From 7946b83b9bd4445badb053d655f23597ff49b593 Mon Sep 17 00:00:00 2001 From: George Arama <50641385+gearama@users.noreply.github.com> Date: Wed, 8 Mar 2023 11:19:50 -0800 Subject: [PATCH] separate hsm tests from keys, and regen the tests (#4392) * separate hsm tests from keys, and regen the tests * adding assets * cleanup includes * clang and map * hgghg --- sdk/keyvault/assets.json | 2 +- .../CMakeLists.txt | 1 + .../test/ut-hsm/CMakeLists.txt | 54 +++++++++++ .../test/ut-hsm/key_client_test_hsm_live.cpp | 81 +++++++++++++++++ .../test/ut-hsm/key_client_test_hsm_live.hpp | 90 +++++++++++++++++++ .../test/ut/CMakeLists.txt | 1 - .../test/ut/key_client_base_test.hpp | 20 ----- .../test/ut/key_client_create_test_live.cpp | 56 ------------ .../test/ut/key_rotation_policy_test_live.cpp | 15 ---- 9 files changed, 227 insertions(+), 93 deletions(-) create mode 100644 sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/CMakeLists.txt create mode 100644 sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.cpp create mode 100644 sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.hpp diff --git a/sdk/keyvault/assets.json b/sdk/keyvault/assets.json index a76b5bafd..f8b013b9f 100644 --- a/sdk/keyvault/assets.json +++ b/sdk/keyvault/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "cpp", "TagPrefix": "cpp/keyvault", - "Tag": "cpp/keyvault_408d8544f1" + "Tag": "cpp/keyvault_b7bbda693f" } diff --git a/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt b/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt index 152d97e22..cdf858cab 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt +++ b/sdk/keyvault/azure-security-keyvault-keys/CMakeLists.txt @@ -146,6 +146,7 @@ if(BUILD_TESTING) endif() add_subdirectory(test/ut) + add_subdirectory(test/ut-hsm) endif() if (BUILD_PERFORMANCE_TESTS) diff --git a/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/CMakeLists.txt b/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/CMakeLists.txt new file mode 100644 index 000000000..fcc8951a6 --- /dev/null +++ b/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/CMakeLists.txt @@ -0,0 +1,54 @@ +# Copyright (c) Microsoft Corporation. All rights reserved. +# SPDX-License-Identifier: MIT + +cmake_minimum_required (VERSION 3.13) + +project (azure-security-keyvault-keys-hsm-test LANGUAGES CXX) +set(CMAKE_CXX_STANDARD 14) +set(CMAKE_CXX_STANDARD_REQUIRED True) + +include(GoogleTest) + +# Export the test folder for recordings access. +add_compile_definitions(AZURE_TEST_RECORDING_DIR="${CMAKE_CURRENT_LIST_DIR}") +include(TestProxyPrep) +SetUpTestProxy("sdk/keyvault") + +################## Unit Tests ########################## +add_executable ( + azure-security-keyvault-keys-hsm-test + + key_client_test_hsm_live.hpp + key_client_test_hsm_live.cpp + ) + +create_per_service_target_build(keyvault azure-security-keyvault-keys-hsm-test) +create_map_file(azure-security-keyvault-keys-hsm-test azure-security-keyvault-keys-hsm-test.map) + +if (MSVC) + target_compile_options(azure-security-keyvault-keys-hsm-test PUBLIC /wd6326 /wd26495 /wd26812) +endif() + +target_link_libraries( + azure-security-keyvault-keys-hsm-test + PRIVATE + azure-security-keyvault-keys + azure-identity azure-core-test-fw + azure-security-attestation + gtest + gtest_main + gmock) + +# Adding private headers so we can test the private APIs with no relative paths include. +target_include_directories ( + azure-security-keyvault-keys-hsm-test + PRIVATE + $) + +# gtest_add_tests will scan the test from azure-core-test and call add_test +# for each test to ctest. This enables `ctest -r` to run specific tests directly. +gtest_discover_tests(azure-security-keyvault-keys-hsm-test + TEST_PREFIX azure-security-keyvault-hsm-keys. + NO_PRETTY_TYPES + NO_PRETTY_VALUES + DISCOVERY_TIMEOUT 600) diff --git a/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.cpp