github/azure-sdk-for-cpp
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

separate hsm tests from keys, and regen the tests (#4392)

Browse Source 
* separate hsm tests from keys, and regen the tests

* adding assets

* cleanup includes

* clang and map

* hgghg
This commit is contained in:
George Arama 2023-03-08 11:19:50 -08:00 committed by GitHub
parent d114e4d58d
commit 7946b83b9b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 227 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sdk/keyvault/assets.json
View File

@ -2,5 +2,5 @@
"AssetsRepo": "Azure/azure-sdk-assets",
"AssetsRepoPrefixPath": "cpp",
"TagPrefix": "cpp/keyvault",
"Tag": "cpp/keyvault_408d8544f1"
"Tag": "cpp/keyvault_b7bbda693f"
}

1
sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt
View File

@ -146,6 +146,7 @@ if(BUILD_TESTING)
endif()
add_subdirectory(test/ut)
add_subdirectory(test/ut-hsm)
endif()
if (BUILD_PERFORMANCE_TESTS)

54
sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/CMakeLists.txt Normal file
View File

@ -0,0 +1,54 @@
# Copyright (c) Microsoft Corporation. All rights reserved.
# SPDX-License-Identifier: MIT
cmake_minimum_required (VERSION 3.13)
project (azure-security-keyvault-keys-hsm-test LANGUAGES CXX)
set(CMAKE_CXX_STANDARD 14)
set(CMAKE_CXX_STANDARD_REQUIRED True)
include(GoogleTest)
# Export the test folder for recordings access.
add_compile_definitions(AZURE_TEST_RECORDING_DIR="${CMAKE_CURRENT_LIST_DIR}")
include(TestProxyPrep)
SetUpTestProxy("sdk/keyvault")
################## Unit Tests ##########################
add_executable (
azure-security-keyvault-keys-hsm-test
key_client_test_hsm_live.hpp
key_client_test_hsm_live.cpp
)
create_per_service_target_build(keyvault azure-security-keyvault-keys-hsm-test)
create_map_file(azure-security-keyvault-keys-hsm-test azure-security-keyvault-keys-hsm-test.map)
if (MSVC)
target_compile_options(azure-security-keyvault-keys-hsm-test PUBLIC /wd6326 /wd26495 /wd26812)
endif()
target_link_libraries(
azure-security-keyvault-keys-hsm-test
PRIVATE
azure-security-keyvault-keys
azure-identity azure-core-test-fw
azure-security-attestation
gtest
gtest_main
gmock)
# Adding private headers so we can test the private APIs with no relative paths include.
target_include_directories (
azure-security-keyvault-keys-hsm-test
PRIVATE
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/../../src>)
# gtest_add_tests will scan the test from azure-core-test and call add_test
# for each test to ctest. This enables `ctest -r` to run specific tests directly.
gtest_discover_tests(azure-security-keyvault-keys-hsm-test
TEST_PREFIX azure-security-keyvault-hsm-keys.
NO_PRETTY_TYPES
NO_PRETTY_VALUES
DISCOVERY_TIMEOUT 600)

81
sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.cpp Normal file
View File

@ -0,0 +1,81 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// SPDX-License-Identifier: MIT
#include "key_client_test_hsm_live.hpp"
#include "gtest/gtest.h"
#include <azure/keyvault/keys.hpp>
using namespace Azure::Security::KeyVault::Keys;
using namespace Azure::Security::KeyVault::Keys::Test;
// No tests for octKey since the server does not support it.
// FOR THIS TEST TO WORK MAKE SURE YOU ACTUALLY HAVE A VALID HSM VALUE FOR AZURE_KEYVAULT_HSM_URL
TEST_F(KeyVaultKeyHSMClient, CreateEcHsmKey)
{
auto const keyName = GetTestName();
// This client requires an HSM client
CreateHsmClient();
auto const& client = GetClientForTest(keyName);
{
auto ecHsmKey = Azure::Security::KeyVault::Keys::CreateEcKeyOptions(keyName, true);
ecHsmKey.Enabled = true;
ecHsmKey.KeyOperations = {KeyOperation::Sign};
auto keyResponse = client.CreateEcKey(ecHsmKey);
CheckValidResponse(keyResponse);
auto keyVaultKey = keyResponse.Value;
EXPECT_EQ(keyVaultKey.Name(), keyName);
EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value());
}
{
// Now get the key
auto keyResponse = client.GetKey(keyName);
CheckValidResponse(keyResponse);
auto keyVaultKey = keyResponse.Value;
EXPECT_EQ(keyVaultKey.Name(), keyName);
EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue());
EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value());
}
}
// FOR THIS TEST TO WORK MAKE SURE YOU ACTUALLY HAVE A VALID HSM VALUE FOR AZURE_KEYVAULT_HSM_URL
TEST_F(KeyVaultKeyHSMClient, CreateRsaHsmKey)
{
auto const keyName = GetTestName();
// This client requires an HSM client
CreateHsmClient();
auto const& client = GetClientForTest(keyName);
{
auto rsaHsmKey = Azure::Security::KeyVault::Keys::CreateRsaKeyOptions(keyName, true);
rsaHsmKey.Enabled = true;
rsaHsmKey.KeyOperations = {KeyOperation::Sign};
auto keyResponse = client.CreateRsaKey(rsaHsmKey);
CheckValidResponse(keyResponse);
auto keyVaultKey = keyResponse.Value;
EXPECT_EQ(keyVaultKey.Name(), keyName);
}
{
// Now get the key
auto keyResponse = client.GetKey(keyName);
CheckValidResponse(keyResponse);
auto keyVaultKey = keyResponse.Value;
EXPECT_EQ(keyVaultKey.Name(), keyName);
EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue());
EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value());
}
}
TEST_F(KeyVaultKeyHSMClient, GetRandomBytes)
{
if (m_keyVaultUrl.compare(m_keyVaultHsmUrl) != 0)
{
auto const keyName = GetTestName();
CreateHsmClient();
auto const& client = GetClientForTest(keyName);
GetRandomBytesOptions options;
options.Count = 4;
auto result = client.GetRandomBytes(options);
EXPECT_EQ(result.Value.RandomBytes.size(), size_t(options.Count));
}
EXPECT_TRUE(true);
}

