Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add http node attestor #4909

Merged
merged 56 commits into from
Aug 6, 2024
Merged

Add http node attestor #4909

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
56 commits
Select commit Hold shift + click to select a range
b322773
Add http challenge node attestor
kfox1111 May 10, 2024
f08d9d2
Fix various issues so it works again after refactor
kfox1111 May 11, 2024
009166f
Fix some issues
kfox1111 May 11, 2024
7caac6f
Fix some issues
kfox1111 May 11, 2024
3e68d07
Fix some issues
kfox1111 May 11, 2024
baaa4f6
Fix some issues
kfox1111 May 11, 2024
029f117
Fix some issues
kfox1111 May 11, 2024
82af10b
Fix some issues
kfox1111 May 11, 2024
86fbf7c
Fix some issues
kfox1111 May 11, 2024
727c5f9
Implement tofu. Incorperate feedback
kfox1111 May 15, 2024
9f42248
Fix some lint bits
kfox1111 May 16, 2024
76d761f
More lint
kfox1111 May 16, 2024
a693947
More lint
kfox1111 May 16, 2024
28dc797
Merge branch 'main' into http
kfox1111 May 16, 2024
6416f01
Merge branch 'main' into http
kfox1111 May 30, 2024
9e8897e
Apply suggestions from code review
kfox1111 Jun 5, 2024
fdfc837
Incorperate feedback
kfox1111 Jun 5, 2024
f8bc768
Merge branch 'http' of https://github.com/kfox1111/spire into http
kfox1111 Jun 5, 2024
b5a439e
Incorperate feedback
kfox1111 Jun 5, 2024
0656513
Incorperate feedback
kfox1111 Jun 5, 2024
6a94dfd
Fix example
kfox1111 Jun 5, 2024
4e8133e
Incorperate feedback
kfox1111 Jun 10, 2024
b0df1d6
Incorperate feedback
kfox1111 Jun 10, 2024
0c1d254
Incorperate feedback
kfox1111 Jun 11, 2024
effb6b3
Fix lint issues
kfox1111 Jun 12, 2024
d6f3b6a
Fix lint issues
kfox1111 Jun 12, 2024
6cdb65b
Fix 404 issue
kfox1111 Jun 17, 2024
98d7363
Fix lint issue
kfox1111 Jun 17, 2024
623ed12
Fix issue with protocol
kfox1111 Jun 18, 2024
968e90e
Merge branch 'main' into http
kfox1111 Jun 18, 2024
0e7dd47
Remove tempate
kfox1111 Jun 22, 2024
b687049
Apply suggestions from code review
kfox1111 Jun 22, 2024
1caaaec
Merge branch 'main' into http
kfox1111 Jun 22, 2024
069bb2b
Fix typo
kfox1111 Jun 22, 2024
69edbe1
Add some unit tests
kfox1111 Jun 24, 2024
41f1e74
Add a bunch of httpchallenge server plugin tests
kfox1111 Jul 16, 2024
92e72d5
Add some more tests
kfox1111 Jul 16, 2024
151d3c3
Test server works
kfox1111 Jul 17, 2024
b6c4a41
Add tofu checks
kfox1111 Jul 17, 2024
f00d02f
Add httpchallenge agent tests
kfox1111 Jul 19, 2024
81b205a
Incorperate feedback
kfox1111 Jul 19, 2024
501a957
gofmt files
kfox1111 Jul 19, 2024
a404aa3
Apply suggestions from code review
kfox1111 Jul 19, 2024
5ab497d
Fix lint issues
kfox1111 Jul 19, 2024
b5caee3
Fix lint issues
kfox1111 Jul 19, 2024
1af2187
Fix test
kfox1111 Jul 19, 2024
a2c0385
Incorperate feedback. Add localhost block.
kfox1111 Jul 20, 2024
be2b414
Fix test
kfox1111 Jul 20, 2024
2bec5df
Add test for localhost test. Incorperate feedback
kfox1111 Jul 20, 2024
4c95d25
Incorperate feedback
kfox1111 Jul 20, 2024
2ac078f
Fix lint issue
kfox1111 Jul 20, 2024
32f8f04
Merge branch 'main' into http
kfox1111 Jul 20, 2024
f47af5c
Merge branch 'main' into http
kfox1111 Jul 23, 2024
f596796
Update doc/plugin_server_nodeattestor_http_challenge.md
kfox1111 Aug 5, 2024
2880654
Merge branch 'main' into http
kfox1111 Aug 5, 2024
3dae7a2
Incorperate feedback
kfox1111 Aug 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add some unit tests 
Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
  • Loading branch information
@kfox1111
kfox1111 committed Jun 24, 2024
commit 69edbe12a1de007b30804323af002468f1437bdb
6 changes: 3 additions & 3 deletions pkg/common/plugin/httpchallenge/httpchallenge.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,14 +51,14 @@ func CalculateResponse(_ *Challenge) (*Response, error) {