b/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.cpp new file mode 100644 index 000000000..b0a3a514c --- /dev/null +++ b/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.cpp @@ -0,0 +1,81 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// SPDX-License-Identifier: MIT + +#include "key_client_test_hsm_live.hpp" + +#include "gtest/gtest.h" +#include + +using namespace Azure::Security::KeyVault::Keys; +using namespace Azure::Security::KeyVault::Keys::Test; + +// No tests for octKey since the server does not support it. +// FOR THIS TEST TO WORK MAKE SURE YOU ACTUALLY HAVE A VALID HSM VALUE FOR AZURE_KEYVAULT_HSM_URL +TEST_F(KeyVaultKeyHSMClient, CreateEcHsmKey) +{ + auto const keyName = GetTestName(); + // This client requires an HSM client + CreateHsmClient(); + auto const& client = GetClientForTest(keyName); + + { + auto ecHsmKey = Azure::Security::KeyVault::Keys::CreateEcKeyOptions(keyName, true); + ecHsmKey.Enabled = true; + ecHsmKey.KeyOperations = {KeyOperation::Sign}; + auto keyResponse = client.CreateEcKey(ecHsmKey); + CheckValidResponse(keyResponse); + auto keyVaultKey = keyResponse.Value; + EXPECT_EQ(keyVaultKey.Name(), keyName); + EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value()); + } + { + // Now get the key + auto keyResponse = client.GetKey(keyName); + CheckValidResponse(keyResponse); + auto keyVaultKey = keyResponse.Value; + EXPECT_EQ(keyVaultKey.Name(), keyName); + EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue()); + EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value()); + } +} +// FOR THIS TEST TO WORK MAKE SURE YOU ACTUALLY HAVE A VALID HSM VALUE FOR AZURE_KEYVAULT_HSM_URL +TEST_F(KeyVaultKeyHSMClient, CreateRsaHsmKey) +{ + auto const keyName = GetTestName(); + // This client requires an HSM client + CreateHsmClient(); + auto const& client = GetClientForTest(keyName); + { + auto rsaHsmKey = Azure::Security::KeyVault::Keys::CreateRsaKeyOptions(keyName, true); + rsaHsmKey.Enabled = true; + rsaHsmKey.KeyOperations = {KeyOperation::Sign}; + auto keyResponse = client.CreateRsaKey(rsaHsmKey); + CheckValidResponse(keyResponse); + auto keyVaultKey = keyResponse.Value; + EXPECT_EQ(keyVaultKey.Name(), keyName); + } + { + // Now get the key + auto keyResponse = client.GetKey(keyName); + CheckValidResponse(keyResponse); + auto keyVaultKey = keyResponse.Value; + EXPECT_EQ(keyVaultKey.Name(), keyName); + EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue()); + EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value()); + } +} + +TEST_F(KeyVaultKeyHSMClient, GetRandomBytes) +{ + if (m_keyVaultUrl.compare(m_keyVaultHsmUrl) != 0) + { + auto const keyName = GetTestName(); + CreateHsmClient(); + auto const& client = GetClientForTest(keyName); + GetRandomBytesOptions options; + options.Count = 4; + auto result = client.GetRandomBytes(options); + EXPECT_EQ(result.Value.RandomBytes.size(), size_t(options.Count)); + } + EXPECT_TRUE(true); +} \ No newline at end of file diff --git a/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.hpp b/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.hpp new file mode 100644 index 000000000..5c4d3dd2f --- /dev/null +++ b/sdk/keyvault/azure-security-keyvault-keys/test/ut-hsm/key_client_test_hsm_live.hpp @@ -0,0 +1,90 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// SPDX-License-Identifier: MIT + +/** + * @file + * @brief The base class to construct and init a Key Vault HSM client. + * + */ +#include + +#include +#include + +namespace Azure { namespace Security { namespace KeyVault { namespace Keys { namespace Test { + + class KeyVaultKeyHSMClient : public Azure::Core::Test::TestBase { + public: + KeyVaultKeyHSMClient() { TestBase::SetUpTestSuiteLocal(AZURE_TEST_ASSETS_DIR); } + + private: + std::unique_ptr m_client; + + protected: + std::shared_ptr m_credential; + std::string m_keyVaultUrl; + std::string m_keyVaultHsmUrl; + int