90
sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.hpp Normal file
View File

@ -0,0 +1,90 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// SPDX-License-Identifier: MIT
/**
* @file
* @brief The base class to construct and init a Key Vault HSM client.
*
*/
#include <gtest/gtest.h>
#include <azure/core/test/test_base.hpp>
#include <azure/keyvault/keys.hpp>
namespace Azure { namespace Security { namespace KeyVault { namespace Keys { namespace Test {
class KeyVaultKeyHSMClient : public Azure::Core::Test::TestBase {
public:
KeyVaultKeyHSMClient() { TestBase::SetUpTestSuiteLocal(AZURE_TEST_ASSETS_DIR); }
private:
std::unique_ptr<Azure::Security::KeyVault::Keys::KeyClient> m_client;
protected:
std::shared_ptr<Azure::Core::Credentials::TokenCredential> m_credential;
std::string m_keyVaultUrl;
std::string m_keyVaultHsmUrl;
int m_testPollingTimeOutMinutes = 20;
std::chrono::milliseconds m_testPollingIntervalMs = std::chrono::minutes(1);
// Reads the current test instance name.
// Name gets also sanitized (special chars are removed) to avoid issues when recording or
// creating. This also return the name with suffix if the "AZURE_LIVE_TEST_SUFFIX" exists.
std::string GetTestName(bool sanitize = true)
{
auto output = m_keyVaultUrl.compare(m_keyVaultHsmUrl) == 0 ? "Same" : "NotSame";
std::cout << "\n Keyvault and HSM are" << output;
return Azure::Core::Test::TestBase::GetTestNameSuffix(sanitize);
}
Azure::Security::KeyVault::Keys::KeyClient const& GetClientForTest(std::string const& testName)
{
// set the interceptor for the current test
m_testContext.RenameTest(testName);
return *m_client;
}
// Create
virtual void SetUp() override
{
Azure::Core::Test::TestBase::SetUpTestBase(AZURE_TEST_RECORDING_DIR);
m_keyVaultUrl = GetEnv("AZURE_KEYVAULT_URL");
m_keyVaultHsmUrl = GetEnv("AZURE_KEYVAULT_HSM_URL");
// Options and credential for the client
KeyClientOptions options;
m_credential = std::make_shared<Azure::Identity::ClientSecretCredential>(
GetEnv("AZURE_TENANT_ID"), GetEnv("AZURE_CLIENT_ID"), GetEnv("AZURE_CLIENT_SECRET"));
// `InitTestClient` takes care of setting up Record&Playback.
m_client = InitTestClient<
Azure::Security::KeyVault::Keys::KeyClient,
Azure::Security::KeyVault::Keys::KeyClientOptions>(m_keyVaultUrl, m_credential, options);
UpdateWaitingTime(m_testPollingIntervalMs);
}
void CreateHsmClient(std::string hsmUrl = "")
{
KeyClientOptions options;
m_client = InitTestClient<
Azure::Security::KeyVault::Keys::KeyClient,
Azure::Security::KeyVault::Keys::KeyClientOptions>(
hsmUrl.length() == 0 ? m_keyVaultHsmUrl : hsmUrl, m_credential, options);
}
public:
template <class T>
static inline void CheckValidResponse(
Azure::Response<T>& response,
Azure::Core::Http::HttpStatusCode expectedCode = Azure::Core::Http::HttpStatusCode::Ok)
{
auto const& rawResponse = response.RawResponse;
EXPECT_EQ(
static_cast<typename std::underlying_type<Azure::Core::Http::HttpStatusCode>::type>(
rawResponse->GetStatusCode()),
static_cast<typename std::underlying_type<Azure::Core::Http::HttpStatusCode>::type>(
expectedCode));
}
};
}}}}} // namespace Azure::Security::KeyVault::Keys::Test