func VerifyChallenge(attestationData *AttestationData, challenge *Challenge) error {
if strings.Contains(attestationData.HostName, "/") {
return fmt.Errorf("hostname can not contain a slash")
}
if strings.Contains(attestationData.HostName, ":") {
return fmt.Errorf("hostname can not contain a colon")
}
if strings.Contains(attestationData.AgentName, ".") {
return fmt.Errorf("agentname can not contain a dot")
}
if strings.Contains(challenge.Nonce, ".") {
return fmt.Errorf("nonce can not contain a dot")
}
turl := url.URL{
Scheme: "http",
Host: net.JoinHostPort(attestationData.HostName, strconv.Itoa(attestationData.Port)),
Expand Down
98 changes: 98 additions & 0 deletions pkg/common/plugin/httpchallenge/httpchallenge_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
package httpchallenge

import (
"context"
"net"
"net/http"
"net/http/httptest"
"strings"
"testing"

"github.com/stretchr/testify/require"
)

func TestValidateChallenge(t *testing.T) {
tests := []struct {
desc string
hostName string
agentName string
nonce string
testNonce string
expectErr string
}{
{
desc: "bad hostName",
hostName: "foo/bar",
agentName: "ok",
nonce: "1234",
testNonce: "1234",
expectErr: "hostname can not contain a slash",
},
{
desc: "bad hostName",
hostName: "foo:bar",
agentName: "ok",
nonce: "1234",
testNonce: "1234",
expectErr: "hostname can not contain a colon",
},
{
desc: "bad agentName",
hostName: "foo.bar",
agentName: "not.ok",
nonce: "1234",
testNonce: "1234",
expectErr: "agentname can not contain a dot",
},
{
desc: "fail nonce",
hostName: "foo.bar",
agentName: "ok",
nonce: "1234",
testNonce: "1235",
expectErr: "expected nonce \"1235\" but got \"1234\"",
},
{
desc: "success",
hostName: "foo.bar",
agentName: "ok",
nonce: "1234",
testNonce: "1234",
expectErr: "",
},
}

for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
ad := &AttestationData {
HostName: tt.hostName,
AgentName: tt.agentName,
Port: 80,
}
c := &Challenge {
Nonce: tt.testNonce,
}

testServer := httptest.NewServer(http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
res.Write([]byte(tt.nonce))

Check failure on line 77 in pkg/common/plugin/httpchallenge/httpchallenge_test.go

View workflow job for this annotation

GitHub Actions / lint (linux) 

Error return value of `res.Write` is not checked (errcheck)

Check failure on line 77 in pkg/common/plugin/httpchallenge/httpchallenge_test.go

View workflow job for this annotation

GitHub Actions / lint (windows) 

Error return value of `res.Write` is not checked (errcheck)
}))
defer func() { testServer.Close() }()

http.DefaultTransport.(*http.Transport).DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
kfox1111 marked this conversation as resolved.
Show resolved Hide resolved
if addr == "foo.bar:80" {
addr = strings.TrimPrefix(testServer.URL, "http://")
}
dialer := &net.Dialer{}
return dialer.DialContext(ctx, network, addr)
}

err := VerifyChallenge(ad, c)
if tt.expectErr != "" {
require.Error(t, err)
require.Contains(t, err.Error(), tt.expectErr)
return
}
require.NoError(t, err)
})
}
}
Loading