testutil

package

v0.0.0-...-ce7e112 Latest Latest Go to latest Published: Jan 3, 2024 License: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + 2 more Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/GoogleCloudPlatform/stet

Documentation ¶

Overview ¶

Package testutil contains utilities for unit tests.

Index ¶

Variables
func CRC32C(data []byte) uint32
func CreateEnabledCryptoKey(protectionLevel kmsrpb.ProtectionLevel, name string) *kmsrpb.CryptoKey
func CreateTempTokenFile(t *testing.T) string
func FakeKMSUnwrap(wrapped []byte, name string) []byte
func FakeKMSWrap(unwrapped []byte, name string) []byte
func ValidDecryptResponse(req *kmsspb.DecryptRequest) *kmsspb.DecryptResponse
func ValidEncryptResponse(req *kmsspb.EncryptRequest) *kmsspb.EncryptResponse
type FakeCloudEKMClient
- func (f *FakeCloudEKMClient) Close() error
- func (f *FakeCloudEKMClient) GetEkmConnection(ctx context.Context, req *ekmpb.GetEkmConnectionRequest, ...) (*ekmpb.EkmConnection, error)
type FakeKeyManagementClient
type FakeSecureSessionClient
type KEK
- func (k *KEK) URI() string

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// ExternalEKMURI is the external URI corresponding to ExternalKEK.
	ExternalEKMURI = "https://my-kms.io/external-key"

	// ExternalVPCBackend represents the ekmConnection for an External_VPC KEK.
	ExternalVPCBackend = "projects/test/locations/test/ekmConnection/testConn"
	// ExternalVPCHostname represents the external URI hostname for an External_VPC KEK.
	ExternalVPCHostname = "testvpchost"
	// ExternalVPCKeyPath represents the keyPath for an External_VPC KEK.
	ExternalVPCKeyPath = "api/v1/cckm/ekm/endpoints/testpath"
)

View Source

var (
	// SoftwareKEK represents a test KEK with the Software protection level.
	SoftwareKEK = newKEK("testSoftware", kmsrpb.ProtectionLevel_SOFTWARE)
	// HSMKEK represents a test KEK with the HSM protection level.
	HSMKEK = newKEK("testHsm", kmsrpb.ProtectionLevel_HSM)
	// ExternalKEK represents a test KEK with the External protection level.
	ExternalKEK = newKEK("testExternal", kmsrpb.ProtectionLevel_EXTERNAL)
	// VPCKEK represents a test KEK with the External_VPC protection level.
	VPCKEK = newKEK("testExternalVPC", kmsrpb.ProtectionLevel_EXTERNAL_VPC)
)

Functions ¶

func CRC32C ¶

func CRC32C(data []byte) uint32

CRC32C returns the Castagnoli CRC32 checksum of the given data.

func CreateEnabledCryptoKey ¶

func CreateEnabledCryptoKey(protectionLevel kmsrpb.ProtectionLevel, name string) *kmsrpb.CryptoKey

CreateEnabledCryptoKey creates a fake CryptoKey with the given protection level and name of the format "projects/*/locations/*/keyRings/*/cryptoKeys/*".

func CreateTempTokenFile ¶

func CreateTempTokenFile(t *testing.T) string

CreateTempTokenFile creates a temp directory/file as a stand-in for the attestation token.

func FakeKMSUnwrap ¶

func FakeKMSUnwrap(wrapped []byte, name string) []byte

FakeKMSUnwrap returns a fake unwrapped share.

func FakeKMSWrap ¶

func FakeKMSWrap(unwrapped []byte, name string) []byte

FakeKMSWrap returns a fake wrapped share.

func ValidDecryptResponse ¶

func ValidDecryptResponse(req *kmsspb.DecryptRequest) *kmsspb.DecryptResponse

ValidDecryptResponse returns a fake successful response for CloudKMS Decrypt.

func ValidEncryptResponse ¶

func ValidEncryptResponse(req *kmsspb.EncryptRequest) *kmsspb.EncryptResponse

ValidEncryptResponse returns a fake successful response for CloudKMS Encrypt.