1
sdk/keyvault/azure-security-keyvault-keys/test/ut/CMakeLists.txt
View File

@ -20,7 +20,6 @@ add_executable (
key_client_backup_test_live.cpp
key_client_base_test.hpp
key_client_base_test.hpp
key_client_create_test_live.cpp
key_client_delete_test_live.cpp
key_client_get_test_live.cpp

20
sdk/keyvault/azure-security-keyvault-keys/test/ut/key_client_base_test.hpp
View File

@ -36,17 +36,6 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { nam
int m_testPollingTimeOutMinutes = 20;
std::chrono::milliseconds m_testPollingIntervalMs = std::chrono::minutes(1);
bool CheckSkipHsmForLive()
{
// if we are in live mode and the test needs a valid HSM url (aka different from the keyvault
// url)
if (m_testContext.IsLiveMode() && (m_keyVaultUrl == m_keyVaultHsmUrl))
{
SkipTest();
}
return IsSkipped();
}
// Reads the current test instance name.
// Name gets also sanitized (special chars are removed) to avoid issues when recording or
// creating. This also return the name with suffix if the "AZURE_LIVE_TEST_SUFFIX" exists.
@ -94,15 +83,6 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { nam
UpdateWaitingTime(m_testPollingIntervalMs);
}
void CreateHsmClient(std::string hsmUrl = "")
{
KeyClientOptions options;
m_client = InitTestClient<
Azure::Security::KeyVault::Keys::KeyClient,
Azure::Security::KeyVault::Keys::KeyClientOptions>(
hsmUrl.length() == 0 ? m_keyVaultHsmUrl : hsmUrl, m_credential, options);
}
public:
template <class T>
static inline void CheckValidResponse(

56
sdk/keyvault/azure-security-keyvault-keys/test/ut/key_client_create_test_live.cpp
View File

@ -178,62 +178,6 @@ TEST_F(KeyVaultKeyClient, CreateRsaKey)
}
}
// No tests for octKey since the server does not support it.
// FOR THIS TEST TO WORK MAKE SURE YOU ACTUALLY HAVE A VALID HSM VALUE FOR AZURE_KEYVAULT_HSM_URL
TEST_F(KeyVaultKeyClient, CreateEcHsmKey)
{
auto const keyName = GetTestName();
// This client requires an HSM client
CreateHsmClient();
auto const& client = GetClientForTest(keyName);
{
auto ecHsmKey = Azure::Security::KeyVault::Keys::CreateEcKeyOptions(keyName, true);
ecHsmKey.Enabled = true;
ecHsmKey.KeyOperations = {KeyOperation::Sign};
auto keyResponse = client.CreateEcKey(ecHsmKey);
CheckValidResponse(keyResponse);
auto keyVaultKey = keyResponse.Value;
EXPECT_EQ(keyVaultKey.Name(), keyName);
EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value());
}
{
// Now get the key
auto keyResponse = client.GetKey(keyName);
CheckValidResponse(keyResponse);
auto keyVaultKey = keyResponse.Value;
EXPECT_EQ(keyVaultKey.Name(), keyName);
EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue());
EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value());
}
}
// FOR THIS TEST TO WORK MAKE SURE YOU ACTUALLY HAVE A VALID HSM VALUE FOR AZURE_KEYVAULT_HSM_URL
TEST_F(KeyVaultKeyClient, CreateRsaHsmKey)
{
auto const keyName = GetTestName();
// This client requires an HSM client
CreateHsmClient();
auto const& client = GetClientForTest(keyName);
{
auto rsaHsmKey = Azure::Security::KeyVault::Keys::CreateRsaKeyOptions(keyName, true);
rsaHsmKey.Enabled = true;
rsaHsmKey.KeyOperations = {KeyOperation::Sign};
auto keyResponse = client.CreateRsaKey(rsaHsmKey);
CheckValidResponse(keyResponse);
auto keyVaultKey = keyResponse.Value;
EXPECT_EQ(keyVaultKey.Name(), keyName);
}
{
// Now get the key
auto keyResponse = client.GetKey(keyName);
CheckValidResponse(keyResponse);
auto keyVaultKey = keyResponse.Value;
EXPECT_EQ(keyVaultKey.Name(), keyName);
EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue());
EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value());
}
}
std::string BinaryToHexString(std::vector<uint8_t> const& src)
{
static constexpr char hexMap[]

15
sdk/keyvault/azure-security-keyvault-keys/test/ut/key_rotation_policy_test_live.cpp
View File

@ -81,21 +81,6 @@ TEST_F(KeyVaultKeyClient, GetKeyRotationPolicy)
}
}
TEST_F(KeyVaultKeyClient, GetRandomBytes)
{
if (m_keyVaultUrl.compare(m_keyVaultHsmUrl) != 0)
{
auto const keyName = GetTestName();
CreateHsmClient();
auto const& client = GetClientForTest(keyName);
GetRandomBytesOptions options;
options.Count = 4;
auto result = client.GetRandomBytes(options);
EXPECT_EQ(result.Value.RandomBytes.size(), size_t(options.Count));
}
EXPECT_TRUE(true);
}
TEST(GetRandomBytesOptions, Serialize)
{
GetRandomBytesOptions options;