Skip to content

Commit

Permalink
Attempt to fix CI
Browse files Browse the repository at this point in the history
  • Loading branch information
sosthene-nitrokey committed Sep 4, 2024
1 parent abaac1f commit d59175a
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 96 deletions.
22 changes: 17 additions & 5 deletions pkcs11/tests/basic.rs
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ fn basic() {
|_test_ctx, ctx| {
let slot = 0;
let session = ctx.open_session(slot, 0x04, None, None).unwrap();
let (_public_key, private_key) = ctx
let (public_key, private_key) = ctx
.generate_key_pair(
session,
&RSA_MECHANISM,
Expand All @@ -102,6 +102,8 @@ fn basic() {

// Verifying signatures is not supported
let _signature = ctx.sign(session, &data).unwrap();
ctx.destroy_object(session, public_key).unwrap();
ctx.destroy_object(session, private_key).unwrap();
},
)
}
Expand Down Expand Up @@ -146,7 +148,7 @@ fn multiple_instances() {
|_test_ctx, ctx| {
let slot = 0;
let session = ctx.open_session(slot, 0x04, None, None).unwrap();
let (_public_key, private_key) = ctx
let (public_key, private_key) = ctx
.generate_key_pair(
session,
&RSA_MECHANISM,
Expand All @@ -161,6 +163,8 @@ fn multiple_instances() {
// Verifying signatures is not supported
let _signature = ctx.sign(session, &data).unwrap();
}
ctx.destroy_object(session, public_key).unwrap();
ctx.destroy_object(session, private_key).unwrap();
},
)
}
Expand Down Expand Up @@ -197,7 +201,7 @@ fn timeout() {
|test_ctx, ctx| {
let slot = 0;
let session = ctx.open_session(slot, 0x04, None, None).unwrap();
let (_public_key, private_key) = ctx
let (public_key, private_key) = ctx
.generate_key_pair(
session,
&RSA_MECHANISM,
Expand All @@ -220,6 +224,9 @@ fn timeout() {
let elapsed = start.elapsed();
assert!(elapsed > Duration::from_secs(10), "Elapsed: {elapsed:?}");
assert!(elapsed < Duration::from_secs(11), "Elapsed: {elapsed:?}");
test_ctx.remove_block(8443);
ctx.destroy_object(session, public_key).unwrap();
ctx.destroy_object(session, private_key).unwrap();
},
)
}
Expand Down Expand Up @@ -259,7 +266,7 @@ fn retries() {
|test_ctx, ctx| {
let slot = 0;
let session = ctx.open_session(slot, 0x04, None, None).unwrap();
let (_public_key, private_key) = ctx
let (public_key, private_key) = ctx
.generate_key_pair(
session,
&RSA_MECHANISM,
Expand Down Expand Up @@ -289,6 +296,8 @@ fn retries() {
assert!(elapsed > Duration::from_secs(11), "Elapsed: {elapsed:?}");
assert!(elapsed < Duration::from_secs(13), "Elapsed: {elapsed:?}");
});
ctx.destroy_object(session, public_key).unwrap();
ctx.destroy_object(session, private_key).unwrap();
},
)
}
Expand Down Expand Up @@ -336,7 +345,7 @@ fn multi_instance_retries() {
|test_ctx, ctx| {
let slot = 0;
let session = ctx.open_session(slot, 0x04, None, None).unwrap();
let (_public_key, private_key) = ctx
let (public_key, private_key) = ctx
.generate_key_pair(
session,
&RSA_MECHANISM,
Expand All @@ -357,6 +366,9 @@ fn multi_instance_retries() {
ctx.sign_init(session, &RSA_MECHANISM, private_key).unwrap();
ctx.sign(session, &data).unwrap();
}
test_ctx.remove_block(8444);
ctx.destroy_object(session, public_key).unwrap();
ctx.destroy_object(session, private_key).unwrap();
},
)
}
147 changes: 56 additions & 91 deletions pkcs11/tests/tools/mod.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use std::collections::HashSet;
use std::io::BufWriter;
use std::mem;
use std::net::Ipv4Addr;
use std::process::{Child, Stdio};
use std::sync::{Arc, LazyLock, Mutex, MutexGuard};
use std::thread::sleep;
use std::time::Duration;
Expand Down Expand Up @@ -105,8 +105,7 @@ pub struct TestContext {
pub struct TestDropper {
// treated as dead code even though it shouldn't: https://github.com/rust-lang/rust/issues/122833
#[allow(dead_code)]
serialize_test: MutexGuard<'static, ()>,
command_to_kill: Child,
serialize_test: MutexGuard<'static, bool>,
context: TestContext,
}