Types ¶

type FakeCloudEKMClient ¶

type FakeCloudEKMClient struct {
	kms.EkmClient

	GetEkmConnectionFunc func(context.Context, *ekmpb.GetEkmConnectionRequest, ...gax.CallOption) (*ekmpb.EkmConnection, error)
}

FakeCloudEKMClient is a fake implementation of the GCP EKM client.

func (*FakeCloudEKMClient) Close ¶

func (f *FakeCloudEKMClient) Close() error

Close is a no-op. Needed to implement the EKM Client interface.

func (*FakeCloudEKMClient) GetEkmConnection ¶

func (f *FakeCloudEKMClient) GetEkmConnection(ctx context.Context, req *ekmpb.GetEkmConnectionRequest, opts ...gax.CallOption) (*ekmpb.EkmConnection, error)

GetEkmConnection calls GetEkmConnectionFunc if applicable. Otherwise returns error.

type FakeKeyManagementClient ¶

type FakeKeyManagementClient struct {
	kms.KeyManagementClient

	GetCryptoKeyFunc func(context.Context, *kmsspb.GetCryptoKeyRequest, ...gax.CallOption) (*kmsrpb.CryptoKey, error)
	EncryptFunc      func(context.Context, *kmsspb.EncryptRequest, ...gax.CallOption) (*kmsspb.EncryptResponse, error)
	DecryptFunc      func(context.Context, *kmsspb.DecryptRequest, ...gax.CallOption) (*kmsspb.DecryptResponse, error)
}

FakeKeyManagementClient is a fake version of Cloud KMS Key Management client.

func (*FakeKeyManagementClient) Close ¶

func (f *FakeKeyManagementClient) Close() error

Close is a no-op. Needed to implement the KMS Client interface.

func (*FakeKeyManagementClient) Decrypt ¶

func (f *FakeKeyManagementClient) Decrypt(ctx context.Context, req *kmsspb.DecryptRequest, opts ...gax.CallOption) (*kmsspb.DecryptResponse, error)

Decrypt calls DecryptFunc if applicable. Otherwise returns a fake Decrypt response.

func (*FakeKeyManagementClient) Encrypt ¶

func (f *FakeKeyManagementClient) Encrypt(ctx context.Context, req *kmsspb.EncryptRequest, opts ...gax.CallOption) (*kmsspb.EncryptResponse, error)

Encrypt calls EncryptFunc if applicable. Otherwise returns a fake Encrypt response.

func (*FakeKeyManagementClient) GetCryptoKey ¶

func (f *FakeKeyManagementClient) GetCryptoKey(ctx context.Context, req *kmsspb.GetCryptoKeyRequest, opts ...gax.CallOption) (*kmsrpb.CryptoKey, error)

type FakeSecureSessionClient ¶

type FakeSecureSessionClient struct {
	securesession.SecureSessionClient

	WrapErr       error
	UnwrapErr     error
	EndSessionErr error
}

FakeSecureSessionClient is a test version of a secure session client, used to communicate with external EKM.

func (*FakeSecureSessionClient) ConfidentialUnwrap ¶

func (f *FakeSecureSessionClient) ConfidentialUnwrap(_ context.Context, _, _ string, wrappedBlob []byte) ([]byte, error)

ConfidentialUnwrap removes the last byte of the wrapped share (mirroring ConfidentalWrap above).

func (*FakeSecureSessionClient) ConfidentialWrap ¶

func (f *FakeSecureSessionClient) ConfidentialWrap(_ context.Context, _, _ string, plaintext []byte) ([]byte, error)

ConfidentialWrap simulates wrapping a share by appending a single byte ('E') to the end of the plaintext to indicate external protection level.

func (*FakeSecureSessionClient) EndSession ¶

func (f *FakeSecureSessionClient) EndSession(ctx context.Context) error

EndSession is necessary to implement the SecureSessionClient interface.

type KEK ¶

type KEK struct {
	Name            string
	ProtectionLevel kmsrpb.ProtectionLevel
}

KEK contains basic information about test KEKs.

func (*KEK) URI ¶

func (k *KEK) URI() string

URI returns the KEK's CloudKMS URI by appending the GCP KMS prefix to the key name.

Source Files ¶

View all Source files

testutil.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL