rancher/kcrypt-challenger
1
0
Fork 0
mirror of https://github.com/kairos-io/kcrypt-challenger.git synced 2025-04-27 19:05:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement test and remove TODOs

Browse Source 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
This commit is contained in:
Dimitris Karakasilis 2023-01-18 16:26:17 +02:00
parent 72829108df
commit b3ca9687c6
No known key found for this signature in database
GPG Key ID: 286DCAFD2C97DDE3
3 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/discovery/client/client.go
View File

@ -82,8 +82,6 @@ func (c *Client) waitPass(p *block.Partition, attempts int) (pass string, err er
}
func (c *Client) getPass(server string, partition *block.Partition) (string, error) {
// TODO: This results in unexpected end of file when the other side closes the connection
// even when the passphrase is found. This shouldn't happen.
msg, err := tpm.Get(server,
tpm.WithAdditionalHeader("label", partition.Label),
tpm.WithAdditionalHeader("name", partition.Name),

2
pkg/challenger/challenger.go
View File

@ -180,8 +180,6 @@ func findSecretFor(requestData PassphraseRequestData, volumeList *keyserverv1alp
for _, v := range volumeList.Items {
if requestData.TPMHash == v.Spec.TPMHash {
for _, p := range v.Spec.Partitions {
// TODO: Test this change. It shouldn't match the volume if one of the fields in the request is empty
// and the volume has it empty too!
deviceNameMatches := requestData.DeviceName != "" && p.DeviceName == requestData.DeviceName
uuidMatches := requestData.UUID != "" && p.UUID == requestData.UUID
labelMatches := requestData.Label != "" && p.Label == requestData.Label

26
pkg/challenger/challenger_test.go
View File

@ -46,6 +46,32 @@ var _ = Describe("challenger", func() {
})
})
When("a sealedvolume with empty field exists", func() {
BeforeEach(func() {
volumeList = volumeListWithPartitionSpec(
keyserverv1alpha1.PartitionSpec{
Label: "",
DeviceName: "not_matching",
UUID: "not_matching",
Secret: &keyserverv1alpha1.SecretSpec{
Name: "the_secret",
Path: "the_path",
}})
requestData = PassphraseRequestData{
TPMHash: "1234",
Label: "",
DeviceName: "/dev/sda1",
UUID: "sda1_uuid",
}
})
It("doesn't match a request with an empty field", func() {
volumeData := findSecretFor(requestData, volumeList)
Expect(volumeData).To(BeNil())
})
})
When("a sealedvolume matching the device name exists", func() {
BeforeEach(func() {
volumeList = volumeListWithPartitionSpec(