Merge pull request #3616 from jbaublitz/sss-tests

sss tests
stratis-storage · Jun 20, 2024 · 57f48c3 · 57f48c3
2 parents 9e92b48 + 3b43102
commit 57f48c3
Show file tree

Hide file tree

Showing 7 changed files with 109 additions and 131 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -75,60 +75,6 @@ jobs:
       - name: Test ${{ matrix.task }} on ${{ matrix.toolchain }} toolchain
         run: ${{ matrix.task }}
 
-  # TESTS WITH TANG
-  checks_with_tang:
-    strategy:
-      matrix:
-        include:
-          # MANDATORY CHECKS USING CURRENT DEVELOPMENT COMPILER
-          - task: >-
-              TANG_URL=tang
-              RUST_LOG=stratisd=debug
-              make -f Makefile test-clevis-loop
-            toolchain: 1.79.0  # CURRENT DEVELOPMENT RUST TOOLCHAIN
-            components: cargo
-            image: fedora:40  # CURRENT DEVELOPMENT ENVIRONMENT
-    runs-on: ubuntu-22.04
-    container:
-      image: ${{ matrix.image }}
-      options: --privileged -v /dev:/dev -v /run/udev:/run/udev --ipc=host
-    services:
-      tang:
-        # yamllint disable rule:line-length
-        image: ghcr.io/stratis-storage/stratisd/tang:38
-        credentials:
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-        options: --privileged -p 80:80
-    steps:
-      - uses: actions/checkout@v4
-      - name: Install dependencies for Fedora
-        # cracklib-dicts: https://github.com/stratis-storage/project/issues/581
-        run: >
-          dnf install -y
-          clang
-          cryptsetup-devel
-          clevis
-          clevis-luks
-          cracklib-dicts
-          curl
-          dbus-devel
-          device-mapper-devel
-          device-mapper-persistent-data
-          libblkid-devel
-          make
-          ncurses
-          sudo
-          systemd-devel
-          systemd-udev
-          xfsprogs
-      - uses: dtolnay/rust-toolchain@master
-        with:
-          components: ${{ matrix.components }}
-          toolchain: ${{ matrix.toolchain }}
-      - name: Test ${{ matrix.task }} on ${{ matrix.toolchain }} toolchain
-        run: ${{ matrix.task }}
-
   stratis-cli-checks:
     runs-on: ubuntu-22.04
     container:

diff --git a/.github/workflows/valgrind.yml b/.github/workflows/valgrind.yml
@@ -99,59 +99,6 @@ jobs:
       - name: Test ${{ matrix.task }} on ${{ matrix.toolchain }} toolchain
         run: ${{ matrix.task }}
 
-  # TESTS WITH TANG
-  checks_with_tang:
-    strategy:
-      matrix:
-        include:
-          # MANDATORY CHECKS USING CURRENT DEVELOPMENT COMPILER
-          - task: >-
-              TANG_URL=tang
-              RUST_LOG=stratisd=debug
-              make -f Makefile test-clevis-loop-valgrind
-            toolchain: 1.79.0  # CURRENT DEVELOPMENT RUST TOOLCHAIN
-            components: cargo
-            image: fedora:40  # CURRENT DEVELOPMENT ENVIRONMENT
-    runs-on: ubuntu-22.04
-    container:
-      image: ${{ matrix.image }}
-      options: --privileged -v /dev:/dev -v /run/udev:/run/udev --ipc=host
-    services:
-      tang:
-        # yamllint disable rule:line-length
-        image: ghcr.io/stratis-storage/stratisd/tang:38
-        credentials:
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-        options: --privileged -p 80:80
-    steps:
-      - uses: actions/checkout@v4
-      - name: Install dependencies for Fedora
-        run: >
-          dnf install -y
-          clang
-          cryptsetup-devel
-          clevis
-          clevis-luks
-          cracklib-dicts
-          curl
-          device-mapper-persistent-data
-          dbus-devel
-          jq
-          libblkid-devel
-          make
-          sudo
-          systemd-devel
-          systemd-udev
-          valgrind
-          xfsprogs
-      - uses: dtolnay/rust-toolchain@master
-        with:
-          components: ${{ matrix.components }}
-          toolchain: ${{ matrix.toolchain }}
-      - name: Test ${{ matrix.task }} on ${{ matrix.toolchain }} toolchain
-        run: ${{ matrix.task }}
-
   python-based-tests:
     strategy:
       matrix:

diff --git a/src/engine/strat_engine/backstore/crypt/mod.rs b/src/engine/strat_engine/backstore/crypt/mod.rs
@@ -534,4 +534,57 @@ mod tests {
             test_clevis_tang_configs,
         );
     }
+
+    fn test_clevis_sss_configs(paths: &[&Path]) {
+        let path = paths[0];
+        let pool_name = Name::new("pool_name".to_string());
+
+        assert!(CryptHandle::initialize(
+            path,
+            PoolUuid::new_v4(),
+            DevUuid::new_v4(),
+            pool_name.clone(),
+            &EncryptionInfo::ClevisInfo((
+                "sss".to_string(),
+                json!({"t": 1, "pins": {"tang": {"url": env::var("TANG_URL").expect("TANG_URL env var required")}, "tpm2": {}}}),
+            )),
+            None,
+        )
+        .is_err());
+        CryptHandle::initialize(
+            path,
+            PoolUuid::new_v4(),
+            DevUuid::new_v4(),
+            pool_name,
+            &EncryptionInfo::ClevisInfo((
+                "sss".to_string(),
+                json!({
+                    "t": 1,
+                    "stratis:tang:trust_url": true,
+                    "pins": {
+                        "tang": {"url": env::var("TANG_URL").expect("TANG_URL env var required")},
+                        "tpm2": {}
+                    }
+                }),
+            )),
+            None,
+        )
+        .unwrap();
+    }
+
+    #[test]
+    fn clevis_real_test_clevis_sss_configs() {
+        real::test_with_spec(
+            &real::DeviceLimits::Exactly(1, None, None),
+            test_clevis_sss_configs,
+        );
+    }
+
+    #[test]
+    fn clevis_loop_test_clevis_sss_configs() {
+        loopbacked::test_with_spec(
+            &loopbacked::DeviceLimits::Exactly(1, None),
+            test_clevis_sss_configs,
+        );
+    }
 }
diff --git a/tests-fmf/loop/main.fmf b/tests-fmf/loop/main.fmf
diff --git a/tests-fmf/python.fmf b/tests-fmf/python.fmf
@@ -0,0 +1,26 @@
+path: /tests/client-dbus
+duration: 20m
+
+require:
+  - clevis-luks
+  - make
+  - python3-dbus
+  - python3-dbus-client-gen
+  - python3-dbus-python-client-gen
+  - python3-psutil
+  - python3-pyudev
+
+environment:
+  TANG_URL: localhost
+  RUST_LOG: stratisd=debug
+  STRATISD: /usr/libexec/stratisd
+  STRATIS_DUMPMETADATA: /usr/bin/stratis-dumpmetadata
+  PYTHONPATH: ./src
+
+/udev:
+  summary: Run Python udev tests
+  test: make -f Makefile udev-tests
+
+/loop:
+  summary: Run Python tests that use loopbacked device framework
+  test: make -f Makefile tang-tests dump-metadata-tests
diff --git a/tests-fmf/rust.fmf b/tests-fmf/rust.fmf
@@ -0,0 +1,30 @@
+path: /
+duration: 20m
+
+require:
+  - cargo
+  - clang
+  - clevis-luks
+  - cryptsetup-devel
+  - dbus-devel
+  - libblkid-devel
+  - make
+  - python3-dbus
+  - python3-dbus-client-gen
+  - python3-dbus-python-client-gen
+  - python3-psutil
+  - python3-pyudev
+  - rust
+  - systemd-devel
+  - valgrind
+
+environment:
+  TANG_URL: localhost
+
+/valgrind:
+  test: make -f Makefile test-clevis-loop-valgrind
+  summary: Run Rust tests that use loopbacked device framework for Clevis with valgrind
+
+/loop:
+  test: make -f Makefile test-clevis-loop
+  summary: Run Rust tests that use loopbacked device framework for Clevis
diff --git a/tests-fmf/udev/main.fmf b/tests-fmf/udev/main.fmf