diff --git a/src/agent/src/cdh.rs b/src/agent/src/cdh.rs index c82acdebcd..c8301ae18f 100644 --- a/src/agent/src/cdh.rs +++ b/src/agent/src/cdh.rs @@ -63,4 +63,87 @@ impl CDHClient { } Ok((*env.to_owned()).to_string()) } +} /* end of impl CDHClient */ + +#[cfg(test)] +#[cfg(feature = "sealed-secret")] +mod tests { + use crate::cdh::CDHClient; + use crate::cdh::CDH_ADDR; + use anyhow::anyhow; + use async_trait::async_trait; + use protocols::{sealed_secret, sealed_secret_ttrpc_async}; + use std::sync::Arc; + use tokio::signal::unix::{signal, SignalKind}; + + struct TestService; + + #[async_trait] + impl sealed_secret_ttrpc_async::SealedSecretService for TestService { + async fn unseal_secret( + &self, + _ctx: &::ttrpc::asynchronous::TtrpcContext, + _req: sealed_secret::UnsealSecretInput, + ) -> ttrpc::error::Result { + let mut output = sealed_secret::UnsealSecretOutput::new(); + output.set_plaintext("unsealed".into()); + Ok(output) + } + } + + fn remove_if_sock_exist(sock_addr: &str) -> std::io::Result<()> { + let path = sock_addr + .strip_prefix("unix://") + .expect("socket address does not have the expected format."); + + if std::path::Path::new(path).exists() { + std::fs::remove_file(path)?; + } + + Ok(()) + } + + fn start_ttrpc_server() { + tokio::spawn(async move { + let ss = Box::new(TestService {}) + as Box; + let ss = Arc::new(ss); + let ss_service = sealed_secret_ttrpc_async::create_sealed_secret_service(ss); + + remove_if_sock_exist(CDH_ADDR).unwrap(); + + let mut server = ttrpc::asynchronous::Server::new() + .bind(CDH_ADDR) + .unwrap() + .register_service(ss_service); + + server.start().await.unwrap(); + + let mut interrupt = signal(SignalKind::interrupt()).unwrap(); + tokio::select! { + _ = interrupt.recv() => { + server.shutdown().await.unwrap(); + } + }; + }); + } + + #[tokio::test] + async fn test_unseal_env() { + let rt = tokio::runtime::Runtime::new().unwrap(); + let _guard = rt.enter(); + start_ttrpc_server(); + std::thread::sleep(std::time::Duration::from_secs(2)); + + let cc = Some(CDHClient::new().unwrap()); + let cdh_client = cc.as_ref().ok_or(anyhow!("get cdh_client failed")).unwrap(); + let sealed_env = String::from("key=sealed.testdata"); + let unsealed_env = cdh_client.unseal_env(&sealed_env).await.unwrap(); + assert_eq!(unsealed_env, String::from("key=unsealed")); + let normal_env = String::from("key=testdata"); + let unchanged_env = cdh_client.unseal_env(&normal_env).await.unwrap(); + assert_eq!(unchanged_env, String::from("key=testdata")); + + rt.shutdown_background(); + } } diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs index 654edf1657..457251fa18 100644 --- a/src/agent/src/rpc.rs +++ b/src/agent/src/rpc.rs @@ -2241,6 +2241,8 @@ mod tests { let agent_service = Box::new(AgentService { sandbox: Arc::new(Mutex::new(sandbox)), init_mode: true, + #[cfg(feature = "sealed-secret")] + cdh_client: None, }); let req = protocols::agent::UpdateInterfaceRequest::default(); @@ -2258,6 +2260,8 @@ mod tests { let agent_service = Box::new(AgentService { sandbox: Arc::new(Mutex::new(sandbox)), init_mode: true, + #[cfg(feature = "sealed-secret")] + cdh_client: None, }); let req = protocols::agent::UpdateRoutesRequest::default(); @@ -2275,6 +2279,8 @@ mod tests { let agent_service = Box::new(AgentService { sandbox: Arc::new(Mutex::new(sandbox)), init_mode: true, + #[cfg(feature = "sealed-secret")] + cdh_client: None, }); let req = protocols::agent::AddARPNeighborsRequest::default(); @@ -2409,6 +2415,8 @@ mod tests { let agent_service = Box::new(AgentService { sandbox: Arc::new(Mutex::new(sandbox)), init_mode: true, + #[cfg(feature = "sealed-secret")] + cdh_client: None, }); let result = agent_service @@ -2890,6 +2898,8 @@ OtherField:other let agent_service = Box::new(AgentService { sandbox: Arc::new(Mutex::new(sandbox)), init_mode: true, + #[cfg(feature = "sealed-secret")] + cdh_client: None, }); let ctx = mk_ttrpc_context();