Expand All @@ -119,26 +118,6 @@ fn iptables() -> Command {
Command::new("iptables")
}
}

fn docker() -> Command {
if option_env!("USE_SUDO_DOCKER").is_some() {
let mut command = Command::new("sudo");
command.arg("docker");
command
} else {
Command::new("docker")
}
}

fn kill() -> Command {
if option_env!("USE_SUDO_DOCKER").is_some() {
let mut command = Command::new("sudo");
command.arg("kill");
command
} else {
Command::new("kill")
}
}
impl TestContext {
fn unblock(port: u16) {
let out_in = iptables()
Expand Down Expand Up @@ -213,18 +192,10 @@ impl TestContext {

impl Drop for TestDropper {
fn drop(&mut self) {
kill()
.args([self.command_to_kill.id().to_string()])
.spawn()
.unwrap()
.wait()
.unwrap();
self.command_to_kill.wait().unwrap();

for p in self.context.blocked_ports.iter().cloned() {
TestContext::unblock(p);
}
println!("Finished killing nethsm");
println!("Finished unblocking ports");
}
}

Expand Down Expand Up @@ -299,7 +270,8 @@ async fn proxy(from_port: u16, to_port: u16) {
}
}

static DOCKER_HELD: Mutex<()> = Mutex::new(());
/// Contain true if the nethsm has already been provisionned
static DOCKER_HELD: Mutex<bool> = Mutex::new(false);

pub fn run_tests(
proxies: &[(u16, u16)],
Expand All @@ -312,70 +284,63 @@ pub fn run_tests(
};
let mut test_dropper = TestDropper {
serialize_test,
command_to_kill: docker()
.args([
"run",
"--init",
"--rm",
"-i",
"-p8443:8443",
"docker.io/nitrokey/nethsm:testing",
])
.stdin(Stdio::null())
.stdout(Stdio::inherit())
.stderr(Stdio::inherit())
.spawn()
.unwrap(),
context: TestContext {
blocked_ports: HashSet::new(),
},
};

let client = AgentBuilder::new()
.tls_config(Arc::new(tls_conf()))
.timeout_connect(Duration::from_secs(1))
.timeout_read(Duration::from_secs(10))
.timeout_write(Duration::from_secs(10))
.build();

let sdk_config = Configuration {
client,
base_path: format!("https://{NETHSM_DOCKER_HOSTNAME}:8443/api/v1"),
basic_auth: Some(("admin".into(), Some("Administrator".into()))),
..Default::default()
};

println!(
"Configuration built, waiting for test instance to be up at {}",
&sdk_config.base_path
);
sleep(Duration::from_secs(2));
println!("Attempting provisionning");

provision_post(
&sdk_config,
ProvisionRequestData {
unlock_passphrase: "1234567890".into(),
admin_passphrase: "Administrator".into(),
system_time: time::OffsetDateTime::now_utc()
.format(
&format_description::parse("[year]-[month]-[day]T[hour]:[minute]:[second]Z")
let is_provisionned = mem::replace(&mut *test_dropper.serialize_test, true);
if !is_provisionned {
let client = AgentBuilder::new()
.tls_config(Arc::new(tls_conf()))
.timeout_connect(Duration::from_secs(1))
.timeout_read(Duration::from_secs(10))
.timeout_write(Duration::from_secs(10))
.build();

let sdk_config = Configuration {
client,
base_path: format!("https://{NETHSM_DOCKER_HOSTNAME}:8443/api/v1"),
basic_auth: Some(("admin".into(), Some("Administrator".into()))),
..Default::default()
};

println!(
"Configuration built, waiting for test instance to be up at {}",
&sdk_config.base_path
);
sleep(Duration::from_secs(2));
println!("Attempting provisionning");

provision_post(
&sdk_config,
ProvisionRequestData {
unlock_passphrase: "1234567890".into(),
admin_passphrase: "Administrator".into(),
system_time: time::OffsetDateTime::now_utc()
.format(
&format_description::parse(
"[year]-[month]-[day]T[hour]:[minute]:[second]Z",
)
.unwrap(),
)
.unwrap(),
},
)
.unwrap();
users_user_id_put(
&sdk_config,
"operator",
UserPostData {
real_name: "Operator".into(),
role: UserRole::Operator,
passphrase: "opPassphrase".into(),
},
)
.unwrap();
)
.unwrap(),
},
)
.unwrap();
users_user_id_put(
&sdk_config,
"operator",
UserPostData {
real_name: "Operator".into(),
role: UserRole::Operator,
passphrase: "opPassphrase".into(),
},
)
.unwrap();
} else {
println!("Already provisionned")
}

for (in_port, out_port) in proxies {
PROXY_SENDER.send((*in_port, *out_port)).unwrap();
Expand Down

0 comments on commit d59175a

Please sign in to comment.