m_testPollingTimeOutMinutes = 20; + std::chrono::milliseconds m_testPollingIntervalMs = std::chrono::minutes(1); + + // Reads the current test instance name. + // Name gets also sanitized (special chars are removed) to avoid issues when recording or + // creating. This also return the name with suffix if the "AZURE_LIVE_TEST_SUFFIX" exists. + std::string GetTestName(bool sanitize = true) + { + auto output = m_keyVaultUrl.compare(m_keyVaultHsmUrl) == 0 ? "Same" : "NotSame"; + std::cout << "\n Keyvault and HSM are" << output; + return Azure::Core::Test::TestBase::GetTestNameSuffix(sanitize); + } + + Azure::Security::KeyVault::Keys::KeyClient const& GetClientForTest(std::string const& testName) + { + // set the interceptor for the current test + m_testContext.RenameTest(testName); + return *m_client; + } + + // Create + virtual void SetUp() override + { + Azure::Core::Test::TestBase::SetUpTestBase(AZURE_TEST_RECORDING_DIR); + m_keyVaultUrl = GetEnv("AZURE_KEYVAULT_URL"); + m_keyVaultHsmUrl = GetEnv("AZURE_KEYVAULT_HSM_URL"); + + // Options and credential for the client + KeyClientOptions options; + m_credential = std::make_shared( + GetEnv("AZURE_TENANT_ID"), GetEnv("AZURE_CLIENT_ID"), GetEnv("AZURE_CLIENT_SECRET")); + + // `InitTestClient` takes care of setting up Record&Playback. + m_client = InitTestClient< + Azure::Security::KeyVault::Keys::KeyClient, + Azure::Security::KeyVault::Keys::KeyClientOptions>(m_keyVaultUrl, m_credential, options); + + UpdateWaitingTime(m_testPollingIntervalMs); + } + + void CreateHsmClient(std::string hsmUrl = "") + { + KeyClientOptions options; + m_client = InitTestClient< + Azure::Security::KeyVault::Keys::KeyClient, + Azure::Security::KeyVault::Keys::KeyClientOptions>( + hsmUrl.length() == 0 ? m_keyVaultHsmUrl : hsmUrl, m_credential, options); + } + + public: + template + static inline void CheckValidResponse( + Azure::Response& response, + Azure::Core::Http::HttpStatusCode expectedCode = Azure::Core::Http::HttpStatusCode::Ok) + { + auto const& rawResponse = response.RawResponse; + EXPECT_EQ( + static_cast::type>( + rawResponse->GetStatusCode()), + static_cast::type>( + expectedCode)); + } + }; +}}}}} // namespace Azure::Security::KeyVault::Keys::Test diff --git a/sdk/keyvault/azure-security-keyvault-keys/test/ut/CMakeLists.txt b/sdk/keyvault/azure-security-keyvault-keys/test/ut/CMakeLists.txt index f1154f625..c4ecf2e50 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/test/ut/CMakeLists.txt +++ b/sdk/keyvault/azure-security-keyvault-keys/test/ut/CMakeLists.txt @@ -20,7 +20,6 @@ add_executable ( key_client_backup_test_live.cpp key_client_base_test.hpp - key_client_base_test.hpp key_client_create_test_live.cpp key_client_delete_test_live.cpp key_client_get_test_live.cpp diff --git a/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_client_base_test.hpp b/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_client_base_test.hpp index d9a6c7915..a47a2756e 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_client_base_test.hpp +++ b/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_client_base_test.hpp @@ -36,17 +36,6 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { nam int m_testPollingTimeOutMinutes = 20; std::chrono::milliseconds m_testPollingIntervalMs = std::chrono::minutes(1); - bool CheckSkipHsmForLive() - { - // if we are in live mode and the test needs a valid HSM url (aka different from the keyvault - // url) - if (m_testContext.IsLiveMode() && (m_keyVaultUrl == m_keyVaultHsmUrl)) - { - SkipTest(); - } - return IsSkipped(); - } - // Reads the current test instance name. // Name gets also sanitized (special chars are removed) to avoid issues when recording or // creating. This also return the name with suffix if the "AZURE_LIVE_TEST_SUFFIX" exists. @@ -94,15 +83,6 @@ namespace Azure { namespace Security { namespace KeyVault { namespace Keys { nam