forked from spiffe/spire
/
nodeattestor.go
91 lines (77 loc) · 2.36 KB
/
nodeattestor.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package fakeagentnodeattestor
import (
"errors"
"fmt"
"io"
"testing"
nodeattestorv1 "github.com/accuknox/spire-plugin-sdk/proto/spire/plugin/agent/nodeattestor/v1"
"github.com/accuknox/spire/pkg/agent/plugin/nodeattestor"
"github.com/accuknox/spire/pkg/common/catalog"
"github.com/accuknox/spire/test/plugintest"
)
type Config struct {
// Fail indicates whether or not fetching attestation data should fail.
Fail bool
// Responses is list of echo responses. The response to each challenge is
// expected to match the challenge value.
Responses []string
}
func New(t *testing.T, config Config) nodeattestor.NodeAttestor {
server := nodeattestorv1.NodeAttestorPluginServer(&nodeAttestor{
config: config,
})
na := new(nodeattestor.V1)
plugintest.Load(t, catalog.MakeBuiltIn("fake", server), na)
return na
}
type nodeAttestor struct {
nodeattestorv1.UnimplementedNodeAttestorServer
config Config
}
func (p *nodeAttestor) AidAttestation(stream nodeattestorv1.NodeAttestor_AidAttestationServer) (err error) {
if p.config.Fail {
return errors.New("fetching attestation data failed by test")
}
if err := stream.Send(makePayload()); err != nil {
return err
}
responsesLeft := p.config.Responses
for {
req, err := stream.Recv()
switch {
case errors.Is(err, io.EOF):
if len(responsesLeft) > 0 {
return fmt.Errorf("unused responses remaining: %q", responsesLeft)
}
return nil
case err != nil:
return err
case len(responsesLeft) == 0:
return fmt.Errorf("unexpected challenge %q", string(req.Challenge))
case string(req.Challenge) != responsesLeft[0]:
return fmt.Errorf("unexpected challenge %q; expected %q", string(req.Challenge), responsesLeft[0])
default:
if err := stream.Send(makeChallengeResponse([]byte(responsesLeft[0]))); err != nil {
return err
}
responsesLeft = responsesLeft[1:]
}
if errors.Is(err, io.EOF) {
return nil
}
}
}
func makePayload() *nodeattestorv1.PayloadOrChallengeResponse {
return &nodeattestorv1.PayloadOrChallengeResponse{
Data: &nodeattestorv1.PayloadOrChallengeResponse_Payload{
Payload: []byte("TEST"),
},
}
}
func makeChallengeResponse(challengeResponse []byte) *nodeattestorv1.PayloadOrChallengeResponse {
return &nodeattestorv1.PayloadOrChallengeResponse{
Data: &nodeattestorv1.PayloadOrChallengeResponse_ChallengeResponse{
ChallengeResponse: challengeResponse,
},
}
}