Test simple trust command line actions

Remove a default header in some but not all 'list' commands. Fix the sudigen behavior with respect to uuid and serial-number. Signed-off-by: Serge Hallyn <[email protected]>
project-machine · Apr 4, 2023 · ea56ef7 · ea56ef7
1 parent 0874dd3
commit ea56ef7
Show file tree

Hide file tree

Showing 8 changed files with 122 additions and 18 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -15,9 +15,13 @@ jobs:
       - name: install dependencies
         run: |
           sudo apt-get update
-          sudo apt-get install golang make openssl swtpm tpm2-tools qemu-kvm
-      - run: |
+          sudo apt-get install bats golang make openssl swtpm tpm2-tools qemu-kvm
+      - name: build
+        run: |
           make
+      - name: test
+        run: |
+          make test
       - name: Release
         uses: softprops/action-gh-release@v1
         if: startsWith(github.ref, 'refs/tags/')

diff --git a/Makefile b/Makefile
@@ -5,3 +5,9 @@ trust: cmd/trust/*.go pkg/trust/*.go
 
 clean:
 	rm -f trust
+
+.PHONY: test
+test: trust
+	bats tests/keyset.bats
+	bats tests/project.bats
+	bats tests/sudi.bats
diff --git a/cmd/trust/project.go b/cmd/trust/project.go
@@ -98,7 +98,6 @@ func doListProjects(ctx *cli.Context) error {
 		return fmt.Errorf("Failed reading keys directory %q: %w", trustDir, err)
 	}
 
-	fmt.Printf("Projects in %s:\n", keysetName)
 	for _, keyname := range dirs {
 		fmt.Printf("%s\n", keyname.Name())
 	}

diff --git a/cmd/trust/sudi.go b/cmd/trust/sudi.go
@@ -29,31 +29,24 @@ var sudiCmd = cli.Command{
 			Name:      "add",
 			Action:    doGenSudi,
 			Usage:     "add a new sudi key to project",
-			Flags: []cli.Flag{
-				cli.StringFlag {
-					Name: "uuid",
-					Usage: "specify a machine-uuid.  If unspecified, use random.",
-				},
-			},
-			ArgsUsage: "<keyset-name> <project-name> <serial-number>",
+			ArgsUsage: "<keyset-name> <project-name> [<serial-number>|uuid]",
 		},
 	},
 }
 
 // ~/.local/share/machine/trust/keys/
-//      keyset1/manifest/project-name/{uuid,privkey.pem,sudi.pem}
-//      keyset1/sudi/host-serial/{uuid,privkey.pem,sudi.pem,project-name}
+//      keyset1/manifest/project-name/{uuid,privkey.pem,cert.pem}
+//      keyset1/manifest/project-name/sudi/host-serial/{uuid,privkey.pem,cert.pem}
 func doGenSudi(ctx *cli.Context) error {
 	args := ctx.Args()
-	if len(args) != 3 && len(args) != 4 {
+	if len(args) != 2 && len(args) != 3 {
 		return fmt.Errorf("Wrong number of arguments (see \"--help\")")
 	}
 	keysetName := args[0]
 	projName := args[1]
-	serial := args[2]
 	var myUUID string
-	if ctx.IsSet("uuid") {
-		myUUID = ctx.String("uuid")
+	if len(args) == 3 {
+		myUUID = args[2]
 	} else {
 		myUUID = uuid.NewString()
 	}
@@ -73,7 +66,7 @@ func doGenSudi(ctx *cli.Context) error {
 	}
 
 	capath := filepath.Join(keysetPath, "sudi-ca")
-	snPath := filepath.Join(projPath, "sudi", serial)
+	snPath := filepath.Join(projPath, "sudi", myUUID)
 	prodUUID, err := os.ReadFile(filepath.Join(projPath, "uuid"))
 	if err != nil {
 		return errors.Wrapf(err, "Failed reading project UUID")
@@ -146,7 +139,6 @@ func doListSudi(ctx *cli.Context) error {
 		return fmt.Errorf("Failed reading sudi directory %q: %w", dir, err)
 	}
 
-	fmt.Printf("Sudis in %s:%s:\n", keysetName, projName)
 	for _, sn := range serials {
 		fmt.Printf("%s\n", sn.Name())
 	}

diff --git a/tests/helpers.bash b/tests/helpers.bash
@@ -0,0 +1,26 @@
+
+MDIR=~/.local/share/machine
+BACKUP=~/.local/share/machine.backup
+
+function common_setup {
+	export TOP_DIR=$(git rev-parse --show-toplevel)
+	export PATH=${TOP_DIR}:$PATH
+
+	MDIR=~/.local/share/machine
+	BACKUP=~/.local/share/machine.backup
+	if [ -d "$BACKUP" ]; then
+		rm -rf "$BACKUP"
+	fi
+	if [ -d "$MDIR" ]; then
+		mv "$MDIR" "$BACKUP"
+	fi
+}
+
+function common_teardown {
+	if [ -d "$MDIR" ]; then
+		rm -rf "$MDIR"
+	fi
+	if [ -d "$BACKUP" ]; then
+		mv "$BACKUP" "$MDIR"
+	fi
+}
diff --git a/tests/keyset.bats b/tests/keyset.bats
@@ -0,0 +1,22 @@
+load helpers
+
+function setup() {
+	common_setup
+}
+
+function teardown() {
+	common_teardown
+}
+
+@test "Create snakeoil keyset" {
+	trust keyset add snakeoil
+	[ -d "$MDIR/trust/keys/snakeoil/.git" ]
+	trust keyset list | grep snakeoil
+}
+
+@test "Create new keysets" {
+	trust keyset add zomg
+	trust keyset add --org "My organization" homenet
+	cnt=$(trust keyset list | wc -l)
+	[ $cnt -eq 2 ]
+}
diff --git a/tests/project.bats b/tests/project.bats
@@ -0,0 +1,22 @@
+load helpers
+
+function setup() {
+	common_setup
+}
+
+function teardown() {
+	common_teardown
+}
+
+@test "Keyset creation creates default project" {
+	trust keyset add zomg
+	trust project list zomg | grep default
+}
+
+@test "Create project" {
+	trust keyset add zomg
+	trust project add zomg newproject
+	trust project list zomg | grep newproject
+	cnt=$(trust project list zomg | wc -l)
+	[ $cnt -eq 2 ]
+}
diff --git a/tests/sudi.bats b/tests/sudi.bats
@@ -0,0 +1,33 @@
+load helpers
+
+function setup() {
+	common_setup
+}
+
+function teardown() {
+	common_teardown
+}
+
+@test "Keyset creation creates sudi" {
+	trust keyset add zomg
+	trust sudi list zomg default
+}
+
+@test "Project creation creates sudi" {
+	trust keyset add zomg
+	trust project add zomg newproject
+	trust sudi list zomg newproject
+}
+
+@test "Create sudi" {
+	trust keyset add zomg
+	trust project add zomg newproject
+	trust sudi add zomg newproject  # auto-create uuid
+	trust sudi add zomg newproject 88db65c5-8896-4908-bf8d-8ac04ff20d5c
+	[ -e "$MDIR/trust/keys/zomg/manifest/newproject/sudi/88db65c5-8896-4908-bf8d-8ac04ff20d5c/cert.pem" ]
+	trust sudi add zomg newproject SN0001
+	trust sudi add zomg newproject SN0002
+	trust sudi list zomg newproject | grep SN0001
+	cnt=$(trust sudi list zomg newproject | wc -l)
+	[ $cnt -eq 4 ]
+}