UpdateWaitingTime(m_testPollingIntervalMs); } - void CreateHsmClient(std::string hsmUrl = "") - { - KeyClientOptions options; - m_client = InitTestClient< - Azure::Security::KeyVault::Keys::KeyClient, - Azure::Security::KeyVault::Keys::KeyClientOptions>( - hsmUrl.length() == 0 ? m_keyVaultHsmUrl : hsmUrl, m_credential, options); - } - public: template static inline void CheckValidResponse( diff --git a/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_client_create_test_live.cpp b/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_client_create_test_live.cpp index f7fd3a55e..89d6150a4 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_client_create_test_live.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_client_create_test_live.cpp @@ -178,62 +178,6 @@ TEST_F(KeyVaultKeyClient, CreateRsaKey) } } -// No tests for octKey since the server does not support it. -// FOR THIS TEST TO WORK MAKE SURE YOU ACTUALLY HAVE A VALID HSM VALUE FOR AZURE_KEYVAULT_HSM_URL -TEST_F(KeyVaultKeyClient, CreateEcHsmKey) -{ - auto const keyName = GetTestName(); - // This client requires an HSM client - CreateHsmClient(); - auto const& client = GetClientForTest(keyName); - - { - auto ecHsmKey = Azure::Security::KeyVault::Keys::CreateEcKeyOptions(keyName, true); - ecHsmKey.Enabled = true; - ecHsmKey.KeyOperations = {KeyOperation::Sign}; - auto keyResponse = client.CreateEcKey(ecHsmKey); - CheckValidResponse(keyResponse); - auto keyVaultKey = keyResponse.Value; - EXPECT_EQ(keyVaultKey.Name(), keyName); - EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value()); - } - { - // Now get the key - auto keyResponse = client.GetKey(keyName); - CheckValidResponse(keyResponse); - auto keyVaultKey = keyResponse.Value; - EXPECT_EQ(keyVaultKey.Name(), keyName); - EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue()); - EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value()); - } -} -// FOR THIS TEST TO WORK MAKE SURE YOU ACTUALLY HAVE A VALID HSM VALUE FOR AZURE_KEYVAULT_HSM_URL -TEST_F(KeyVaultKeyClient, CreateRsaHsmKey) -{ - auto const keyName = GetTestName(); - // This client requires an HSM client - CreateHsmClient(); - auto const& client = GetClientForTest(keyName); - { - auto rsaHsmKey = Azure::Security::KeyVault::Keys::CreateRsaKeyOptions(keyName, true); - rsaHsmKey.Enabled = true; - rsaHsmKey.KeyOperations = {KeyOperation::Sign}; - auto keyResponse = client.CreateRsaKey(rsaHsmKey); - CheckValidResponse(keyResponse); - auto keyVaultKey = keyResponse.Value; - EXPECT_EQ(keyVaultKey.Name(), keyName); - } - { - // Now get the key - auto keyResponse = client.GetKey(keyName); - CheckValidResponse(keyResponse); - auto keyVaultKey = keyResponse.Value; - EXPECT_EQ(keyVaultKey.Name(), keyName); - EXPECT_FALSE(keyResponse.Value.Properties.ReleasePolicy.HasValue()); - EXPECT_TRUE(keyVaultKey.Properties.Enabled.Value()); - } -} - std::string BinaryToHexString(std::vector const& src) { static constexpr char hexMap[] diff --git a/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_rotation_policy_test_live.cpp b/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_rotation_policy_test_live.cpp index e86bf8663..104616fc0 100644 --- a/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_rotation_policy_test_live.cpp +++ b/sdk/keyvault/azure-security-keyvault-keys/test/ut/key_rotation_policy_test_live.cpp @@ -81,21 +81,6 @@ TEST_F(KeyVaultKeyClient, GetKeyRotationPolicy) } } -TEST_F(KeyVaultKeyClient, GetRandomBytes) -{ - if (m_keyVaultUrl.compare(m_keyVaultHsmUrl) != 0) - { - auto const keyName = GetTestName(); - CreateHsmClient(); - auto const& client = GetClientForTest(keyName); - GetRandomBytesOptions options; - options.Count = 4; - auto result = client.GetRandomBytes(options); - EXPECT_EQ(result.Value.RandomBytes.size(), size_t(options.Count)); - } - EXPECT_TRUE(true); -} - TEST(GetRandomBytesOptions, Serialize) { GetRandomBytesOptions options;