });
+
+        let response = client.get_cc_report(request).await.unwrap().into_inner();
+        assert_eq!(response.cc_type, 1);
+        assert_ne!(response.cc_report.len(), 0);
+    }
+
+    #[tokio::test]
+    #[serial]
+    async fn request_to_cc_measurement_normal() {
+        creat_server().await;
+        let mut client = create_client().await;
+
+        let container_id = get_container_id();
+        assert_ne!(container_id.len(), 0);
+
+        let request = tonic::Request::new(GetCcMeasurementRequest {
+            container_id: container_id,
+            index: 0,
+            algo_id: 12,
+        });
+
+        let response = client.get_cc_measurement(request).await.unwrap().into_inner();
+        let cc_measurement = response.measurement.unwrap();
+        assert_eq!(cc_measurement.algo_id, 12);
+        assert_ne!(cc_measurement.hash.len(), 0)
+    }
+
+    #[tokio::test]
+    #[serial]
+    async fn request_to_cc_measurement_empty_container_id() {
+        creat_server().await;
+        let mut client = create_client().await;
+
+        let request = tonic::Request::new(GetCcMeasurementRequest {
+            container_id: "".to_string(),
+            index: 0,
+            algo_id: 12,
+        });
+
+        let result = client.get_cc_measurement(request).await;
+        assert!(result.is_err(), "Excepted an error");
+    }
+
+    #[tokio::test]
+    #[serial]
+    async fn request_to_cc_measurement_unexpected_index() {
+        creat_server().await;
+        let mut client = create_client().await;
+
+        let container_id = get_container_id();
+        assert_ne!(container_id.len(),0);
+
+        let request = tonic::Request::new(GetCcMeasurementRequest {
+            container_id: container_id,
+            index: 2,
+            algo_id: 12,
+        });
+
+        let result = client.get_cc_measurement(request).await;
+        assert!(result.is_err(),"Excepted an error");
+    }
+
+    #[tokio::test]
+    #[serial]
+    async fn request_to_cc_measurement_unexpected_algorithm() {
+        creat_server().await;
+        let mut client = create_client().await;
+
+        let container_id = get_container_id();
+        assert_ne!(container_id.len(),0);
+
+        let request = tonic::Request::new(GetCcMeasurementRequest {
+            container_id: container_id,
+            index: 0,
+            algo_id: 13,
+        });
+
+        let result = client.get_cc_measurement(request).await;
+        assert!(result.is_err(), "Excepted an error");
+    }
+
+    #[tokio::test]
+    #[serial]
+    async fn request_to_cc_eventlog_normal() {
+        creat_server().await;
+        let mut client = create_client().await;
+
+        let container_id = get_container_id();
+        assert_ne!(container_id.len(), 0);
+
+        let request = tonic::Request::new(GetCcEventlogRequest {
+            container_id: container_id,
+            start: Some(0),
+            count: Some(1),
+        });
+
+        let response = client.get_cc_eventlog(request).await.unwrap().into_inner();
+        assert_eq!(response.event_logs.len(), 1);
+
+        let event_log = response.event_logs[0].clone();
+        assert_eq!(event_log.event_type, 3);
+        assert_eq!(event_log.digests[0].algo_id, 4);
+        assert_ne!(event_log.event.len(), 0);
+    }
+
+    #[tokio::test]
+    #[serial]
+    async fn request_to_cc_eventlog_empty_container_id() {
+        creat_server().await;
+        let mut client = create_client().await;
+
+        let request = tonic::Request::new(GetCcEventlogRequest {
+            container_id: "".to_string(),
+            start: Some(0),
+            count: Some(1),
+        });
+
+        let result = client.get_cc_eventlog(request).await;
+        assert!(result.is_err(), "Excepted an error");
+    }
+
+    #[tokio::test]
+    #[serial]
+    async fn request_to_cc_eventlog_multiple_count() {
+        creat_server().await;
+        let mut client = create_client().await;
+
+        let container_id = get_container_id();
+        assert_ne!(container_id.len(),0);
+
+        let request = tonic::Request::new(GetCcEventlogRequest {
+            container_id: container_id,
+            start: Some(0),
+            count: Some(3),
+        });
+
+        let response = client.get_cc_eventlog(request).await.unwrap().into_inner();
+        assert_eq!(response.event_logs.len(), 3);
+
+        let event_log0 = response.event_logs[0].clone();
+        assert_eq!(event_log0.event_type, 3);
+        assert_eq!(event_log0.digests[0].algo_id, 4);
+        assert_ne!(event_log0.event.len(), 0);
+
+        let event_log1 = response.event_logs[1].clone();
+        assert_eq!(event_log1.event_type, 2147483659);
+        assert_eq!(event_log1.digests[0].algo_id, 12);
+        assert_ne!(event_log1.event.len(), 0);
+
+        let event_log2 = response.event_logs[2].clone();
+        assert_eq!(event_log2.event_type, 2147483658);
+        assert_eq!(event_log2.digests[0].algo_id, 12);
+        assert_ne!(event_log2.event.len(), 0);
+    }
+}